海运的博客

Centos下用BIND配置主从同步智能DNS

发布时间:July 6, 2012 // 分类:DNS // No Comments

BIND可根据请求查询的源IP分配到不同的域规则,即智能DNS服务器
下载运营商IP地址库,定义ACL,由于条目太多,可分别存为独立文件调用。
示例主DNS为:1.1.1.1,从DNS为2.2.2.2。

#https://www.haiyun.me
acl liantong{
    112.96.0.0/15;
};

生成key,用于同步时验证并解决不能全部同步的问题,

dnssec-keygen -a hmac-md5 -b 128 -n HOST one
dnssec-keygen -a hmac-md5 -b 128 -n HOST two
dnssec-keygen -a hmac-md5 -b 128 -n HOST three

主DNS配置:

key one
{
       algorithm hmac-md5;
       secret "hxCQkylFHbhzbPYo+CRWLA==";
};
key two
{
       algorithm hmac-md5;
       secret "T4Gf+E0+3Y+5uL3ylkQBSA==";
};

key three
{
       algorithm hmac-md5;
       secret "8q22D8M1c9QQKJLteC2bQQ==";
};
view "dianxin" {
server  2.2.2.2 { 
        keys { one; };
};
match-clients { dianxin; key one; !key two; !key three};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "dianxin.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key one; };
        };
};

view "liantong" {
server  2.2.2.2 {
        keys { two; };
};
match-clients { liantong; key two; !key one; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "liantong.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key two; };
        };
};

view "other" {
server  2.2.2.2 {
        keys { three; };
};
match-clients { any; key three; !key one; !key two; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "other.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key three; };
        };
};
include "/var/named/dianxin.acl";
include "/var/named/liantong.acl";

从DNS配置:

key one
{
       algorithm hmac-md5;
       secret "hxCQkylFHbhzbPYo+CRWLA==";
};
key two
{
       algorithm hmac-md5;
       secret "T4Gf+E0+3Y+5uL3ylkQBSA==";
};

key three
{
       algorithm hmac-md5;
       secret "8q22D8M1c9QQKJLteC2bQQ==";
};
view "dianxin" {
server  1.1.1.1 {
        keys { one; };
};
match-clients { dianxin; key one; !key two; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "dianxin.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};

view "liantong" {
server  1.1.1.1 {
        keys { two; };
};
match-clients { liantong; key two; !key one; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "liantong.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};

view "other" {
server  1.1.1.1 {
        keys { three; };
};
match-clients { any; key three; !key one; !key two; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "other.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};
include "/var/named/dianxin.acl";
include "/var/named/liantong.acl";

定义多个域规则,分别转向不同的IP:

$TTL 600
@                       IN SOA   ns1.www.haiyun.me. domain.mail.www.haiyun.me. (
                        2012070401;
                        3H;
                        10M;
                        1W;
                        1H );
@      IN     NS     ns1.www.haiyun.me.
ns1     IN     A     184.164.141.188
www     IN     A     184.164.141.188

BIND主从DNS配置

发布时间:July 6, 2012 // 分类:DNS // No Comments

为不间断的提供DNS查询服务,自架DNS至少有两台服务器同时提供服务,一台设置为主DNS服务器,其它设置从DNS,自动从主DNS获取数据更新。
Master DNS配置:

#https://www.haiyun.me
zone "www.haiyun.me" IN {
        type master;
        file "named.www.haiyun.me";
        notify yes; #通知Slave更新
        allow-transfer { 184.164.141.188; }; #允许Slave获取信息
};

配置域规则略过,可参考:BIND安装配置
Slave DNS配置:

zone "www.haiyun.me" IN {
    type slave;
    file "named.www.haiyun.me";
    masters { 184.164.141.188; };
};

从DNS要从主DNS获取域规则并写入,域规则存入目录需有named进程运行用户写入权限,默认为named。

chown -R named:named /var/named/

BIND子域名授权管理

发布时间:July 6, 2012 // 分类:DNS // No Comments

BIND主域名服务器安装配置参考:BIND DNS安装配置
子域名管理授权即授权DNS管理二级域名,本例以web.www.haiyun.me为测试域名,BIND主配置文件添加域规则:

zone "web.haiyun.me" IN {
        type master;
        file "named.web.haiyun.me";
        allow-query { any; };
        allow-update { none; }; 
};

主域名规则下定义子域NS:

$TTL 600
@                       IN SOA   ns1.haiyun.me. root.mail.gmail.com. (
                        2012070401;
                        21600;
                        5400;
                        864000;
                        86400 );
@      IN     NS     ns1.haiyun.me.
ns1     IN     A     184.164.141.188
www     IN     A     184.164.141.188
web     IN      NS      ns.web.haiyun.me. #定义web.haiyun.me由ns.web.haiyun.me管理
ns.web  IN      A       184.164.141.188 #定义子域ns.web.haiyun.me所在服务器

然后新建web.haiyun.me域名规则:

$TTL 600
@                       IN SOA   ns.haiyun.me. root.mail.gmail.com. (
                        2012070401;
                        3H;
                        10M;
                        1W;
                        1D );
@      IN     NS     ns.web.haiyun.me.
ns     IN     A     184.164.141.188 #本子域NS地址要和主域定义的相同
www     IN     A     184.164.141.188

Ping测试:

ping www.web.haiyun.me
PING www.web.haiyun.me (184.164.141.188) 56(84) bytes of data.
64 bytes from 184.164.141.188: icmp_seq=1 ttl=57 time=19.1 ms
  1. 1
  2. 2
分类
最新文章
最近回复
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
  • knetxp: 用浏览器F12网络拦截或监听后编辑重发请求,修改url中的set为set_super,将POS...
  • Albert: 啊啊啊啊啊啊啊啊啊 我太激动了,终于好了英文区搜索了半天,翻遍了 pve 论坛没找到好方法,博...