Smart DNS installation and configuration

Intelligent DNS installation and configuration-Linux Enterprise Application-Linux server application information. The following is a detailed description. Note: For smart DNS configuration, the main purposes are: 1. Solve the Problems of China Netcom and China Telecom 2. Implement Regional Planning (access to the nearest server in different regions ), the following configurations solve the connection problem between China Netcom and China Telecom. To implement the function 2, you only need to change it slightly.

1. Install the DNS server ................................... ........................................ .............. 1

Ii. named. conf configuration ..................................... ........................................ .......... 2

3. Update the root zone file :................................. ........................................ ................. 3

4. Create a STARTUP script :.................................. ........................................ ................ 4

5. Add an NS ................................... ........................................ .................... 5

6. Add a domain name ................................... ........................................ ................... 5

Appendix: how to obtain the IP address range :................................... ........................................ ...... 7




1. Install the DNS server


1. Software List

BIND 9.3.2

Ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

2. Install BIND 9

Install BIND9:

# Tar zxvf bind-9.3.2.tar.gz

# Cd bind-9.3.2

#./Configure

-- Prefix =/usr/local/named

Disable-ipv6

# Make & make install

Create a BIND User:

# Groupadd bind

# Useradd-g bind-d/usr/local/named-s/sbin/nologin bind

Create a configuration file directory:

# Mkdir? P/usr/local/named/etc

# Chown bind: bind/usr/local/named/etc

# Chmod 700/usr/local/named/etc



Ii. configuration of named. conf


Create the main configuration file:

# Vi/usr/local/named/etc/named. conf

====================================== Named. conf =

Acl "trust-lan" {127.0.0.1/8; 192.168.0.0/16 ;};

Options {

Directory "/usr/local/named/etc /";

Pid-file "/var/run/named. pid ";

Version "0.0.0 ";

Datasize 40 M;

Allow-transfer {

"Trust-lan ";};

Recursion yes;

Allow-policy {

"Trust-lan ";

};

Allow-recursion {

"Trust-lan ";

};

Auth-nxdomain no;

Forwarders {

202.99.160.68;

202.99.168.8 ;};

};

Logging {

Channel warning

{File "/var/log/named/dns_warnings" versions 3 size 1240 k;

Severity warning;

Print-category yes;

Print-severity yes;

Print-time yes;

};

Channel general_dns

{File "/var/log/named/dns_logs" versions 3 size 1240 k;

Severity info;

Print-category yes;

Print-severity yes;

Print-time yes;

};

Category default {warning ;};

Category queries {general_dns ;};

};

Zone "."{

Type hint;

File "named. root ";

};

Acl "CNC "{

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.255.0.0/16;

58.21.0.0/16;

Note: Enter IP address segments as needed

};

View "view_cnc "{

Match-clients {CNC ;};

Zone "."{

Type hint;

File "named. root ";

};

Zone "0.0.127.IN-ADDR. ARPA "{

Type master;

File "localhost. rev ";

};

Include "master/cnc. def ";

};

View "view_any "{

Match-clients {any ;};

Zone "."{

Type hint;

File "named. root ";

};

Zone "0.0.127.IN-ADDR. ARPA "{

Type master;

File "localhost. rev ";

};

Include "master/telecom. def ";

};

Save the settings.



3. Update the root zone file:


# Cd/usr/local/named/etc/

# Wget ftp://ftp.internic.org/domain/named.root

Create a PID and log file:

# Mkdir/var/run/named/

# Chmod 777/var/run/named/

# Chown bind: bind/var/run/named/

# Mkdir/var/log/named/

# Touch/var/log/named/dns_warnings

# Touch/var/log/named/dns_logs

# Chown bind: bind/var/log/named /*

# Mkdir master

# Touch master/cnc. def

# Touch master/telecom. def

Generate rndc-key:

# Cd/usr/local/named/etc/

# ../Sbin/rndc-confgen> rndc. conf

In rndc. conf:

# Use with the following in named. conf, adjusting the allow list as needed:

Add the following parts to/usr/local/named/etc/named. conf and remove the comments.

Run the test:

#/Usr/local/named/sbin/named-gc/usr/local/named/etc/named. conf &

Status check:

#/Usr/local/named/sbin/rndc status



4. Create a STARTUP script:


# Vi/etc/init. d/named

================================ Named. sh ==================================

#! /Bin/bash

#

# Named a network name service.

#

#

# Chkconfig: 545 35 75

# Description: a name server

#

If ['id-U'-ne 0]

Then

Echo "ERROR: For bind to port 53, must run as root ."

Exit 1

Fi

Case "$1" in

Start)

If [-x/usr/local/named/sbin/named]; then

/Usr/local/named/sbin/named-u bind-c/usr/local/named/etc/named. conf & echo. & echo 'bind9 server started .'

Fi

;;

Stop)

Kill 'cat/var/run/named/pid' & echo. & echo 'bind9 server stopped .'

;;

Restart)

Echo.

Echo "Restart BIND9 server"

$0 stop

Sleep 10

$0 start

;;

*)

Echo "$0 start | stop | restart"

;;

Esac

================================== Named. sh ==================================

# Chmod 755/etc/init. d/named

# Chown root: root/etc/init. d/named

# Chkconfig -- add named

# Chkconfig named on



5. Add an NS


On the domain name management website, set the DNS server to be installed for you



6. Add a domain name


# Cd/usr/local/named/etc/master

# Mkdir cnc

# Mkdir telecom

# Vi cnc. def

Add

Zone "daoyou.com "{

Type master;

File "master/cnc/daoyou.com ";

};

# Vi telecom. def

Add

Zone "daoyou.com "{

Type master;

File "master/telecom/daoyou.com ";

};

Add the DNS of China Netcom. The resolved IP address is 61.45.55.78.

# Vi cnc/daoyou.com

Add

$ TTL 3600

$ ORIGIN daoyou.com.

@ In soa ns.daoyou.com. root.ns.daoyou.com .(

2005121013; Serial

3600; Refresh (seconds)

900; Retry (seconds)

68400; Expire (seconds)

15); Minimum TTL for Zone (seconds)

;

@ In ns ns.daoyou.com.

@ In a 61.45.55.78

Www in a 61.45.55.78

;

; End

Add the resolution for China Telecom. The resolved IP address is 210.75.1.178.

# Vi telecom/daoyou.com

Add

$ TTL 3600

$ ORIGIN daoyou.com.

@ In soa ns.daoyou.com. root.ns.daoyou.com .(

2005121013; Serial

3600; Refresh (seconds)

900; Retry (seconds)

68400; Expire (seconds)

15); Minimum TTL for Zone (seconds)

;

@ In ns ns.daoyou.com.

@ In a 210.75.1.178

Www in a 210.75.1.178

;

; End

#/Usr/local/named/sbin/rndc reload

OK. Now your DNS server is running. Try to ping the lines of China Netcom and China Telecom respectively.


Appendix: how to obtain the IP address range:
1. Use the shell program to obtain the IP address segment



#! /Bin/sh

FILE =/root/study/apnic/ip_apnic

Rm-f $ FILE

Wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest-O $ FILE

Grep 'apnic | CN | ipv4 | '$ FILE | cut-f 4,5-d' |' | sed-e's/| // G' | while read ip cnt

Do

Echo $ ip: $ cnt

Mask = $ (cat <EOF | bc | tail-1

Pow = 32;

Define log2 (x ){

If (x <= 1) return (pow );

Pow --;

Return (log2 (x/2 ));

}

Log2 ($ cnt)

EOF)

Echo $ ip/$ mask> cn.net

NETNAME = 'whois $ ip@whois.apnic.net | sed-E'/./{H; $! D;} '-e' x;/netnum /! D' | grep ^ netname | sed-e's /. *:\(. * \)/\ 1/G' | sed-e's /-. * // g''

Case $ NETNAME in

CNC)

Echo $ ip/$ mask> CNCGROUP

;;

CHINANET | CNCGROUP)

Echo $ ip/$ mask >>$ NETNAME

;;

CHINANET | CNCGROUP)

Echo $ ip/$ mask >>$ NETNAME

;;

CHINATELECOM)

Echo $ ip/$ mask> CHINANET

;;

*)

Echo $ ip/$ mask> OTHER

;;

Esac

Done



2. You can use the information on the Internet. The following is the latest information, and then use the awk to segment it.


Wget http: // 218.66.103.230/vpn_route/new Netcom route table

Wget http: // 218.66.103.230/vpn_route/chinanet. new Telecom route table