如何构建智能DNS
发布时间:2023-07-31 14:09:46 所属栏目:安全 来源:
导读:这篇文章给大家分享的是有关如何搭建智能DNS的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。
智能DNS搭建方案
智能DNS主要通过用户源IP来判断来源,然后根据不同的策略解析到不
智能DNS搭建方案
智能DNS主要通过用户源IP来判断来源,然后根据不同的策略解析到不
|
这篇文章给大家分享的是有关如何搭建智能DNS的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。 智能DNS搭建方案 智能DNS主要通过用户源IP来判断来源,然后根据不同的策略解析到不同的IP地址来实现。使得用户可以就近访问所需的资源,提高访问速度,提升用户感知。 智能DNS可通过bind的view功能来实现。 BIND的VIEW功能配置如下: 软件版本:bind-9.9.5-P1.tar.gz 依赖:gcc openssl-0.9.8zb.tar.gz(bind的DNSSEC需要) 1. 安装openssl tar xf openssl-0.9.8zb.tar.gz cd openssl-0.9.8zb ./config --prefix=/usr/local --openssldir=/usr/local/openssl && make && make install 2. 安装bind tar xf bind-9.9.5-P1.tar.gz cd bind-9.9.5-P1 ./configure --prefix=/home/bind --enable-threads --with-openssl=/usr/local/openssl make && make install 3. 配置bind 由于要配置view,那么所有的zone文件都必须放在view里面,所以做如下配置:注释掉named.conf中的named.conf.zone和named.rfc1912.zones vi /home/bind/etc/named.conf #named.conf file include "/home/bind/etc/named.conf.options"; include "/home/bind/etc/named.conf.acl"; include "/home/bind/etc/named.conf.controls"; include "/home/bind/etc/named.conf.server"; include "/home/bind/etc/named.conf.key"; include "/home/bind/etc/named.conf.dlz"; include "/home/bind/etc/named.conf.trusted-keys"; include "/home/bind/etc/named.conf.view"; #include "/home/bind/etc/named.conf.zone"; #include "/home/bind/etc/named.rfc1912.zones"; 配置view vi /home/bind/etc/named.conf.view view "ctc_view_zone" { match-clients { CTC; }; include "/home/bind/var/named/view_zone/ctc_zone"; }; view "cuc_view_zone" { match-clients { CUC; }; include "/home/bind/var/named/view_zone/cuc_zone"; }; view "cmc_view_zone" { match-clients { CMC; }; include "/home/bind/var/named/view_zone/cmc_zone"; }; view "any_view_zone" { match-clients { any; }; include "/home/bind/var/named/view_zone/any_zone"; }; 分别为电信、联通、移动配置view,match-clients对应各自的ACL,实现筛选,include对应各自的zone配置文件。最后一条view为默认的view,view的匹配顺序是从上往下的,所以默认的view配置在最后。 配置zone文件 在/home/bind/var/named/view_zone下创建各自对应的zone文件 ls-l /home/bind/var/named/view_zone total 16 -rw-r--r--. 1 root root 175 Aug 12 17:47 any_zone -rw-r--r--. 1 root root 175 Aug 13 17:22 cmc_zone -rw-r--r--. 1 root root 175 Aug 12 17:47 ctc_zone -rw-r--r--. 1 root root 175 Aug 12 18:18 cuc_zone vi /home/bind/var/named/view_zone/ctc_zone zone "." IN { type hint; file "/home/bind/var/named/named.ca"; }; zone "test.com" IN { type master; file "/home/bind/var/named/ctc/test.com"; allow-update { none; }; }; Vi /home/bind/var/named/view_zone/cuc_zone zone "." IN { type hint; file "/home/bind/var/named/named.ca"; }; zone "test.com" IN { type master; file "/home/bind/var/named/cuc/test.com"; allow-update { none; }; }; Vi /home/bind/var/named/view_zone/cmc_zone zone "." IN { type hint; file "/home/bind/var/named/named.ca"; }; zone "test.com" IN { type master; file "/home/bind/var/named/cmc/test.com"; allow-update { none; }; }; vi /home/bind/var/named/view_zone/any_zone zone "." IN { type hint; file "/home/bind/var/named/named.ca"; }; zone "test.com" IN { type master; file "/home/bind/var/named/any/test.com"; allow-update { none; }; }; 在对应的目录下配置zone数据文件,配置一条A记录便于测试 vi /home/bind/var/named/ctc/test.com $TTL 86400 @ IN SOA test.com. root.localhost. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns ns IN A 115.182.75.10 www IN A 1.1.1.1 vi /home/bind/var/named/cuc/test.com $TTL 86400 @ IN SOA test.com. root.localhost. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns ns IN A 115.182.75.10 www IN A 2.2.2.2 vi /home/bind/var/named/cmc/test.com $TTL 86400 @ IN SOA test.com. root.localhost. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns ns IN A 115.182.75.10 www IN A 3.3.3.3 vi /home/bind/var/named/any/test.com $TTL 86400 @ IN SOA test.com. root.localhost. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns ns IN A 115.182.75.10 www IN A 4.4.4.4 配置ACL 由于IP条目数较多,所以另外创建ACL的文件方便管理 首先在named.conf中关联相应的文件 vi /home/bind/etc/named.conf #named.conf file include "/home/bind/etc/named.conf.options"; include "/home/bind/etc/named.conf.acl"; include "/home/bind/etc/named.conf.controls"; include "/home/bind/etc/named.conf.server"; include "/home/bind/etc/named.conf.key"; include "/home/bind/etc/named.conf.dlz"; include "/home/bind/etc/named.conf.trusted-keys"; include "/home/bind/etc/named.conf.view"; #include "/home/bind/etc/named.conf.zone"; #include "/home/bind/etc/named.rfc1912.zones"; include "/home/bind/etc/named.conf.log"; include "/home/bind/etc/ACL/dianxinACL"; include "/home/bind/etc/ACL/yidongACL"; include "/home/bind/etc/ACL/liantongACL"; include "/home/bind/etc/ACL/changkuanACL"; include "/home/bind/etc/ACL/tietongACL"; include "/home/bind/etc/ACL/jiaoyukeyanACL"; 每个文件对应相应的IP地址库 格式为:acl “acl_name” { xx.xx.xx.xx; }; 如下所示: vi /home/bind/etc/ACL/yidongACL acl "CMC" { 36.128.0.0/10; 39.128.0.0/10; 111.0.0.0/10; 112.0.0.0/10; …… 221.176.0.0/13; 223.64.0.0/10; }; 至此bind的view已经配置完成 启动bind /home/bind/sbin/named -u root -c /home/bind/etc/named.conf (最好创建一个bind账号来启动,chown -R bind:bind /home/bind) ps –ef | grep named 查看服务是否启动 使用/home/bind/sbin/named -u root -c /home/bind/etc/named.conf -g可以查看启动过程,方便排错 测试时,会根据源IP判断来源,然后解析到指定的地址,如下: 域名 电信用户解析IP 联通用户解析IP 移动用户解析IP 其他用户解析IP www.test.com 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4 解析命令 dig @115.182.75.10 www.test.com A nslookup www.test.com 115.182.75.10 host -t A www.test.com 115.182.75.10 附上一个bind自带的压力测试工具queryperf 在解压 bind-9.9.5-P1.tar.gz后,在解压的文件中有个queryperf的目录,具体路径为:bind-9.9.5-P1/contrib/queryperf 在queryperf目录下执行:sh configure && make 之后会生成一个queryperf执行文件 基本用法如下: ./queryperf -d domain-file -s 8.8.8.8 -l 60 -T100 -d 后接一个域名列表文件,一行一个域名,格式为:domain type www.163.com A qq.com MX www.baidu.com CNAME www.test.com NS -s 后接测试使用的DNS服务器IP -l 测试时间,单位为秒 -T 每秒发送的请求数(qps) 命令执行完成后会输出结果,如下: Statistics: Parse input file: multiple times Run time limit: 60 seconds Ran through file: 5999 times Queries sent: 6000 queries #查询总请求数 Queries completed: 6000 queries #查询成功的请求数 Queries lost: 0 queries #查询失败的请求数 Queries delayed(?): 0 queries RTT max: 0.000520 sec RTT min: 0.000109 sec RTT average: 0.000291 sec RTT std deviation: 0.000062 sec RTT out of range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Started at: Fri Aug 15 10:42:00 2014 Finished at: Fri Aug 15 10:43:00 2014 Ran for: 60.000338 seconds Queries per second: 99.999437 qps #每秒查询的次数(qps) Total QPS/target: 99.999437/100 qps (编辑:聊城站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
推荐文章
站长推荐
