Use bind to erect your own smart DNS

China's north-south network is a problem for many people who do Web sites
In addition to the use of dual-pass or multiple-pass computer room, but also through a number of mirror server methods to improve user access speed
However, if the use of the dual-pass room is not single IP, or the use of multiple mirrors, you will face a number of different server IP problems
At the earliest, many mirror servers used different domain names, such as WWW1 and WWW2, or www and CNC
This approach, the user is quite unfriendly, and inconvenient to promote, for example, you have to tell a friend a website, but also ask him what line to give the Web site, or perhaps you do not know this site has a dedicated network for Netcom set the mirror
With a unified domain name, and then according to the user's line automatic judgment to boot to different mirror servers, it is the function of Intelligent DNS (smart DNS is actually part of the CDN, is the most front-end part)

There are still some places to use multiple domain names, such as downloading a Web site download mirror server, because smart DNS has a certain defect (and not necessarily choose the right line, said below), but also provide users with the right to choose the line

There are also some companies to provide intelligent DNS interpretation services, your domain name NS point to their servers, and then enter the Netcom and telecom server IP on OK
There are also some companies to provide a more complete CDN services, such as the more famous is ChinaCache, many medium-sized sites are to use their services

The initial bind is not supported by the source to select a different IP, so only through the iptables to implement intelligent DNS, the method is very simple, on the DNS server to start two bind, do not use the default port, two separate to resolve different lines, Then use iptables to send DNS requests for default ports to different instances of BIND based on source IP
The disadvantage of this method is obvious, the need for more than one instance of bind, if more line interpretation is needed to open the bind instance, in addition iptables to the source of the explanation will lead to iptables too many rules

Now that bind supports the functionality chosen according to the source, I'm not sure if it's a new feature of BIND9, but the bind9 is rewritten, a lot more stable and secure than a leaky Bind8, and the following configuration is based on BIND9

I am using CentOS, because the bind service is not as high as other services (such as Apache,squid), so there is no need to compile a copy of it myself, I have used yum installation, the version is not the latest stable version

You can use/etc/init.d/named start to start the service successfully after you've installed it.
A file named.conf appears under/etc, which is the main config file for bind, and we just need to change his
(I only explain the intelligent DNS implementation part, the other bind settings themselves modified, hehe)
Another tip, you can start bind by/usr/sbin/named-g-U named, you can immediately see the output information, easy to debug

We separate judgment by bind9 view function.
First of all, we need a netcom IP list, this is a list circulated on the Internet, hehe

ACL "CNC" {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.21.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.56.0.0/14;
218.60.0.0/15;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
};

If you feel that some of the parts are not very accurate, you can modify

Since this section is too long, it is easier to maintain a dedicated file and then include the named.conf
For example, we save this configuration as cnc_acl.conf
Then write in named.conf

Include "/data/named/cnc_acl.conf";

Can

Next is the view configuration, assuming the domain name is xyz.com, hehe

View "VIEW_CNC" {
match-clients {CNC;};
Zone "Xyz.com" {
Type master;
File "/DATA/NAMED/CNC_XYZ";
};
};

View "View_any" {
match-clients {any;};
Zone "Xyz.com" {
Type master;
File "/DATA/NAMED/ANY_XYZ";
};
};

That would be enough.

Then we need cnc\_xyz and any_xyz two specific zone file
Two files are basically exactly the same, pointing to different IP

$TTL 2h
xyz.com. In SOA ns.xyz.com. Root.xyz.com. (
20071022
2h
40m
1w
2h
)

This6.com. In NS ns.xyz.com.
This6.com. In MX 1 mail.xyz.com.
NS in A 1.1.1.1
Mail in A 1.1.1.1

www in A 1.1.1.1

According to different routes to the WWW point to different IP can be
In this way, we have implemented our own smart DNS

Something, many large Web sites are using this to achieve different line source access to different mirrors, and even to achieve the regional level, for example, in Foshan, the computer room deployed a mirror server, the Guangdong province will be the visit to the server
In addition, just mentioned smart DNS also has defects, here in detail, bind9 through the user's source IP to return a different interpretation of IP, and in fact, not the actual user directly access to our DNS, But the user uses DNS (for example, Guangzhou ADSL user's default DNS) is responsible for accessing our DNS, Netcom's DNS to keep our Netcom's IP, if the user modified DNS, for example, telecommunications users hard to use Netcom's DNS, Or the users of Netcom using foreign DNS (such as OpenDNS, etc.), will lead to error in judgment