DNS TSIG实现CDN+GSLB
Note
1、 本文只涉及User-Server-User过程[Request及Response请参考上图]
2、 有关站点加速及Cache请参考:[url=http://longrujun.name/tags/SQUID/default.aspx]http://longrujun.com/tags/SQUID/default.aspx
3、 有关大规模站点体系规划及性能优化请参考下图,不深入探讨
Server 1:Master
IPADDR=192.168.5.96
NETMASK=255.255.255.0
GATEWAY=192.168.5.1
Server 2: Slave
IPADDR=192.168.5.29
NETMASK=255.255.255.0
GATEWAY=192.168.5.1
Master Server
Part I Config Master Dns Server
Step 1、下载并安装
Cd /software
wget http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz
tar zxvf bind-9.3.2-P1.tar.gz
cd bind-9.3.2-P1
./configure --prefix=/Data/apps/named --enable-threads
Make
Make install
Step 2、配置
1、 基本配置
Cd /Data/apps/named
[root@linux named]# mkdir etc
生成rndc控制命令的key文件
[root@linux named]# sbin/rndc-confgen > etc/rndc.conf
从rndc.conf文件中提取named.conf用的key
[root@linux named]# cd etc
自动在/Data/apps/named/etc生成named.conf文件
[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
2、 建立Zone文件目录
[root@linux etc]# mkdir /Data/named
进入/Data/named目录
[root@linux etc]# cd /Data/named
A、 建立localhost.zone
[root@linux named]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
B、 建立named.local
[root@linux named]#vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
C、 生成named.root
[root@linux named]#dig > named.root
D、 修改named.conf
Cd /Data/apps/named/etc
配置named.conf文件,在后面加入以下代码
[root@linux etc]# vi named.conf
options {
directory "/Data/named";
pid-file "named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
E、 测试启动bind
/Data/apps/named/sbin/named -c /Data/apps/named/etc/named.conf &
Step 3、使用TSIG技术加固DNS服务器
3、 下面longrujun.com/test.com为例进行配置
使用TSIG技术,执行 dnssec-keygen function 产生加密金钥,一个为 public key 文件,另一个
为 private key 文件,产生加密金钥。
首先在master上生成两对key,用于教育网和其他部分的IP段,
进入named安装的sbin目录
cd /usr/local/named/sbin/
#用于教育网的view,我们用certnet作为参数
./dnssec-keygen -a hmac-md5 -b 128 -n HOST certnet
#用于其他部分IP的view,我们用othernet作为参数
./dnssec-keygen -a hmac-md5 -b 128 -n HOST othernet
加入private key[Key: 1ks7MJQvWmisPMWbRnYYjg==]至named.conf文件中
在Master建立config及zone文件
1>、修改named.conf文件
加入private key至named.conf文件中,同时删除zone "." IN、zone "localhost" IN及zone "0.0.127.in-addr.arpa" IN配置文件
完整的named.conf如下
debian:/Data/apps/named/etc# cat named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Ngvc7XGzxmBizws8minZmg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/Data/named";
pid-file "named.pid";
};
key "certnet" {
algorithm hmac-md5;
secret "1ks7MJQvWmisPMWbRnYYjg==";
};
key "othernet" {
algorithm hmac-md5;
secret "CC3eLL3okKM5pBHM1HSMNA==";
};
include "acl.conf";
2>、建立acl.conf
[root@redhatas4 etc]# cd /Data/named/
[root@redhatas4 named]# vi acl.conf
acl "dns-ip-list" {
192.168.5.96; #主dns服务器IP
192.168.5.29; #辅dns服务器IP
};
acl CNC {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.21.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.56.0.0/14;
218.60.0.0/15;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
};
//教育网IP
acl CERT {
58.17.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.24.0.0/15;
58.59.128.0/17;
58.60.8.0/21;
58.61.32.0/25;
58.61.32.128/32;
58.100.0.0/15;
58.116.0.0/14;
58.128.0.0/13;
58.154.0.0/15;
58.192.0.0/12;
58.240.0.0/15;
58.248.0.0/13;
59.32.0.0/12;
59.49.128.0/17;
59.50.0.0/16;
59.61.128.0/19;
59.64.0.0/12;
59.151.0.0/17;
60.0.0.0/11;
60.63.0.0/16;
60.190.28.0/28;
60.190.28.96/27;
60.190.28.128/28;
60.190.28.144/30;
60.191.2.0/24;
60.208.0.0/16;
61.28.0.0/20;
61.48.0.0/13;
61.128.0.0/10;
61.200.81.134/31;
61.200.81.136/31;
61.200.81.142/31;
61.200.81.144/31;
61.200.81.150/31;
61.213.179.87/32;
61.232.0.0/14;
61.236.0.0/15;
61.240.0.0/14;
62.4.69.0/24;
62.159.60.207/32;
62.159.60.208/31;
62.159.60.213/32;
62.159.60.214/32;
62.173.115.116/32;
63.73.227.0/24;
63.84.162.0/24;
63.86.118.0/23;
63.89.64.0/24;
63.123.46.86/32;
63.125.146.0/24;
63.164.11.0/24;
63.208.195.68/32;
63.209.48.0/24;
63.210.142.0/24;
63.211.40.87/32;
63.211.66.0/24;
63.215.124.0/24;
64.4.0.0/18;
64.4.240.0/20;
64.68.78.0/23;
64.124.183.0/24;
64.215.165.86/32;
64.215.167.87/32;
64.215.172.0/24;
64.233.160.0/19;
65.54.0.0/15;
65.171.126.87/32;
65.215.128.0/24;
65.245.226.86/32;
65.246.184.0/23;
66.37.210.86/32;
66.45.81.158/32;
66.45.81.190/32;
66.98.205.0/24;
66.102.0.0/20;
66.117.176.136/31;
66.117.176.210/31;
66.117.176.212/30;
66.117.176.216/30;
66.117.176.220/32;
66.117.177.21/32;
66.135.192.0/19;
66.160.145.87/32;
66.179.148.0/24;
66.179.235.32/27;
66.211.160.0/19;
66.249.64.0/19;
67.72.126.87/32;
67.106.214.87/32;
67.133.36.87/32;
67.133.38.87/32;
67.133.200.87/32;
69.32.132.0/24;
69.45.80.87/32;
69.45.82.87/32;
69.45.84.87/32;
72.14.192.0/19;
72.14.224.0/20;
72.164.152.0/24;
80.67.78.87/32;
81.52.203.87/32;
81.52.251.87/32;
82.150.20.0/22;
82.165.43.115/32;
83.70.140.0/22;
84.18.160.0/19;
84.53.128.87/32;
121.30.0.0/15;
121.48.0.0/15;
121.192.0.0/14;
121.248.0.0/14;
123.49.160.0/24;
124.64.0.0/15;
124.88.0.0/14;
124.128.0.0/13;
124.161.0.0/16;
124.162.0.0/15;
124.164.0.0/14;
125.32.0.0/12;
125.73.0.0/16;
125.96.0.0/15;
125.98.0.0/16;
125.171.0.0/17;
125.208.0.0/20;
125.216.0.0/13;
128.84.158.0/24;
128.107.229.0/24;
129.35.76.0/24;
129.35.77.193/32;
129.41.4.137/32;
129.41.4.138/32;
129.41.4.140/32;
129.41.4.143/32;
129.41.4.144/30;
129.41.4.148/32;
129.41.4.154/32;
129.41.4.158/32;
129.42.24.230/32;
129.42.25.230/32;
129.42.32.230/32;
129.42.33.230/32;
129.42.40.230/32;
129.42.41.230/32;
130.88.203.58/32;
132.174.1.0/24;
132.174.11.0/24;
134.243.5.21/32;
134.243.5.70/32;
134.243.5.160/32;
134.243.85.3/32;
137.189.0.0/16;
138.12.4.0/24;
140.98.193.0/24;
140.98.194.0/24;
140.113.0.0/16;
140.234.29.0/24;
141.66.18.186/32;
143.89.0.0/16;
144.81.82.0/24;
144.81.87.0/24;
144.81.88.0/23;
144.214.0.0/16;
147.8.0.0/16;
149.28.1.0/24;
152.101.0.0/16;
152.104.0.0/16;
158.132.0.0/16;
158.182.0.0/16;
159.226.0.0/16;
161.207.0.0/16;
162.97.112.87/32;
162.97.114.87/32;
162.105.0.0/16;
165.193.106.0/23;
165.193.159.0/24;
165.215.136.0/24;
166.90.150.87/32;
166.111.0.0/16;
167.68.6.0/23;
167.139.0.0/16;
167.216.166.0/24;
168.160.0.0/16;
170.107.185.0/24;
170.107.188.0/22;
171.66.120.0/21;
192.58.150.0/24;
192.80.71.0/24;
192.84.75.0/24;
192.86.104.0/24;
192.195.245.0/24;
192.207.91.0/24;
192.245.208.0/24;
193.128.223.0/24;
193.131.119.0/24;
193.174.24.39/32;
193.174.240.6/32;
193.174.240.8/32;
193.194.158.0/24;
194.119.138.1/32;
194.128.228.153/32;
194.130.252.0/24;
195.22.150.0/23;
195.27.60.0/24;
195.27.123.0/24;
195.27.130.0/24;
195.90.89.87/32;
195.144.69.0/24;
198.81.200.2/32;
198.185.19.0/24;
199.4.154.0/23;
199.98.88.0/24;
199.164.217.0/24;
202.4.128.0/19;
202.14.80.0/24;
202.38.0.0/16;
202.40.138.0/23;
202.40.157.0/24;
202.40.192.0/19;
202.43.216.0/23;
202.45.32.0/19;
202.45.176.0/20;
202.75.64.0/19;
202.84.16.0/23;
202.91.176.0/20;
202.93.252.0/22;
202.95.0.0/19;
202.96.0.0/12;
202.112.0.0/13;
202.120.0.0/15;
202.122.32.0/20;
202.123.110.0/24;
202.125.192.0/18;
202.127.0.0/18;
202.127.128.0/17;
202.130.0.0/19;
202.130.224.0/19;
202.131.208.0/20;
202.134.86.130/32;
202.147.5.152/31;
202.147.5.158/31;
202.147.5.160/31;
202.147.5.166/31;
202.152.176.0/20;
202.160.176.0/20;
202.165.96.0/21;
202.165.104.0/22;
202.177.217.87/32;
202.179.240.0/20;
202.189.96.0/19;
202.192.0.0/12;
203.81.16.0/20;
203.87.224.0/19;
203.88.32.0/19;
203.91.120.0/21;
203.93.0.0/16;
203.95.0.0/21;
203.112.23.19/32;
203.119.28.0/23;
203.126.70.87/32;
203.128.128.0/19;
203.166.101.87/32;
203.175.128.0/19;
203.188.64.0/18;
203.192.0.0/19;
203.207.64.0/18;
203.207.128.0/17;
203.208.0.0/19;
203.209.224.0/19;
203.212.0.0/20;
204.94.134.87/32;
204.95.14.87/32;
204.153.51.29/32;
204.153.51.60/32;
204.153.51.65/32;
204.153.51.113/32;
204.179.122.0/24;
204.228.64.52/32;
204.228.64.55/32;
204.228.64.60/32;
205.142.245.0/24;
205.161.5.87/32;
205.203.134.1/32;
205.203.134.30/32;
205.240.244.0/22;
205.243.231.0/24;
206.61.136.87/32;
206.65.170.81/32;
206.112.77.86/32;
206.112.112.0/24;
206.165.29.87/32;
207.24.42.0/24;
207.46.0.0/16;
207.54.136.0/24;
207.68.172.235/32;
207.68.178.0/25;
207.68.179.192/27;
207.126.106.92/32;
207.126.107.92/32;
207.126.112.97/32;
207.164.255.103/32;
208.44.56.71/32;
208.44.56.210/31;
208.44.56.212/30;
208.44.56.216/30;
208.44.56.220/32;
208.176.18.0/24;
208.215.179.0/24;
209.8.104.87/32;
209.8.106.87/32;
209.8.112.87/32;
209.85.128.0/17;
209.116.81.5/32;
209.208.170.210/31;
209.246.136.0/24;
209.249.123.0/24;
210.5.0.0/19;
210.12.0.0/15;
210.14.64.0/19;
210.14.160.0/19;
210.14.192.0/18;
210.15.0.0/17;
210.15.128.0/18;
210.21.0.0/16;
210.22.0.0/16;
210.25.0.0/17;
210.25.128.0/18;
210.26.0.0/15;
210.28.0.0/14;
210.32.0.0/12;
210.51.0.0/16;
210.52.0.0/15;
210.57.21.86/32;
210.72.0.0/14;
210.76.0.0/15;
210.78.0.0/16;
210.79.224.0/19;
210.82.0.0/15;
210.87.128.0/18;
210.177.136.0/24;
210.192.96.0/19;
210.210.18.35/32;
211.64.0.0/13;
211.80.0.0/12;
211.96.0.0/13;
211.136.0.0/13;
211.144.0.0/12;
211.160.0.0/13;
211.174.51.134/31;
211.174.51.136/31;
211.174.51.142/31;
211.174.51.144/31;
211.174.51.150/31;
211.174.51.152/31;
211.174.51.158/31;
211.174.51.160/31;
211.174.51.166/31;
211.174.51.172/31;
212.87.150.203/32;
212.87.150.207/32;
212.87.150.214/32;
212.87.150.216/32;
212.87.150.218/32;
212.187.169.0/24;
212.209.166.86/32;
213.52.211.32/27;
213.161.82.0/24;
213.212.74.236/32;
213.244.181.0/24;
216.32.120.0/24;
216.33.115.0/24;
216.33.244.0/22;
216.33.252.0/23;
216.52.17.96/32;
216.52.36.0/23;
216.73.87.52/32;
216.113.160.0/19;
216.143.112.0/24;
216.146.38.200/30;
216.146.38.204/32;
216.162.203.72/29;
216.162.203.144/28;
216.176.50.163/32;
216.200.62.0/24;
216.218.251.87/32;
216.239.32.0/19;
217.7.141.143/32;
217.7.141.144/31;
217.7.141.149/32;
217.7.141.150/32;
217.68.69.68/31;
217.68.69.70/32;
217.110.203.89/32;
217.163.16.87/32;
218.0.0.0/11;
218.56.0.0/13;
218.64.0.0/11;
218.96.0.0/14;
218.104.0.0/14;
218.108.0.0/15;
218.192.0.0/12;
218.240.0.0/13;
218.249.63.128/25;
218.249.156.64/26;
218.249.156.128/26;
219.72.0.0/16;
219.82.0.0/16;
219.128.0.0/11;
219.216.0.0/13;
219.224.0.0/12;
219.242.0.0/15;
219.244.0.0/14;
220.113.43.0/24;
220.130.122.87/32;
220.160.0.0/11;
220.192.0.0/12;
220.231.15.110/32;
220.234.0.0/16;
220.248.0.0/14;
220.252.0.0/16;
221.0.0.0/12;
221.130.0.0/15;
221.137.0.0/16;
221.172.0.0/14;
221.192.0.0/13;
221.200.0.0/14;
221.204.0.0/15;
221.208.0.0/14;
221.212.0.0/16;
221.213.18.0/24;
221.214.0.0/15;
221.216.0.0/13;
221.224.0.0/12;
222.16.0.0/12;
222.32.0.0/11;
222.64.0.0/11;
222.125.0.0/16;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/14;
222.168.0.0/13;
222.176.0.0/12;
222.192.0.0/12;
222.208.0.0/13;
222.216.0.0/15;
222.218.0.0/16;
222.222.0.0/15;
222.240.0.0/13;
222.248.0.0/15;
};
view "cncnet" {
match-clients { !key certnet;!key othernet; dns-ip-list; CNC;};
recursion yes;
zone "longrujun.com" {
type master;
file "longrujun.cnc"; #longrujun.com网通解析文件
allow-query { any; };
allow-update { none; };
allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输
};
zone "test.com" {
type master;
file "test.cnc"; #test.com网通解析文件
allow-query { any; };
allow-update { none; };
allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
view "certnet" {
match-clients { key certnet;CERT; };
server 192.168.5.29 { keys certnet; };#同步到辅dns
recursion yes;
zone "longrujun.com" {
type master;
file "longrujun.cert";#longrujun.com教育网解析文件
allow-query { any; };
allow-update { none; };
allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输
};
zone "test.com" {
type master;
file "test.cert";#test.com教育网解析文件
allow-query { any; };
allow-update { none; };
allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
view "othernet" {
match-clients { key othernet; any; };
server 192.168.5.29 { keys othernet; };#同步到辅dns
recursion yes;
zone "longrujun.com" {
type master;
file "longrujun.other";#其他IP段的longrujun.com解析文件
allow-query { any; };
allow-update { none; };
allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输
};
zone "test.com" {
type master;
file "test.other";#其他IP段的test.com解析文件
allow-query { any; };
allow-update { none; };
allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
3>、生成longrujun.cnc、longrujun.cert、longrujun.other
Test.cnc、test.cert、test.other文件
debian:/Data/named# cat longrujun.cnc
$ORIGIN .
$TTL 3600 ; 1 hour
longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (
2006091122 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
$TTL 7200 ; 2 hours
NS dns2.longrujun.com.
NS dns5.longrujun.com.
$TTL 3600 ; 1 hour
A 100.100.100.100
$TTL 7200 ; 2 hours
MX 10 mail.longrujun.com.
MX 20 mail2.longrujun.com.
$ORIGIN longrujun.com.
$TTL 3600 ; 1 hour
www A 100.100.100.101
dns2 A 192.168.5.96
dns5 A 192.168.5.29
debian:/Data/named# cat longrujun.cert
$ORIGIN .
$TTL 3600 ; 1 hour
longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (
2006091122 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
$TTL 7200 ; 2 hours
NS dns2.longrujun.com.
NS dns5.longrujun.com.
$TTL 3600 ; 1 hour
A 100.100.100.100
$TTL 7200 ; 2 hours
MX 10 mail.longrujun.com.
MX 20 mail2.longrujun.com.
$ORIGIN longrujun.com.
$TTL 3600 ; 1 hour
www A 100.100.100.102
dns2 A 192.168.5.96
dns5 A 192.168.5.29
debian:/Data/named# cat longrujun.other
$ORIGIN .
$TTL 3600 ; 1 hour
longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (
2006091122 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
$TTL 7200 ; 2 hours
NS dns2.longrujun.com.
NS dns5.longrujun.com.
$TTL 3600 ; 1 hour
A 100.100.100.100
$TTL 7200 ; 2 hours
MX 10 mail.longrujun.com.
MX 20 mail2.longrujun.com.
$ORIGIN longrujun.com.
$TTL 3600 ; 1 hour
www A 100.100.100.103
dns2 A 192.168.5.96
dns5 A 192.168.5.29
debian:/Data/named# cat test.cnc
$ORIGIN .
$TTL 3600 ; 1 hour
test.com IN SOA dns2.test.com. i.test.com. (
2006091122 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
$TTL 7200 ; 2 hours
NS dns2.test.com.
NS dns5.test.com.
$TTL 3600 ; 1 hour
A 111.111.111.100
$TTL 7200 ; 2 hours
MX 10 mail.test.com.
MX 20 mail2.test.com.
$ORIGIN test.com.
$TTL 3600 ; 1 hour
www A 111.111.111.101
dns2 A 192.168.5.96
dns5 A 192.168.5.26
debian:/Data/named# cat test.cert
$ORIGIN .
$TTL 3600 ; 1 hour
test.com IN SOA dns2.test.com. i.test.com. (
2006091122 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
$TTL 7200 ; 2 hours
NS dns2.test.com.
NS dns5.test.com.
$TTL 3600 ; 1 hour
A 111.111.111.100
$TTL 7200 ; 2 hours
MX 10 mail.test.com.
MX 20 mail2.test.com.
$ORIGIN test.com.
$TTL 3600 ; 1 hour
www A 111.111.111.102
dns2 A 192.168.5.96
dns5 A 192.168.5.29
debian:/Data/named# cat test.other
$ORIGIN .
$TTL 3600 ; 1 hour
test.com IN SOA dns2.test.com. i.test.com. (
2006091122 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
$TTL 7200 ; 2 hours
NS dns2.test.com.
NS dns5.test.com.
$TTL 3600 ; 1 hour
A 111.111.111.100
$TTL 7200 ; 2 hours
MX 10 mail.test.com.
MX 20 mail2.test.com.
$ORIGIN test.com.
$TTL 3600 ; 1 hour
www A 111.100.111.103
dns2 A 192.168.5.96
dns5 A 192.168.5.26
Step IV、检验配置
ok至此主DNS服务器上面的配置已完成
检查配置的正确性
debian:/Data/apps/named/sbin# ./named-checkconf
debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cnc
zone longrujun.com/IN: loaded serial 2006091122
OK
debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cert
zone longrujun.com/IN: loaded serial 2006091122
OK
debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.other
zone longrujun.com/IN: loaded serial 2006091122
OK
debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cnc
zone test.com/IN: loaded serial 2006091122
OK
debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cert
zone test.com/IN: loaded serial 2006091122
OK
debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.other
zone test.com/IN: loaded serial 2006091122
OK
配置正确启动named
debian:/Data/apps/named/sbin# ./named
debian:/Data/apps/named/sbin# netstat -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:612 0.0.0.0:* LISTEN 2126/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1708/portmap
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2110/inetd
tcp 0 0 192.168.5.96:53 0.0.0.0:* LISTEN 15372/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15372/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15372/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2105/exim4
tcp6 0 0 :::22 :::* LISTEN 2122/sshd
udp 0 584 0.0.0.0:1027 0.0.0.0:* 15372/named
udp 0 0 192.168.5.96:53 0.0.0.0:* 15372/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 15372/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 1703/dhclient
udp 0 0 0.0.0.0:606 0.0.0.0:* 2126/rpc.statd
udp 0 0 0.0.0.0:609 0.0.0.0:* 2126/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1708/portmap
udp6 0 0 :::1028 :::* 15372/named
debian:/Data/apps/named/sbin#
Part II Config Slave Dns Server
Step 1、下载并安装
1>、安装bind
cd /software
wget http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz
tar zxvf bind-9.3.2-P1.tar.gz
cd bind-9.3.2-P1
./configure --prefix=/Data/apps/named --enable-threads
Make
Make install
Step 2、配置
2>、配置
Cd /Data/apps/named
[root@linux named]# mkdir etc
生成rndc控制命令的key文件
[root@linux named]# sbin/rndc-confgen > etc/rndc.conf
从rndc.conf文件中提取named.conf用的key
[root@linux named]# cd etc
自动在/Data/apps/named/etc生成named.conf文件
[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
3>、建立Zone文件目录
[root@linux etc]# mkdir /Data/named
进入/Data/named目录
[root@linux etc]# cd /Data/named
4>、建立localhost.zone
[root@linux named]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
5>、建立named.local
[root@linux named]#vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
6>、生成named.root
[root@linux named]#dig > named.root
7>、修改named.conf把在主dns服务器上生成的两对key用于辅dns服务器
Cd /Data/apps/named/etc
debian:/Data/apps/named/etc# cat named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "ILrtNPz8KoF2D95rXnNzOQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/Data/named";
pid-file "named.pid";
};
key "certnet" {
algorithm hmac-md5;
secret "1ks7MJQvWmisPMWbRnYYjg==";
};
key "othernet" {
algorithm hmac-md5;
secret "CC3eLL3okKM5pBHM1HSMNA==";
};
include "acl.conf";
8>、创建acl.conf
debian:/Data/named# pico acl.conf
acl "dns-ip-list" {
192.168.5.96; #主dns服务器IP
192.168.5.29; #辅dns服务器IP
};
acl CNC {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.21.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.56.0.0/14;
218.60.0.0/15;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
};
//教育网IP
acl CERT {
58.17.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.24.0.0/15;
58.59.128.0/17;
58.60.8.0/21;
58.61.32.0/25;
58.61.32.128/32;
58.100.0.0/15;
58.116.0.0/14;
58.128.0.0/13;
58.154.0.0/15;
58.192.0.0/12;
58.240.0.0/15;
58.248.0.0/13;
59.32.0.0/12;
59.49.128.0/17;
59.50.0.0/16;
59.61.128.0/19;
59.64.0.0/12;
59.151.0.0/17;
60.0.0.0/11;
60.63.0.0/16;
60.190.28.0/28;
60.190.28.96/27;
60.190.28.128/28;
60.190.28.144/30;
60.191.2.0/24;
60.208.0.0/16;
61.28.0.0/20;
61.48.0.0/13;
61.128.0.0/10;
61.200.81.134/31;
61.200.81.136/31;
61.200.81.142/31;
61.200.81.144/31;
61.200.81.150/31;
61.213.179.87/32;
61.232.0.0/14;
61.236.0.0/15;
61.240.0.0/14;
62.4.69.0/24;
62.159.60.207/32;
62.159.60.208/31;
62.159.60.213/32;
62.159.60.214/32;
62.173.115.116/32;
63.73.227.0/24;
63.84.162.0/24;
63.86.118.0/23;
63.89.64.0/24;
63.123.46.86/32;
63.125.146.0/24;
63.164.11.0/24;
63.208.195.68/32;
63.209.48.0/24;
63.210.142.0/24;
63.211.40.87/32;
63.211.66.0/24;
63.215.124.0/24;
64.4.0.0/18;
64.4.240.0/20;
64.68.78.0/23;
64.124.183.0/24;
64.215.165.86/32;
64.215.167.87/32;
64.215.172.0/24;
64.233.160.0/19;
65.54.0.0/15;
65.171.126.87/32;
65.215.128.0/24;
65.245.226.86/32;
65.246.184.0/23;
66.37.210.86/32;
66.45.81.158/32;
66.45.81.190/32;
66.98.205.0/24;
66.102.0.0/20;
66.117.176.136/31;
66.117.176.210/31;
66.117.176.212/30;
66.117.176.216/30;
66.117.176.220/32;
66.117.177.21/32;
66.135.192.0/19;
66.160.145.87/32;
66.179.148.0/24;
66.179.235.32/27;
66.211.160.0/19;
66.249.64.0/19;
67.72.126.87/32;
67.106.214.87/32;
67.133.36.87/32;
67.133.38.87/32;
67.133.200.87/32;
69.32.132.0/24;
69.45.80.87/32;
69.45.82.87/32;
69.45.84.87/32;
72.14.192.0/19;
72.14.224.0/20;
72.164.152.0/24;
80.67.78.87/32;
81.52.203.87/32;
81.52.251.87/32;
82.150.20.0/22;
82.165.43.115/32;
83.70.140.0/22;
84.18.160.0/19;
84.53.128.87/32;
121.30.0.0/15;
121.48.0.0/15;
121.192.0.0/14;
121.248.0.0/14;
123.49.160.0/24;
124.64.0.0/15;
124.88.0.0/14;
124.128.0.0/13;
124.161.0.0/16;
124.162.0.0/15;
124.164.0.0/14;
125.32.0.0/12;
125.73.0.0/16;
125.96.0.0/15;
125.98.0.0/16;
125.171.0.0/17;
125.208.0.0/20;
125.216.0.0/13;
128.84.158.0/24;
128.107.229.0/24;
129.35.76.0/24;
129.35.77.193/32;
129.41.4.137/32;
129.41.4.138/32;
129.41.4.140/32;
129.41.4.143/32;
129.41.4.144/30;
129.41.4.148/32;
129.41.4.154/32;
129.41.4.158/32;
129.42.24.230/32;
129.42.25.230/32;
129.42.32.230/32;
129.42.33.230/32;
129.42.40.230/32;
129.42.41.230/32;
130.88.203.58/32;
132.174.1.0/24;
132.174.11.0/24;
134.243.5.21/32;
134.243.5.70/32;
134.243.5.160/32;
134.243.85.3/32;
137.189.0.0/16;
138.12.4.0/24;
140.98.193.0/24;
140.98.194.0/24;
140.113.0.0/16;
140.234.29.0/24;
141.66.18.186/32;
143.89.0.0/16;
144.81.82.0/24;
144.81.87.0/24;
144.81.88.0/23;
144.214.0.0/16;
147.8.0.0/16;
149.28.1.0/24;
152.101.0.0/16;
152.104.0.0/16;
158.132.0.0/16;
158.182.0.0/16;
159.226.0.0/16;
161.207.0.0/16;
162.97.112.87/32;
162.97.114.87/32;
162.105.0.0/16;
165.193.106.0/23;
165.193.159.0/24;
165.215.136.0/24;
166.90.150.87/32;
166.111.0.0/16;
167.68.6.0/23;
167.139.0.0/16;
167.216.166.0/24;
168.160.0.0/16;
170.107.185.0/24;
170.107.188.0/22;
171.66.120.0/21;
192.58.150.0/24;
192.80.71.0/24;
192.84.75.0/24;
192.86.104.0/24;
192.195.245.0/24;
192.207.91.0/24;
192.245.208.0/24;
193.128.223.0/24;
193.131.119.0/24;
193.174.24.39/32;
193.174.240.6/32;
193.174.240.8/32;
193.194.158.0/24;
194.119.138.1/32;
194.128.228.153/32;
194.130.252.0/24;
195.22.150.0/23;
195.27.60.0/24;
195.27.123.0/24;
195.27.130.0/24;
195.90.89.87/32;
195.144.69.0/24;
198.81.200.2/32;
198.185.19.0/24;
199.4.154.0/23;
199.98.88.0/24;
199.164.217.0/24;
202.4.128.0/19;
202.14.80.0/24;
202.38.0.0/16;
202.40.138.0/23;
202.40.157.0/24;
202.40.192.0/19;
202.43.216.0/23;
202.45.32.0/19;
202.45.176.0/20;
202.75.64.0/19;
202.84.16.0/23;
202.91.176.0/20;
202.93.252.0/22;
202.95.0.0/19;
202.96.0.0/12;
202.112.0.0/13;
202.120.0.0/15;
202.122.32.0/20;
202.123.110.0/24;
202.125.192.0/18;
202.127.0.0/18;
202.127.128.0/17;
202.130.0.0/19;
202.130.224.0/19;
202.131.208.0/20;
202.134.86.130/32;
202.147.5.152/31;
202.147.5.158/31;
202.147.5.160/31;
202.147.5.166/31;
202.152.176.0/20;
202.160.176.0/20;
202.165.96.0/21;
202.165.104.0/22;
202.177.217.87/32;
202.179.240.0/20;
202.189.96.0/19;
202.192.0.0/12;
203.81.16.0/20;
203.87.224.0/19;
203.88.32.0/19;
203.91.120.0/21;
203.93.0.0/16;
203.95.0.0/21;
203.112.23.19/32;
203.119.28.0/23;
203.126.70.87/32;
203.128.128.0/19;
203.166.101.87/32;
203.175.128.0/19;
203.188.64.0/18;
203.192.0.0/19;
203.207.64.0/18;
203.207.128.0/17;
203.208.0.0/19;
203.209.224.0/19;
203.212.0.0/20;
204.94.134.87/32;
204.95.14.87/32;
204.153.51.29/32;
204.153.51.60/32;
204.153.51.65/32;
204.153.51.113/32;
204.179.122.0/24;
204.228.64.52/32;
204.228.64.55/32;
204.228.64.60/32;
205.142.245.0/24;
205.161.5.87/32;
205.203.134.1/32;
205.203.134.30/32;
205.240.244.0/22;
205.243.231.0/24;
206.61.136.87/32;
206.65.170.81/32;
206.112.77.86/32;
206.112.112.0/24;
206.165.29.87/32;
207.24.42.0/24;
207.46.0.0/16;
207.54.136.0/24;
207.68.172.235/32;
207.68.178.0/25;
207.68.179.192/27;
207.126.106.92/32;
207.126.107.92/32;
207.126.112.97/32;
207.164.255.103/32;
208.44.56.71/32;
208.44.56.210/31;
208.44.56.212/30;
208.44.56.216/30;
208.44.56.220/32;
208.176.18.0/24;
208.215.179.0/24;
209.8.104.87/32;
209.8.106.87/32;
209.8.112.87/32;
209.85.128.0/17;
209.116.81.5/32;
209.208.170.210/31;
209.246.136.0/24;
209.249.123.0/24;
210.5.0.0/19;
210.12.0.0/15;
210.14.64.0/19;
210.14.160.0/19;
210.14.192.0/18;
210.15.0.0/17;
210.15.128.0/18;
210.21.0.0/16;
210.22.0.0/16;
210.25.0.0/17;
210.25.128.0/18;
210.26.0.0/15;
210.28.0.0/14;
210.32.0.0/12;
210.51.0.0/16;
210.52.0.0/15;
210.57.21.86/32;
210.72.0.0/14;
210.76.0.0/15;
210.78.0.0/16;
210.79.224.0/19;
210.82.0.0/15;
210.87.128.0/18;
210.177.136.0/24;
210.192.96.0/19;
210.210.18.35/32;
211.64.0.0/13;
211.80.0.0/12;
211.96.0.0/13;
211.136.0.0/13;
211.144.0.0/12;
211.160.0.0/13;
211.174.51.134/31;
211.174.51.136/31;
211.174.51.142/31;
211.174.51.144/31;
211.174.51.150/31;
211.174.51.152/31;
211.174.51.158/31;
211.174.51.160/31;
211.174.51.166/31;
211.174.51.172/31;
212.87.150.203/32;
212.87.150.207/32;
212.87.150.214/32;
212.87.150.216/32;
212.87.150.218/32;
212.187.169.0/24;
212.209.166.86/32;
213.52.211.32/27;
213.161.82.0/24;
213.212.74.236/32;
213.244.181.0/24;
216.32.120.0/24;
216.33.115.0/24;
216.33.244.0/22;
216.33.252.0/23;
216.52.17.96/32;
216.52.36.0/23;
216.73.87.52/32;
216.113.160.0/19;
216.143.112.0/24;
216.146.38.200/30;
216.146.38.204/32;
216.162.203.72/29;
216.162.203.144/28;
216.176.50.163/32;
216.200.62.0/24;
216.218.251.87/32;
216.239.32.0/19;
217.7.141.143/32;
217.7.141.144/31;
217.7.141.149/32;
217.7.141.150/32;
217.68.69.68/31;
217.68.69.70/32;
217.110.203.89/32;
217.163.16.87/32;
218.0.0.0/11;
218.56.0.0/13;
218.64.0.0/11;
218.96.0.0/14;
218.104.0.0/14;
218.108.0.0/15;
218.192.0.0/12;
218.240.0.0/13;
218.249.63.128/25;
218.249.156.64/26;
218.249.156.128/26;
219.72.0.0/16;
219.82.0.0/16;
219.128.0.0/11;
219.216.0.0/13;
219.224.0.0/12;
219.242.0.0/15;
219.244.0.0/14;
220.113.43.0/24;
220.130.122.87/32;
220.160.0.0/11;
220.192.0.0/12;
220.231.15.110/32;
220.234.0.0/16;
220.248.0.0/14;
220.252.0.0/16;
221.0.0.0/12;
221.130.0.0/15;
221.137.0.0/16;
221.172.0.0/14;
221.192.0.0/13;
221.200.0.0/14;
221.204.0.0/15;
221.208.0.0/14;
221.212.0.0/16;
221.213.18.0/24;
221.214.0.0/15;
221.216.0.0/13;
221.224.0.0/12;
222.16.0.0/12;
222.32.0.0/11;
222.64.0.0/11;
222.125.0.0/16;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/14;
222.168.0.0/13;
222.176.0.0/12;
222.192.0.0/12;
222.208.0.0/13;
222.216.0.0/15;
222.218.0.0/16;
222.222.0.0/15;
222.240.0.0/13;
222.248.0.0/15
};
view "cncnet" {
match-clients { !key certnet;!key othernet; dns-ip-list; 192.168.5.115;CNC;};
recursion yes;
zone "longrujun.com" {
type slave;
file "longrujun.cnc";#longrujun.com网通解析文件
masters { 192.168.5.96; };#主dns服务器IP
};
zone "test.com" {
type slave;
file "test.cnc";#test.com网通解析文件
masters { 192.168.5.96; };#主dns服务器IP
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
view "certnet" {
match-clients { key certnet;192.168.5.38;CERT; };
server 192.168.5.96 { keys certnet; };#同步到主dns
recursion yes;
zone "longrujun.com" {
type slave;
file "longrujun.cert";#longrujun.com教育网解析文件
masters { 192.168.5.96; };#主dns服务器IP
};
zone "test.com" {
type slave;
file "test.cert";#test.com教育网解析文件
masters { 192.168.5.96; };#主dns服务器IP
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
view "othernet" {
match-clients { key othernet; any;192.168.5.49; };
server 192.168.5.96 { keys othernet; };#同步到主dns
recursion yes;
zone "longrujun.com" {
type slave;
file "longrujun.other";#其他IP段的longrujun.com解析文件
masters { 192.168.5.96; };#主dns服务器IP
};
zone "test.com" {
type slave;
file "test.other";#其他IP段的test.name解析文件
masters { 192.168.5.96; };#主dns服务器IP
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
Published 2006年10月27日 5:17 by longrujun Edit
Filed under: SQUID, How to, DNS, Web2.0, CDN, SOA, GSLB [Edit Tags]