智能DNS的安装与配置的详细教程

2018-09-14    来源:爱站科技

容器云强势上线!快速搭建集群,上万Linux镜像随意使用

  今天小编跟大家分享一篇关于智能DNS的安装与配置的详细教程,感兴趣的朋友跟小编一起来了解一下吧!

  注:对于配置智能DNS,主要用途为:1、解决网通与电信问题 2、实现区域规划(不同区域访问各自最近的服务器),下面以解决网通与电信连接问题的配置。至于实现2的功能,只需稍加更改即可。

  一、DNS服务器安装......................................................................................... 1

  二、named.conf的配置....................................................................................... 2

  三、更新根区文件:.......................................................................................... 3

  四、建立启动脚本:.......................................................................................... 4

  五、添加一个NS............................................................................................... 5

  六、添加一个域名.............................................................................................. 5

  附:获取IP地址范围方法:................................................................................. 7

  一、DNS服务器安装

  1、 软件列表

  BIND 9.3.2

  ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

  2、 安装BIND 9

  安装BIND9:

  # tar zxvf bind-9.3.2.tar.gz

  # cd bind-9.3.2

  # ./configure

  --prefix=/usr/local/named

  --disable-ipv6

  # make && make install

  建立BIND用户:

  # groupadd bind

  # useradd -g bind -d /usr/local/named -s /sbin/nologin bind

  创建配置文件目录:

  # mkdir –p /usr/local/named/etc

  # chown bind:bind /usr/local/named/etc

  # chmod 700 /usr/local/named/etc

  二、named.conf的配置

  创建主要的配置文件:

  # vi /usr/local/named/etc/named.conf

  ===========================named.conf=======================

  acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};

  options {

  directory "/usr/local/named/etc/";

  pid-file "/var/run/named/named.pid";

  version "0.0.0";

  datasize 40M;

  allow-transfer {

  "trust-lan";};

  recursion yes;

  allow-notify {

  "trust-lan";

  };

  allow-recursion {

  "trust-lan";

  };

  auth-nxdomain no;

  forwarders {

  202.99.160.68;

  202.99.168.8;};

  };

  logging {

  channel warning

  { file "/var/log/named/dns_warnings" versions 3 size 1240k;

  severity warning;

  print-category yes;

  print-severity yes;

  print-time yes;

  };

  channel general_dns

  { file "/var/log/named/dns_logs" versions 3 size 1240k;

  severity info;

  print-category yes;

  print-severity yes;

  print-time yes;

  };

  category default { warning; };

  category queries { general_dns; };

  };

  zone "." {

  type hint;

  file "named.root";

  };

  acl "CNC" {

  58.16.0.0/16;

  58.17.0.0/17;

  58.17.128.0/17;

  58.18.0.0/16;

  58.19.0.0/16;

  58.20.0.0/16;

  58.21.0.0/16;

  注:这些根据情况输入IP地址段

  };

  view "view_cnc" {

  match-clients { CNC; };

  zone "." {

  type hint;

  file "named.root";

  };

  zone "0.0.127.IN-ADDR.ARPA" {

  type master;

  file "localhost.rev";

  };

  include "master/cnc.def";

  };

  view "view_any" {

  match-clients { any; };

  zone "." {

  type hint;

  file "named.root";

  };

  zone "0.0.127.IN-ADDR.ARPA" {

  type master;

  file "localhost.rev";

  };

  include "master/telecom.def";

  };

  添加完成后,保存。三、更新根区文件:

  # cd /usr/local/named/etc/

  # wget ftp://ftp.internic.org/domain/named.root

  创建PID和日志文件:

  # mkdir /var/run/named/

  # chmod 777 /var/run/named/

  # chown bind:bind /var/run/named/

  # mkdir /var/log/named/

  # touch /var/log/named/dns_warnings

  # touch /var/log/named/dns_logs

  # chown bind:bind /var/log/named/*

  # mkdir master

  # touch master/cnc.def

  # touch master/telecom.def

  生成rndc-key:

  # cd /usr/local/named/etc/

  # ../sbin/rndc-confgen > rndc.conf

  把rndc.conf中:

  # Use with the following in named.conf, adjusting the allow list as needed:

  后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

  运行测试:

  # /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

  状态检查:

  # /usr/local/named/sbin/rndc status

  四、建立启动脚本:

  # vi /etc/init.d/named

  ============================== named.sh============================

  #!/bin/bash

  #

  # named a network name service.

  #

  #

  # chkconfig: 545 35 75

  # description: a name server

  #

  if [ `id -u` -ne 0 ]

  then

  echo "ERROR:For bind to port 53,must run as root."

  exit 1

  fi

  case "$1" in

  start)

  if [ -x /usr/local/named/sbin/named ]; then

  /usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

  fi

  ;;

  stop)

  kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

  ;;

  restart)

  echo .

  echo "Restart BIND9 server"

  $0 stop

  sleep 10

  $0 start

  ;;

  *)

  echo "$0 start | stop | restart"

  ;;

  esac

  ===============================named.sh============================

  # chmod 755 /etc/init.d/named

  # chown root:root /etc/init.d/named

  # chkconfig --add named

  # chkconfig named on 五、添加一个NS

  在域名的管理网站上,设定NS服务器为你安装的DNS

  六、添加一个域名

  # cd /usr/local/named/etc/master

  # mkdir cnc

  # mkdir telecom

  # vi cnc.def

  添加

  zone "daoyou.com" {

  type master;

  file "master/cnc/daoyou.com";

  };

  # vi telecom.def

  添加

  zone "daoyou.com" {

  type master;

  file "master/telecom/daoyou.com";

  };

  添加网通的解析,解析到的IP为61.45.55.78

  #vi cnc/daoyou.com

  添加

  $TTL 3600

  $ORIGIN daoyou.com.

  @ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

  2005121013 ;Serial

  3600 ; Refresh ( seconds )

  900 ; Retry ( seconds )

  68400 ; Expire ( seconds )

  15 );Minimum TTL for Zone ( seconds )

  ;

  @ IN NS ns.daoyou.com.

  @ IN A 61.45.55.78

  www IN A 61.45.55.78

  ;

  ;end

  添加电信的解析,解析到的IP为210.75.1.178

  #vi telecom/daoyou.com

  添加

  $TTL 3600

  $ORIGIN daoyou.com.

  @ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

  2005121013 ;Serial

  3600 ; Refresh ( seconds )

  900 ; Retry ( seconds )

  68400 ; Expire ( seconds )

  15 );Minimum TTL for Zone ( seconds )

  ;

  @ IN NS ns.daoyou.com.

  @ IN A 210.75.1.178

  www IN A 210.75.1.178

  ;

  ;end

  #/usr/local/named/sbin/rndc reload

  OK,到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.

  附:获取IP地址范围方法:

  1、 利用shell程序获取IP地址段

  #!/bin/sh

  FILE=/root/study/apnic/ip_apnic

  rm -f $FILE

  wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE

  grep 'apnic|CN|ipv4|' $FILE | cut -f 4,5 -d'|'|sed -e 's/|/ /g' | while read ip cnt

  do

  echo $ip:$cnt

  mask=$(cat > cn.net

  NETNAME=`whois $ip@whois.apnic.net | sed -e '/./{H;$!d;}' -e 'x;/netnum/!d' |grep ^netname | sed -e 's/.*: \(.*\)/\1/g' | sed -e 's/-.*//g'`

  case $NETNAME in

  CNC)

  echo $ip/$mask >> CNCGROUP

  ;;

  CHINANET|CNCGROUP)

  echo $ip/$mask >> $NETNAME

  ;;

  CHINANET|CNCGROUP)

  echo $ip/$mask >> $NETNAME

  ;;

  CHINATELECOM)

  echo $ip/$mask >> CHINANET

  ;;

  *)

  echo $ip/$mask >> OTHER

  ;;

  esac

  done

  2、 可以利用网上的资料,下面是最新的信息,然后利awk行成地址段即可。

  wget http://218.66.103.230/vpn_route/cnc.new 新的网通路由表

  wget http://218.66.103.230/vpn_route/chinanet.new 新的电信路由表

  以上就是关于智能DNS的安装与配置的详细教程,想必都了解了吧,更多相关内容请继续关注爱站技术频道。

标签: dns dns服务 dns服务器 whois 服务器 服务器安装 脚本 域名 智能dns

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点!
本站所提供的图片等素材,版权归原作者所有,如需使用,请与原作者联系。

上一篇:怎样利用procmail来防范垃圾邮件?

下一篇:apache的配置详细解析