|
源码包官网下载地址 https://www.isc.org/downloads/
其中Current-Stable是当前稳定版 Development是开发版 Current-Stable, ESV是当前扩展支持稳定版
安装步骤:
#wget ftp://ftp.isc.org/isc/bind9/9.10.1-P1/bind-9.10.1-P1.tar.gz
#yum install gcc gcc-c++ openssl openssl-dev*
#tar -zxvf bind-9.10.1-P1.tar.gz
#cd bind-9.10.1-P1
下面命令参数为:指定路径 多线程功能 大文件支持 DNSSEC支持
#./configure --prefix=/usr/local/named --enable-threads --enable-largefile --with-tuning=large --with-openssl
#useradd -d /usr/local/named -s /sbin/nologin named
#cd /usr/local/named/etc
#/usr/local/named/sbin/rndc-confgen > rndc.conf
#tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
#vim named.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| options {
listen-on port 53 { 127.0.0.1; };
directory "/usr/local/named/var"; //域名文件存放的绝对路径
pid-file "named.pid";
recursion yes;
allow-query { any; };
recursive-clients 30000;
query-source *.*.*.*; //如果查不到要解析地址,将会查询其它域名服务器
notify-source *.*.*.*; //使用本地的源地址和可选的UDP端口,用于发送NOTIFY消息
};
logging {
channel query_log { //查询日志
file "/var/log/named/query.log" versions 20 size 300m;
severity info;
print-time yes;
print-category yes;
};
channel error_log { //报错日志
file "/var/log/named/error.log" versions 3 size 10m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { query_log; };
category default { error_log; };
};
zone "." IN {
type hint;
file "named.root"; //存放在//usr/local/named/var目录
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
|
#cd /usr/local/named/var
#dig @a.root-servers.net . ns > named.root
#vim localhost.zone
1
2
3
4
5
6
7
8
9
10
| $TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
|
#vim named.local
1
2
3
4
5
6
7
8
9
| $TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
|
#vi /etc/rc.d/init.d/named //服务启停脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| #!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server
if [ `id -u` -ne 0 ]
then
echo -e "\e[31mERROR:For bind to port 53,must run as root.\e[0m"
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u named && echo . && echo -e 'BIND9 server \e[32mstarted\e[0m'
fi
;;
stop)
kill `cat /usr/local/named/var/named.pid` && echo . && echo -e 'BIND9 server \e[33mstopped\e[0m'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 1
echo -n "." && sleep 2 && echo -n "." && sleep 2 && echo -n "." && sleep 2
$0 start
;;
reload)
/usr/local/named/sbin/rndc reload
;;
status)
/usr/local/named/sbin/rndc status
;;
*)
echo "$0 start | stop | restart |reload |status"
;;
esac
|
#chmod 755 /etc/rc.d/init.d/named
#chkconfig --add named
#chown -R named.named /usr/local/named/
#ln -s /usr/local/named/sbin/named /sbin
#mkdir /var/log/named/
#chown -R named.named /var/log/named/
#named -g //调试模式启动
#chkconfig named on && service named start
Anycast实质上是一种网络技术,它借助于网络中动态路由协议实现服务的负载均衡和冗余,从实现类型上分,可以分为subnet Anycast和Global Anycas: Subnet Anycast是指所有目的主机都位于同一网段,此方式仅提供负载均衡和冗余,对安全度提升没有实质效果; Global Anycast是指目的主机处于不同网段,可能处于不同城市,甚至分布在全球各地,在实际应用中Global Anycast中目标主机的部署除地理位置的考虑外,多接入不同自治域的网络中
Anycast采用将一个单播地址分配到处于Internet中多个不同物理位置的主机上,发送到这个主机的报文被网络路由到路由协议度量的“最近”的目标主机上
anycast技术来负载均衡dns
#vim /etc/rc.local 定义两个vip来对外提供服务
ifconfig lo:0 *.*.*.* netmask 255.255.255.255 up
ifconfig lo:1 #.#.#.# netmask 255.255.255.255 up
#yum install quagga telnet
#cp /etc/quagga/zebra.conf{.sample,}
#cp /etc/quagga/ospfd.conf{.sample,}
#chkconfig zebra on && service zebra restart
#chkconfig ospfd on && service ospfd restart
#telnet 127.0.0.1 2604 //开始配置软路由器的路由
|
|
|
|
|
|
|