最近着手准备CDN节点了,得多看点资料.
一、简介
在实际的网络应用中,我们有时希望对于同一个Domain Name能够根据不同的请求IP地址/区域,解析到不同的对应IP地址,比如:有时对于企业内部网络和外部网络希望对同一域名解析到不同的IP地址以达到安全目的或者应用目的,又比如为了解决中国南北方电信/网通互访速度差异问题,您也会希望电信用户解析到的域名IP是位于电信网络中的服务器,网通用户亦然,使用户能够访问到临近的最快的服务器。而这些应用都可以通过对DNS的简单配置达到,使用DNS达到这一目的有以下的优点:
1.低成本-无需添加任何专用设备,只需通过简单配置即可;
2.灵活性强-可随时增加/删除解析规则;
3.有一定的可扩展能力-如果搭配Round Robin DNS可无缝快速的配置简单的负载均衡。
二、DNS-views配置
1、原理
使用DNS提供的view指令可以实现根据不同的IP范围来对同一个域名进行解析。
注意:view指令只在BIND9存在,以前的BIND8是没有view指令的!
2、配置示例
(1)环境假想
操作系统:Red Hat Enterprise Linux Server release 5 (Tikanga)
BIND版本:BIND 9.3.3rc2
主DNS服务器:192.168.0.2
从DNS服务器:192.168.0.3
域名:leotest.com
我们希望CN的IP列表所解析到prodigyu.com的IP地址为:192.168.0.100,非CN的IP列表内的IP则解析到:192.168.0.200
安装Bind:
# rpm -ivh bind-9.3.3-7.el5.i386.rpm
[root@rhel5 etc]# cat named.conf
include “/var/named/acl.conf”;
options
{
query-source port 53;
query-source-v6 port 53;
directory “/var/named”; // the default
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
memstatistics-file “data/named_mem_stats.txt”;
};
logging
{
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
view “internal”
{
match-clients { CN; };
recursion yes;
include “/etc/named.root.hints”;
zone “my.internal.zone” {
type master;
file “my.internal.zone.db”;
};
zone “my.slave.internal.zone” {
type slave;
file “slaves/my.slave.internal.zone.db”;
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
};
zone “my.ddns.internal.zone” {
type master;
allow-update { key ddns_key; };
file “slaves/my.ddns.internal.zone.db”;
};
zone “leotest.com” {
type master;
file “leotest.com.zone”;
allow-transfer {
192.168.0.3;
};
};
};
key ddns_key
{
algorithm hmac-md5;
secret “ZQFSVQ9sMquZsdb3Twg9q231SwF1f1KBhG74JMlaiPaumD6NeOA626FQ1DOa”;
};
view “external”
{
match-clients { any; };
recursion yes;
include “/etc/named.root.hints”;
zone “my.external.zone” {
type master;
file “my.external.zone.db”;
};
zone “leotest.com” {
type master;
file “leotest.com.zone.ext”;
allow-transfer {
192.168.0.3;
};
};
};
[root@rhel5 named]# cat acl.conf
acl “CN” {
58.248.0.0/13;
210.52.0.0/16;
};
可以在这个文件里添加更多的IP地址段,上面只是做为例子。
[root@rhel5 named]# cat leotest.com.zone
$ttl 38400
@ IN SOA ns.leotest.com. root.ns.leotest.com.(
2007072600 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; default_ttl
)
@ NS ns.leotest.com.
@ MX 5 mail.leotest.com.
IN A 192.168.0.100
www IN A 192.168.0.100
mail IN A 192.168.0.100
[root@rhel5 named]# cat leotest.com.zone.ext
$ttl 38400
@ IN SOA ns.leotest.com. root.ns.leotest.com.(
2007072600 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; default_ttl
)
@ NS ns.leotest.com.
@ MX 5 mail.leotest.com.
IN A 192.168.0.200
www IN A 192.168.0.200
mail IN A 192.168.0.200
下面是从DNS(192.168.0.3)的设置
[root@mail named]# cat /etc/named.conf
include “/var/named/acl.conf”;
options
{
query-source port 53;
query-source-v6 port 53;
directory “/var/named”; // the default
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
memstatistics-file “data/named_mem_stats.txt”;
};
logging
{
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
view “internal”
{
match-clients { CN; };
recursion yes;
include “/etc/named.root.hints”;
include “/var/named/internal.conf”;
};
key ddns_key
{
algorithm hmac-md5;
secret “COD951PjWgXORWEdLNbN1xAzuZ5eRrdzXmhCZp09ykYoczacYxPe27sImK49”;
};
view “external”
{
match-clients { any; };
recursion yes;
include “/etc/named.root.hints”;
include “/var/named/external.conf”;
};
[root@mail named]# cat internal.conf
zone “leotest.com” {
type slave;
file “slaves/leotest.com.zone”;
masters {192.168.0.2;};
};
[root@mail named]# cat external.conf
zone “leotest.com” {
type slave;
file “slaves/leotest.com.zone.b”;
masters {192.168.0.2;};
};
acl.conf与主DNS服务器上的配置文件一样。