联通电信智能DNS(BIND)配置

本次主要学习通过BIND 9的view功能实现不同地址解析不同的IP,即智能DNS。首先安装BIND9,不懂的请看BIND DNS服务器的安装与主从DNS配置的安装部分安装。

acl文件配置

在配置智能DNS之前,我们需要获取联通电信最新的IP段,并制作成acl文件,这里提供直接提供文件下载,并上传到主从两台dns的/usr/local/bind/etc/目录下。
电信:CHINANET.acl
联通:CNC.acl
当然如果你想获取更新的IP段,可以根据这个脚本实现。https://www.centos.bz/2012/02/automatic-get-unicom-chinanet-new-ip-ranges/

主DNS配置

named.conf配置

首先生成一个控制key,和三个用于主从同步的key。

  1. rndc-confgen -a
  2. rndc-confgen -a -c /etc/cnc.key -k cnc
  3. rndc-confgen -a -c /etc/chinanet.key -k chinanet
  4. rndc-confgen -a -c /etc/any.key -k any

并也把生成的/etc/cnc.key,/etc/chinanet.key和/etc/any.key传到从服务器。
然后创建named.conf。

  1. vi /usr/local/bind/etc/named.conf

写入如下代码:

  1. include "/etc/rndc.key";//加载rndc.key用于rndc命令
  2. //下面加载的三个key文件用在三个视图里的zone的主从同步。
  3. include "/etc/cnc.key";
  4. include "/etc/chinanet.key";
  5. include "/etc/any.key";
  6. controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; }; };//定义controls以能使用rndc命令管理bind。
  7. include "/usr/local/bind/etc/CNC.acl"; //cnc acl
  8. include "/usr/local/bind/etc/CHINANET.acl"; //chinanet acl
  9. //定义bind日志
  10. logging {
  11. channel default_syslog { syslog local2; severity notice; };
  12. channel audit_log { file "/var/log/bind.log"; severity notice; print-time yes; };
  13. category default { default_syslog; };
  14. category general { default_syslog; };
  15. category security { audit_log; default_syslog; };
  16. category config { default_syslog; };
  17. category resolver { audit_log; };
  18. category xfer-in { audit_log; };
  19. category xfer-out { audit_log; };
  20. category notify { audit_log; };
  21. category client { audit_log; };
  22. category network { audit_log; };
  23. category update { audit_log; };
  24. category queries { audit_log; };
  25. category lame-servers { audit_log; };
  26. };
  27. options {
  28.     directory "/usr/local/bind/etc";
  29. pid-file "/usr/local/bind/var/run/bind.pid";
  30. transfer-format many-answers;
  31. interface-interval 0;
  32. allow-query { any; };
  33. };
  34.  
  35. view "view_CNC" {
  36. match-clients { key cnc;CNC; };//匹配带key cnc或CNC里的IP段
  37. server 23.19.81.194 {keys cnc;}; //向从服务器发送消息时,用 cnc 加密
  38. zone "qbtop.com" {
  39. type master;
  40. file "qbtop.com.cnc.zone";
  41. allow-transfer { key cnc; };//只允许用 cnc加密过的 zone transfer 请求
  42. };
  43. };
  44.  
  45. view "view_CHINANET" {
  46. match-clients { key chinanet;CHINANET; };
  47. server 23.19.81.194 {keys chinanet;};
  48. zone "qbtop.com" {
  49. type master;
  50. file "qbtop.com.chinanet.zone";
  51. allow-transfer { key chinanet; };
  52. };
  53. };
  54.  
  55. view “view_any” {
  56. match-clients { key any;any; };
  57. server 23.19.81.194 {keys any;};
  58. zone "qbtop.com" {
  59. type master;
  60. file "qbtop.com.any.zone";
  61. allow-transfer { key any; };
  62. };
  63. };

zone文件配置

分别在/usr/local/bind/etc/目录下创建三个文件,qbtop.com.cnc.zone,qbtop.com.chinanet.zone,qbtop.com.any.zone,分别对应联通zone,电信zone和其它zone。
zone内容如下,唯一区别的是IP的不同。

  1. $TTL 3600
  2. @ IN SOA ns1.qbtop.com. hostmaster.qbtop.com. (
  3. 2012022301  ; Serial
  4. 3600 ; Refresh
  5. 900 ; Retry
  6. 3600000 ; Expire
  7. 3600 ) ; Minimum
  8. @ IN NS ns1.qbtop.com.
  9. @ IN NS ns2.qbtop.com.
  10. ns1 IN A 23.19.81.191
  11. ns2 IN A 23.19.81.194
  12. @   IN A 1.1.1.1
  13. www IN A 1.1.1.1

从DNS配置

创建目录slaves

  1. mkdir /usr/local/bind/etc/slaves

创建named.conf文件。

  1. vi /usr/local/bind/etc/named.conf

写入如下代码:

  1. include "/etc/cnc.key";
  2. include "/etc/chinanet.key";
  3. include "/etc/any.key";
  4. include "/usr/local/bind/etc/CNC.acl";  //cnc acl
  5. include "/usr/local/bind/etc/CHINANET.acl"; //chinanet acl
  6. logging {
  7. channel default_syslog { syslog local2; severity notice; };
  8. channel audit_log { file "/var/log/bind.log"; severity notice; print-time yes; };
  9. category default { default_syslog; };
  10. category general { default_syslog; };
  11. category security { audit_log; default_syslog; };
  12. category config { default_syslog; };
  13. category resolver { audit_log; };
  14. category xfer-in { audit_log; };
  15. category xfer-out { audit_log; };
  16. category notify { audit_log; };
  17. category client { audit_log; };
  18. category network { audit_log; };
  19. category update { audit_log; };
  20. category queries { audit_log; };
  21. category lame-servers { audit_log; };
  22. };
  23. options {
  24.     directory "/usr/local/bind/etc";
  25. pid-file "/usr/local/bind/var/run/bind.pid";
  26. transfer-format many-answers;
  27. interface-interval 0;
  28. allow-query { any; };
  29. };
  30.  
  31. view "view_CNC" {
  32. match-clients { key cnc;CNC; };
  33. server 23.19.81.191 {keys cnc;};
  34. zone "qbtop.com" {
  35. type slave;
  36. file "slaves/qbtop.com.cnc.zone";
  37. masters { 23.19.81.191; };
  38. };
  39. };
  40.  
  41. view "view_CHINANET" {
  42. match-clients { key chinanet;CHINANET; };
  43. server 23.19.81.191 {keys chinanet;};
  44. zone "qbtop.com" {
  45. type slave;
  46. file "slaves/qbtop.com.chinanet.zone";
  47. masters { 23.19.81.191; };
  48. };
  49. };
  50.  
  51. view “view_any” {
  52. match-clients { key any;any; };
  53. server 23.19.81.191 {keys any;};
  54. zone "qbtop.com" {
  55. type slave;
  56. file "slaves/qbtop.com.any.zone";
  57. masters { 23.19.81.191; };
  58. };
  59. };

至此,联通电信主从智能DNS已经配置完成,你可以使用如下多线路ping工具检测:
http://ping.chinaz.com/
http://www.webkaka.com/Ping.aspx
http://17ce.com/
http://ping.aizhan.com/

标签:DNS 发布于:2019-11-24 04:53:06
标签云
精彩推荐
猜你喜欢