智能Dns工作流程及配置

407 views

Published on

  • Be the first to comment

智能Dns工作流程及配置

  1. 1. CDN 智能 DNS 解析流程(1)用户访问网站,浏览器提交域名请求; (2)当地 DNS 向“.”DNS 请求“cn.”DNS 的域名解析; (3) “.”DNS 响应请求并反馈“cn.”DNS 解析结果; (4)当地 DNS 向“cn.”DNS 请求“testweb.cn.”DNS 的域名解析; (5) “cn.”DNS 响应请求并反馈“testweb.cn.”DNS 解析结果; (6) 当地 DNS 向“testweb.cn.”DNS 请求“www.testweb.cn.”的域名解析; (7) “testweb.cn.”DNS 响应请求并反馈“www.testweb.cn.”解析结果为 CNAME 记录,且指向域名“www.testweb.cn.cdn.mailserver.com.”;(8) 当地 DNS 向“.”DNS 请求“com.”DNS 的域名解析; (9) “.”DNS 响应请求并反馈“com.”DNS 解析结果; (10) 当地 DNS 向“com.”DNS 请求“mailserver.com.”DNS 的域名解析; (11) “com.”DNS 响应请求并反馈“mailserver.com.”DNS 解析结果; (12) 当地 DNS 向“mailserver.com.”DNS 请求“cdn.mailserver.com.”DNS(即智能DNS)的域名解析;(13) “mailserver.com.”DNS 响应请求并反馈“cdn.mailserver.com.”DNS(即智能DNS)解析结果; (14) 当地 DNS 向“cdn.mailserver.com.”DNS(即智能 DNS)请求“www.testweb.cn.cdn.mailserver.com.”DNS 的域名解析; (15) “cdn.mailserver.com.”DNS(即智能 DNS)响应请求并反馈“www.testweb.cn.cdn.mailserver.com.”DNS 解析结果; (16)当地 DNS 将解析结果反馈给用户浏览器,并保存解析结果; (2*)当地 DNS 已保存有域名 www.testweb.cn 的解析记录时,立即反馈用户浏览器解析结果;(3*)/(17)用户浏览器获得域名 www.testweb.cn 的解析 IP 后,向该 IP 的 CDN Node发出访问请求; (4*)/(18)该 CDN Node 收到请求后作出处理和响应。
  2. 2. 智能 DNS 配置过程注:对于配置智能 DNS,主要用途为:1、解决不同运营商访问速度问题 2、实现区域规划(不同区域访问各自最近的服务器),下面以解决网通与电信连接问题的配置。至于实现 2 的功能,只需稍加更改即可。一、DNS 服务器安装......................................................................................... 1二、named.conf 的配置....................................................................................... 2三、更新根区文件:.......................................................................................... 3四、建立启动脚本:.......................................................................................... 4五、添加一个 NS............................................................................................... 5六、添加一个域名.............................................................................................. 5附:获取 IP 地址范围方法:................................................................................. 7一、DNS 服务器安装1、 软件列表BIND 9.3.2ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gzftp://ftp.isc.org/isc/bind9/9.4.0a6/bind-9.4.0a6.tar.gz2、 安装 BIND 9安装 BIND9:# tar zxvf bind-9.3.2.tar.gz# cd bind-9.3.2# ./configure --prefix=/usr/local/named --disable-ipv6# make && make install建立 BIND 用户:# groupadd bind# useradd -g bind -d /usr/local/named -s /sbin/nologin bind创建配置文件目录:# mkdir –p /usr/local/named/etc# chown bind:bind /usr/local/named/etc# chmod 700 /usr/local/named/etc二、named.conf 的配置创建主要的配置文件:
  3. 3. # vi /usr/local/named/etc/named.conf===========================named.conf=======================acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};options {directory "/usr/local/named/etc/";pid-file "/var/run/named/named.pid";version "0.0.0";datasize 40M;allow-transfer {"trust-lan";};recursion yes;allow-notify {"trust-lan";};allow-recursion {"trust-lan";};auth-nxdomain no;forwarders {211.162.106.9;211.162.106.254;};};logging {channel warning{ file "/var/log/named/dns_warnings" versions 3 size 1240k;severity warning;print-category yes;print-severity yes;print-time yes;};channel general_dns{ file "/var/log/named/dns_logs" versions 3 size 1240k;severity info;print-category yes;print-severity yes;print-time yes;};category default { warning; };category queries { general_dns; };};zone "." {type hint;file "named.root";
  4. 4. };acl "CNC" {58.16.0.0/16;58.17.0.0/17;58.17.128.0/17;58.18.0.0/16;58.19.0.0/16;58.20.0.0/16;58.21.0.0/16;注:这些根据情况输入 IP 地址段};view "view_cnc" {match-clients { CNC; };zone "." {type hint;file "named.root";};zone "0.0.127.IN-ADDR.ARPA" {type master;file "localhost.rev";};include "master/cnc.def";};view "view_any" {match-clients { any; };zone "." {type hint;file "named.root";};zone "0.0.127.IN-ADDR.ARPA" {type master;file "localhost.rev";};include "master/telecom.def";};添加完成后,保存。三、更新根区文件:# cd /usr/local/named/etc/# wget ftp://ftp.internic.org/domain/named.root创建 PID 和日志文件:# mkdir /var/run/named/# chmod 777 /var/run/named/
  5. 5. # chown bind:bind /var/run/named/# mkdir /var/log/named/# touch /var/log/named/dns_warnings# touch /var/log/named/dns_logs# chown bind:bind /var/log/named/*# mkdir master# touch master/cnc.def# touch master/telecom.def生成 rndc-key:# cd /usr/local/named/etc/# ../sbin/rndc-confgen > rndc.conf把 rndc.conf 中:# Use with the following in named.conf, adjusting the allow list as needed:后面以的部分加到/usr/local/named/etc/named.conf 中并去掉注释运行测试:# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &状态检查:# /usr/local/named/sbin/rndc status四、建立启动脚本:# vi /etc/init.d/named==============================named.sh============================#!/bin/bash## named a network name service.### chkconfig: 545 35 75# description: a name server#if [ `id -u` -ne 0 ]thenecho "ERROR:For bind to port 53,must run as root."exit 1ficase "" instart)if [ -x /usr/local/named/sbin/named ]; then/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . &&echo BIND9 server started.fi
  6. 6. ;;stop)kill `cat /var/run/named/pid` && echo . && echo BIND9 server stopped.;;restart)echo .echo "Restart BIND9 server"stopsleep 10start;;*)echo " start | stop | restart";;esac===============================named.sh============================# chmod 755 /etc/init.d/named# chown root:root /etc/init.d/named# chkconfig --add named# chkconfig named on五、添加一个 NS 在域名的管理网站上,设定 NS 服务器为你安装的 DNS六、添加一个域名# cd /usr/local/named/etc/master# mkdir cnc# mkdir telecom# vi cnc.def添加zone "724cn.com" {type master;file "master/cnc/724cn.com";};# vi telecom.def添加zone "724cn.com" {type master;file "master/telecom/724cn.com";
  7. 7. };添加网通的解析,解析到的 IP 为 61.45.55.78#vi cnc/724cn.com添加$TTL 3600$ORIGIN 724cn.com.@ IN SOA ns.724cn.com. root.ns.724cn.com.(2005121013 ;Serial3600 ; Refresh ( seconds )900 ; Retry ( seconds )68400 ; Expire ( seconds )15 );Minimum TTL for Zone ( seconds );@ IN NS ns.724cn.com.@ IN A 211.162.106.9www IN A 211.162.106.9;;end添加电信的解析,解析到的 IP 为 210.75.1.178#vi telecom/724cn.com添加$TTL 3600$ORIGIN 724cn.com.@ IN SOA ns.724cn.com. root.ns.724cn.com.(2005121013 ;Serial3600 ; Refresh ( seconds )900 ; Retry ( seconds )68400 ; Expire ( seconds )15 );Minimum TTL for Zone ( seconds );@ IN NS ns.724cn.com.@ IN A 211.162.106.254www IN A 211.162.106.254;;end#/usr/local/named/sbin/rndc reloadOK,到此你的 DNS 服务器就算是跑起来了。试一下分别用网通和电信的线路 ping 一下吧.

×