分享
 
 
 

DNS TSIG实现CDN+GSLB

王朝other·作者佚名  2006-12-04
窄屏简体版  字體: |||超大  

[/url]

DNS TSIG实现CDN+GSLB

Note

1、 本文只涉及User-Server-User过程[Request及Response请参考上图]

2、 有关站点加速及Cache请参考:[url=http://longrujun.name/tags/SQUID/default.aspx]http://longrujun.com/tags/SQUID/default.aspx

3、 有关大规模站点体系规划及性能优化请参考下图,不深入探讨

Server 1:Master

IPADDR=192.168.5.96

NETMASK=255.255.255.0

GATEWAY=192.168.5.1

Server 2: Slave

IPADDR=192.168.5.29

NETMASK=255.255.255.0

GATEWAY=192.168.5.1

Master Server

Part I Config Master Dns Server

Step 1、下载并安装

Cd /software

wget http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz

tar zxvf bind-9.3.2-P1.tar.gz

cd bind-9.3.2-P1

./configure --prefix=/Data/apps/named --enable-threads

Make

Make install

Step 2、配置

1、 基本配置

Cd /Data/apps/named

[root@linux named]# mkdir etc

生成rndc控制命令的key文件

[root@linux named]# sbin/rndc-confgen > etc/rndc.conf

从rndc.conf文件中提取named.conf用的key

[root@linux named]# cd etc

自动在/Data/apps/named/etc生成named.conf文件

[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf

2、 建立Zone文件目录

[root@linux etc]# mkdir /Data/named

进入/Data/named目录

[root@linux etc]# cd /Data/named

A、 建立localhost.zone

[root@linux named]#vi localhost.zone

$TTL 86400

$ORIGIN localhost.

@ 1D IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1D IN NS @

1D IN A 127.0.0.1

B、 建立named.local

[root@linux named]#vi named.local

$TTL 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

C、 生成named.root

[root@linux named]#dig > named.root

D、 修改named.conf

Cd /Data/apps/named/etc

配置named.conf文件,在后面加入以下代码

[root@linux etc]# vi named.conf

options {

directory "/Data/named";

pid-file "named.pid";

};

controls {

inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

E、 测试启动bind

/Data/apps/named/sbin/named -c /Data/apps/named/etc/named.conf &

Step 3、使用TSIG技术加固DNS服务器

3、 下面longrujun.com/test.com为例进行配置

使用TSIG技术,执行 dnssec-keygen function 产生加密金钥,一个为 public key 文件,另一个

为 private key 文件,产生加密金钥。

首先在master上生成两对key,用于教育网和其他部分的IP段,

进入named安装的sbin目录

cd /usr/local/named/sbin/

#用于教育网的view,我们用certnet作为参数

./dnssec-keygen -a hmac-md5 -b 128 -n HOST certnet

#用于其他部分IP的view,我们用othernet作为参数

./dnssec-keygen -a hmac-md5 -b 128 -n HOST othernet

加入private key[Key: 1ks7MJQvWmisPMWbRnYYjg==]至named.conf文件中

在Master建立config及zone文件

1>、修改named.conf文件

加入private key至named.conf文件中,同时删除zone "." IN、zone "localhost" IN及zone "0.0.127.in-addr.arpa" IN配置文件

完整的named.conf如下

debian:/Data/apps/named/etc# cat named.conf

key "rndc-key" {

algorithm hmac-md5;

secret "Ngvc7XGzxmBizws8minZmg==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

options {

directory "/Data/named";

pid-file "named.pid";

};

key "certnet" {

algorithm hmac-md5;

secret "1ks7MJQvWmisPMWbRnYYjg==";

};

key "othernet" {

algorithm hmac-md5;

secret "CC3eLL3okKM5pBHM1HSMNA==";

};

include "acl.conf";

2>、建立acl.conf

[root@redhatas4 etc]# cd /Data/named/

[root@redhatas4 named]# vi acl.conf

acl "dns-ip-list" {

192.168.5.96; #主dns服务器IP

192.168.5.29; #辅dns服务器IP

};

acl CNC {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

58.22.0.0/15;

58.240.0.0/15;

58.242.0.0/15;

58.244.0.0/15;

58.246.0.0/15;

58.248.0.0/13;

60.0.0.0/13;

60.8.0.0/15;

60.10.0.0/16;

60.11.0.0/16;

60.12.0.0/16;

60.13.0.0/18;

60.13.128.0/17;

60.14.0.0/15;

60.16.0.0/13;

60.24.0.0/14;

60.30.0.0/16;

60.31.0.0/16;

60.208.0.0/13;

60.216.0.0/15;

60.218.0.0/15;

60.220.0.0/14;

61.48.0.0/13;

61.133.0.0/17;

61.134.96.0/19;

61.134.128.0/17;

61.135.0.0/16;

61.137.128.0/17;

61.138.0.0/17;

61.138.128.0/18;

61.139.128.0/18;

61.148.0.0/15;

61.156.0.0/16;

61.159.0.0/18;

61.161.0.0/18;

61.161.128.0/17;

61.162.0.0/16;

61.163.0.0/16;

61.167.0.0/16;

61.168.0.0/16;

61.176.0.0/16;

61.179.0.0/16;

61.181.0.0/16;

61.182.0.0/16;

61.189.0.0/17;

125.32.0.0/16;

125.40.0.0/13;

202.96.0.0/18;

202.96.64.0/21;

202.96.72.0/21;

202.97.128.0/18;

202.97.224.0/21;

202.97.240.0/20;

202.98.0.0/21;

202.98.8.0/21;

202.99.64.0/19;

202.99.96.0/21;

202.99.128.0/19;

202.99.160.0/21;

202.99.168.0/21;

202.99.176.0/20;

202.99.208.0/20;

202.99.224.0/21;

202.99.232.0/21;

202.99.240.0/20;

202.102.128.0/21;

202.102.224.0/21;

202.102.232.0/21;

202.106.0.0/16;

202.107.0.0/17;

202.108.0.0/16;

202.110.0.0/17;

202.111.128.0/18;

203.93.8.0/24;

203.93.192.0/18;

210.13.128.0/17;

210.14.160.0/19;

210.14.192.0/19;

210.15.32.0/19;

210.15.96.0/19;

210.15.128.0/18;

210.21.0.0/16;

210.52.128.0/17;

210.53.0.0/17;

210.53.128.0/17;

210.74.96.0/19;

210.74.128.0/19;

210.82.0.0/15;

218.8.0.0/14;

218.12.0.0/16;

218.21.128.0/17;

218.24.0.0/14;

218.56.0.0/14;

218.60.0.0/15;

218.67.128.0/17;

218.68.0.0/15;

218.104.0.0/14;

219.154.0.0/15;

219.156.0.0/15;

219.158.0.0/17;

219.158.128.0/17;

219.159.0.0/18;

220.252.0.0/16;

221.0.0.0/15;

221.2.0.0/16;

221.3.0.0/17;

221.3.128.0/17;

221.4.0.0/16;

221.5.0.0/17;

221.5.128.0/17;

221.6.0.0/16;

221.7.0.0/19;

221.7.32.0/19;

221.7.64.0/19;

221.7.96.0/19;

221.8.0.0/15;

221.10.0.0/16;

221.11.0.0/17;

221.11.128.0/18;

221.11.192.0/19;

221.12.0.0/17;

221.12.128.0/18;

221.13.0.0/18;

221.13.64.0/19;

221.13.96.0/19;

221.13.128.0/17;

221.14.0.0/15;

221.192.0.0/15;

221.194.0.0/16;

221.195.0.0/16;

221.196.0.0/15;

221.198.0.0/16;

221.199.0.0/19;

221.199.32.0/20;

221.199.128.0/18;

221.199.192.0/20;

221.200.0.0/14;

221.204.0.0/15;

221.206.0.0/16;

221.207.0.0/18;

221.207.64.0/18;

221.207.128.0/17;

221.208.0.0/14;

221.212.0.0/16;

221.213.0.0/16;

221.216.0.0/13;

222.128.0.0/14;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/15;

222.162.0.0/16;

222.163.0.0/19;

222.163.32.0/19;

222.163.64.0/18;

222.163.128.0/17;

};

//教育网IP

acl CERT {

58.17.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.24.0.0/15;

58.59.128.0/17;

58.60.8.0/21;

58.61.32.0/25;

58.61.32.128/32;

58.100.0.0/15;

58.116.0.0/14;

58.128.0.0/13;

58.154.0.0/15;

58.192.0.0/12;

58.240.0.0/15;

58.248.0.0/13;

59.32.0.0/12;

59.49.128.0/17;

59.50.0.0/16;

59.61.128.0/19;

59.64.0.0/12;

59.151.0.0/17;

60.0.0.0/11;

60.63.0.0/16;

60.190.28.0/28;

60.190.28.96/27;

60.190.28.128/28;

60.190.28.144/30;

60.191.2.0/24;

60.208.0.0/16;

61.28.0.0/20;

61.48.0.0/13;

61.128.0.0/10;

61.200.81.134/31;

61.200.81.136/31;

61.200.81.142/31;

61.200.81.144/31;

61.200.81.150/31;

61.213.179.87/32;

61.232.0.0/14;

61.236.0.0/15;

61.240.0.0/14;

62.4.69.0/24;

62.159.60.207/32;

62.159.60.208/31;

62.159.60.213/32;

62.159.60.214/32;

62.173.115.116/32;

63.73.227.0/24;

63.84.162.0/24;

63.86.118.0/23;

63.89.64.0/24;

63.123.46.86/32;

63.125.146.0/24;

63.164.11.0/24;

63.208.195.68/32;

63.209.48.0/24;

63.210.142.0/24;

63.211.40.87/32;

63.211.66.0/24;

63.215.124.0/24;

64.4.0.0/18;

64.4.240.0/20;

64.68.78.0/23;

64.124.183.0/24;

64.215.165.86/32;

64.215.167.87/32;

64.215.172.0/24;

64.233.160.0/19;

65.54.0.0/15;

65.171.126.87/32;

65.215.128.0/24;

65.245.226.86/32;

65.246.184.0/23;

66.37.210.86/32;

66.45.81.158/32;

66.45.81.190/32;

66.98.205.0/24;

66.102.0.0/20;

66.117.176.136/31;

66.117.176.210/31;

66.117.176.212/30;

66.117.176.216/30;

66.117.176.220/32;

66.117.177.21/32;

66.135.192.0/19;

66.160.145.87/32;

66.179.148.0/24;

66.179.235.32/27;

66.211.160.0/19;

66.249.64.0/19;

67.72.126.87/32;

67.106.214.87/32;

67.133.36.87/32;

67.133.38.87/32;

67.133.200.87/32;

69.32.132.0/24;

69.45.80.87/32;

69.45.82.87/32;

69.45.84.87/32;

72.14.192.0/19;

72.14.224.0/20;

72.164.152.0/24;

80.67.78.87/32;

81.52.203.87/32;

81.52.251.87/32;

82.150.20.0/22;

82.165.43.115/32;

83.70.140.0/22;

84.18.160.0/19;

84.53.128.87/32;

121.30.0.0/15;

121.48.0.0/15;

121.192.0.0/14;

121.248.0.0/14;

123.49.160.0/24;

124.64.0.0/15;

124.88.0.0/14;

124.128.0.0/13;

124.161.0.0/16;

124.162.0.0/15;

124.164.0.0/14;

125.32.0.0/12;

125.73.0.0/16;

125.96.0.0/15;

125.98.0.0/16;

125.171.0.0/17;

125.208.0.0/20;

125.216.0.0/13;

128.84.158.0/24;

128.107.229.0/24;

129.35.76.0/24;

129.35.77.193/32;

129.41.4.137/32;

129.41.4.138/32;

129.41.4.140/32;

129.41.4.143/32;

129.41.4.144/30;

129.41.4.148/32;

129.41.4.154/32;

129.41.4.158/32;

129.42.24.230/32;

129.42.25.230/32;

129.42.32.230/32;

129.42.33.230/32;

129.42.40.230/32;

129.42.41.230/32;

130.88.203.58/32;

132.174.1.0/24;

132.174.11.0/24;

134.243.5.21/32;

134.243.5.70/32;

134.243.5.160/32;

134.243.85.3/32;

137.189.0.0/16;

138.12.4.0/24;

140.98.193.0/24;

140.98.194.0/24;

140.113.0.0/16;

140.234.29.0/24;

141.66.18.186/32;

143.89.0.0/16;

144.81.82.0/24;

144.81.87.0/24;

144.81.88.0/23;

144.214.0.0/16;

147.8.0.0/16;

149.28.1.0/24;

152.101.0.0/16;

152.104.0.0/16;

158.132.0.0/16;

158.182.0.0/16;

159.226.0.0/16;

161.207.0.0/16;

162.97.112.87/32;

162.97.114.87/32;

162.105.0.0/16;

165.193.106.0/23;

165.193.159.0/24;

165.215.136.0/24;

166.90.150.87/32;

166.111.0.0/16;

167.68.6.0/23;

167.139.0.0/16;

167.216.166.0/24;

168.160.0.0/16;

170.107.185.0/24;

170.107.188.0/22;

171.66.120.0/21;

192.58.150.0/24;

192.80.71.0/24;

192.84.75.0/24;

192.86.104.0/24;

192.195.245.0/24;

192.207.91.0/24;

192.245.208.0/24;

193.128.223.0/24;

193.131.119.0/24;

193.174.24.39/32;

193.174.240.6/32;

193.174.240.8/32;

193.194.158.0/24;

194.119.138.1/32;

194.128.228.153/32;

194.130.252.0/24;

195.22.150.0/23;

195.27.60.0/24;

195.27.123.0/24;

195.27.130.0/24;

195.90.89.87/32;

195.144.69.0/24;

198.81.200.2/32;

198.185.19.0/24;

199.4.154.0/23;

199.98.88.0/24;

199.164.217.0/24;

202.4.128.0/19;

202.14.80.0/24;

202.38.0.0/16;

202.40.138.0/23;

202.40.157.0/24;

202.40.192.0/19;

202.43.216.0/23;

202.45.32.0/19;

202.45.176.0/20;

202.75.64.0/19;

202.84.16.0/23;

202.91.176.0/20;

202.93.252.0/22;

202.95.0.0/19;

202.96.0.0/12;

202.112.0.0/13;

202.120.0.0/15;

202.122.32.0/20;

202.123.110.0/24;

202.125.192.0/18;

202.127.0.0/18;

202.127.128.0/17;

202.130.0.0/19;

202.130.224.0/19;

202.131.208.0/20;

202.134.86.130/32;

202.147.5.152/31;

202.147.5.158/31;

202.147.5.160/31;

202.147.5.166/31;

202.152.176.0/20;

202.160.176.0/20;

202.165.96.0/21;

202.165.104.0/22;

202.177.217.87/32;

202.179.240.0/20;

202.189.96.0/19;

202.192.0.0/12;

203.81.16.0/20;

203.87.224.0/19;

203.88.32.0/19;

203.91.120.0/21;

203.93.0.0/16;

203.95.0.0/21;

203.112.23.19/32;

203.119.28.0/23;

203.126.70.87/32;

203.128.128.0/19;

203.166.101.87/32;

203.175.128.0/19;

203.188.64.0/18;

203.192.0.0/19;

203.207.64.0/18;

203.207.128.0/17;

203.208.0.0/19;

203.209.224.0/19;

203.212.0.0/20;

204.94.134.87/32;

204.95.14.87/32;

204.153.51.29/32;

204.153.51.60/32;

204.153.51.65/32;

204.153.51.113/32;

204.179.122.0/24;

204.228.64.52/32;

204.228.64.55/32;

204.228.64.60/32;

205.142.245.0/24;

205.161.5.87/32;

205.203.134.1/32;

205.203.134.30/32;

205.240.244.0/22;

205.243.231.0/24;

206.61.136.87/32;

206.65.170.81/32;

206.112.77.86/32;

206.112.112.0/24;

206.165.29.87/32;

207.24.42.0/24;

207.46.0.0/16;

207.54.136.0/24;

207.68.172.235/32;

207.68.178.0/25;

207.68.179.192/27;

207.126.106.92/32;

207.126.107.92/32;

207.126.112.97/32;

207.164.255.103/32;

208.44.56.71/32;

208.44.56.210/31;

208.44.56.212/30;

208.44.56.216/30;

208.44.56.220/32;

208.176.18.0/24;

208.215.179.0/24;

209.8.104.87/32;

209.8.106.87/32;

209.8.112.87/32;

209.85.128.0/17;

209.116.81.5/32;

209.208.170.210/31;

209.246.136.0/24;

209.249.123.0/24;

210.5.0.0/19;

210.12.0.0/15;

210.14.64.0/19;

210.14.160.0/19;

210.14.192.0/18;

210.15.0.0/17;

210.15.128.0/18;

210.21.0.0/16;

210.22.0.0/16;

210.25.0.0/17;

210.25.128.0/18;

210.26.0.0/15;

210.28.0.0/14;

210.32.0.0/12;

210.51.0.0/16;

210.52.0.0/15;

210.57.21.86/32;

210.72.0.0/14;

210.76.0.0/15;

210.78.0.0/16;

210.79.224.0/19;

210.82.0.0/15;

210.87.128.0/18;

210.177.136.0/24;

210.192.96.0/19;

210.210.18.35/32;

211.64.0.0/13;

211.80.0.0/12;

211.96.0.0/13;

211.136.0.0/13;

211.144.0.0/12;

211.160.0.0/13;

211.174.51.134/31;

211.174.51.136/31;

211.174.51.142/31;

211.174.51.144/31;

211.174.51.150/31;

211.174.51.152/31;

211.174.51.158/31;

211.174.51.160/31;

211.174.51.166/31;

211.174.51.172/31;

212.87.150.203/32;

212.87.150.207/32;

212.87.150.214/32;

212.87.150.216/32;

212.87.150.218/32;

212.187.169.0/24;

212.209.166.86/32;

213.52.211.32/27;

213.161.82.0/24;

213.212.74.236/32;

213.244.181.0/24;

216.32.120.0/24;

216.33.115.0/24;

216.33.244.0/22;

216.33.252.0/23;

216.52.17.96/32;

216.52.36.0/23;

216.73.87.52/32;

216.113.160.0/19;

216.143.112.0/24;

216.146.38.200/30;

216.146.38.204/32;

216.162.203.72/29;

216.162.203.144/28;

216.176.50.163/32;

216.200.62.0/24;

216.218.251.87/32;

216.239.32.0/19;

217.7.141.143/32;

217.7.141.144/31;

217.7.141.149/32;

217.7.141.150/32;

217.68.69.68/31;

217.68.69.70/32;

217.110.203.89/32;

217.163.16.87/32;

218.0.0.0/11;

218.56.0.0/13;

218.64.0.0/11;

218.96.0.0/14;

218.104.0.0/14;

218.108.0.0/15;

218.192.0.0/12;

218.240.0.0/13;

218.249.63.128/25;

218.249.156.64/26;

218.249.156.128/26;

219.72.0.0/16;

219.82.0.0/16;

219.128.0.0/11;

219.216.0.0/13;

219.224.0.0/12;

219.242.0.0/15;

219.244.0.0/14;

220.113.43.0/24;

220.130.122.87/32;

220.160.0.0/11;

220.192.0.0/12;

220.231.15.110/32;

220.234.0.0/16;

220.248.0.0/14;

220.252.0.0/16;

221.0.0.0/12;

221.130.0.0/15;

221.137.0.0/16;

221.172.0.0/14;

221.192.0.0/13;

221.200.0.0/14;

221.204.0.0/15;

221.208.0.0/14;

221.212.0.0/16;

221.213.18.0/24;

221.214.0.0/15;

221.216.0.0/13;

221.224.0.0/12;

222.16.0.0/12;

222.32.0.0/11;

222.64.0.0/11;

222.125.0.0/16;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/14;

222.168.0.0/13;

222.176.0.0/12;

222.192.0.0/12;

222.208.0.0/13;

222.216.0.0/15;

222.218.0.0/16;

222.222.0.0/15;

222.240.0.0/13;

222.248.0.0/15;

};

view "cncnet" {

match-clients { !key certnet;!key othernet; dns-ip-list; CNC;};

recursion yes;

zone "longrujun.com" {

type master;

file "longrujun.cnc"; #longrujun.com网通解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输

};

zone "test.com" {

type master;

file "test.cnc"; #test.com网通解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "certnet" {

match-clients { key certnet;CERT; };

server 192.168.5.29 { keys certnet; };#同步到辅dns

recursion yes;

zone "longrujun.com" {

type master;

file "longrujun.cert";#longrujun.com教育网解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "test.com" {

type master;

file "test.cert";#test.com教育网解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "othernet" {

match-clients { key othernet; any; };

server 192.168.5.29 { keys othernet; };#同步到辅dns

recursion yes;

zone "longrujun.com" {

type master;

file "longrujun.other";#其他IP段的longrujun.com解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "test.com" {

type master;

file "test.other";#其他IP段的test.com解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

3>、生成longrujun.cnc、longrujun.cert、longrujun.other

Test.cnc、test.cert、test.other文件

debian:/Data/named# cat longrujun.cnc

$ORIGIN .

$TTL 3600 ; 1 hour

longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.longrujun.com.

NS dns5.longrujun.com.

$TTL 3600 ; 1 hour

A 100.100.100.100

$TTL 7200 ; 2 hours

MX 10 mail.longrujun.com.

MX 20 mail2.longrujun.com.

$ORIGIN longrujun.com.

$TTL 3600 ; 1 hour

www A 100.100.100.101

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat longrujun.cert

$ORIGIN .

$TTL 3600 ; 1 hour

longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.longrujun.com.

NS dns5.longrujun.com.

$TTL 3600 ; 1 hour

A 100.100.100.100

$TTL 7200 ; 2 hours

MX 10 mail.longrujun.com.

MX 20 mail2.longrujun.com.

$ORIGIN longrujun.com.

$TTL 3600 ; 1 hour

www A 100.100.100.102

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat longrujun.other

$ORIGIN .

$TTL 3600 ; 1 hour

longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.longrujun.com.

NS dns5.longrujun.com.

$TTL 3600 ; 1 hour

A 100.100.100.100

$TTL 7200 ; 2 hours

MX 10 mail.longrujun.com.

MX 20 mail2.longrujun.com.

$ORIGIN longrujun.com.

$TTL 3600 ; 1 hour

www A 100.100.100.103

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat test.cnc

$ORIGIN .

$TTL 3600 ; 1 hour

test.com IN SOA dns2.test.com. i.test.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.test.com.

NS dns5.test.com.

$TTL 3600 ; 1 hour

A 111.111.111.100

$TTL 7200 ; 2 hours

MX 10 mail.test.com.

MX 20 mail2.test.com.

$ORIGIN test.com.

$TTL 3600 ; 1 hour

www A 111.111.111.101

dns2 A 192.168.5.96

dns5 A 192.168.5.26

debian:/Data/named# cat test.cert

$ORIGIN .

$TTL 3600 ; 1 hour

test.com IN SOA dns2.test.com. i.test.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.test.com.

NS dns5.test.com.

$TTL 3600 ; 1 hour

A 111.111.111.100

$TTL 7200 ; 2 hours

MX 10 mail.test.com.

MX 20 mail2.test.com.

$ORIGIN test.com.

$TTL 3600 ; 1 hour

www A 111.111.111.102

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat test.other

$ORIGIN .

$TTL 3600 ; 1 hour

test.com IN SOA dns2.test.com. i.test.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.test.com.

NS dns5.test.com.

$TTL 3600 ; 1 hour

A 111.111.111.100

$TTL 7200 ; 2 hours

MX 10 mail.test.com.

MX 20 mail2.test.com.

$ORIGIN test.com.

$TTL 3600 ; 1 hour

www A 111.100.111.103

dns2 A 192.168.5.96

dns5 A 192.168.5.26

Step IV、检验配置

ok至此主DNS服务器上面的配置已完成

检查配置的正确性

debian:/Data/apps/named/sbin# ./named-checkconf

debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cnc

zone longrujun.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cert

zone longrujun.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.other

zone longrujun.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cnc

zone test.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cert

zone test.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.other

zone test.com/IN: loaded serial 2006091122

OK

配置正确启动named

debian:/Data/apps/named/sbin# ./named

debian:/Data/apps/named/sbin# netstat -ltunp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:612 0.0.0.0:* LISTEN 2126/rpc.statd

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1708/portmap

tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2110/inetd

tcp 0 0 192.168.5.96:53 0.0.0.0:* LISTEN 15372/named

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15372/named

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15372/named

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2105/exim4

tcp6 0 0 :::22 :::* LISTEN 2122/sshd

udp 0 584 0.0.0.0:1027 0.0.0.0:* 15372/named

udp 0 0 192.168.5.96:53 0.0.0.0:* 15372/named

udp 0 0 127.0.0.1:53 0.0.0.0:* 15372/named

udp 0 0 0.0.0.0:68 0.0.0.0:* 1703/dhclient

udp 0 0 0.0.0.0:606 0.0.0.0:* 2126/rpc.statd

udp 0 0 0.0.0.0:609 0.0.0.0:* 2126/rpc.statd

udp 0 0 0.0.0.0:111 0.0.0.0:* 1708/portmap

udp6 0 0 :::1028 :::* 15372/named

debian:/Data/apps/named/sbin#

Part II Config Slave Dns Server

Step 1、下载并安装

1>、安装bind

cd /software

wget http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz

tar zxvf bind-9.3.2-P1.tar.gz

cd bind-9.3.2-P1

./configure --prefix=/Data/apps/named --enable-threads

Make

Make install

Step 2、配置

2>、配置

Cd /Data/apps/named

[root@linux named]# mkdir etc

生成rndc控制命令的key文件

[root@linux named]# sbin/rndc-confgen > etc/rndc.conf

从rndc.conf文件中提取named.conf用的key

[root@linux named]# cd etc

自动在/Data/apps/named/etc生成named.conf文件

[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf

3>、建立Zone文件目录

[root@linux etc]# mkdir /Data/named

进入/Data/named目录

[root@linux etc]# cd /Data/named

4>、建立localhost.zone

[root@linux named]#vi localhost.zone

$TTL 86400

$ORIGIN localhost.

@ 1D IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1D IN NS @

1D IN A 127.0.0.1

5>、建立named.local

[root@linux named]#vi named.local

$TTL 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

6>、生成named.root

[root@linux named]#dig > named.root

7>、修改named.conf把在主dns服务器上生成的两对key用于辅dns服务器

Cd /Data/apps/named/etc

debian:/Data/apps/named/etc# cat named.conf

key "rndc-key" {

algorithm hmac-md5;

secret "ILrtNPz8KoF2D95rXnNzOQ==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

options {

directory "/Data/named";

pid-file "named.pid";

};

key "certnet" {

algorithm hmac-md5;

secret "1ks7MJQvWmisPMWbRnYYjg==";

};

key "othernet" {

algorithm hmac-md5;

secret "CC3eLL3okKM5pBHM1HSMNA==";

};

include "acl.conf";

8>、创建acl.conf

debian:/Data/named# pico acl.conf

acl "dns-ip-list" {

192.168.5.96; #主dns服务器IP

192.168.5.29; #辅dns服务器IP

};

acl CNC {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

58.22.0.0/15;

58.240.0.0/15;

58.242.0.0/15;

58.244.0.0/15;

58.246.0.0/15;

58.248.0.0/13;

60.0.0.0/13;

60.8.0.0/15;

60.10.0.0/16;

60.11.0.0/16;

60.12.0.0/16;

60.13.0.0/18;

60.13.128.0/17;

60.14.0.0/15;

60.16.0.0/13;

60.24.0.0/14;

60.30.0.0/16;

60.31.0.0/16;

60.208.0.0/13;

60.216.0.0/15;

60.218.0.0/15;

60.220.0.0/14;

61.48.0.0/13;

61.133.0.0/17;

61.134.96.0/19;

61.134.128.0/17;

61.135.0.0/16;

61.137.128.0/17;

61.138.0.0/17;

61.138.128.0/18;

61.139.128.0/18;

61.148.0.0/15;

61.156.0.0/16;

61.159.0.0/18;

61.161.0.0/18;

61.161.128.0/17;

61.162.0.0/16;

61.163.0.0/16;

61.167.0.0/16;

61.168.0.0/16;

61.176.0.0/16;

61.179.0.0/16;

61.181.0.0/16;

61.182.0.0/16;

61.189.0.0/17;

125.32.0.0/16;

125.40.0.0/13;

202.96.0.0/18;

202.96.64.0/21;

202.96.72.0/21;

202.97.128.0/18;

202.97.224.0/21;

202.97.240.0/20;

202.98.0.0/21;

202.98.8.0/21;

202.99.64.0/19;

202.99.96.0/21;

202.99.128.0/19;

202.99.160.0/21;

202.99.168.0/21;

202.99.176.0/20;

202.99.208.0/20;

202.99.224.0/21;

202.99.232.0/21;

202.99.240.0/20;

202.102.128.0/21;

202.102.224.0/21;

202.102.232.0/21;

202.106.0.0/16;

202.107.0.0/17;

202.108.0.0/16;

202.110.0.0/17;

202.111.128.0/18;

203.93.8.0/24;

203.93.192.0/18;

210.13.128.0/17;

210.14.160.0/19;

210.14.192.0/19;

210.15.32.0/19;

210.15.96.0/19;

210.15.128.0/18;

210.21.0.0/16;

210.52.128.0/17;

210.53.0.0/17;

210.53.128.0/17;

210.74.96.0/19;

210.74.128.0/19;

210.82.0.0/15;

218.8.0.0/14;

218.12.0.0/16;

218.21.128.0/17;

218.24.0.0/14;

218.56.0.0/14;

218.60.0.0/15;

218.67.128.0/17;

218.68.0.0/15;

218.104.0.0/14;

219.154.0.0/15;

219.156.0.0/15;

219.158.0.0/17;

219.158.128.0/17;

219.159.0.0/18;

220.252.0.0/16;

221.0.0.0/15;

221.2.0.0/16;

221.3.0.0/17;

221.3.128.0/17;

221.4.0.0/16;

221.5.0.0/17;

221.5.128.0/17;

221.6.0.0/16;

221.7.0.0/19;

221.7.32.0/19;

221.7.64.0/19;

221.7.96.0/19;

221.8.0.0/15;

221.10.0.0/16;

221.11.0.0/17;

221.11.128.0/18;

221.11.192.0/19;

221.12.0.0/17;

221.12.128.0/18;

221.13.0.0/18;

221.13.64.0/19;

221.13.96.0/19;

221.13.128.0/17;

221.14.0.0/15;

221.192.0.0/15;

221.194.0.0/16;

221.195.0.0/16;

221.196.0.0/15;

221.198.0.0/16;

221.199.0.0/19;

221.199.32.0/20;

221.199.128.0/18;

221.199.192.0/20;

221.200.0.0/14;

221.204.0.0/15;

221.206.0.0/16;

221.207.0.0/18;

221.207.64.0/18;

221.207.128.0/17;

221.208.0.0/14;

221.212.0.0/16;

221.213.0.0/16;

221.216.0.0/13;

222.128.0.0/14;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/15;

222.162.0.0/16;

222.163.0.0/19;

222.163.32.0/19;

222.163.64.0/18;

222.163.128.0/17;

};

//教育网IP

acl CERT {

58.17.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.24.0.0/15;

58.59.128.0/17;

58.60.8.0/21;

58.61.32.0/25;

58.61.32.128/32;

58.100.0.0/15;

58.116.0.0/14;

58.128.0.0/13;

58.154.0.0/15;

58.192.0.0/12;

58.240.0.0/15;

58.248.0.0/13;

59.32.0.0/12;

59.49.128.0/17;

59.50.0.0/16;

59.61.128.0/19;

59.64.0.0/12;

59.151.0.0/17;

60.0.0.0/11;

60.63.0.0/16;

60.190.28.0/28;

60.190.28.96/27;

60.190.28.128/28;

60.190.28.144/30;

60.191.2.0/24;

60.208.0.0/16;

61.28.0.0/20;

61.48.0.0/13;

61.128.0.0/10;

61.200.81.134/31;

61.200.81.136/31;

61.200.81.142/31;

61.200.81.144/31;

61.200.81.150/31;

61.213.179.87/32;

61.232.0.0/14;

61.236.0.0/15;

61.240.0.0/14;

62.4.69.0/24;

62.159.60.207/32;

62.159.60.208/31;

62.159.60.213/32;

62.159.60.214/32;

62.173.115.116/32;

63.73.227.0/24;

63.84.162.0/24;

63.86.118.0/23;

63.89.64.0/24;

63.123.46.86/32;

63.125.146.0/24;

63.164.11.0/24;

63.208.195.68/32;

63.209.48.0/24;

63.210.142.0/24;

63.211.40.87/32;

63.211.66.0/24;

63.215.124.0/24;

64.4.0.0/18;

64.4.240.0/20;

64.68.78.0/23;

64.124.183.0/24;

64.215.165.86/32;

64.215.167.87/32;

64.215.172.0/24;

64.233.160.0/19;

65.54.0.0/15;

65.171.126.87/32;

65.215.128.0/24;

65.245.226.86/32;

65.246.184.0/23;

66.37.210.86/32;

66.45.81.158/32;

66.45.81.190/32;

66.98.205.0/24;

66.102.0.0/20;

66.117.176.136/31;

66.117.176.210/31;

66.117.176.212/30;

66.117.176.216/30;

66.117.176.220/32;

66.117.177.21/32;

66.135.192.0/19;

66.160.145.87/32;

66.179.148.0/24;

66.179.235.32/27;

66.211.160.0/19;

66.249.64.0/19;

67.72.126.87/32;

67.106.214.87/32;

67.133.36.87/32;

67.133.38.87/32;

67.133.200.87/32;

69.32.132.0/24;

69.45.80.87/32;

69.45.82.87/32;

69.45.84.87/32;

72.14.192.0/19;

72.14.224.0/20;

72.164.152.0/24;

80.67.78.87/32;

81.52.203.87/32;

81.52.251.87/32;

82.150.20.0/22;

82.165.43.115/32;

83.70.140.0/22;

84.18.160.0/19;

84.53.128.87/32;

121.30.0.0/15;

121.48.0.0/15;

121.192.0.0/14;

121.248.0.0/14;

123.49.160.0/24;

124.64.0.0/15;

124.88.0.0/14;

124.128.0.0/13;

124.161.0.0/16;

124.162.0.0/15;

124.164.0.0/14;

125.32.0.0/12;

125.73.0.0/16;

125.96.0.0/15;

125.98.0.0/16;

125.171.0.0/17;

125.208.0.0/20;

125.216.0.0/13;

128.84.158.0/24;

128.107.229.0/24;

129.35.76.0/24;

129.35.77.193/32;

129.41.4.137/32;

129.41.4.138/32;

129.41.4.140/32;

129.41.4.143/32;

129.41.4.144/30;

129.41.4.148/32;

129.41.4.154/32;

129.41.4.158/32;

129.42.24.230/32;

129.42.25.230/32;

129.42.32.230/32;

129.42.33.230/32;

129.42.40.230/32;

129.42.41.230/32;

130.88.203.58/32;

132.174.1.0/24;

132.174.11.0/24;

134.243.5.21/32;

134.243.5.70/32;

134.243.5.160/32;

134.243.85.3/32;

137.189.0.0/16;

138.12.4.0/24;

140.98.193.0/24;

140.98.194.0/24;

140.113.0.0/16;

140.234.29.0/24;

141.66.18.186/32;

143.89.0.0/16;

144.81.82.0/24;

144.81.87.0/24;

144.81.88.0/23;

144.214.0.0/16;

147.8.0.0/16;

149.28.1.0/24;

152.101.0.0/16;

152.104.0.0/16;

158.132.0.0/16;

158.182.0.0/16;

159.226.0.0/16;

161.207.0.0/16;

162.97.112.87/32;

162.97.114.87/32;

162.105.0.0/16;

165.193.106.0/23;

165.193.159.0/24;

165.215.136.0/24;

166.90.150.87/32;

166.111.0.0/16;

167.68.6.0/23;

167.139.0.0/16;

167.216.166.0/24;

168.160.0.0/16;

170.107.185.0/24;

170.107.188.0/22;

171.66.120.0/21;

192.58.150.0/24;

192.80.71.0/24;

192.84.75.0/24;

192.86.104.0/24;

192.195.245.0/24;

192.207.91.0/24;

192.245.208.0/24;

193.128.223.0/24;

193.131.119.0/24;

193.174.24.39/32;

193.174.240.6/32;

193.174.240.8/32;

193.194.158.0/24;

194.119.138.1/32;

194.128.228.153/32;

194.130.252.0/24;

195.22.150.0/23;

195.27.60.0/24;

195.27.123.0/24;

195.27.130.0/24;

195.90.89.87/32;

195.144.69.0/24;

198.81.200.2/32;

198.185.19.0/24;

199.4.154.0/23;

199.98.88.0/24;

199.164.217.0/24;

202.4.128.0/19;

202.14.80.0/24;

202.38.0.0/16;

202.40.138.0/23;

202.40.157.0/24;

202.40.192.0/19;

202.43.216.0/23;

202.45.32.0/19;

202.45.176.0/20;

202.75.64.0/19;

202.84.16.0/23;

202.91.176.0/20;

202.93.252.0/22;

202.95.0.0/19;

202.96.0.0/12;

202.112.0.0/13;

202.120.0.0/15;

202.122.32.0/20;

202.123.110.0/24;

202.125.192.0/18;

202.127.0.0/18;

202.127.128.0/17;

202.130.0.0/19;

202.130.224.0/19;

202.131.208.0/20;

202.134.86.130/32;

202.147.5.152/31;

202.147.5.158/31;

202.147.5.160/31;

202.147.5.166/31;

202.152.176.0/20;

202.160.176.0/20;

202.165.96.0/21;

202.165.104.0/22;

202.177.217.87/32;

202.179.240.0/20;

202.189.96.0/19;

202.192.0.0/12;

203.81.16.0/20;

203.87.224.0/19;

203.88.32.0/19;

203.91.120.0/21;

203.93.0.0/16;

203.95.0.0/21;

203.112.23.19/32;

203.119.28.0/23;

203.126.70.87/32;

203.128.128.0/19;

203.166.101.87/32;

203.175.128.0/19;

203.188.64.0/18;

203.192.0.0/19;

203.207.64.0/18;

203.207.128.0/17;

203.208.0.0/19;

203.209.224.0/19;

203.212.0.0/20;

204.94.134.87/32;

204.95.14.87/32;

204.153.51.29/32;

204.153.51.60/32;

204.153.51.65/32;

204.153.51.113/32;

204.179.122.0/24;

204.228.64.52/32;

204.228.64.55/32;

204.228.64.60/32;

205.142.245.0/24;

205.161.5.87/32;

205.203.134.1/32;

205.203.134.30/32;

205.240.244.0/22;

205.243.231.0/24;

206.61.136.87/32;

206.65.170.81/32;

206.112.77.86/32;

206.112.112.0/24;

206.165.29.87/32;

207.24.42.0/24;

207.46.0.0/16;

207.54.136.0/24;

207.68.172.235/32;

207.68.178.0/25;

207.68.179.192/27;

207.126.106.92/32;

207.126.107.92/32;

207.126.112.97/32;

207.164.255.103/32;

208.44.56.71/32;

208.44.56.210/31;

208.44.56.212/30;

208.44.56.216/30;

208.44.56.220/32;

208.176.18.0/24;

208.215.179.0/24;

209.8.104.87/32;

209.8.106.87/32;

209.8.112.87/32;

209.85.128.0/17;

209.116.81.5/32;

209.208.170.210/31;

209.246.136.0/24;

209.249.123.0/24;

210.5.0.0/19;

210.12.0.0/15;

210.14.64.0/19;

210.14.160.0/19;

210.14.192.0/18;

210.15.0.0/17;

210.15.128.0/18;

210.21.0.0/16;

210.22.0.0/16;

210.25.0.0/17;

210.25.128.0/18;

210.26.0.0/15;

210.28.0.0/14;

210.32.0.0/12;

210.51.0.0/16;

210.52.0.0/15;

210.57.21.86/32;

210.72.0.0/14;

210.76.0.0/15;

210.78.0.0/16;

210.79.224.0/19;

210.82.0.0/15;

210.87.128.0/18;

210.177.136.0/24;

210.192.96.0/19;

210.210.18.35/32;

211.64.0.0/13;

211.80.0.0/12;

211.96.0.0/13;

211.136.0.0/13;

211.144.0.0/12;

211.160.0.0/13;

211.174.51.134/31;

211.174.51.136/31;

211.174.51.142/31;

211.174.51.144/31;

211.174.51.150/31;

211.174.51.152/31;

211.174.51.158/31;

211.174.51.160/31;

211.174.51.166/31;

211.174.51.172/31;

212.87.150.203/32;

212.87.150.207/32;

212.87.150.214/32;

212.87.150.216/32;

212.87.150.218/32;

212.187.169.0/24;

212.209.166.86/32;

213.52.211.32/27;

213.161.82.0/24;

213.212.74.236/32;

213.244.181.0/24;

216.32.120.0/24;

216.33.115.0/24;

216.33.244.0/22;

216.33.252.0/23;

216.52.17.96/32;

216.52.36.0/23;

216.73.87.52/32;

216.113.160.0/19;

216.143.112.0/24;

216.146.38.200/30;

216.146.38.204/32;

216.162.203.72/29;

216.162.203.144/28;

216.176.50.163/32;

216.200.62.0/24;

216.218.251.87/32;

216.239.32.0/19;

217.7.141.143/32;

217.7.141.144/31;

217.7.141.149/32;

217.7.141.150/32;

217.68.69.68/31;

217.68.69.70/32;

217.110.203.89/32;

217.163.16.87/32;

218.0.0.0/11;

218.56.0.0/13;

218.64.0.0/11;

218.96.0.0/14;

218.104.0.0/14;

218.108.0.0/15;

218.192.0.0/12;

218.240.0.0/13;

218.249.63.128/25;

218.249.156.64/26;

218.249.156.128/26;

219.72.0.0/16;

219.82.0.0/16;

219.128.0.0/11;

219.216.0.0/13;

219.224.0.0/12;

219.242.0.0/15;

219.244.0.0/14;

220.113.43.0/24;

220.130.122.87/32;

220.160.0.0/11;

220.192.0.0/12;

220.231.15.110/32;

220.234.0.0/16;

220.248.0.0/14;

220.252.0.0/16;

221.0.0.0/12;

221.130.0.0/15;

221.137.0.0/16;

221.172.0.0/14;

221.192.0.0/13;

221.200.0.0/14;

221.204.0.0/15;

221.208.0.0/14;

221.212.0.0/16;

221.213.18.0/24;

221.214.0.0/15;

221.216.0.0/13;

221.224.0.0/12;

222.16.0.0/12;

222.32.0.0/11;

222.64.0.0/11;

222.125.0.0/16;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/14;

222.168.0.0/13;

222.176.0.0/12;

222.192.0.0/12;

222.208.0.0/13;

222.216.0.0/15;

222.218.0.0/16;

222.222.0.0/15;

222.240.0.0/13;

222.248.0.0/15

};

view "cncnet" {

match-clients { !key certnet;!key othernet; dns-ip-list; 192.168.5.115;CNC;};

recursion yes;

zone "longrujun.com" {

type slave;

file "longrujun.cnc";#longrujun.com网通解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "test.com" {

type slave;

file "test.cnc";#test.com网通解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "certnet" {

match-clients { key certnet;192.168.5.38;CERT; };

server 192.168.5.96 { keys certnet; };#同步到主dns

recursion yes;

zone "longrujun.com" {

type slave;

file "longrujun.cert";#longrujun.com教育网解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "test.com" {

type slave;

file "test.cert";#test.com教育网解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "othernet" {

match-clients { key othernet; any;192.168.5.49; };

server 192.168.5.96 { keys othernet; };#同步到主dns

recursion yes;

zone "longrujun.com" {

type slave;

file "longrujun.other";#其他IP段的longrujun.com解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "test.com" {

type slave;

file "test.other";#其他IP段的test.name解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

Published 2006年10月27日 5:17 by longrujun Edit

Filed under: SQUID, How to, DNS, Web2.0, CDN, SOA, GSLB [Edit Tags]

收藏此页到365Key | 添加到Del.icio.us | Digg this

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有