| 订阅 | 在线投稿
分享
 
 
 

DNS TSIG实现CDN+GSLB

来源:互联网网民  宽屏版  评论
2006-12-04 21:03:34

[/url]

DNS TSIG实现CDN+GSLB

DNS TSIG实现CDN+GSLB

DNS TSIG实现CDN+GSLB

Note

1、 本文只涉及User-Server-User过程[Request及Response请参考上图]

2、 有关站点加速及Cache请参考:[url=http://longrujun.name/tags/SQUID/default.aspx]http://longrujun.com/tags/SQUID/default.aspx

3、 有关大规模站点体系规划及性能优化请参考下图,不深入探讨

DNS TSIG实现CDN+GSLB

Server 1:Master

IPADDR=192.168.5.96

NETMASK=255.255.255.0

GATEWAY=192.168.5.1

Server 2: Slave

IPADDR=192.168.5.29

NETMASK=255.255.255.0

GATEWAY=192.168.5.1

Master Server

Part I Config Master Dns Server

Step 1、下载并安装

Cd /software

wget http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz

tar zxvf bind-9.3.2-P1.tar.gz

cd bind-9.3.2-P1

./configure --prefix=/Data/apps/named --enable-threads

Make

Make install

Step 2、配置

1、 基本配置

Cd /Data/apps/named

[root@linux named]# mkdir etc

生成rndc控制命令的key文件

[root@linux named]# sbin/rndc-confgen > etc/rndc.conf

从rndc.conf文件中提取named.conf用的key

[root@linux named]# cd etc

自动在/Data/apps/named/etc生成named.conf文件

[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf

2、 建立Zone文件目录

[root@linux etc]# mkdir /Data/named

进入/Data/named目录

[root@linux etc]# cd /Data/named

A、 建立localhost.zone

[root@linux named]#vi localhost.zone

$TTL 86400

$ORIGIN localhost.

@ 1D IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1D IN NS @

1D IN A 127.0.0.1

B、 建立named.local

[root@linux named]#vi named.local

$TTL 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

C、 生成named.root

[root@linux named]#dig > named.root

D、 修改named.conf

Cd /Data/apps/named/etc

配置named.conf文件,在后面加入以下代码

[root@linux etc]# vi named.conf

options {

directory "/Data/named";

pid-file "named.pid";

};

controls {

inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

E、 测试启动bind

/Data/apps/named/sbin/named -c /Data/apps/named/etc/named.conf &

Step 3、使用TSIG技术加固DNS服务器

3、 下面longrujun.com/test.com为例进行配置

使用TSIG技术,执行 dnssec-keygen function 产生加密金钥,一个为 public key 文件,另一个

为 private key 文件,产生加密金钥。

首先在master上生成两对key,用于教育网和其他部分的IP段,

进入named安装的sbin目录

cd /usr/local/named/sbin/

#用于教育网的view,我们用certnet作为参数

./dnssec-keygen -a hmac-md5 -b 128 -n HOST certnet

#用于其他部分IP的view,我们用othernet作为参数

./dnssec-keygen -a hmac-md5 -b 128 -n HOST othernet

加入private key[Key: 1ks7MJQvWmisPMWbRnYYjg==]至named.conf文件中

在Master建立config及zone文件

1>、修改named.conf文件

加入private key至named.conf文件中,同时删除zone "." IN、zone "localhost" IN及zone "0.0.127.in-addr.arpa" IN配置文件

完整的named.conf如下

debian:/Data/apps/named/etc# cat named.conf

key "rndc-key" {

algorithm hmac-md5;

secret "Ngvc7XGzxmBizws8minZmg==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

options {

directory "/Data/named";

pid-file "named.pid";

};

key "certnet" {

algorithm hmac-md5;

secret "1ks7MJQvWmisPMWbRnYYjg==";

};

key "othernet" {

algorithm hmac-md5;

secret "CC3eLL3okKM5pBHM1HSMNA==";

};

include "acl.conf";

2>、建立acl.conf

[root@redhatas4 etc]# cd /Data/named/

[root@redhatas4 named]# vi acl.conf

acl "dns-ip-list" {

192.168.5.96; #主dns服务器IP

192.168.5.29; #辅dns服务器IP

};

acl CNC {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

58.22.0.0/15;

58.240.0.0/15;

58.242.0.0/15;

58.244.0.0/15;

58.246.0.0/15;

58.248.0.0/13;

60.0.0.0/13;

60.8.0.0/15;

60.10.0.0/16;

60.11.0.0/16;

60.12.0.0/16;

60.13.0.0/18;

60.13.128.0/17;

60.14.0.0/15;

60.16.0.0/13;

60.24.0.0/14;

60.30.0.0/16;

60.31.0.0/16;

60.208.0.0/13;

60.216.0.0/15;

60.218.0.0/15;

60.220.0.0/14;

61.48.0.0/13;

61.133.0.0/17;

61.134.96.0/19;

61.134.128.0/17;

61.135.0.0/16;

61.137.128.0/17;

61.138.0.0/17;

61.138.128.0/18;

61.139.128.0/18;

61.148.0.0/15;

61.156.0.0/16;

61.159.0.0/18;

61.161.0.0/18;

61.161.128.0/17;

61.162.0.0/16;

61.163.0.0/16;

61.167.0.0/16;

61.168.0.0/16;

61.176.0.0/16;

61.179.0.0/16;

61.181.0.0/16;

61.182.0.0/16;

61.189.0.0/17;

125.32.0.0/16;

125.40.0.0/13;

202.96.0.0/18;

202.96.64.0/21;

202.96.72.0/21;

202.97.128.0/18;

202.97.224.0/21;

202.97.240.0/20;

202.98.0.0/21;

202.98.8.0/21;

202.99.64.0/19;

202.99.96.0/21;

202.99.128.0/19;

202.99.160.0/21;

202.99.168.0/21;

202.99.176.0/20;

202.99.208.0/20;

202.99.224.0/21;

202.99.232.0/21;

202.99.240.0/20;

202.102.128.0/21;

202.102.224.0/21;

202.102.232.0/21;

202.106.0.0/16;

202.107.0.0/17;

202.108.0.0/16;

202.110.0.0/17;

202.111.128.0/18;

203.93.8.0/24;

203.93.192.0/18;

210.13.128.0/17;

210.14.160.0/19;

210.14.192.0/19;

210.15.32.0/19;

210.15.96.0/19;

210.15.128.0/18;

210.21.0.0/16;

210.52.128.0/17;

210.53.0.0/17;

210.53.128.0/17;

210.74.96.0/19;

210.74.128.0/19;

210.82.0.0/15;

218.8.0.0/14;

218.12.0.0/16;

218.21.128.0/17;

218.24.0.0/14;

218.56.0.0/14;

218.60.0.0/15;

218.67.128.0/17;

218.68.0.0/15;

218.104.0.0/14;

219.154.0.0/15;

219.156.0.0/15;

219.158.0.0/17;

219.158.128.0/17;

219.159.0.0/18;

220.252.0.0/16;

221.0.0.0/15;

221.2.0.0/16;

221.3.0.0/17;

221.3.128.0/17;

221.4.0.0/16;

221.5.0.0/17;

221.5.128.0/17;

221.6.0.0/16;

221.7.0.0/19;

221.7.32.0/19;

221.7.64.0/19;

221.7.96.0/19;

221.8.0.0/15;

221.10.0.0/16;

221.11.0.0/17;

221.11.128.0/18;

221.11.192.0/19;

221.12.0.0/17;

221.12.128.0/18;

221.13.0.0/18;

221.13.64.0/19;

221.13.96.0/19;

221.13.128.0/17;

221.14.0.0/15;

221.192.0.0/15;

221.194.0.0/16;

221.195.0.0/16;

221.196.0.0/15;

221.198.0.0/16;

221.199.0.0/19;

221.199.32.0/20;

221.199.128.0/18;

221.199.192.0/20;

221.200.0.0/14;

221.204.0.0/15;

221.206.0.0/16;

221.207.0.0/18;

221.207.64.0/18;

221.207.128.0/17;

221.208.0.0/14;

221.212.0.0/16;

221.213.0.0/16;

221.216.0.0/13;

222.128.0.0/14;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/15;

222.162.0.0/16;

222.163.0.0/19;

222.163.32.0/19;

222.163.64.0/18;

222.163.128.0/17;

};

//教育网IP

acl CERT {

58.17.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.24.0.0/15;

58.59.128.0/17;

58.60.8.0/21;

58.61.32.0/25;

58.61.32.128/32;

58.100.0.0/15;

58.116.0.0/14;

58.128.0.0/13;

58.154.0.0/15;

58.192.0.0/12;

58.240.0.0/15;

58.248.0.0/13;

59.32.0.0/12;

59.49.128.0/17;

59.50.0.0/16;

59.61.128.0/19;

59.64.0.0/12;

59.151.0.0/17;

60.0.0.0/11;

60.63.0.0/16;

60.190.28.0/28;

60.190.28.96/27;

60.190.28.128/28;

60.190.28.144/30;

60.191.2.0/24;

60.208.0.0/16;

61.28.0.0/20;

61.48.0.0/13;

61.128.0.0/10;

61.200.81.134/31;

61.200.81.136/31;

61.200.81.142/31;

61.200.81.144/31;

61.200.81.150/31;

61.213.179.87/32;

61.232.0.0/14;

61.236.0.0/15;

61.240.0.0/14;

62.4.69.0/24;

62.159.60.207/32;

62.159.60.208/31;

62.159.60.213/32;

62.159.60.214/32;

62.173.115.116/32;

63.73.227.0/24;

63.84.162.0/24;

63.86.118.0/23;

63.89.64.0/24;

63.123.46.86/32;

63.125.146.0/24;

63.164.11.0/24;

63.208.195.68/32;

63.209.48.0/24;

63.210.142.0/24;

63.211.40.87/32;

63.211.66.0/24;

63.215.124.0/24;

64.4.0.0/18;

64.4.240.0/20;

64.68.78.0/23;

64.124.183.0/24;

64.215.165.86/32;

64.215.167.87/32;

64.215.172.0/24;

64.233.160.0/19;

65.54.0.0/15;

65.171.126.87/32;

65.215.128.0/24;

65.245.226.86/32;

65.246.184.0/23;

66.37.210.86/32;

66.45.81.158/32;

66.45.81.190/32;

66.98.205.0/24;

66.102.0.0/20;

66.117.176.136/31;

66.117.176.210/31;

66.117.176.212/30;

66.117.176.216/30;

66.117.176.220/32;

66.117.177.21/32;

66.135.192.0/19;

66.160.145.87/32;

66.179.148.0/24;

66.179.235.32/27;

66.211.160.0/19;

66.249.64.0/19;

67.72.126.87/32;

67.106.214.87/32;

67.133.36.87/32;

67.133.38.87/32;

67.133.200.87/32;

69.32.132.0/24;

69.45.80.87/32;

69.45.82.87/32;

69.45.84.87/32;

72.14.192.0/19;

72.14.224.0/20;

72.164.152.0/24;

80.67.78.87/32;

81.52.203.87/32;

81.52.251.87/32;

82.150.20.0/22;

82.165.43.115/32;

83.70.140.0/22;

84.18.160.0/19;

84.53.128.87/32;

121.30.0.0/15;

121.48.0.0/15;

121.192.0.0/14;

121.248.0.0/14;

123.49.160.0/24;

124.64.0.0/15;

124.88.0.0/14;

124.128.0.0/13;

124.161.0.0/16;

124.162.0.0/15;

124.164.0.0/14;

125.32.0.0/12;

125.73.0.0/16;

125.96.0.0/15;

125.98.0.0/16;

125.171.0.0/17;

125.208.0.0/20;

125.216.0.0/13;

128.84.158.0/24;

128.107.229.0/24;

129.35.76.0/24;

129.35.77.193/32;

129.41.4.137/32;

129.41.4.138/32;

129.41.4.140/32;

129.41.4.143/32;

129.41.4.144/30;

129.41.4.148/32;

129.41.4.154/32;

129.41.4.158/32;

129.42.24.230/32;

129.42.25.230/32;

129.42.32.230/32;

129.42.33.230/32;

129.42.40.230/32;

129.42.41.230/32;

130.88.203.58/32;

132.174.1.0/24;

132.174.11.0/24;

134.243.5.21/32;

134.243.5.70/32;

134.243.5.160/32;

134.243.85.3/32;

137.189.0.0/16;

138.12.4.0/24;

140.98.193.0/24;

140.98.194.0/24;

140.113.0.0/16;

140.234.29.0/24;

141.66.18.186/32;

143.89.0.0/16;

144.81.82.0/24;

144.81.87.0/24;

144.81.88.0/23;

144.214.0.0/16;

147.8.0.0/16;

149.28.1.0/24;

152.101.0.0/16;

152.104.0.0/16;

158.132.0.0/16;

158.182.0.0/16;

159.226.0.0/16;

161.207.0.0/16;

162.97.112.87/32;

162.97.114.87/32;

162.105.0.0/16;

165.193.106.0/23;

165.193.159.0/24;

165.215.136.0/24;

166.90.150.87/32;

166.111.0.0/16;

167.68.6.0/23;

167.139.0.0/16;

167.216.166.0/24;

168.160.0.0/16;

170.107.185.0/24;

170.107.188.0/22;

171.66.120.0/21;

192.58.150.0/24;

192.80.71.0/24;

192.84.75.0/24;

192.86.104.0/24;

192.195.245.0/24;

192.207.91.0/24;

192.245.208.0/24;

193.128.223.0/24;

193.131.119.0/24;

193.174.24.39/32;

193.174.240.6/32;

193.174.240.8/32;

193.194.158.0/24;

194.119.138.1/32;

194.128.228.153/32;

194.130.252.0/24;

195.22.150.0/23;

195.27.60.0/24;

195.27.123.0/24;

195.27.130.0/24;

195.90.89.87/32;

195.144.69.0/24;

198.81.200.2/32;

198.185.19.0/24;

199.4.154.0/23;

199.98.88.0/24;

199.164.217.0/24;

202.4.128.0/19;

202.14.80.0/24;

202.38.0.0/16;

202.40.138.0/23;

202.40.157.0/24;

202.40.192.0/19;

202.43.216.0/23;

202.45.32.0/19;

202.45.176.0/20;

202.75.64.0/19;

202.84.16.0/23;

202.91.176.0/20;

202.93.252.0/22;

202.95.0.0/19;

202.96.0.0/12;

202.112.0.0/13;

202.120.0.0/15;

202.122.32.0/20;

202.123.110.0/24;

202.125.192.0/18;

202.127.0.0/18;

202.127.128.0/17;

202.130.0.0/19;

202.130.224.0/19;

202.131.208.0/20;

202.134.86.130/32;

202.147.5.152/31;

202.147.5.158/31;

202.147.5.160/31;

202.147.5.166/31;

202.152.176.0/20;

202.160.176.0/20;

202.165.96.0/21;

202.165.104.0/22;

202.177.217.87/32;

202.179.240.0/20;

202.189.96.0/19;

202.192.0.0/12;

203.81.16.0/20;

203.87.224.0/19;

203.88.32.0/19;

203.91.120.0/21;

203.93.0.0/16;

203.95.0.0/21;

203.112.23.19/32;

203.119.28.0/23;

203.126.70.87/32;

203.128.128.0/19;

203.166.101.87/32;

203.175.128.0/19;

203.188.64.0/18;

203.192.0.0/19;

203.207.64.0/18;

203.207.128.0/17;

203.208.0.0/19;

203.209.224.0/19;

203.212.0.0/20;

204.94.134.87/32;

204.95.14.87/32;

204.153.51.29/32;

204.153.51.60/32;

204.153.51.65/32;

204.153.51.113/32;

204.179.122.0/24;

204.228.64.52/32;

204.228.64.55/32;

204.228.64.60/32;

205.142.245.0/24;

205.161.5.87/32;

205.203.134.1/32;

205.203.134.30/32;

205.240.244.0/22;

205.243.231.0/24;

206.61.136.87/32;

206.65.170.81/32;

206.112.77.86/32;

206.112.112.0/24;

206.165.29.87/32;

207.24.42.0/24;

207.46.0.0/16;

207.54.136.0/24;

207.68.172.235/32;

207.68.178.0/25;

207.68.179.192/27;

207.126.106.92/32;

207.126.107.92/32;

207.126.112.97/32;

207.164.255.103/32;

208.44.56.71/32;

208.44.56.210/31;

208.44.56.212/30;

208.44.56.216/30;

208.44.56.220/32;

208.176.18.0/24;

208.215.179.0/24;

209.8.104.87/32;

209.8.106.87/32;

209.8.112.87/32;

209.85.128.0/17;

209.116.81.5/32;

209.208.170.210/31;

209.246.136.0/24;

209.249.123.0/24;

210.5.0.0/19;

210.12.0.0/15;

210.14.64.0/19;

210.14.160.0/19;

210.14.192.0/18;

210.15.0.0/17;

210.15.128.0/18;

210.21.0.0/16;

210.22.0.0/16;

210.25.0.0/17;

210.25.128.0/18;

210.26.0.0/15;

210.28.0.0/14;

210.32.0.0/12;

210.51.0.0/16;

210.52.0.0/15;

210.57.21.86/32;

210.72.0.0/14;

210.76.0.0/15;

210.78.0.0/16;

210.79.224.0/19;

210.82.0.0/15;

210.87.128.0/18;

210.177.136.0/24;

210.192.96.0/19;

210.210.18.35/32;

211.64.0.0/13;

211.80.0.0/12;

211.96.0.0/13;

211.136.0.0/13;

211.144.0.0/12;

211.160.0.0/13;

211.174.51.134/31;

211.174.51.136/31;

211.174.51.142/31;

211.174.51.144/31;

211.174.51.150/31;

211.174.51.152/31;

211.174.51.158/31;

211.174.51.160/31;

211.174.51.166/31;

211.174.51.172/31;

212.87.150.203/32;

212.87.150.207/32;

212.87.150.214/32;

212.87.150.216/32;

212.87.150.218/32;

212.187.169.0/24;

212.209.166.86/32;

213.52.211.32/27;

213.161.82.0/24;

213.212.74.236/32;

213.244.181.0/24;

216.32.120.0/24;

216.33.115.0/24;

216.33.244.0/22;

216.33.252.0/23;

216.52.17.96/32;

216.52.36.0/23;

216.73.87.52/32;

216.113.160.0/19;

216.143.112.0/24;

216.146.38.200/30;

216.146.38.204/32;

216.162.203.72/29;

216.162.203.144/28;

216.176.50.163/32;

216.200.62.0/24;

216.218.251.87/32;

216.239.32.0/19;

217.7.141.143/32;

217.7.141.144/31;

217.7.141.149/32;

217.7.141.150/32;

217.68.69.68/31;

217.68.69.70/32;

217.110.203.89/32;

217.163.16.87/32;

218.0.0.0/11;

218.56.0.0/13;

218.64.0.0/11;

218.96.0.0/14;

218.104.0.0/14;

218.108.0.0/15;

218.192.0.0/12;

218.240.0.0/13;

218.249.63.128/25;

218.249.156.64/26;

218.249.156.128/26;

219.72.0.0/16;

219.82.0.0/16;

219.128.0.0/11;

219.216.0.0/13;

219.224.0.0/12;

219.242.0.0/15;

219.244.0.0/14;

220.113.43.0/24;

220.130.122.87/32;

220.160.0.0/11;

220.192.0.0/12;

220.231.15.110/32;

220.234.0.0/16;

220.248.0.0/14;

220.252.0.0/16;

221.0.0.0/12;

221.130.0.0/15;

221.137.0.0/16;

221.172.0.0/14;

221.192.0.0/13;

221.200.0.0/14;

221.204.0.0/15;

221.208.0.0/14;

221.212.0.0/16;

221.213.18.0/24;

221.214.0.0/15;

221.216.0.0/13;

221.224.0.0/12;

222.16.0.0/12;

222.32.0.0/11;

222.64.0.0/11;

222.125.0.0/16;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/14;

222.168.0.0/13;

222.176.0.0/12;

222.192.0.0/12;

222.208.0.0/13;

222.216.0.0/15;

222.218.0.0/16;

222.222.0.0/15;

222.240.0.0/13;

222.248.0.0/15;

};

view "cncnet" {

match-clients { !key certnet;!key othernet; dns-ip-list; CNC;};

recursion yes;

zone "longrujun.com" {

type master;

file "longrujun.cnc"; #longrujun.com网通解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输

};

zone "test.com" {

type master;

file "test.cnc"; #test.com网通解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "certnet" {

match-clients { key certnet;CERT; };

server 192.168.5.29 { keys certnet; };#同步到辅dns

recursion yes;

zone "longrujun.com" {

type master;

file "longrujun.cert";#longrujun.com教育网解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "test.com" {

type master;

file "test.cert";#test.com教育网解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "othernet" {

match-clients { key othernet; any; };

server 192.168.5.29 { keys othernet; };#同步到辅dns

recursion yes;

zone "longrujun.com" {

type master;

file "longrujun.other";#其他IP段的longrujun.com解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "test.com" {

type master;

file "test.other";#其他IP段的test.com解析文件

allow-query { any; };

allow-update { none; };

allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

3>、生成longrujun.cnc、longrujun.cert、longrujun.other

Test.cnc、test.cert、test.other文件

debian:/Data/named# cat longrujun.cnc

$ORIGIN .

$TTL 3600 ; 1 hour

longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.longrujun.com.

NS dns5.longrujun.com.

$TTL 3600 ; 1 hour

A 100.100.100.100

$TTL 7200 ; 2 hours

MX 10 mail.longrujun.com.

MX 20 mail2.longrujun.com.

$ORIGIN longrujun.com.

$TTL 3600 ; 1 hour

www A 100.100.100.101

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat longrujun.cert

$ORIGIN .

$TTL 3600 ; 1 hour

longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.longrujun.com.

NS dns5.longrujun.com.

$TTL 3600 ; 1 hour

A 100.100.100.100

$TTL 7200 ; 2 hours

MX 10 mail.longrujun.com.

MX 20 mail2.longrujun.com.

$ORIGIN longrujun.com.

$TTL 3600 ; 1 hour

www A 100.100.100.102

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat longrujun.other

$ORIGIN .

$TTL 3600 ; 1 hour

longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.longrujun.com.

NS dns5.longrujun.com.

$TTL 3600 ; 1 hour

A 100.100.100.100

$TTL 7200 ; 2 hours

MX 10 mail.longrujun.com.

MX 20 mail2.longrujun.com.

$ORIGIN longrujun.com.

$TTL 3600 ; 1 hour

www A 100.100.100.103

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat test.cnc

$ORIGIN .

$TTL 3600 ; 1 hour

test.com IN SOA dns2.test.com. i.test.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.test.com.

NS dns5.test.com.

$TTL 3600 ; 1 hour

A 111.111.111.100

$TTL 7200 ; 2 hours

MX 10 mail.test.com.

MX 20 mail2.test.com.

$ORIGIN test.com.

$TTL 3600 ; 1 hour

www A 111.111.111.101

dns2 A 192.168.5.96

dns5 A 192.168.5.26

debian:/Data/named# cat test.cert

$ORIGIN .

$TTL 3600 ; 1 hour

test.com IN SOA dns2.test.com. i.test.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.test.com.

NS dns5.test.com.

$TTL 3600 ; 1 hour

A 111.111.111.100

$TTL 7200 ; 2 hours

MX 10 mail.test.com.

MX 20 mail2.test.com.

$ORIGIN test.com.

$TTL 3600 ; 1 hour

www A 111.111.111.102

dns2 A 192.168.5.96

dns5 A 192.168.5.29

debian:/Data/named# cat test.other

$ORIGIN .

$TTL 3600 ; 1 hour

test.com IN SOA dns2.test.com. i.test.com. (

2006091122 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

3600 ; minimum (1 hour)

)

$TTL 7200 ; 2 hours

NS dns2.test.com.

NS dns5.test.com.

$TTL 3600 ; 1 hour

A 111.111.111.100

$TTL 7200 ; 2 hours

MX 10 mail.test.com.

MX 20 mail2.test.com.

$ORIGIN test.com.

$TTL 3600 ; 1 hour

www A 111.100.111.103

dns2 A 192.168.5.96

dns5 A 192.168.5.26

Step IV、检验配置

ok至此主DNS服务器上面的配置已完成

检查配置的正确性

debian:/Data/apps/named/sbin# ./named-checkconf

debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cnc

zone longrujun.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cert

zone longrujun.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.other

zone longrujun.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cnc

zone test.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cert

zone test.com/IN: loaded serial 2006091122

OK

debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.other

zone test.com/IN: loaded serial 2006091122

OK

配置正确启动named

debian:/Data/apps/named/sbin# ./named

debian:/Data/apps/named/sbin# netstat -ltunp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:612 0.0.0.0:* LISTEN 2126/rpc.statd

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1708/portmap

tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2110/inetd

tcp 0 0 192.168.5.96:53 0.0.0.0:* LISTEN 15372/named

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15372/named

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15372/named

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2105/exim4

tcp6 0 0 :::22 :::* LISTEN 2122/sshd

udp 0 584 0.0.0.0:1027 0.0.0.0:* 15372/named

udp 0 0 192.168.5.96:53 0.0.0.0:* 15372/named

udp 0 0 127.0.0.1:53 0.0.0.0:* 15372/named

udp 0 0 0.0.0.0:68 0.0.0.0:* 1703/dhclient

udp 0 0 0.0.0.0:606 0.0.0.0:* 2126/rpc.statd

udp 0 0 0.0.0.0:609 0.0.0.0:* 2126/rpc.statd

udp 0 0 0.0.0.0:111 0.0.0.0:* 1708/portmap

udp6 0 0 :::1028 :::* 15372/named

debian:/Data/apps/named/sbin#

Part II Config Slave Dns Server

Step 1、下载并安装

1>、安装bind

cd /software

wget http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz

tar zxvf bind-9.3.2-P1.tar.gz

cd bind-9.3.2-P1

./configure --prefix=/Data/apps/named --enable-threads

Make

Make install

Step 2、配置

2>、配置

Cd /Data/apps/named

[root@linux named]# mkdir etc

生成rndc控制命令的key文件

[root@linux named]# sbin/rndc-confgen > etc/rndc.conf

从rndc.conf文件中提取named.conf用的key

[root@linux named]# cd etc

自动在/Data/apps/named/etc生成named.conf文件

[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf

3>、建立Zone文件目录

[root@linux etc]# mkdir /Data/named

进入/Data/named目录

[root@linux etc]# cd /Data/named

4>、建立localhost.zone

[root@linux named]#vi localhost.zone

$TTL 86400

$ORIGIN localhost.

@ 1D IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1D IN NS @

1D IN A 127.0.0.1

5>、建立named.local

[root@linux named]#vi named.local

$TTL 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

6>、生成named.root

[root@linux named]#dig > named.root

7>、修改named.conf把在主dns服务器上生成的两对key用于辅dns服务器

Cd /Data/apps/named/etc

debian:/Data/apps/named/etc# cat named.conf

key "rndc-key" {

algorithm hmac-md5;

secret "ILrtNPz8KoF2D95rXnNzOQ==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

options {

directory "/Data/named";

pid-file "named.pid";

};

key "certnet" {

algorithm hmac-md5;

secret "1ks7MJQvWmisPMWbRnYYjg==";

};

key "othernet" {

algorithm hmac-md5;

secret "CC3eLL3okKM5pBHM1HSMNA==";

};

include "acl.conf";

8>、创建acl.conf

debian:/Data/named# pico acl.conf

acl "dns-ip-list" {

192.168.5.96; #主dns服务器IP

192.168.5.29; #辅dns服务器IP

};

acl CNC {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

58.22.0.0/15;

58.240.0.0/15;

58.242.0.0/15;

58.244.0.0/15;

58.246.0.0/15;

58.248.0.0/13;

60.0.0.0/13;

60.8.0.0/15;

60.10.0.0/16;

60.11.0.0/16;

60.12.0.0/16;

60.13.0.0/18;

60.13.128.0/17;

60.14.0.0/15;

60.16.0.0/13;

60.24.0.0/14;

60.30.0.0/16;

60.31.0.0/16;

60.208.0.0/13;

60.216.0.0/15;

60.218.0.0/15;

60.220.0.0/14;

61.48.0.0/13;

61.133.0.0/17;

61.134.96.0/19;

61.134.128.0/17;

61.135.0.0/16;

61.137.128.0/17;

61.138.0.0/17;

61.138.128.0/18;

61.139.128.0/18;

61.148.0.0/15;

61.156.0.0/16;

61.159.0.0/18;

61.161.0.0/18;

61.161.128.0/17;

61.162.0.0/16;

61.163.0.0/16;

61.167.0.0/16;

61.168.0.0/16;

61.176.0.0/16;

61.179.0.0/16;

61.181.0.0/16;

61.182.0.0/16;

61.189.0.0/17;

125.32.0.0/16;

125.40.0.0/13;

202.96.0.0/18;

202.96.64.0/21;

202.96.72.0/21;

202.97.128.0/18;

202.97.224.0/21;

202.97.240.0/20;

202.98.0.0/21;

202.98.8.0/21;

202.99.64.0/19;

202.99.96.0/21;

202.99.128.0/19;

202.99.160.0/21;

202.99.168.0/21;

202.99.176.0/20;

202.99.208.0/20;

202.99.224.0/21;

202.99.232.0/21;

202.99.240.0/20;

202.102.128.0/21;

202.102.224.0/21;

202.102.232.0/21;

202.106.0.0/16;

202.107.0.0/17;

202.108.0.0/16;

202.110.0.0/17;

202.111.128.0/18;

203.93.8.0/24;

203.93.192.0/18;

210.13.128.0/17;

210.14.160.0/19;

210.14.192.0/19;

210.15.32.0/19;

210.15.96.0/19;

210.15.128.0/18;

210.21.0.0/16;

210.52.128.0/17;

210.53.0.0/17;

210.53.128.0/17;

210.74.96.0/19;

210.74.128.0/19;

210.82.0.0/15;

218.8.0.0/14;

218.12.0.0/16;

218.21.128.0/17;

218.24.0.0/14;

218.56.0.0/14;

218.60.0.0/15;

218.67.128.0/17;

218.68.0.0/15;

218.104.0.0/14;

219.154.0.0/15;

219.156.0.0/15;

219.158.0.0/17;

219.158.128.0/17;

219.159.0.0/18;

220.252.0.0/16;

221.0.0.0/15;

221.2.0.0/16;

221.3.0.0/17;

221.3.128.0/17;

221.4.0.0/16;

221.5.0.0/17;

221.5.128.0/17;

221.6.0.0/16;

221.7.0.0/19;

221.7.32.0/19;

221.7.64.0/19;

221.7.96.0/19;

221.8.0.0/15;

221.10.0.0/16;

221.11.0.0/17;

221.11.128.0/18;

221.11.192.0/19;

221.12.0.0/17;

221.12.128.0/18;

221.13.0.0/18;

221.13.64.0/19;

221.13.96.0/19;

221.13.128.0/17;

221.14.0.0/15;

221.192.0.0/15;

221.194.0.0/16;

221.195.0.0/16;

221.196.0.0/15;

221.198.0.0/16;

221.199.0.0/19;

221.199.32.0/20;

221.199.128.0/18;

221.199.192.0/20;

221.200.0.0/14;

221.204.0.0/15;

221.206.0.0/16;

221.207.0.0/18;

221.207.64.0/18;

221.207.128.0/17;

221.208.0.0/14;

221.212.0.0/16;

221.213.0.0/16;

221.216.0.0/13;

222.128.0.0/14;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/15;

222.162.0.0/16;

222.163.0.0/19;

222.163.32.0/19;

222.163.64.0/18;

222.163.128.0/17;

};

//教育网IP

acl CERT {

58.17.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.24.0.0/15;

58.59.128.0/17;

58.60.8.0/21;

58.61.32.0/25;

58.61.32.128/32;

58.100.0.0/15;

58.116.0.0/14;

58.128.0.0/13;

58.154.0.0/15;

58.192.0.0/12;

58.240.0.0/15;

58.248.0.0/13;

59.32.0.0/12;

59.49.128.0/17;

59.50.0.0/16;

59.61.128.0/19;

59.64.0.0/12;

59.151.0.0/17;

60.0.0.0/11;

60.63.0.0/16;

60.190.28.0/28;

60.190.28.96/27;

60.190.28.128/28;

60.190.28.144/30;

60.191.2.0/24;

60.208.0.0/16;

61.28.0.0/20;

61.48.0.0/13;

61.128.0.0/10;

61.200.81.134/31;

61.200.81.136/31;

61.200.81.142/31;

61.200.81.144/31;

61.200.81.150/31;

61.213.179.87/32;

61.232.0.0/14;

61.236.0.0/15;

61.240.0.0/14;

62.4.69.0/24;

62.159.60.207/32;

62.159.60.208/31;

62.159.60.213/32;

62.159.60.214/32;

62.173.115.116/32;

63.73.227.0/24;

63.84.162.0/24;

63.86.118.0/23;

63.89.64.0/24;

63.123.46.86/32;

63.125.146.0/24;

63.164.11.0/24;

63.208.195.68/32;

63.209.48.0/24;

63.210.142.0/24;

63.211.40.87/32;

63.211.66.0/24;

63.215.124.0/24;

64.4.0.0/18;

64.4.240.0/20;

64.68.78.0/23;

64.124.183.0/24;

64.215.165.86/32;

64.215.167.87/32;

64.215.172.0/24;

64.233.160.0/19;

65.54.0.0/15;

65.171.126.87/32;

65.215.128.0/24;

65.245.226.86/32;

65.246.184.0/23;

66.37.210.86/32;

66.45.81.158/32;

66.45.81.190/32;

66.98.205.0/24;

66.102.0.0/20;

66.117.176.136/31;

66.117.176.210/31;

66.117.176.212/30;

66.117.176.216/30;

66.117.176.220/32;

66.117.177.21/32;

66.135.192.0/19;

66.160.145.87/32;

66.179.148.0/24;

66.179.235.32/27;

66.211.160.0/19;

66.249.64.0/19;

67.72.126.87/32;

67.106.214.87/32;

67.133.36.87/32;

67.133.38.87/32;

67.133.200.87/32;

69.32.132.0/24;

69.45.80.87/32;

69.45.82.87/32;

69.45.84.87/32;

72.14.192.0/19;

72.14.224.0/20;

72.164.152.0/24;

80.67.78.87/32;

81.52.203.87/32;

81.52.251.87/32;

82.150.20.0/22;

82.165.43.115/32;

83.70.140.0/22;

84.18.160.0/19;

84.53.128.87/32;

121.30.0.0/15;

121.48.0.0/15;

121.192.0.0/14;

121.248.0.0/14;

123.49.160.0/24;

124.64.0.0/15;

124.88.0.0/14;

124.128.0.0/13;

124.161.0.0/16;

124.162.0.0/15;

124.164.0.0/14;

125.32.0.0/12;

125.73.0.0/16;

125.96.0.0/15;

125.98.0.0/16;

125.171.0.0/17;

125.208.0.0/20;

125.216.0.0/13;

128.84.158.0/24;

128.107.229.0/24;

129.35.76.0/24;

129.35.77.193/32;

129.41.4.137/32;

129.41.4.138/32;

129.41.4.140/32;

129.41.4.143/32;

129.41.4.144/30;

129.41.4.148/32;

129.41.4.154/32;

129.41.4.158/32;

129.42.24.230/32;

129.42.25.230/32;

129.42.32.230/32;

129.42.33.230/32;

129.42.40.230/32;

129.42.41.230/32;

130.88.203.58/32;

132.174.1.0/24;

132.174.11.0/24;

134.243.5.21/32;

134.243.5.70/32;

134.243.5.160/32;

134.243.85.3/32;

137.189.0.0/16;

138.12.4.0/24;

140.98.193.0/24;

140.98.194.0/24;

140.113.0.0/16;

140.234.29.0/24;

141.66.18.186/32;

143.89.0.0/16;

144.81.82.0/24;

144.81.87.0/24;

144.81.88.0/23;

144.214.0.0/16;

147.8.0.0/16;

149.28.1.0/24;

152.101.0.0/16;

152.104.0.0/16;

158.132.0.0/16;

158.182.0.0/16;

159.226.0.0/16;

161.207.0.0/16;

162.97.112.87/32;

162.97.114.87/32;

162.105.0.0/16;

165.193.106.0/23;

165.193.159.0/24;

165.215.136.0/24;

166.90.150.87/32;

166.111.0.0/16;

167.68.6.0/23;

167.139.0.0/16;

167.216.166.0/24;

168.160.0.0/16;

170.107.185.0/24;

170.107.188.0/22;

171.66.120.0/21;

192.58.150.0/24;

192.80.71.0/24;

192.84.75.0/24;

192.86.104.0/24;

192.195.245.0/24;

192.207.91.0/24;

192.245.208.0/24;

193.128.223.0/24;

193.131.119.0/24;

193.174.24.39/32;

193.174.240.6/32;

193.174.240.8/32;

193.194.158.0/24;

194.119.138.1/32;

194.128.228.153/32;

194.130.252.0/24;

195.22.150.0/23;

195.27.60.0/24;

195.27.123.0/24;

195.27.130.0/24;

195.90.89.87/32;

195.144.69.0/24;

198.81.200.2/32;

198.185.19.0/24;

199.4.154.0/23;

199.98.88.0/24;

199.164.217.0/24;

202.4.128.0/19;

202.14.80.0/24;

202.38.0.0/16;

202.40.138.0/23;

202.40.157.0/24;

202.40.192.0/19;

202.43.216.0/23;

202.45.32.0/19;

202.45.176.0/20;

202.75.64.0/19;

202.84.16.0/23;

202.91.176.0/20;

202.93.252.0/22;

202.95.0.0/19;

202.96.0.0/12;

202.112.0.0/13;

202.120.0.0/15;

202.122.32.0/20;

202.123.110.0/24;

202.125.192.0/18;

202.127.0.0/18;

202.127.128.0/17;

202.130.0.0/19;

202.130.224.0/19;

202.131.208.0/20;

202.134.86.130/32;

202.147.5.152/31;

202.147.5.158/31;

202.147.5.160/31;

202.147.5.166/31;

202.152.176.0/20;

202.160.176.0/20;

202.165.96.0/21;

202.165.104.0/22;

202.177.217.87/32;

202.179.240.0/20;

202.189.96.0/19;

202.192.0.0/12;

203.81.16.0/20;

203.87.224.0/19;

203.88.32.0/19;

203.91.120.0/21;

203.93.0.0/16;

203.95.0.0/21;

203.112.23.19/32;

203.119.28.0/23;

203.126.70.87/32;

203.128.128.0/19;

203.166.101.87/32;

203.175.128.0/19;

203.188.64.0/18;

203.192.0.0/19;

203.207.64.0/18;

203.207.128.0/17;

203.208.0.0/19;

203.209.224.0/19;

203.212.0.0/20;

204.94.134.87/32;

204.95.14.87/32;

204.153.51.29/32;

204.153.51.60/32;

204.153.51.65/32;

204.153.51.113/32;

204.179.122.0/24;

204.228.64.52/32;

204.228.64.55/32;

204.228.64.60/32;

205.142.245.0/24;

205.161.5.87/32;

205.203.134.1/32;

205.203.134.30/32;

205.240.244.0/22;

205.243.231.0/24;

206.61.136.87/32;

206.65.170.81/32;

206.112.77.86/32;

206.112.112.0/24;

206.165.29.87/32;

207.24.42.0/24;

207.46.0.0/16;

207.54.136.0/24;

207.68.172.235/32;

207.68.178.0/25;

207.68.179.192/27;

207.126.106.92/32;

207.126.107.92/32;

207.126.112.97/32;

207.164.255.103/32;

208.44.56.71/32;

208.44.56.210/31;

208.44.56.212/30;

208.44.56.216/30;

208.44.56.220/32;

208.176.18.0/24;

208.215.179.0/24;

209.8.104.87/32;

209.8.106.87/32;

209.8.112.87/32;

209.85.128.0/17;

209.116.81.5/32;

209.208.170.210/31;

209.246.136.0/24;

209.249.123.0/24;

210.5.0.0/19;

210.12.0.0/15;

210.14.64.0/19;

210.14.160.0/19;

210.14.192.0/18;

210.15.0.0/17;

210.15.128.0/18;

210.21.0.0/16;

210.22.0.0/16;

210.25.0.0/17;

210.25.128.0/18;

210.26.0.0/15;

210.28.0.0/14;

210.32.0.0/12;

210.51.0.0/16;

210.52.0.0/15;

210.57.21.86/32;

210.72.0.0/14;

210.76.0.0/15;

210.78.0.0/16;

210.79.224.0/19;

210.82.0.0/15;

210.87.128.0/18;

210.177.136.0/24;

210.192.96.0/19;

210.210.18.35/32;

211.64.0.0/13;

211.80.0.0/12;

211.96.0.0/13;

211.136.0.0/13;

211.144.0.0/12;

211.160.0.0/13;

211.174.51.134/31;

211.174.51.136/31;

211.174.51.142/31;

211.174.51.144/31;

211.174.51.150/31;

211.174.51.152/31;

211.174.51.158/31;

211.174.51.160/31;

211.174.51.166/31;

211.174.51.172/31;

212.87.150.203/32;

212.87.150.207/32;

212.87.150.214/32;

212.87.150.216/32;

212.87.150.218/32;

212.187.169.0/24;

212.209.166.86/32;

213.52.211.32/27;

213.161.82.0/24;

213.212.74.236/32;

213.244.181.0/24;

216.32.120.0/24;

216.33.115.0/24;

216.33.244.0/22;

216.33.252.0/23;

216.52.17.96/32;

216.52.36.0/23;

216.73.87.52/32;

216.113.160.0/19;

216.143.112.0/24;

216.146.38.200/30;

216.146.38.204/32;

216.162.203.72/29;

216.162.203.144/28;

216.176.50.163/32;

216.200.62.0/24;

216.218.251.87/32;

216.239.32.0/19;

217.7.141.143/32;

217.7.141.144/31;

217.7.141.149/32;

217.7.141.150/32;

217.68.69.68/31;

217.68.69.70/32;

217.110.203.89/32;

217.163.16.87/32;

218.0.0.0/11;

218.56.0.0/13;

218.64.0.0/11;

218.96.0.0/14;

218.104.0.0/14;

218.108.0.0/15;

218.192.0.0/12;

218.240.0.0/13;

218.249.63.128/25;

218.249.156.64/26;

218.249.156.128/26;

219.72.0.0/16;

219.82.0.0/16;

219.128.0.0/11;

219.216.0.0/13;

219.224.0.0/12;

219.242.0.0/15;

219.244.0.0/14;

220.113.43.0/24;

220.130.122.87/32;

220.160.0.0/11;

220.192.0.0/12;

220.231.15.110/32;

220.234.0.0/16;

220.248.0.0/14;

220.252.0.0/16;

221.0.0.0/12;

221.130.0.0/15;

221.137.0.0/16;

221.172.0.0/14;

221.192.0.0/13;

221.200.0.0/14;

221.204.0.0/15;

221.208.0.0/14;

221.212.0.0/16;

221.213.18.0/24;

221.214.0.0/15;

221.216.0.0/13;

221.224.0.0/12;

222.16.0.0/12;

222.32.0.0/11;

222.64.0.0/11;

222.125.0.0/16;

222.132.0.0/14;

222.136.0.0/13;

222.160.0.0/14;

222.168.0.0/13;

222.176.0.0/12;

222.192.0.0/12;

222.208.0.0/13;

222.216.0.0/15;

222.218.0.0/16;

222.222.0.0/15;

222.240.0.0/13;

222.248.0.0/15

};

view "cncnet" {

match-clients { !key certnet;!key othernet; dns-ip-list; 192.168.5.115;CNC;};

recursion yes;

zone "longrujun.com" {

type slave;

file "longrujun.cnc";#longrujun.com网通解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "test.com" {

type slave;

file "test.cnc";#test.com网通解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "certnet" {

match-clients { key certnet;192.168.5.38;CERT; };

server 192.168.5.96 { keys certnet; };#同步到主dns

recursion yes;

zone "longrujun.com" {

type slave;

file "longrujun.cert";#longrujun.com教育网解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "test.com" {

type slave;

file "test.cert";#test.com教育网解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

view "othernet" {

match-clients { key othernet; any;192.168.5.49; };

server 192.168.5.96 { keys othernet; };#同步到主dns

recursion yes;

zone "longrujun.com" {

type slave;

file "longrujun.other";#其他IP段的longrujun.com解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "test.com" {

type slave;

file "test.other";#其他IP段的test.name解析文件

masters { 192.168.5.96; };#主dns服务器IP

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

};

Published 2006年10月27日 5:17 by longrujun Edit

Filed under: SQUID, How to, DNS, Web2.0, CDN, SOA, GSLB [Edit Tags]
收藏此页到365Key | 添加到Del.icio.us | Digg this

 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
[url=http://longrujun.com/tags/SQUID/default.aspx][/url] DNS TSIG实现CDN+GSLB [img]http://static.flickr.com/85/279638927_fcaa540e08.jpg?v=0[/img] [img]http://static.flickr.com/80/279638928_a58c3ca1f5.jpg?v=0[/img] Note 1、 本文只涉及User-Server-User过程[Request及Response请参考上图] 2、 有关站点加速及Cache请参考:[url=http://longrujun.name/tags/SQUID/default.aspx]http://longrujun.com/tags/SQUID/default.aspx[/url] 3、 有关大规模站点体系规划及性能优化请参考下图,不深入探讨 [img]http://static.flickr.com/101/279638926_0197cf32d5.jpg?v=0[/img] Server 1:Master IPADDR=192.168.5.96 NETMASK=255.255.255.0 GATEWAY=192.168.5.1 Server 2: Slave IPADDR=192.168.5.29 NETMASK=255.255.255.0 GATEWAY=192.168.5.1 Master Server Part I Config Master Dns Server Step 1、下载并安装 Cd /software wget [url=http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz]http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz[/url] tar zxvf bind-9.3.2-P1.tar.gz cd bind-9.3.2-P1 ./configure --prefix=/Data/apps/named --enable-threads Make Make install Step 2、配置 1、 基本配置 Cd /Data/apps/named [root@linux named]# mkdir etc 生成rndc控制命令的key文件 [root@linux named]# sbin/rndc-confgen > etc/rndc.conf 从rndc.conf文件中提取named.conf用的key [root@linux named]# cd etc 自动在/Data/apps/named/etc生成named.conf文件 [root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf 2、 建立Zone文件目录 [root@linux etc]# mkdir /Data/named 进入/Data/named目录 [root@linux etc]# cd /Data/named A、 建立localhost.zone [root@linux named]#vi localhost.zone $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 B、 建立named.local [root@linux named]#vi named.local $TTL 86400 @ IN SOA localhost. root.localhost. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. 1 IN PTR localhost. C、 生成named.root [root@linux named]#dig > named.root D、 修改named.conf Cd /Data/apps/named/etc 配置named.conf文件,在后面加入以下代码 [root@linux etc]# vi named.conf options { directory "/Data/named"; pid-file "named.pid"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; E、 测试启动bind /Data/apps/named/sbin/named -c /Data/apps/named/etc/named.conf & Step 3、使用TSIG技术加固DNS服务器 3、 下面longrujun.com/test.com为例进行配置 使用TSIG技术,执行 dnssec-keygen function 产生加密金钥,一个为 public key 文件,另一个 为 private key 文件,产生加密金钥。 首先在master上生成两对key,用于教育网和其他部分的IP段, 进入named安装的sbin目录 cd /usr/local/named/sbin/ #用于教育网的view,我们用certnet作为参数 ./dnssec-keygen -a hmac-md5 -b 128 -n HOST certnet #用于其他部分IP的view,我们用othernet作为参数 ./dnssec-keygen -a hmac-md5 -b 128 -n HOST othernet 加入private key[Key: 1ks7MJQvWmisPMWbRnYYjg==]至named.conf文件中 在Master建立config及zone文件 1>、修改named.conf文件 加入private key至named.conf文件中,同时删除zone "." IN、zone "localhost" IN及zone "0.0.127.in-addr.arpa" IN配置文件 完整的named.conf如下 debian:/Data/apps/named/etc# cat named.conf key "rndc-key" { algorithm hmac-md5; secret "Ngvc7XGzxmBizws8minZmg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/Data/named"; pid-file "named.pid"; }; key "certnet" { algorithm hmac-md5; secret "1ks7MJQvWmisPMWbRnYYjg=="; }; key "othernet" { algorithm hmac-md5; secret "CC3eLL3okKM5pBHM1HSMNA=="; }; include "acl.conf"; 2>、建立acl.conf [root@redhatas4 etc]# cd /Data/named/ [root@redhatas4 named]# vi acl.conf acl "dns-ip-list" { 192.168.5.96; #主dns服务器IP 192.168.5.29; #辅dns服务器IP }; acl CNC { 58.16.0.0/16; 58.17.0.0/17; 58.17.128.0/17; 58.18.0.0/16; 58.19.0.0/16; 58.20.0.0/16; 58.21.0.0/16; 58.22.0.0/15; 58.240.0.0/15; 58.242.0.0/15; 58.244.0.0/15; 58.246.0.0/15; 58.248.0.0/13; 60.0.0.0/13; 60.8.0.0/15; 60.10.0.0/16; 60.11.0.0/16; 60.12.0.0/16; 60.13.0.0/18; 60.13.128.0/17; 60.14.0.0/15; 60.16.0.0/13; 60.24.0.0/14; 60.30.0.0/16; 60.31.0.0/16; 60.208.0.0/13; 60.216.0.0/15; 60.218.0.0/15; 60.220.0.0/14; 61.48.0.0/13; 61.133.0.0/17; 61.134.96.0/19; 61.134.128.0/17; 61.135.0.0/16; 61.137.128.0/17; 61.138.0.0/17; 61.138.128.0/18; 61.139.128.0/18; 61.148.0.0/15; 61.156.0.0/16; 61.159.0.0/18; 61.161.0.0/18; 61.161.128.0/17; 61.162.0.0/16; 61.163.0.0/16; 61.167.0.0/16; 61.168.0.0/16; 61.176.0.0/16; 61.179.0.0/16; 61.181.0.0/16; 61.182.0.0/16; 61.189.0.0/17; 125.32.0.0/16; 125.40.0.0/13; 202.96.0.0/18; 202.96.64.0/21; 202.96.72.0/21; 202.97.128.0/18; 202.97.224.0/21; 202.97.240.0/20; 202.98.0.0/21; 202.98.8.0/21; 202.99.64.0/19; 202.99.96.0/21; 202.99.128.0/19; 202.99.160.0/21; 202.99.168.0/21; 202.99.176.0/20; 202.99.208.0/20; 202.99.224.0/21; 202.99.232.0/21; 202.99.240.0/20; 202.102.128.0/21; 202.102.224.0/21; 202.102.232.0/21; 202.106.0.0/16; 202.107.0.0/17; 202.108.0.0/16; 202.110.0.0/17; 202.111.128.0/18; 203.93.8.0/24; 203.93.192.0/18; 210.13.128.0/17; 210.14.160.0/19; 210.14.192.0/19; 210.15.32.0/19; 210.15.96.0/19; 210.15.128.0/18; 210.21.0.0/16; 210.52.128.0/17; 210.53.0.0/17; 210.53.128.0/17; 210.74.96.0/19; 210.74.128.0/19; 210.82.0.0/15; 218.8.0.0/14; 218.12.0.0/16; 218.21.128.0/17; 218.24.0.0/14; 218.56.0.0/14; 218.60.0.0/15; 218.67.128.0/17; 218.68.0.0/15; 218.104.0.0/14; 219.154.0.0/15; 219.156.0.0/15; 219.158.0.0/17; 219.158.128.0/17; 219.159.0.0/18; 220.252.0.0/16; 221.0.0.0/15; 221.2.0.0/16; 221.3.0.0/17; 221.3.128.0/17; 221.4.0.0/16; 221.5.0.0/17; 221.5.128.0/17; 221.6.0.0/16; 221.7.0.0/19; 221.7.32.0/19; 221.7.64.0/19; 221.7.96.0/19; 221.8.0.0/15; 221.10.0.0/16; 221.11.0.0/17; 221.11.128.0/18; 221.11.192.0/19; 221.12.0.0/17; 221.12.128.0/18; 221.13.0.0/18; 221.13.64.0/19; 221.13.96.0/19; 221.13.128.0/17; 221.14.0.0/15; 221.192.0.0/15; 221.194.0.0/16; 221.195.0.0/16; 221.196.0.0/15; 221.198.0.0/16; 221.199.0.0/19; 221.199.32.0/20; 221.199.128.0/18; 221.199.192.0/20; 221.200.0.0/14; 221.204.0.0/15; 221.206.0.0/16; 221.207.0.0/18; 221.207.64.0/18; 221.207.128.0/17; 221.208.0.0/14; 221.212.0.0/16; 221.213.0.0/16; 221.216.0.0/13; 222.128.0.0/14; 222.132.0.0/14; 222.136.0.0/13; 222.160.0.0/15; 222.162.0.0/16; 222.163.0.0/19; 222.163.32.0/19; 222.163.64.0/18; 222.163.128.0/17; }; //教育网IP acl CERT { 58.17.0.0/16; 58.19.0.0/16; 58.20.0.0/16; 58.24.0.0/15; 58.59.128.0/17; 58.60.8.0/21; 58.61.32.0/25; 58.61.32.128/32; 58.100.0.0/15; 58.116.0.0/14; 58.128.0.0/13; 58.154.0.0/15; 58.192.0.0/12; 58.240.0.0/15; 58.248.0.0/13; 59.32.0.0/12; 59.49.128.0/17; 59.50.0.0/16; 59.61.128.0/19; 59.64.0.0/12; 59.151.0.0/17; 60.0.0.0/11; 60.63.0.0/16; 60.190.28.0/28; 60.190.28.96/27; 60.190.28.128/28; 60.190.28.144/30; 60.191.2.0/24; 60.208.0.0/16; 61.28.0.0/20; 61.48.0.0/13; 61.128.0.0/10; 61.200.81.134/31; 61.200.81.136/31; 61.200.81.142/31; 61.200.81.144/31; 61.200.81.150/31; 61.213.179.87/32; 61.232.0.0/14; 61.236.0.0/15; 61.240.0.0/14; 62.4.69.0/24; 62.159.60.207/32; 62.159.60.208/31; 62.159.60.213/32; 62.159.60.214/32; 62.173.115.116/32; 63.73.227.0/24; 63.84.162.0/24; 63.86.118.0/23; 63.89.64.0/24; 63.123.46.86/32; 63.125.146.0/24; 63.164.11.0/24; 63.208.195.68/32; 63.209.48.0/24; 63.210.142.0/24; 63.211.40.87/32; 63.211.66.0/24; 63.215.124.0/24; 64.4.0.0/18; 64.4.240.0/20; 64.68.78.0/23; 64.124.183.0/24; 64.215.165.86/32; 64.215.167.87/32; 64.215.172.0/24; 64.233.160.0/19; 65.54.0.0/15; 65.171.126.87/32; 65.215.128.0/24; 65.245.226.86/32; 65.246.184.0/23; 66.37.210.86/32; 66.45.81.158/32; 66.45.81.190/32; 66.98.205.0/24; 66.102.0.0/20; 66.117.176.136/31; 66.117.176.210/31; 66.117.176.212/30; 66.117.176.216/30; 66.117.176.220/32; 66.117.177.21/32; 66.135.192.0/19; 66.160.145.87/32; 66.179.148.0/24; 66.179.235.32/27; 66.211.160.0/19; 66.249.64.0/19; 67.72.126.87/32; 67.106.214.87/32; 67.133.36.87/32; 67.133.38.87/32; 67.133.200.87/32; 69.32.132.0/24; 69.45.80.87/32; 69.45.82.87/32; 69.45.84.87/32; 72.14.192.0/19; 72.14.224.0/20; 72.164.152.0/24; 80.67.78.87/32; 81.52.203.87/32; 81.52.251.87/32; 82.150.20.0/22; 82.165.43.115/32; 83.70.140.0/22; 84.18.160.0/19; 84.53.128.87/32; 121.30.0.0/15; 121.48.0.0/15; 121.192.0.0/14; 121.248.0.0/14; 123.49.160.0/24; 124.64.0.0/15; 124.88.0.0/14; 124.128.0.0/13; 124.161.0.0/16; 124.162.0.0/15; 124.164.0.0/14; 125.32.0.0/12; 125.73.0.0/16; 125.96.0.0/15; 125.98.0.0/16; 125.171.0.0/17; 125.208.0.0/20; 125.216.0.0/13; 128.84.158.0/24; 128.107.229.0/24; 129.35.76.0/24; 129.35.77.193/32; 129.41.4.137/32; 129.41.4.138/32; 129.41.4.140/32; 129.41.4.143/32; 129.41.4.144/30; 129.41.4.148/32; 129.41.4.154/32; 129.41.4.158/32; 129.42.24.230/32; 129.42.25.230/32; 129.42.32.230/32; 129.42.33.230/32; 129.42.40.230/32; 129.42.41.230/32; 130.88.203.58/32; 132.174.1.0/24; 132.174.11.0/24; 134.243.5.21/32; 134.243.5.70/32; 134.243.5.160/32; 134.243.85.3/32; 137.189.0.0/16; 138.12.4.0/24; 140.98.193.0/24; 140.98.194.0/24; 140.113.0.0/16; 140.234.29.0/24; 141.66.18.186/32; 143.89.0.0/16; 144.81.82.0/24; 144.81.87.0/24; 144.81.88.0/23; 144.214.0.0/16; 147.8.0.0/16; 149.28.1.0/24; 152.101.0.0/16; 152.104.0.0/16; 158.132.0.0/16; 158.182.0.0/16; 159.226.0.0/16; 161.207.0.0/16; 162.97.112.87/32; 162.97.114.87/32; 162.105.0.0/16; 165.193.106.0/23; 165.193.159.0/24; 165.215.136.0/24; 166.90.150.87/32; 166.111.0.0/16; 167.68.6.0/23; 167.139.0.0/16; 167.216.166.0/24; 168.160.0.0/16; 170.107.185.0/24; 170.107.188.0/22; 171.66.120.0/21; 192.58.150.0/24; 192.80.71.0/24; 192.84.75.0/24; 192.86.104.0/24; 192.195.245.0/24; 192.207.91.0/24; 192.245.208.0/24; 193.128.223.0/24; 193.131.119.0/24; 193.174.24.39/32; 193.174.240.6/32; 193.174.240.8/32; 193.194.158.0/24; 194.119.138.1/32; 194.128.228.153/32; 194.130.252.0/24; 195.22.150.0/23; 195.27.60.0/24; 195.27.123.0/24; 195.27.130.0/24; 195.90.89.87/32; 195.144.69.0/24; 198.81.200.2/32; 198.185.19.0/24; 199.4.154.0/23; 199.98.88.0/24; 199.164.217.0/24; 202.4.128.0/19; 202.14.80.0/24; 202.38.0.0/16; 202.40.138.0/23; 202.40.157.0/24; 202.40.192.0/19; 202.43.216.0/23; 202.45.32.0/19; 202.45.176.0/20; 202.75.64.0/19; 202.84.16.0/23; 202.91.176.0/20; 202.93.252.0/22; 202.95.0.0/19; 202.96.0.0/12; 202.112.0.0/13; 202.120.0.0/15; 202.122.32.0/20; 202.123.110.0/24; 202.125.192.0/18; 202.127.0.0/18; 202.127.128.0/17; 202.130.0.0/19; 202.130.224.0/19; 202.131.208.0/20; 202.134.86.130/32; 202.147.5.152/31; 202.147.5.158/31; 202.147.5.160/31; 202.147.5.166/31; 202.152.176.0/20; 202.160.176.0/20; 202.165.96.0/21; 202.165.104.0/22; 202.177.217.87/32; 202.179.240.0/20; 202.189.96.0/19; 202.192.0.0/12; 203.81.16.0/20; 203.87.224.0/19; 203.88.32.0/19; 203.91.120.0/21; 203.93.0.0/16; 203.95.0.0/21; 203.112.23.19/32; 203.119.28.0/23; 203.126.70.87/32; 203.128.128.0/19; 203.166.101.87/32; 203.175.128.0/19; 203.188.64.0/18; 203.192.0.0/19; 203.207.64.0/18; 203.207.128.0/17; 203.208.0.0/19; 203.209.224.0/19; 203.212.0.0/20; 204.94.134.87/32; 204.95.14.87/32; 204.153.51.29/32; 204.153.51.60/32; 204.153.51.65/32; 204.153.51.113/32; 204.179.122.0/24; 204.228.64.52/32; 204.228.64.55/32; 204.228.64.60/32; 205.142.245.0/24; 205.161.5.87/32; 205.203.134.1/32; 205.203.134.30/32; 205.240.244.0/22; 205.243.231.0/24; 206.61.136.87/32; 206.65.170.81/32; 206.112.77.86/32; 206.112.112.0/24; 206.165.29.87/32; 207.24.42.0/24; 207.46.0.0/16; 207.54.136.0/24; 207.68.172.235/32; 207.68.178.0/25; 207.68.179.192/27; 207.126.106.92/32; 207.126.107.92/32; 207.126.112.97/32; 207.164.255.103/32; 208.44.56.71/32; 208.44.56.210/31; 208.44.56.212/30; 208.44.56.216/30; 208.44.56.220/32; 208.176.18.0/24; 208.215.179.0/24; 209.8.104.87/32; 209.8.106.87/32; 209.8.112.87/32; 209.85.128.0/17; 209.116.81.5/32; 209.208.170.210/31; 209.246.136.0/24; 209.249.123.0/24; 210.5.0.0/19; 210.12.0.0/15; 210.14.64.0/19; 210.14.160.0/19; 210.14.192.0/18; 210.15.0.0/17; 210.15.128.0/18; 210.21.0.0/16; 210.22.0.0/16; 210.25.0.0/17; 210.25.128.0/18; 210.26.0.0/15; 210.28.0.0/14; 210.32.0.0/12; 210.51.0.0/16; 210.52.0.0/15; 210.57.21.86/32; 210.72.0.0/14; 210.76.0.0/15; 210.78.0.0/16; 210.79.224.0/19; 210.82.0.0/15; 210.87.128.0/18; 210.177.136.0/24; 210.192.96.0/19; 210.210.18.35/32; 211.64.0.0/13; 211.80.0.0/12; 211.96.0.0/13; 211.136.0.0/13; 211.144.0.0/12; 211.160.0.0/13; 211.174.51.134/31; 211.174.51.136/31; 211.174.51.142/31; 211.174.51.144/31; 211.174.51.150/31; 211.174.51.152/31; 211.174.51.158/31; 211.174.51.160/31; 211.174.51.166/31; 211.174.51.172/31; 212.87.150.203/32; 212.87.150.207/32; 212.87.150.214/32; 212.87.150.216/32; 212.87.150.218/32; 212.187.169.0/24; 212.209.166.86/32; 213.52.211.32/27; 213.161.82.0/24; 213.212.74.236/32; 213.244.181.0/24; 216.32.120.0/24; 216.33.115.0/24; 216.33.244.0/22; 216.33.252.0/23; 216.52.17.96/32; 216.52.36.0/23; 216.73.87.52/32; 216.113.160.0/19; 216.143.112.0/24; 216.146.38.200/30; 216.146.38.204/32; 216.162.203.72/29; 216.162.203.144/28; 216.176.50.163/32; 216.200.62.0/24; 216.218.251.87/32; 216.239.32.0/19; 217.7.141.143/32; 217.7.141.144/31; 217.7.141.149/32; 217.7.141.150/32; 217.68.69.68/31; 217.68.69.70/32; 217.110.203.89/32; 217.163.16.87/32; 218.0.0.0/11; 218.56.0.0/13; 218.64.0.0/11; 218.96.0.0/14; 218.104.0.0/14; 218.108.0.0/15; 218.192.0.0/12; 218.240.0.0/13; 218.249.63.128/25; 218.249.156.64/26; 218.249.156.128/26; 219.72.0.0/16; 219.82.0.0/16; 219.128.0.0/11; 219.216.0.0/13; 219.224.0.0/12; 219.242.0.0/15; 219.244.0.0/14; 220.113.43.0/24; 220.130.122.87/32; 220.160.0.0/11; 220.192.0.0/12; 220.231.15.110/32; 220.234.0.0/16; 220.248.0.0/14; 220.252.0.0/16; 221.0.0.0/12; 221.130.0.0/15; 221.137.0.0/16; 221.172.0.0/14; 221.192.0.0/13; 221.200.0.0/14; 221.204.0.0/15; 221.208.0.0/14; 221.212.0.0/16; 221.213.18.0/24; 221.214.0.0/15; 221.216.0.0/13; 221.224.0.0/12; 222.16.0.0/12; 222.32.0.0/11; 222.64.0.0/11; 222.125.0.0/16; 222.132.0.0/14; 222.136.0.0/13; 222.160.0.0/14; 222.168.0.0/13; 222.176.0.0/12; 222.192.0.0/12; 222.208.0.0/13; 222.216.0.0/15; 222.218.0.0/16; 222.222.0.0/15; 222.240.0.0/13; 222.248.0.0/15; }; view "cncnet" { match-clients { !key certnet;!key othernet; dns-ip-list; CNC;}; recursion yes; zone "longrujun.com" { type master; file "longrujun.cnc"; #longrujun.com网通解析文件 allow-query { any; }; allow-update { none; }; allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输 }; zone "test.com" { type master; file "test.cnc"; #test.com网通解析文件 allow-query { any; }; allow-update { none; }; allow-transfer { dns-ip-list; }; #允许slave dns服务器进行zone传输 }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; }; view "certnet" { match-clients { key certnet;CERT; }; server 192.168.5.29 { keys certnet; };#同步到辅dns recursion yes; zone "longrujun.com" { type master; file "longrujun.cert";#longrujun.com教育网解析文件 allow-query { any; }; allow-update { none; }; allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输 }; zone "test.com" { type master; file "test.cert";#test.com教育网解析文件 allow-query { any; }; allow-update { none; }; allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输 }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; }; view "othernet" { match-clients { key othernet; any; }; server 192.168.5.29 { keys othernet; };#同步到辅dns recursion yes; zone "longrujun.com" { type master; file "longrujun.other";#其他IP段的longrujun.com解析文件 allow-query { any; }; allow-update { none; }; allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输 }; zone "test.com" { type master; file "test.other";#其他IP段的test.com解析文件 allow-query { any; }; allow-update { none; }; allow-transfer { dns-ip-list; };#允许slave dns服务器进行zone传输 }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; }; 3>、生成longrujun.cnc、longrujun.cert、longrujun.other Test.cnc、test.cert、test.other文件 debian:/Data/named# cat longrujun.cnc $ORIGIN . $TTL 3600 ; 1 hour longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. ( 2006091122 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) $TTL 7200 ; 2 hours NS dns2.longrujun.com. NS dns5.longrujun.com. $TTL 3600 ; 1 hour A 100.100.100.100 $TTL 7200 ; 2 hours MX 10 mail.longrujun.com. MX 20 mail2.longrujun.com. $ORIGIN longrujun.com. $TTL 3600 ; 1 hour www A 100.100.100.101 dns2 A 192.168.5.96 dns5 A 192.168.5.29 debian:/Data/named# cat longrujun.cert $ORIGIN . $TTL 3600 ; 1 hour longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. ( 2006091122 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) $TTL 7200 ; 2 hours NS dns2.longrujun.com. NS dns5.longrujun.com. $TTL 3600 ; 1 hour A 100.100.100.100 $TTL 7200 ; 2 hours MX 10 mail.longrujun.com. MX 20 mail2.longrujun.com. $ORIGIN longrujun.com. $TTL 3600 ; 1 hour www A 100.100.100.102 dns2 A 192.168.5.96 dns5 A 192.168.5.29 debian:/Data/named# cat longrujun.other $ORIGIN . $TTL 3600 ; 1 hour longrujun.com IN SOA dns2.longrujun.com. i.longrujun.com. ( 2006091122 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) $TTL 7200 ; 2 hours NS dns2.longrujun.com. NS dns5.longrujun.com. $TTL 3600 ; 1 hour A 100.100.100.100 $TTL 7200 ; 2 hours MX 10 mail.longrujun.com. MX 20 mail2.longrujun.com. $ORIGIN longrujun.com. $TTL 3600 ; 1 hour www A 100.100.100.103 dns2 A 192.168.5.96 dns5 A 192.168.5.29 debian:/Data/named# cat test.cnc $ORIGIN . $TTL 3600 ; 1 hour test.com IN SOA dns2.test.com. i.test.com. ( 2006091122 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) $TTL 7200 ; 2 hours NS dns2.test.com. NS dns5.test.com. $TTL 3600 ; 1 hour A 111.111.111.100 $TTL 7200 ; 2 hours MX 10 mail.test.com. MX 20 mail2.test.com. $ORIGIN test.com. $TTL 3600 ; 1 hour www A 111.111.111.101 dns2 A 192.168.5.96 dns5 A 192.168.5.26 debian:/Data/named# cat test.cert $ORIGIN . $TTL 3600 ; 1 hour test.com IN SOA dns2.test.com. i.test.com. ( 2006091122 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) $TTL 7200 ; 2 hours NS dns2.test.com. NS dns5.test.com. $TTL 3600 ; 1 hour A 111.111.111.100 $TTL 7200 ; 2 hours MX 10 mail.test.com. MX 20 mail2.test.com. $ORIGIN test.com. $TTL 3600 ; 1 hour www A 111.111.111.102 dns2 A 192.168.5.96 dns5 A 192.168.5.29 debian:/Data/named# cat test.other $ORIGIN . $TTL 3600 ; 1 hour test.com IN SOA dns2.test.com. i.test.com. ( 2006091122 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) $TTL 7200 ; 2 hours NS dns2.test.com. NS dns5.test.com. $TTL 3600 ; 1 hour A 111.111.111.100 $TTL 7200 ; 2 hours MX 10 mail.test.com. MX 20 mail2.test.com. $ORIGIN test.com. $TTL 3600 ; 1 hour www A 111.100.111.103 dns2 A 192.168.5.96 dns5 A 192.168.5.26 Step IV、检验配置 ok至此主DNS服务器上面的配置已完成 检查配置的正确性 debian:/Data/apps/named/sbin# ./named-checkconf debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cnc zone longrujun.com/IN: loaded serial 2006091122 OK debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.cert zone longrujun.com/IN: loaded serial 2006091122 OK debian:/Data/apps/named/sbin# ./named-checkzone longrujun.com /Data/named/longrujun.other zone longrujun.com/IN: loaded serial 2006091122 OK debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cnc zone test.com/IN: loaded serial 2006091122 OK debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.cert zone test.com/IN: loaded serial 2006091122 OK debian:/Data/apps/named/sbin# ./named-checkzone test.com /Data/named/test.other zone test.com/IN: loaded serial 2006091122 OK 配置正确启动named debian:/Data/apps/named/sbin# ./named debian:/Data/apps/named/sbin# netstat -ltunp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:612 0.0.0.0:* LISTEN 2126/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1708/portmap tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2110/inetd tcp 0 0 192.168.5.96:53 0.0.0.0:* LISTEN 15372/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15372/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15372/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2105/exim4 tcp6 0 0 :::22 :::* LISTEN 2122/sshd udp 0 584 0.0.0.0:1027 0.0.0.0:* 15372/named udp 0 0 192.168.5.96:53 0.0.0.0:* 15372/named udp 0 0 127.0.0.1:53 0.0.0.0:* 15372/named udp 0 0 0.0.0.0:68 0.0.0.0:* 1703/dhclient udp 0 0 0.0.0.0:606 0.0.0.0:* 2126/rpc.statd udp 0 0 0.0.0.0:609 0.0.0.0:* 2126/rpc.statd udp 0 0 0.0.0.0:111 0.0.0.0:* 1708/portmap udp6 0 0 :::1028 :::* 15372/named debian:/Data/apps/named/sbin# Part II Config Slave Dns Server Step 1、下载并安装 1>、安装bind cd /software wget [url=http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz]http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz[/url] tar zxvf bind-9.3.2-P1.tar.gz cd bind-9.3.2-P1 ./configure --prefix=/Data/apps/named --enable-threads Make Make install Step 2、配置 2>、配置 Cd /Data/apps/named [root@linux named]# mkdir etc 生成rndc控制命令的key文件 [root@linux named]# sbin/rndc-confgen > etc/rndc.conf 从rndc.conf文件中提取named.conf用的key [root@linux named]# cd etc 自动在/Data/apps/named/etc生成named.conf文件 [root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf 3>、建立Zone文件目录 [root@linux etc]# mkdir /Data/named 进入/Data/named目录 [root@linux etc]# cd /Data/named 4>、建立localhost.zone [root@linux named]#vi localhost.zone $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 5>、建立named.local [root@linux named]#vi named.local $TTL 86400 @ IN SOA localhost. root.localhost. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. 1 IN PTR localhost. 6>、生成named.root [root@linux named]#dig > named.root 7>、修改named.conf把在主dns服务器上生成的两对key用于辅dns服务器 Cd /Data/apps/named/etc debian:/Data/apps/named/etc# cat named.conf key "rndc-key" { algorithm hmac-md5; secret "ILrtNPz8KoF2D95rXnNzOQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/Data/named"; pid-file "named.pid"; }; key "certnet" { algorithm hmac-md5; secret "1ks7MJQvWmisPMWbRnYYjg=="; }; key "othernet" { algorithm hmac-md5; secret "CC3eLL3okKM5pBHM1HSMNA=="; }; include "acl.conf"; 8>、创建acl.conf debian:/Data/named# pico acl.conf acl "dns-ip-list" { 192.168.5.96; #主dns服务器IP 192.168.5.29; #辅dns服务器IP }; acl CNC { 58.16.0.0/16; 58.17.0.0/17; 58.17.128.0/17; 58.18.0.0/16; 58.19.0.0/16; 58.20.0.0/16; 58.21.0.0/16; 58.22.0.0/15; 58.240.0.0/15; 58.242.0.0/15; 58.244.0.0/15; 58.246.0.0/15; 58.248.0.0/13; 60.0.0.0/13; 60.8.0.0/15; 60.10.0.0/16; 60.11.0.0/16; 60.12.0.0/16; 60.13.0.0/18; 60.13.128.0/17; 60.14.0.0/15; 60.16.0.0/13; 60.24.0.0/14; 60.30.0.0/16; 60.31.0.0/16; 60.208.0.0/13; 60.216.0.0/15; 60.218.0.0/15; 60.220.0.0/14; 61.48.0.0/13; 61.133.0.0/17; 61.134.96.0/19; 61.134.128.0/17; 61.135.0.0/16; 61.137.128.0/17; 61.138.0.0/17; 61.138.128.0/18; 61.139.128.0/18; 61.148.0.0/15; 61.156.0.0/16; 61.159.0.0/18; 61.161.0.0/18; 61.161.128.0/17; 61.162.0.0/16; 61.163.0.0/16; 61.167.0.0/16; 61.168.0.0/16; 61.176.0.0/16; 61.179.0.0/16; 61.181.0.0/16; 61.182.0.0/16; 61.189.0.0/17; 125.32.0.0/16; 125.40.0.0/13; 202.96.0.0/18; 202.96.64.0/21; 202.96.72.0/21; 202.97.128.0/18; 202.97.224.0/21; 202.97.240.0/20; 202.98.0.0/21; 202.98.8.0/21; 202.99.64.0/19; 202.99.96.0/21; 202.99.128.0/19; 202.99.160.0/21; 202.99.168.0/21; 202.99.176.0/20; 202.99.208.0/20; 202.99.224.0/21; 202.99.232.0/21; 202.99.240.0/20; 202.102.128.0/21; 202.102.224.0/21; 202.102.232.0/21; 202.106.0.0/16; 202.107.0.0/17; 202.108.0.0/16; 202.110.0.0/17; 202.111.128.0/18; 203.93.8.0/24; 203.93.192.0/18; 210.13.128.0/17; 210.14.160.0/19; 210.14.192.0/19; 210.15.32.0/19; 210.15.96.0/19; 210.15.128.0/18; 210.21.0.0/16; 210.52.128.0/17; 210.53.0.0/17; 210.53.128.0/17; 210.74.96.0/19; 210.74.128.0/19; 210.82.0.0/15; 218.8.0.0/14; 218.12.0.0/16; 218.21.128.0/17; 218.24.0.0/14; 218.56.0.0/14; 218.60.0.0/15; 218.67.128.0/17; 218.68.0.0/15; 218.104.0.0/14; 219.154.0.0/15; 219.156.0.0/15; 219.158.0.0/17; 219.158.128.0/17; 219.159.0.0/18; 220.252.0.0/16; 221.0.0.0/15; 221.2.0.0/16; 221.3.0.0/17; 221.3.128.0/17; 221.4.0.0/16; 221.5.0.0/17; 221.5.128.0/17; 221.6.0.0/16; 221.7.0.0/19; 221.7.32.0/19; 221.7.64.0/19; 221.7.96.0/19; 221.8.0.0/15; 221.10.0.0/16; 221.11.0.0/17; 221.11.128.0/18; 221.11.192.0/19; 221.12.0.0/17; 221.12.128.0/18; 221.13.0.0/18; 221.13.64.0/19; 221.13.96.0/19; 221.13.128.0/17; 221.14.0.0/15; 221.192.0.0/15; 221.194.0.0/16; 221.195.0.0/16; 221.196.0.0/15; 221.198.0.0/16; 221.199.0.0/19; 221.199.32.0/20; 221.199.128.0/18; 221.199.192.0/20; 221.200.0.0/14; 221.204.0.0/15; 221.206.0.0/16; 221.207.0.0/18; 221.207.64.0/18; 221.207.128.0/17; 221.208.0.0/14; 221.212.0.0/16; 221.213.0.0/16; 221.216.0.0/13; 222.128.0.0/14; 222.132.0.0/14; 222.136.0.0/13; 222.160.0.0/15; 222.162.0.0/16; 222.163.0.0/19; 222.163.32.0/19; 222.163.64.0/18; 222.163.128.0/17; }; //教育网IP acl CERT { 58.17.0.0/16; 58.19.0.0/16; 58.20.0.0/16; 58.24.0.0/15; 58.59.128.0/17; 58.60.8.0/21; 58.61.32.0/25; 58.61.32.128/32; 58.100.0.0/15; 58.116.0.0/14; 58.128.0.0/13; 58.154.0.0/15; 58.192.0.0/12; 58.240.0.0/15; 58.248.0.0/13; 59.32.0.0/12; 59.49.128.0/17; 59.50.0.0/16; 59.61.128.0/19; 59.64.0.0/12; 59.151.0.0/17; 60.0.0.0/11; 60.63.0.0/16; 60.190.28.0/28; 60.190.28.96/27; 60.190.28.128/28; 60.190.28.144/30; 60.191.2.0/24; 60.208.0.0/16; 61.28.0.0/20; 61.48.0.0/13; 61.128.0.0/10; 61.200.81.134/31; 61.200.81.136/31; 61.200.81.142/31; 61.200.81.144/31; 61.200.81.150/31; 61.213.179.87/32; 61.232.0.0/14; 61.236.0.0/15; 61.240.0.0/14; 62.4.69.0/24; 62.159.60.207/32; 62.159.60.208/31; 62.159.60.213/32; 62.159.60.214/32; 62.173.115.116/32; 63.73.227.0/24; 63.84.162.0/24; 63.86.118.0/23; 63.89.64.0/24; 63.123.46.86/32; 63.125.146.0/24; 63.164.11.0/24; 63.208.195.68/32; 63.209.48.0/24; 63.210.142.0/24; 63.211.40.87/32; 63.211.66.0/24; 63.215.124.0/24; 64.4.0.0/18; 64.4.240.0/20; 64.68.78.0/23; 64.124.183.0/24; 64.215.165.86/32; 64.215.167.87/32; 64.215.172.0/24; 64.233.160.0/19; 65.54.0.0/15; 65.171.126.87/32; 65.215.128.0/24; 65.245.226.86/32; 65.246.184.0/23; 66.37.210.86/32; 66.45.81.158/32; 66.45.81.190/32; 66.98.205.0/24; 66.102.0.0/20; 66.117.176.136/31; 66.117.176.210/31; 66.117.176.212/30; 66.117.176.216/30; 66.117.176.220/32; 66.117.177.21/32; 66.135.192.0/19; 66.160.145.87/32; 66.179.148.0/24; 66.179.235.32/27; 66.211.160.0/19; 66.249.64.0/19; 67.72.126.87/32; 67.106.214.87/32; 67.133.36.87/32; 67.133.38.87/32; 67.133.200.87/32; 69.32.132.0/24; 69.45.80.87/32; 69.45.82.87/32; 69.45.84.87/32; 72.14.192.0/19; 72.14.224.0/20; 72.164.152.0/24; 80.67.78.87/32; 81.52.203.87/32; 81.52.251.87/32; 82.150.20.0/22; 82.165.43.115/32; 83.70.140.0/22; 84.18.160.0/19; 84.53.128.87/32; 121.30.0.0/15; 121.48.0.0/15; 121.192.0.0/14; 121.248.0.0/14; 123.49.160.0/24; 124.64.0.0/15; 124.88.0.0/14; 124.128.0.0/13; 124.161.0.0/16; 124.162.0.0/15; 124.164.0.0/14; 125.32.0.0/12; 125.73.0.0/16; 125.96.0.0/15; 125.98.0.0/16; 125.171.0.0/17; 125.208.0.0/20; 125.216.0.0/13; 128.84.158.0/24; 128.107.229.0/24; 129.35.76.0/24; 129.35.77.193/32; 129.41.4.137/32; 129.41.4.138/32; 129.41.4.140/32; 129.41.4.143/32; 129.41.4.144/30; 129.41.4.148/32; 129.41.4.154/32; 129.41.4.158/32; 129.42.24.230/32; 129.42.25.230/32; 129.42.32.230/32; 129.42.33.230/32; 129.42.40.230/32; 129.42.41.230/32; 130.88.203.58/32; 132.174.1.0/24; 132.174.11.0/24; 134.243.5.21/32; 134.243.5.70/32; 134.243.5.160/32; 134.243.85.3/32; 137.189.0.0/16; 138.12.4.0/24; 140.98.193.0/24; 140.98.194.0/24; 140.113.0.0/16; 140.234.29.0/24; 141.66.18.186/32; 143.89.0.0/16; 144.81.82.0/24; 144.81.87.0/24; 144.81.88.0/23; 144.214.0.0/16; 147.8.0.0/16; 149.28.1.0/24; 152.101.0.0/16; 152.104.0.0/16; 158.132.0.0/16; 158.182.0.0/16; 159.226.0.0/16; 161.207.0.0/16; 162.97.112.87/32; 162.97.114.87/32; 162.105.0.0/16; 165.193.106.0/23; 165.193.159.0/24; 165.215.136.0/24; 166.90.150.87/32; 166.111.0.0/16; 167.68.6.0/23; 167.139.0.0/16; 167.216.166.0/24; 168.160.0.0/16; 170.107.185.0/24; 170.107.188.0/22; 171.66.120.0/21; 192.58.150.0/24; 192.80.71.0/24; 192.84.75.0/24; 192.86.104.0/24; 192.195.245.0/24; 192.207.91.0/24; 192.245.208.0/24; 193.128.223.0/24; 193.131.119.0/24; 193.174.24.39/32; 193.174.240.6/32; 193.174.240.8/32; 193.194.158.0/24; 194.119.138.1/32; 194.128.228.153/32; 194.130.252.0/24; 195.22.150.0/23; 195.27.60.0/24; 195.27.123.0/24; 195.27.130.0/24; 195.90.89.87/32; 195.144.69.0/24; 198.81.200.2/32; 198.185.19.0/24; 199.4.154.0/23; 199.98.88.0/24; 199.164.217.0/24; 202.4.128.0/19; 202.14.80.0/24; 202.38.0.0/16; 202.40.138.0/23; 202.40.157.0/24; 202.40.192.0/19; 202.43.216.0/23; 202.45.32.0/19; 202.45.176.0/20; 202.75.64.0/19; 202.84.16.0/23; 202.91.176.0/20; 202.93.252.0/22; 202.95.0.0/19; 202.96.0.0/12; 202.112.0.0/13; 202.120.0.0/15; 202.122.32.0/20; 202.123.110.0/24; 202.125.192.0/18; 202.127.0.0/18; 202.127.128.0/17; 202.130.0.0/19; 202.130.224.0/19; 202.131.208.0/20; 202.134.86.130/32; 202.147.5.152/31; 202.147.5.158/31; 202.147.5.160/31; 202.147.5.166/31; 202.152.176.0/20; 202.160.176.0/20; 202.165.96.0/21; 202.165.104.0/22; 202.177.217.87/32; 202.179.240.0/20; 202.189.96.0/19; 202.192.0.0/12; 203.81.16.0/20; 203.87.224.0/19; 203.88.32.0/19; 203.91.120.0/21; 203.93.0.0/16; 203.95.0.0/21; 203.112.23.19/32; 203.119.28.0/23; 203.126.70.87/32; 203.128.128.0/19; 203.166.101.87/32; 203.175.128.0/19; 203.188.64.0/18; 203.192.0.0/19; 203.207.64.0/18; 203.207.128.0/17; 203.208.0.0/19; 203.209.224.0/19; 203.212.0.0/20; 204.94.134.87/32; 204.95.14.87/32; 204.153.51.29/32; 204.153.51.60/32; 204.153.51.65/32; 204.153.51.113/32; 204.179.122.0/24; 204.228.64.52/32; 204.228.64.55/32; 204.228.64.60/32; 205.142.245.0/24; 205.161.5.87/32; 205.203.134.1/32; 205.203.134.30/32; 205.240.244.0/22; 205.243.231.0/24; 206.61.136.87/32; 206.65.170.81/32; 206.112.77.86/32; 206.112.112.0/24; 206.165.29.87/32; 207.24.42.0/24; 207.46.0.0/16; 207.54.136.0/24; 207.68.172.235/32; 207.68.178.0/25; 207.68.179.192/27; 207.126.106.92/32; 207.126.107.92/32; 207.126.112.97/32; 207.164.255.103/32; 208.44.56.71/32; 208.44.56.210/31; 208.44.56.212/30; 208.44.56.216/30; 208.44.56.220/32; 208.176.18.0/24; 208.215.179.0/24; 209.8.104.87/32; 209.8.106.87/32; 209.8.112.87/32; 209.85.128.0/17; 209.116.81.5/32; 209.208.170.210/31; 209.246.136.0/24; 209.249.123.0/24; 210.5.0.0/19; 210.12.0.0/15; 210.14.64.0/19; 210.14.160.0/19; 210.14.192.0/18; 210.15.0.0/17; 210.15.128.0/18; 210.21.0.0/16; 210.22.0.0/16; 210.25.0.0/17; 210.25.128.0/18; 210.26.0.0/15; 210.28.0.0/14; 210.32.0.0/12; 210.51.0.0/16; 210.52.0.0/15; 210.57.21.86/32; 210.72.0.0/14; 210.76.0.0/15; 210.78.0.0/16; 210.79.224.0/19; 210.82.0.0/15; 210.87.128.0/18; 210.177.136.0/24; 210.192.96.0/19; 210.210.18.35/32; 211.64.0.0/13; 211.80.0.0/12; 211.96.0.0/13; 211.136.0.0/13; 211.144.0.0/12; 211.160.0.0/13; 211.174.51.134/31; 211.174.51.136/31; 211.174.51.142/31; 211.174.51.144/31; 211.174.51.150/31; 211.174.51.152/31; 211.174.51.158/31; 211.174.51.160/31; 211.174.51.166/31; 211.174.51.172/31; 212.87.150.203/32; 212.87.150.207/32; 212.87.150.214/32; 212.87.150.216/32; 212.87.150.218/32; 212.187.169.0/24; 212.209.166.86/32; 213.52.211.32/27; 213.161.82.0/24; 213.212.74.236/32; 213.244.181.0/24; 216.32.120.0/24; 216.33.115.0/24; 216.33.244.0/22; 216.33.252.0/23; 216.52.17.96/32; 216.52.36.0/23; 216.73.87.52/32; 216.113.160.0/19; 216.143.112.0/24; 216.146.38.200/30; 216.146.38.204/32; 216.162.203.72/29; 216.162.203.144/28; 216.176.50.163/32; 216.200.62.0/24; 216.218.251.87/32; 216.239.32.0/19; 217.7.141.143/32; 217.7.141.144/31; 217.7.141.149/32; 217.7.141.150/32; 217.68.69.68/31; 217.68.69.70/32; 217.110.203.89/32; 217.163.16.87/32; 218.0.0.0/11; 218.56.0.0/13; 218.64.0.0/11; 218.96.0.0/14; 218.104.0.0/14; 218.108.0.0/15; 218.192.0.0/12; 218.240.0.0/13; 218.249.63.128/25; 218.249.156.64/26; 218.249.156.128/26; 219.72.0.0/16; 219.82.0.0/16; 219.128.0.0/11; 219.216.0.0/13; 219.224.0.0/12; 219.242.0.0/15; 219.244.0.0/14; 220.113.43.0/24; 220.130.122.87/32; 220.160.0.0/11; 220.192.0.0/12; 220.231.15.110/32; 220.234.0.0/16; 220.248.0.0/14; 220.252.0.0/16; 221.0.0.0/12; 221.130.0.0/15; 221.137.0.0/16; 221.172.0.0/14; 221.192.0.0/13; 221.200.0.0/14; 221.204.0.0/15; 221.208.0.0/14; 221.212.0.0/16; 221.213.18.0/24; 221.214.0.0/15; 221.216.0.0/13; 221.224.0.0/12; 222.16.0.0/12; 222.32.0.0/11; 222.64.0.0/11; 222.125.0.0/16; 222.132.0.0/14; 222.136.0.0/13; 222.160.0.0/14; 222.168.0.0/13; 222.176.0.0/12; 222.192.0.0/12; 222.208.0.0/13; 222.216.0.0/15; 222.218.0.0/16; 222.222.0.0/15; 222.240.0.0/13; 222.248.0.0/15 }; view "cncnet" { match-clients { !key certnet;!key othernet; dns-ip-list; 192.168.5.115;CNC;}; recursion yes; zone "longrujun.com" { type slave; file "longrujun.cnc";#longrujun.com网通解析文件 masters { 192.168.5.96; };#主dns服务器IP }; zone "test.com" { type slave; file "test.cnc";#test.com网通解析文件 masters { 192.168.5.96; };#主dns服务器IP }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; }; view "certnet" { match-clients { key certnet;192.168.5.38;CERT; }; server 192.168.5.96 { keys certnet; };#同步到主dns recursion yes; zone "longrujun.com" { type slave; file "longrujun.cert";#longrujun.com教育网解析文件 masters { 192.168.5.96; };#主dns服务器IP }; zone "test.com" { type slave; file "test.cert";#test.com教育网解析文件 masters { 192.168.5.96; };#主dns服务器IP }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; }; view "othernet" { match-clients { key othernet; any;192.168.5.49; }; server 192.168.5.96 { keys othernet; };#同步到主dns recursion yes; zone "longrujun.com" { type slave; file "longrujun.other";#其他IP段的longrujun.com解析文件 masters { 192.168.5.96; };#主dns服务器IP }; zone "test.com" { type slave; file "test.other";#其他IP段的test.name解析文件 masters { 192.168.5.96; };#主dns服务器IP }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; }; Published 2006年10月27日 5:17 by [url=http://longrujun.name/user/Profile.aspx?UserID=2102]longrujun[/url] [url=http://longrujun.name/controlpanel/blogs/posteditor.aspx?SelectedNavItem=Posts&sectionid=3&postid=138]Edit[/url] Filed under: [url=http://longrujun.name/blogs/longrujun/archive/tags/SQUID/default.aspx]SQUID[/url], [url=http://longrujun.name/blogs/longrujun/archive/tags/How+to/default.aspx]How to[/url], [url=http://longrujun.name/blogs/longrujun/archive/tags/DNS/default.aspx]DNS[/url], [url=http://longrujun.name/blogs/longrujun/archive/tags/Web2.0/default.aspx]Web2.0[/url], [url=http://longrujun.name/blogs/longrujun/archive/tags/CDN/default.aspx]CDN[/url], [url=http://longrujun.name/blogs/longrujun/archive/tags/SOA/default.aspx]SOA[/url], [url=http://longrujun.name/blogs/longrujun/archive/tags/GSLB/default.aspx]GSLB[/url] [url=http://longrujun.name/blogs/longrujun/archive/2006/10/27/DNS-TSIG_9E5BB073_CDN_2B00_GSLB.aspx#][Edit Tags][/url] [url=http://dev.csdn.net/javascript:d=document;t=d.selection?(d.selection.type!=]收藏此页到365Key[/url] | [url=http://del.icio.us/post]添加到Del.icio.us[/url] | [url=http://digg.com/]Digg this[/url]
󰈣󰈤
 
 
 
>>返回首页<<
 
 热帖排行
 
 
静静地坐在废墟上,四周的荒凉一望无际,忽然觉得,凄凉也很美
©2005- 王朝网络 版权所有