The architecture automatically resolves DNS servers of different IP addresses based on Telecom and Netcom users

The architecture automatically resolves the DNS servers of different IP addresses, such as Linux Enterprise applications and Linux server applications, based on the users of China Telecom and China Netcom. The following is a detailed description. This document is based on FreeBSD and BIND platforms. Win users should be avoided. If there is no FreeBSD basic, do not. Linux or other Unix users can serve as reference documents.

Configuration steps:
1. Preface
2. Software List
3. Install BIND 9
4. Configure BIND 9
5. Test BIND 9
6. Add an NS address
7. Add a domain name
8. Test Domain Name
9. FAQs

I. Preface
This article assumes that you have some experience in FreeBSD operations, understand the daily FreeBSD operations, and have good patience.
After reading the document, you can handle unexpected problems.
This article assumes that you already have a domain name that directs to the operating server, the/etc/rc. conf of the server.
This domain name has been correctly set. In this article, the domain name is ns.naizhao.com and the IP address is 219.132.1.1.
/Etc/rc. conf is set as follows
Hostname = "ns.naizhao.com" # The domain name of the machine. Modify the domain name as appropriate.
Ifconfig_fxp0 = "inet 219.132.1.1 netmask 255.255.255.0" # This line may be different,
Do not copy it. Fxp0 is the NIC on my machine.

2. Software List
The software used in this article can be obtained from the following address. Last updated to 2005/12/12

BIND 9.3.1
Ftp://ftp.isc.org/isc/bind9/9.3.1/bind-9.3.1.tar.gz

3. Install BIND 9
Assume that you have used fetch or wget to/root/For BIND 9 and su is root.
# Tar zxvf bind-9.3.1.tar.gz
# Cd bind-9.3.1
#./Configure
# Make
# Make install
# Make clean
By now, BIND 9 has been installed. If there are any problems during the installation process, it is generally not your character,
Analyze the error information and install the missing package.

4. Configure BIND 9
Don't worry. Check your BIND version.
# Named-v
If you are FreeBSD 4, it is estimated that the prompt you see is similar to the following
Named 8.3.7-REL Sun Dec 12 04:15:36 CST 2004
If you are FreeBSD 5, it is estimated that you will not see the above information. Then let's enter
#/Usr/local/sbin/named-v
This time, no matter whether you are FreeBSD 4 or FreeBSD 5, you will see the following information
BIND 9.3.1
So here, we use/usr/local/sbin/named
Let's get started with configuration.
# Cd/etc/namedb
# Chmod + x make-localhost
#./Make-localhost
A localhost. rev and localhost-v6.rev are generated in the current directory. The latter is used for IPv6
Generate the rndc key
#/Usr/local/sbin/rndc-confgen> rndc. conf
Open rndc. conf and
# Use with the following in named. conf, adjusting the allow list as needed:
......
# End of named. conf
Remove the comment # and add it to named. conf.
Edit named. conf
# Ee named. conf
Find
Zone "." {
Type hint;
File "named. root ";
};

Zone "0.0.127.IN-ADDR. ARPA "{
Type master;
File "localhost. rev ";
};

// RFC 3152
Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa "{
Type master;
File localhost-v6.rev ";
};

// RFC 1886-deprecated
Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int "{
Type master;
File localhost-v6.rev ";
};
Use/**/to annotate all the above content
/*
Zone "." {
Type hint;
......
File localhost-v6.rev ";
};
*/
At the end of the named. conf file, add the content in rndc. conf.
Key "rndc-key "{
Algorithm hmac-md5;
Secret "ILzfx8ONk2444ix9jnDfKA = ";
};

Controls {
Inet 127.0.0.1 port 953
Allow {127.0.0.1;} keys {"rndc-key ";};
};
(The above content is for reference only)
Next, it is the main drama in the article.
Add the following content after the content added above:
// Include cnc acl
Include "acl. conf ";

// View add by naizhao
View "view_cnc "{
Match-clients {CNC ;};
Zone "." {
Type hint;
File "named. root ";
};

Zone "0.0.127.IN-ADDR. ARPA "{
Type master;
File "localhost. rev ";
};

Include "master/cnc. def ";
};

View "view_any "{
Match-clients {any ;};
Zone "." {
Type hint;
File "named. root ";
};

Zone "0.0.127.IN-ADDR. ARPA "{
Type master;
File "localhost. rev ";
};

Include "master/telecom. def ";
};

Save the settings.
# Ee acl. conf
Enter the following content:
// Cnc acl list by naizhao
Acl "CNC "{
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.255.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.158.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.180.128.0/17;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.16.128.0/18;
210.21.0.0/16;
210.51.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
211.152.0.0/13;
218.7.0.0/16;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.28.0.0/15;
218.56.0.0/14;
218.60.0.0/15;
218.62.0.0/17;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.7.128.0/17;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
219.235.56.194;
};
// Cnc acl list by naizhao

# Mkdir master
# Touch master/cnc. def
# Touch master/telecom. def
Complete, followed by testing

5. Test BIND 9
#/Usr/local/sbin/named-gc/etc/namedb/named. conf
Normally, you will see the following information
12-Dec-2005 13:55:46. 772 starting BIND 9.3.1-gc/etc/namedb/named. conf
12-Dec-2005 13:55:46. 816 loading configuration from '/etc/namedb/named. conf'
12-Dec-2005 13:55:46. 824 no IPv6 interfaces found
12-Dec-2005 13:55:46. 825 listening on IPv4 interface fxp0, 219.132.1.1 #53
12-Dec-2005 13:55:46. 825 listening on IPv4 interface lo0, 127.0.0.1 #53
......
12-Dec-2005 13:55:46. 866 running
As long as there is the last line, your configuration is basically successful.
Press ctrl + c on the keyboard to stop BIND 9 first.

6. Add an NS
When you modify the domain name information, you will find that there is a DNS information modification, there will be some similar
Ns7.hichina.com. It is not difficult to add this item. You can add it in the background of the new network. Add
Note that the domain name in the domain name status settings must not be locked.
Log on to the background of xinnet and choose domain name management> register the DNS under this domain name> DNS name: ns> ip address 219.132.1.1
(Modify the IP address as required)-> OK-> MyDNS function-> Add A new A record-> ns-> IP Address
219.132.1.1-> submit.
For some charged (such as hichina) or the management backend that does not provide DNS Server registration, we have the same solution.
Solution. First, add A record A according to the above, and then open
Http://domain.cnic.ac.cn/domain/nameserver/createhost.jsp
Follow the prompts above to register.
OK. Wait for the DNS to take effect.
The following describes how to add an ns record using the method above. When querying a domain name, you need to go through three steps:
Root Domain Name Server-> xinnet/hichina Domain Name Server-> your own Domain Name Server
Therefore, I suggest that you register domain names abroad as much as possible. The security and stability are higher than those in China, and the degree of freedom is higher.
The service is free of charge, and the query only takes two steps:
Root Domain Name Server-> your own Domain Name Server
In addition, for. CN Domain Names, users need to go through four steps:
Root Domain Name Server-> DNS.cn-> xinnet/hichina Domain Name Server-> your own Domain Name Server
It is also a tip to register a domain name for resolution abroad. You can resolve your own domain name on your own. For example:
Wuhongsheng.com. You can use ns1.wuhongsheng.com/ns2.wuhongsheng.com.
In China, I found that this is not yet possible.
Register Your NS records abroad, generally Nameserver registry. Just enter the IP address as prompted.

7. Add a domain name
# Cd/etc/namedb/master
# Mkdir cnc
# Mkdir telecom
# Ee cnc. def
Add
Zone "wuhongsheng.com "{
Type master;
File "master/cnc/wuhongsheng.com ";
};

# Ee telecom. def
Add
Zone "wuhongsheng.com "{
Type master;
File "master/telecom/wuhongsheng.com ";
};
Add the DNS of China Netcom. The resolved IP address is 202.111.1.1.
# Ee cnc/wuhongsheng.com
Add
$ TTL 3600
$ ORIGIN wuhongsheng.com.
@ In soa ns.naizhao.com. root.ns.naizhao.com .(
2005121013; Serial
3600; Refresh (seconds)
900; Retry (seconds)
68400; Expire (seconds)
15); Minimum TTL for Zone (seconds)
;
@ In ns ns.naizhao.com.
@ In a 202.111.1.1
Www in a 202.111.1.1
;
; End
Add the resolution for China Telecom. The resolved IP address is 219.132.1.2.
# Ee telecom/wuhongsheng.com
Add
$ TTL 3600
$ ORIGIN wuhongsheng.com.
@ In soa ns.naizhao.com. root.ns.naizhao.com .(
2005121013; Serial
3600; Refresh (seconds)
900; Retry (seconds)
68400; Expire (seconds)
15); Minimum TTL for Zone (seconds)
;
@ In ns ns.naizhao.com.
@ In a 219.132.1.2
Www in a 219.132.1.2
;
; End
Add a script to automatically start the DNS server when the system starts.
# Ee/usr/local/etc/rc. d/named. sh
Add content
/Usr/local/sbin/named-gc/etc/namedb/named. conf &
# Chmod 777/usr/local/etc/rc. d/named. sh
Start the server
#/Usr/local/etc/rc. d/named. sh
OK. Now your DNS server is running. Try to ping the lines of China Netcom and China Telecom respectively.

8. Test Domain Name
In addition to using simple ping to test the domain name, you can also use nslookup to test the domain name.
# Nslookup
> Server ns.naizhao.com
> Set q =
> Wuhongsheng.com
Of course, you can also use dig for advanced queries in unix systems.
Dig @ ns.naizhao.com a wuhongsheng.com

IX. FAQs
Q: Why didn't I get the IP address from China Netcom during the test?
A: First, check whether your configuration is correct. Another important issue is that your local DNS request is not sent directly to your DNS server, but to the system's DNS server, then, the DNS server sends a request to your own DNS server. Therefore, if you set the DNS server address of China Telecom on your local machine, you will naturally not be able to parse the records of China Netcom.