BIND view实现智能DNS

原创

receiving 2012-03-15 10:52:21 ©著作权

文章标签 职场休闲智能DNS 文章分类 服务器

©著作权归作者所有：来自51CTO博客作者receiving的原创作品，请联系作者获取转载授权，否则将追究法律责任

由于中国目前基础通讯的分割局面，使一些企业不得不考虑南北互联互通问题，这也是我们公司面临的问题之一。

为增加用户的体验度，不得不增加企业的运营成本。与联通沟通后，把服务器搬入双线机房---联通和电信----双线路双网卡。

双线路双网卡首先要解决域名解析问题，要让电信的IP访问的时候走电信的线路，联通的IP走联通的线路。

BIND 的view功能就是这个方案的解决途径之一。下面就介绍安装与配置：

1、去bind官网下载最新版本:ftp://ftp.isc.org/isc/bind9/9.8.1-P1/bind-9.8.1-P1.tar.gz

tar xzvf bind-9.8.1-P1.tar.gz

cd bind-9.8.1-P1

./configure --prefix=/opt/bind --with-libtool --enable-largefile --enable-threads --disable-ipv6 --sysconfdir=/opt/bind/etc --localstatedir=/var/named --disable-openssl-version-check

make&&make install

2、/opt/bind/sbin/rndc-confgen>/opt/bind/etc/rndc.conf

cd /opt/bind/etc

tail -10 rndc.conf |head -9|sed s/#\//g>named.conf

cd /var/named

dig>named.root

groupadd bind

useradd bind -g bind -s /sbin/nologin

3、编辑/opt/bind/etc/named.conf

options {

directory "/var/named";

pid-file "/var/run/named/named.pid";

version "0.0.0";

allow-query { any; };

recursion no;

allow-query-cache { none; };

datasize 50M;

auth-nxdomain no;

listen-on port 53 {192.168.0.20;};

};

key "rndc-key" {

algorithm hmac-md5;

secret "+FU4BMNi9nG0W+tzusLDhQ==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

logging{

channel query_log{

file "/var/log/named/query.log" versions 3 size 256m;

severity info;

print-time yes;

print-severity yes;

print-category yes;

};

category queries{

query_log;

};

channel default_log{

file "/var/log/named/bind.log" versions 3 size 256m;

severity warning;

print-time yes;

print-severity yes;

print-category yes;

};

category default{

default_log;

};

include "/opt/bind/etc/acl.conf";

view "cnc" {

match-clients {cnc;};

zone "." IN {

type hint;

file "named.root";

};

include "/opt/bind/etc/cnc.conf";

};

view "chinanet" {

match-clients {chinanet;};

zone "." IN {

type hint;

file "named.root";

};

include "/opt/bind/etc/chinanet.conf";

};

view "other" {

match-clients {any;};

zone "." IN {

type hint;

file "named.root";

};

include "/opt/bind/etc/other.conf";

};

4、编辑cnd.conf,chinanet.conf,other.conf,acl.conf

示例：chinanet.conf

zone "xin.com" IN {

type master;

file "chinanet/chinanetxin.conf";

};

cnc.conf

zone "xin.com" IN {

type master;

file "cnc/cncxin.conf";

};

other.confzone "xin.com" IN {

type master;

file "otherxin.conf";

};

acl.conf(见附件）

5、编辑域名解析文件

cd /var/named

mkdir chinaet

mkdir cnc

vi chinanet/chinanetxin.conf

$TTL 86400

@ IN SOA ns.xin.com. root.xin.com. (

6 ; serial_num

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS ns.xin.com.

@ IN A DNS服务器IP

ns IN A DNS服务器IP

www IN A WEB主机电信IP

vi chinanet/chinanetxin.conf

$TTL 86400

@ IN SOA ns.xin.com. root.xin.com. (

6 ; serial_num

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS ns.xin.com.

@ IN A DNS服务器IP

ns IN A DNS服务器IP

www IN A WEB主机电信IP

vi other.conf

$TTL 86400

@ IN SOA ns.xin.com. root.xin.com. (

6 ; serial_num

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS ns.xin.com.

@ IN A DNS服务器IP

ns IN A DNS服务器IP

www IN A WEB主机联通IP

6、/opt/bind/sbin/named -c /opt/bind/etc/named.conf -4 -n 4-ubind -p53& #-4只启用ipv4 -n指定几个cpu

i named.sh #启动脚本

#! /bin/bash

case "$1" in

start)

if [ -x /opt/bind/sbin/named ]

then

/opt/bind/sbin/named -c /opt/bind/etc/named.conf -4 -n 2 -ubind -p53&

echo "bind started"

;;

stop)

kill `cat /var/run/named/named.pid`

echo "bind stoped"

;;

restart)

$0 stop

sleep 5

$0 start

;;

echo "$0 start|stop|restart"

;;

esac

启动后，查看/var/log/messages错误信息，按照提示修改相应的权限，可能会在/var/named下面添加三个文件XXX.keys,不知道具体的作用！

下一篇：linux系统软Raid高可用配置

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯