以下安裝配置是在192.168.100.87伺服器上實施的操作記錄.
1.從http://www.isc.org/products/BIND/bind9.html下載bind9的源文件.目前版本為9.7.2-p3,源文件為bind-9.7.2-P3.tar.gz.將源文件bind-9.7.2-P3.tar.gz置於/root目錄下.(隨便放的,與安裝配置無關)
2.解壓縮源文件bind-9.7.2-P3.tar.gz
# cd /root
# tar -zxvf bind-9.7.2-P3.tar.gz
3.進入安裝目錄
# cd bind-9.7.2-P3
4.配置、編譯、安裝
# ./configure --prefix=/usr/local/named --disable-openssl-version-check //安裝到/usr/local/named目錄下,並且禁止檢查openssl版本
# make
# make install
安裝完成後,生成的可執行文件位於/usr/local/named/sbin目錄下.最重要的可執行文件為named和rndc.
5.創建rndc.conf配置文件.
# cd /usr/local/named/sbin
# rndc-confgen > /usr/local/named/etc/rndc.conf
# cd /usr/local/named/etc
# more /etc/rndc.conf
輸出為:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "y9xvvfQjdWv9f/Fo7wquBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "y9xvvfQjdWv9f/Fo7wquBg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
6.創建named.conf配置文件,並將rndc.conf文件中註釋部分拷貝添加到named.conf配置文件中.
# vi /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "bX4pVk/C1CO ROBTEAD84A==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
7.在named.conf文件中加入以下部分
options {
directory "/usr/local/named/var";
pid-file "/usr/local/named/var/run/named.pid";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
allow-transfer {none;};
// recursion no;
// recursion yes;
// allow-recursion {trusted;};
// allow-query-cache { any; };
// query-source address * port 53;
};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "hebei.com.cn";
allow-update { none; };
};
8.匿名登錄到ftp站點,獲取/domain目錄下的named.root文件和named.ca文件(這兩個文件是一樣的),將該文件置於/usr/local/named/var目錄下.
# cd /usr/local/named/var
9.創建localhost.zone文件(實際沒有創建)
# vi /var/named/localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
10.創建named.local文件
# vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
11.創建hebei.com.cn文件
# vi hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 123.123.123.123
12.創建反向解析文件(還沒做)
13.啟動 /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf
停止 killall -9 named
14.測試
C:\Documents and Settings\Administrator>nslookup 192.168.100.87
*** Can't find server name for address 192.168.100.87: Query refused
Server: UnKnown
Address: 192.168.100.87
Name:
Address: 123.123.123.123
至此,bind安裝配置完成,並測試通過,下面是智能DNS解析配置過程.
什麼是智能域名伺服器,有什麼用?簡單的說,就是域名伺服器能夠按照請求用戶的網路地址範圍,做出不同的地址解析.
智能域名伺服器在中國的主要作用是解決中國電信和中國網通間存在的問題
-- 當你設置一個伺服器在電信的網路上,這個時候網通的用戶訪問往往很慢,而如果設置在網通則電信訪問很慢,要解決這個問題有很多方法,比較容易採用的是:在電信和網通都設置伺服器,而後讓用戶使用不同的域名訪問,如電信用戶用www.xxx.com,而網通用戶用 www2.xxx.com訪問,但是這樣帶來的問題是要用戶自己判斷,並且還需要輸入不同域名導致麻煩.
這個時候自然希望能夠讓用戶輸入www.xxx.com的時候,能夠由域名伺服器自動判斷用戶的網路情況,而後提供不同的地址解析,即:當網通的用戶訪問的時候,域名伺服器判斷(通過訪問的域名伺服器IP地址範圍)到該用戶來自網通,則給出設置在網通的機器IP,而如果來自電信則給出電信的.
推而廣之,你不僅僅可以作為這個用途,還可以按照網路的情況進行優化,按照不同的IP範圍(代表不同的網路區域),將用戶帶到不同的伺服器節點上.
智能DNS策略解析很好的解決了上面所述的問題.DNS策略解析最基本的功能是可以智能的判斷訪問您網站的用戶,然後根據不同的訪問者把您的域名分別解析成不同的IP地址.如訪問者是網通用戶,DNS策略解析伺服器會把你的域名對應的網通IP地址解析給這個訪問者.如果用戶是電信用戶,DNS策略解析伺服器會把您域名對應的電信IP地址解析給這個訪問者.
智能DNS策略解析還可以給你的多個主機實現負載均衡,這時來自各地的訪問流量會比較平均的分佈到你的每一個主機上.
具體配置如下:以下配置操作在192.168.20.192伺服器上實施測試
1、編輯named.conf文件,加入以下內容
# vi /usr/local/named/etc/named.conf
#裝載網通地址範圍數據
include "acl.conf";
#判斷如是網通的地址範圍,則會執行此處,調用網通的解析
view "view_cnc" {
match-clients{CNC;};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "cnc.hebei.com.cn.txt";
allow-update { none; };
};
};
#如果不是網通的則進行電信的解析
view "view_any" {
match-clients{any;};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "tel.hebei.com.cn.txt";
allow-update { none; };
};
};
2、在/usr/local/named/var目錄下創建acl.conf文件,存放網通的地址範圍數據
# vi /usr/local/named/var
# vi acl.conf
//cnc acl list
acl "CNC" {
192.168.10.194/32;
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.158.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.180.128.0/17;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.16.128.0/18;
210.21.0.0/16;
210.51.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
211.152.0.0/13;
218.7.0.0/16;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.28.0.0/15;
218.56.0.0/14;
218.60.0.0/15;
218.62.0.0/17;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.7.128.0/17;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
219.235.56.194;
};
3、創建cnc.hebei.com.cn文件和tel.hebei.com.cn文件,分別存放需要解析的域名信息.
# vi cnc.hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 123.123.123.123
# vi tel.hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 23.23.23.23
4、啟動/usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
5、測試,我的IP是192.168.10.194,不在acl.conf文件中列出的網通地址段里,因此返回地址為tel.hebei.com.cn文件中指定的23.23.23.23.
C:\Documents and Settings\Administrator>nslookup 192.168.20.192
*** Can't find server name for address 192.168.20.192: Query refused
Server: UnKnown
Address: 192.168.20.192
Name:
Address: 23.23.23.23
