Radware内容发布网(CDN)系统网络优化与安全方案
瘦小腹
一、应用背景
某网络广告公司,总部设在中国上海,是一个具有多项全球顶尖互联网专利技术的专业广告集团,主营在线网络广告,业务量庞大,广告主及联盟网站众多且遍布不同区域。由于南北互通问题,严重制约了市场的拓展和业务的进一步发展,影响了工作效率。目前有CDN(内容分布网络),BGP(边际网关协议)等技术可以解决南北互通问题,但是高投资、高使用费以及高维护费成为该公司的首要难题。为打破困局,该公司决定对症下药,寻找更经济的解决办法,消除南北间不可逾越的"鸿沟",降低网络费用。
二、解决方案
采用双线机房,Bind9作为智能DNS,通过DNS View配置,自动根据客户端IP来判断,网通的用户解析出网通的IP,电信的解析出电信IP,使用户能够访问到临近的同网的服务器,避免跨网访问,从而提高访问速度,解决南北互访问题。
三、实施步骤
操作系统:
CentOS 4.4 http://www.centos.org
软件列表:
BIND9 http://www.isc.org
Ripe-dbase-client-v3 http://www.apnic.net
例子域名:
Entage.net
步骤一、安装操作系统
推荐使用CentOS 4.4,基于RedHat Enterprise AS 4.4安全加强的免费可升级独立分发版本Linux操作系统,安装过程不再详述。
步骤二、安装Bind9
(1)RPM包方式安装
1.手动下载软件包安装
下载RPM软件包:
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-9.2.4-16.EL4.i386.rpm
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-libs-9.2.4-16.EL4.i386.rpm
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-utils-9.2.4-16.EL4.i386.rpm
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-devel-9.2.4-16.EL4.i386.rpm
安装软件包:
rpm -iUvh bind*.rpm
2.yum自动安装
yum install bind bind-libs bind-utils bind-devel
3.up2date自动安装
up2date bind bind-libs bind-utils bind-devel
以上三种方式任选一种安装,安装后执行以下命令配置DNS服务开机自启动
chkconfig named on
(2)源码包方式安装
下载源码包:
wget http://ftp.isc.org/isc/bind9/9.3.3/bind-9.3.3.tar.gz
解压源码包:
tar zxvf bind-9.3.3.tar.gz
配置:
cd bind-9.3.3
./configure --prefix=/usr
编译:
make
安装:
make install
添加用户和组:
groupadd -g 25 named
useradd -u 25 -g 25 -d /var/named -s /sbin/nologin named
建立启动脚本:
vi /etc/init.d/named
==========named begin==========
#!/bin/bash
#
# named This shell scrīpt takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: - 13 87
# descrīption: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
#
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/sbin/named ]
then
/usr/sbin/named -u named -c /etc/named.conf && echo . && echo 'BIND9 server started.'
fi
;;
stop)
kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac
==========named end===========
更改启动脚本权限:
chmod 755 /etc/init.d/named
添加启动脚本为系统服务:
chkconfig --add named
配置DNS服务开机自启动:
chkconfig named on
步骤三、安装IP地址段查询工具Ripe-dbase-client-v3:
下载软件包:
wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz
解压软件包:
tar zxvf ripe-dbase-client-v3.tar.gz
配置:
cd whois-3.1
./configure --prefix=/usr
编译:
make
安装
make install
步骤四、建立相关目录及文件
mkdir -p /var/named/data
mkdir -p /var/named/master/any
mkdir -p /var/named/master/cnc
mkdir -p /var/named/master/telecom
mkdir -p /var/named/slaves
mkdir -p /var/log/named
mkdir -p /var/run/named
touch /var/named/cnc_acl.conf
touch /var/named/telecom_acl.conf
touch /var/log/named/dns_warning
touch /var/log/named/dns_log
touch /var/named/master/any.def
touch /var/named/master/cnc.def
touch /var/named/master/telecom.def
wget ftp://ftp.internic.org/domain/named.root -O /var/named/named.ca
chown -R named.named /var/named /var/log/named /var/run/named
chmod -R 770 /var/named /var/log/named /var/run/named
步骤五、配置rndc
设置rndc.conf:
vi /etc/rndc.conf
==========rndc.conf begin==========
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
include "/etc/rndc.key";
==========rndc.conf end============
生成/etc/rndc.key:
/usr/sbin/rndc-confgen –a
步骤六、配置ACL文件
设置网通IP列表ACL文件cnc_acl.conf:
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /var/named/cnc_acl.conf
设置电信IP列表ACL文件telecom_acl.conf:
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /var/named/telecom_acl.conf
步骤七、配置named.conf
vi /etc/named.conf
==========named.conf begin==========
acl "trusted-lan" {
127.0.0.1/8;
192.168.0.0/24;
};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
version "";
datasize 40M;
allow-transfer {
"trusted-lan";
};
recursion yes;
allow-notify {
"trusted-lan";
};
allow-recursion {
"trusted-lan";
};
auth-nxdomain no;
forwarders {
202.96.209.5;
210.22.70.3;
};
};
logging {
channel warning {
file "/var/log/named/dns_warning" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/log/named/dns_log" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "cnc_acl.conf";
include "telecom_acl.conf";
view "view_cnc" {
match-clients {
CNC;
};
zone "." {
type hint;
file "named.ca";
};
include "master/cnc.def";
};
view "view_telecom" {
match-clients {
TELECOM;
};
zone "." {
type hint;
file "named.ca";
};
include "master/telecom.def";
};
view "view_any" {
match-clients {
any;
};
zone "." {
type hint;
file "named.ca";
};
include "master/any.def";
};
include "/etc/rndc.key";
==========named.conf end===========
步骤八、增加域名解析配置文件
设置网通解析配置文件:
vi /var/named/master/cnc.def
==========cnc.def begin==========
zone "entage.net"{
type master;
file "master/cnc/entage.net";
};
==========cnc.def end===========
设置电信解析配置文件:
vi /var/named/master/telecom.def
==========telecom.def begin==========
zone "entage.net"{
type master;
file "master/telecom/entage.net";
};
==========telecom.def end===========
设置网通电信以外解析配置文件:
vi /var/named/master/any.def
==========any.def begin==========
zone "entage.net"{
type master;
file "master/any/entage.net";
};
==========any.def end===========
步骤九、增加域名定义文件
设置网通域名定义文件:
vi /var/named/master/cnc/entage.net
==========cnc/entage.net begin==========
$TTL 3600
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net. (
2007011701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.entage.net.
@ IN A 218.108.238.221
ns IN A 218.108.238.221
www IN A 218.108.238.221
;
;end
==========cnc/entage.net end===========
设置电信域名定义文件:
vi /var/named/master/telecom/entage.net
==========telecom/entage.net begin==========
$TTL 3600
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net. (
2007011701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.entage.net.
@ IN A 61.152.241.97
ns IN A 61.152.241.97
www IN A 61.152.241.97
;
;end
==========telecom/entage.net end===========
设置其它区域域名定义文件:
vi /var/named/master/any/entage.net
==========any/entage.net begin==========
$TTL 3600
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net. (
2007011701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.entage.net.
@ IN A 61.152.241.97
ns IN A 61.152.241.97
www IN A 61.152.241.97
;
;end
==========any/entage.net end===========
四、结束语
此方案有如下优点:
1.低成本-无需添加任何专用设备,只需通过简单配置即可;
2.灵活性强-可随时增加/删除解析规则;
3.有一定的可扩展能力-如果搭配Round Robin DNS可无缝快速的配置简单的负载均衡;
(全文完)
某网络广告公司,总部设在中国上海,是一个具有多项全球顶尖互联网专利技术的专业广告集团,主营在线网络广告,业务量庞大,广告主及联盟网站众多且遍布不同区域。由于南北互通问题,严重制约了市场的拓展和业务的进一步发展,影响了工作效率。目前有CDN(内容分布网络),BGP(边际网关协议)等技术可以解决南北互通问题,但是高投资、高使用费以及高维护费成为该公司的首要难题。为打破困局,该公司决定对症下药,寻找更经济的解决办法,消除南北间不可逾越的"鸿沟",降低网络费用。
二、解决方案
采用双线机房,Bind9作为智能DNS,通过DNS View配置,自动根据客户端IP来判断,网通的用户解析出网通的IP,电信的解析出电信IP,使用户能够访问到临近的同网的服务器,避免跨网访问,从而提高访问速度,解决南北互访问题。
三、实施步骤
操作系统:
CentOS 4.4 http://www.centos.org
软件列表:
BIND9 http://www.isc.org
Ripe-dbase-client-v3 http://www.apnic.net
例子域名:
Entage.net
步骤一、安装操作系统
推荐使用CentOS 4.4,基于RedHat Enterprise AS 4.4安全加强的免费可升级独立分发版本Linux操作系统,安装过程不再详述。
步骤二、安装Bind9
(1)RPM包方式安装
1.手动下载软件包安装
下载RPM软件包:
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-9.2.4-16.EL4.i386.rpm
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-libs-9.2.4-16.EL4.i386.rpm
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-utils-9.2.4-16.EL4.i386.rpm
wget http://isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-devel-9.2.4-16.EL4.i386.rpm
安装软件包:
rpm -iUvh bind*.rpm
2.yum自动安装
yum install bind bind-libs bind-utils bind-devel
3.up2date自动安装
up2date bind bind-libs bind-utils bind-devel
以上三种方式任选一种安装,安装后执行以下命令配置DNS服务开机自启动
chkconfig named on
(2)源码包方式安装
下载源码包:
wget http://ftp.isc.org/isc/bind9/9.3.3/bind-9.3.3.tar.gz
解压源码包:
tar zxvf bind-9.3.3.tar.gz
配置:
cd bind-9.3.3
./configure --prefix=/usr
编译:
make
安装:
make install
添加用户和组:
groupadd -g 25 named
useradd -u 25 -g 25 -d /var/named -s /sbin/nologin named
建立启动脚本:
vi /etc/init.d/named
==========named begin==========
#!/bin/bash
#
# named This shell scrīpt takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: - 13 87
# descrīption: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
#
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/sbin/named ]
then
/usr/sbin/named -u named -c /etc/named.conf && echo . && echo 'BIND9 server started.'
fi
;;
stop)
kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac
==========named end===========
更改启动脚本权限:
chmod 755 /etc/init.d/named
添加启动脚本为系统服务:
chkconfig --add named
配置DNS服务开机自启动:
chkconfig named on
步骤三、安装IP地址段查询工具Ripe-dbase-client-v3:
下载软件包:
wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz
解压软件包:
tar zxvf ripe-dbase-client-v3.tar.gz
配置:
cd whois-3.1
./configure --prefix=/usr
编译:
make
安装
make install
步骤四、建立相关目录及文件
mkdir -p /var/named/data
mkdir -p /var/named/master/any
mkdir -p /var/named/master/cnc
mkdir -p /var/named/master/telecom
mkdir -p /var/named/slaves
mkdir -p /var/log/named
mkdir -p /var/run/named
touch /var/named/cnc_acl.conf
touch /var/named/telecom_acl.conf
touch /var/log/named/dns_warning
touch /var/log/named/dns_log
touch /var/named/master/any.def
touch /var/named/master/cnc.def
touch /var/named/master/telecom.def
wget ftp://ftp.internic.org/domain/named.root -O /var/named/named.ca
chown -R named.named /var/named /var/log/named /var/run/named
chmod -R 770 /var/named /var/log/named /var/run/named
步骤五、配置rndc
设置rndc.conf:
vi /etc/rndc.conf
==========rndc.conf begin==========
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
include "/etc/rndc.key";
==========rndc.conf end============
生成/etc/rndc.key:
/usr/sbin/rndc-confgen –a
步骤六、配置ACL文件
设置网通IP列表ACL文件cnc_acl.conf:
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /var/named/cnc_acl.conf
设置电信IP列表ACL文件telecom_acl.conf:
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /var/named/telecom_acl.conf
步骤七、配置named.conf
vi /etc/named.conf
==========named.conf begin==========
acl "trusted-lan" {
127.0.0.1/8;
192.168.0.0/24;
};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
version "";
datasize 40M;
allow-transfer {
"trusted-lan";
};
recursion yes;
allow-notify {
"trusted-lan";
};
allow-recursion {
"trusted-lan";
};
auth-nxdomain no;
forwarders {
202.96.209.5;
210.22.70.3;
};
};
logging {
channel warning {
file "/var/log/named/dns_warning" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/log/named/dns_log" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "cnc_acl.conf";
include "telecom_acl.conf";
view "view_cnc" {
match-clients {
CNC;
};
zone "." {
type hint;
file "named.ca";
};
include "master/cnc.def";
};
view "view_telecom" {
match-clients {
TELECOM;
};
zone "." {
type hint;
file "named.ca";
};
include "master/telecom.def";
};
view "view_any" {
match-clients {
any;
};
zone "." {
type hint;
file "named.ca";
};
include "master/any.def";
};
include "/etc/rndc.key";
==========named.conf end===========
步骤八、增加域名解析配置文件
设置网通解析配置文件:
vi /var/named/master/cnc.def
==========cnc.def begin==========
zone "entage.net"{
type master;
file "master/cnc/entage.net";
};
==========cnc.def end===========
设置电信解析配置文件:
vi /var/named/master/telecom.def
==========telecom.def begin==========
zone "entage.net"{
type master;
file "master/telecom/entage.net";
};
==========telecom.def end===========
设置网通电信以外解析配置文件:
vi /var/named/master/any.def
==========any.def begin==========
zone "entage.net"{
type master;
file "master/any/entage.net";
};
==========any.def end===========
步骤九、增加域名定义文件
设置网通域名定义文件:
vi /var/named/master/cnc/entage.net
==========cnc/entage.net begin==========
$TTL 3600
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net. (
2007011701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.entage.net.
@ IN A 218.108.238.221
ns IN A 218.108.238.221
www IN A 218.108.238.221
;
;end
==========cnc/entage.net end===========
设置电信域名定义文件:
vi /var/named/master/telecom/entage.net
==========telecom/entage.net begin==========
$TTL 3600
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net. (
2007011701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.entage.net.
@ IN A 61.152.241.97
ns IN A 61.152.241.97
www IN A 61.152.241.97
;
;end
==========telecom/entage.net end===========
设置其它区域域名定义文件:
vi /var/named/master/any/entage.net
==========any/entage.net begin==========
$TTL 3600
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net. (
2007011701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.entage.net.
@ IN A 61.152.241.97
ns IN A 61.152.241.97
www IN A 61.152.241.97
;
;end
==========any/entage.net end===========
四、结束语
此方案有如下优点:
1.低成本-无需添加任何专用设备,只需通过简单配置即可;
2.灵活性强-可随时增加/删除解析规则;
3.有一定的可扩展能力-如果搭配Round Robin DNS可无缝快速的配置简单的负载均衡;
(全文完)
Bind-9.3.4 CentOS 4.4 安装手记
Bind 安装手记
平台: centos 4.4 软件 bind-9.3.4
硬件:PD 2.8 1G 160G
作者:飘雪.华哥
下载 bind http://www.isc.org/products/BIND/
安装基础操作系统。
把下载得到的 bind-9.3.4.tar.gz 上传到服务器的 / 目录
解压bind-9.3.4.tar.gz
# tar zxf bind-9.3.4.tar.gz
进入 bind-9.3.4文件夹
# cd bind-9.3.4
创建安装目录,我是安装在 /usr/local/named
# mkdir /usr/local/named
编译,指定安装目录,指定man目录,开启多线程支持
# ./configure –prefix=/usr/local/named --mandir=/usr/local/share/man –enable-threads
Make 大约需要几分钟,只要不报错就继续下去。
# make
Make install 安装
# make install
没有报错,就表示安装成功了。
创建以下目录以备用
# mkdir /usr/local/named/namedb
开始配置bind
创建 rndc.conf文件,用bind自带程序生成
# cd /usr/local/named/
# sbin/rndc-confgen > rndc.conf
把rndc.conf 中的key信息输出到 named.conf 中
# tail –n10 rndc.conf | head -n9 | sed -e s/#\ //g > named.conf
编辑named.conf
# vi named.conf
写入以下内容:
Option {
Directory “/usr/local/named/etc”;
Pid-file “named.pid”;
Allow-query ( any );
Dump-file “/usr/local/named/data/cache_dump.db”;
Statistics-file “/usr/local/named/data/named_stats.txt”;
};
Zone “.” in {
Type hint;
File “named.root”;
};
Zone “localhost” in {
Type master;
File “localhost.zone”;
};
Zone “0.0.127.in-addr.arpa” in {
Type master;
File “localhost.rev”;
};
退出,保存。
创建并编辑 localhost.zone 文件
# vi localhost.zone
写入以下内容:
$TTL 3600
$ORIGIN 127.0.0.1.
@ 1D IN SOA localhost. root.localhost. (
42 ;
3H ;
15M ;
1W ;
3600);
1D IN NS 127.0.0.1
1D IN A 127.0.0.1
创建并编辑 localhost.rev 文件
# vi localhost.rev
写入以下内容:
$TTL 3600
@ IN SOA localhost. root.localhost. (
1; serial
3600; refresh every hour
900; retry every 15 minutes
3600000; expire 1000 hours
3600); minimun 1 hour
IN NS localhost.
1 IN PTR localhost.
特别注意:bind的配置文档是区分大小写的。
下面就可以启动bind来测试安装是否成功了
# /usr/local/named/sbin/named –gc /usr/local/named/etc/named.conf
加 –gc 参数,可以显示出启动日志,以便出错排查。
如果运行结果最后一行显示
Running
表明安装并启动成功。
把named 添加到启动项,随操作系统一起启动。
# cd /etc/rcd.
# vi rc.local
在最后添加以下内容
/usr/local/named/sbin/named –gc /usr/local/named/etc/named.conf
退出保存。
可以尝试重启服务器,然后telnet 服务器IP地址的53端口,验证bind是否启动。
# shutdown –r now
# telnet x.x.x.x 53
全部安装结束,就可以开展应用的配置和测试了。
问题之一,装系统时没有选装开发包,以致编译时出错,找不到GCC库。
[root@Cache bind-9.3.4]# ./configure --prefix=/usr/local --mandir=/usr/local/share/man --enable-threads
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking whether make sets $(MAKE)... yes
checking for ranlib... ranlib
checking for a BSD-compatible install... /usr/bin/install -c
checking for ar... /usr/bin/ar
checking for etags... no
checking for emacs-etags... no
checking for perl5... no
checking for perl... /usr/bin/perl
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.
[root@Cache bind-9.3.4]
问题之二,编辑localhost.rev 和 localhost.zone内容时,未区分大小写,造成无法执行文件内容。
问题之三,编辑 localhost.zone时,内容格式不对。造成执行错误。
$TTL 3600
@ IN SOA localhost. root.localhost.
(
1; serial
正确的应该是这个,注意括号的位置。
$TTL 3600
@ IN SOA localhost. root.localhost. (
1; serial
Bind 安装手记
平台: centos 4.4 软件 bind-9.3.4
硬件:PD 2.8 1G 160G
作者:飘雪.华哥
下载 bind http://www.isc.org/products/BIND/
安装基础操作系统。
把下载得到的 bind-9.3.4.tar.gz 上传到服务器的 / 目录
解压bind-9.3.4.tar.gz
# tar zxf bind-9.3.4.tar.gz
进入 bind-9.3.4文件夹
# cd bind-9.3.4
创建安装目录,我是安装在 /usr/local/named
# mkdir /usr/local/named
编译,指定安装目录,指定man目录,开启多线程支持
# ./configure –prefix=/usr/local/named --mandir=/usr/local/share/man –enable-threads
Make 大约需要几分钟,只要不报错就继续下去。
# make
Make install 安装
# make install
没有报错,就表示安装成功了。
创建以下目录以备用
# mkdir /usr/local/named/namedb
开始配置bind
创建 rndc.conf文件,用bind自带程序生成
# cd /usr/local/named/
# sbin/rndc-confgen > rndc.conf
把rndc.conf 中的key信息输出到 named.conf 中
# tail –n10 rndc.conf | head -n9 | sed -e s/#\ //g > named.conf
编辑named.conf
# vi named.conf
写入以下内容:
Option {
Directory “/usr/local/named/etc”;
Pid-file “named.pid”;
Allow-query ( any );
Dump-file “/usr/local/named/data/cache_dump.db”;
Statistics-file “/usr/local/named/data/named_stats.txt”;
};
Zone “.” in {
Type hint;
File “named.root”;
};
Zone “localhost” in {
Type master;
File “localhost.zone”;
};
Zone “0.0.127.in-addr.arpa” in {
Type master;
File “localhost.rev”;
};
退出,保存。
创建并编辑 localhost.zone 文件
# vi localhost.zone
写入以下内容:
$TTL 3600
$ORIGIN 127.0.0.1.
@ 1D IN SOA localhost. root.localhost. (
42 ;
3H ;
15M ;
1W ;
3600);
1D IN NS 127.0.0.1
1D IN A 127.0.0.1
创建并编辑 localhost.rev 文件
# vi localhost.rev
写入以下内容:
$TTL 3600
@ IN SOA localhost. root.localhost. (
1; serial
3600; refresh every hour
900; retry every 15 minutes
3600000; expire 1000 hours
3600); minimun 1 hour
IN NS localhost.
1 IN PTR localhost.
特别注意:bind的配置文档是区分大小写的。
下面就可以启动bind来测试安装是否成功了
# /usr/local/named/sbin/named –gc /usr/local/named/etc/named.conf
加 –gc 参数,可以显示出启动日志,以便出错排查。
如果运行结果最后一行显示
Running
表明安装并启动成功。
把named 添加到启动项,随操作系统一起启动。
# cd /etc/rcd.
# vi rc.local
在最后添加以下内容
/usr/local/named/sbin/named –gc /usr/local/named/etc/named.conf
退出保存。
可以尝试重启服务器,然后telnet 服务器IP地址的53端口,验证bind是否启动。
# shutdown –r now
# telnet x.x.x.x 53
全部安装结束,就可以开展应用的配置和测试了。
问题之一,装系统时没有选装开发包,以致编译时出错,找不到GCC库。
[root@Cache bind-9.3.4]# ./configure --prefix=/usr/local --mandir=/usr/local/share/man --enable-threads
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking whether make sets $(MAKE)... yes
checking for ranlib... ranlib
checking for a BSD-compatible install... /usr/bin/install -c
checking for ar... /usr/bin/ar
checking for etags... no
checking for emacs-etags... no
checking for perl5... no
checking for perl... /usr/bin/perl
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.
[root@Cache bind-9.3.4]
问题之二,编辑localhost.rev 和 localhost.zone内容时,未区分大小写,造成无法执行文件内容。
问题之三,编辑 localhost.zone时,内容格式不对。造成执行错误。
$TTL 3600
@ IN SOA localhost. root.localhost.
(
1; serial
正确的应该是这个,注意括号的位置。
$TTL 3600
@ IN SOA localhost. root.localhost. (
1; serial
分页: 1/1 
1 
1
