Shulou(Shulou.com)06/01 Report--

This article is about how to build a smart DNS. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Intelligent DNS building scheme

Intelligent DNS is mainly based on the user source IP to determine the source, and then parse to different IP addresses according to different policies. It enables users to access the resources they need nearby, improve the access speed and enhance the perception of users.

Intelligent DNS can be realized through the view function of bind.

The VIEW features of BIND are configured as follows:

Software version: bind-9.9.5-P1.tar.gz

Dependency: gcc

Openssl-0.9.8zb.tar.gz (required for DNSSEC for bind)

1. Install openssl

Tar xf openssl-0.9.8zb.tar.gz

Cd openssl-0.9.8zb

. / config-- prefix=/usr/local-- openssldir=/usr/local/openssl & & make & & make install

two。 Install bind

Tar xf bind-9.9.5-P1.tar.gz

Cd bind-9.9.5-P1

. / configure-- prefix=/home/bind-- enable-threads-- with-openssl=/usr/local/openssl

Make & & make install

3. Configure bind

Since to configure view, all zone files must be placed in view, so make the following configuration: comment out named.conf.zone and named.rfc1912.zones in named.conf

Vi / home/bind/etc/named.conf

# named.conf file

Include "/ home/bind/etc/named.conf.options"

Include "/ home/bind/etc/named.conf.acl"

Include "/ home/bind/etc/named.conf.controls"

Include "/ home/bind/etc/named.conf.server"

Include "/ home/bind/etc/named.conf.key"

Include "/ home/bind/etc/named.conf.dlz"

Include "/ home/bind/etc/named.conf.trusted-keys"

Include "/ home/bind/etc/named.conf.view"

# include "/ home/bind/etc/named.conf.zone"

# include "/ home/bind/etc/named.rfc1912.zones"

Configure view

Vi / home/bind/etc/named.conf.view

View "ctc_view_zone" {

Match-clients {CTC;}

Include "/ home/bind/var/named/view_zone/ctc_zone"

}

View "cuc_view_zone" {

Match-clients {CUC;}

Include "/ home/bind/var/named/view_zone/cuc_zone"

}

View "cmc_view_zone" {

Match-clients {CMC;}

Include "/ home/bind/var/named/view_zone/cmc_zone"

}

View "any_view_zone" {

Match-clients {any;}

Include "/ home/bind/var/named/view_zone/any_zone"

}

The configuration view,match-clients for China Telecom, China Unicom and China Mobile respectively corresponds to their respective ACL to realize filtering, and the include corresponds to their respective zone configuration files. The last view is the default view,view. The matching order is from top to bottom, so the default view is configured at the end.

Configure the zone file

Create their corresponding zone files under / home/bind/var/named/view_zone

Ls-l / home/bind/var/named/view_zone

Total 16

-rw-r--r--. 1 root root 175 Aug 12 17:47 any_zone

-rw-r--r--. 1 root root 175 Aug 13 17:22 cmc_zone

-rw-r--r--. 1 root root 175 Aug 12 17:47 ctc_zone

-rw-r--r--. 1 root root 175 Aug 12 18:18 cuc_zone

Vi / home/bind/var/named/view_zone/ctc_zone

Zone "." IN {

Type hint

File "/ home/bind/var/named/named.ca"

}

Zone "test.com" IN {

Type master

File "/ home/bind/var/named/ctc/test.com"

Allow-update {none;}

}

Vi / home/bind/var/named/view_zone/cuc_zone

Zone "." IN {

Type hint

File "/ home/bind/var/named/named.ca"

}

Zone "test.com" IN {

Type master

File "/ home/bind/var/named/cuc/test.com"

Allow-update {none;}

}

Vi / home/bind/var/named/view_zone/cmc_zone

Zone "." IN {

Type hint

File "/ home/bind/var/named/named.ca"

}

Zone "test.com" IN {

Type master

File "/ home/bind/var/named/cmc/test.com"

Allow-update {none;}

}

Vi / home/bind/var/named/view_zone/any_zone

Zone "." IN {

Type hint

File "/ home/bind/var/named/named.ca"

}

Zone "test.com" IN {

Type master

File "/ home/bind/var/named/any/test.com"

Allow-update {none;}

}

Configure the zone data file in the corresponding directory and configure an A record to facilitate testing.

Vi / home/bind/var/named/ctc/test.com

$TTL 86400

@ IN SOA test.com. Root.localhost. (

42; serial (d. Adams)

3H; refresh

15m; retry

1W; expiry

1D); minimum

IN NS ns

Ns IN A 115.182.75.10

Www IN A 1.1.1.1

Vi / home/bind/var/named/cuc/test.com

$TTL 86400

@ IN SOA test.com. Root.localhost. (

42; serial (d. Adams)

3H; refresh

15m; retry

1W; expiry

1D); minimum

IN NS ns

Ns IN A 115.182.75.10

Www IN A 2.2.2.2

Vi / home/bind/var/named/cmc/test.com

$TTL 86400

@ IN SOA test.com. Root.localhost. (

42; serial (d. Adams)

3H; refresh

15m; retry

1W; expiry

1D); minimum

IN NS ns

Ns IN A 115.182.75.10

Www IN A 3.3.3.3

Vi / home/bind/var/named/any/test.com

$TTL 86400

@ IN SOA test.com. Root.localhost. (

42; serial (d. Adams)

3H; refresh

15m; retry

1W; expiry

1D); minimum

IN NS ns

Ns IN A 115.182.75.10

Www IN A 4.4.4.4

Configure ACL

Because of the large number of IP entries, creating additional ACL files is easy to manage.

First associate the corresponding file in named.conf

Vi / home/bind/etc/named.conf

# named.conf file

Include "/ home/bind/etc/named.conf.options"

Include "/ home/bind/etc/named.conf.acl"

Include "/ home/bind/etc/named.conf.controls"

Include "/ home/bind/etc/named.conf.server"

Include "/ home/bind/etc/named.conf.key"

Include "/ home/bind/etc/named.conf.dlz"

Include "/ home/bind/etc/named.conf.trusted-keys"

Include "/ home/bind/etc/named.conf.view"

# include "/ home/bind/etc/named.conf.zone"

# include "/ home/bind/etc/named.rfc1912.zones"

Include "/ home/bind/etc/named.conf.log"

Include "/ home/bind/etc/ACL/dianxinACL"

Include "/ home/bind/etc/ACL/yidongACL"

Include "/ home/bind/etc/ACL/liantongACL"

Include "/ home/bind/etc/ACL/changkuanACL"

Include "/ home/bind/etc/ACL/tietongACL"

Include "/ home/bind/etc/ACL/jiaoyukeyanACL"

Each file corresponds to the corresponding IP address library

The format is: acl "acl_name" {xx.xx.xx.xx;}; as follows:

Vi / home/bind/etc/ACL/yidongACL

Acl "CMC" {

36.128.0.0/10

39.128.0.0/10

111.0.0.0/10

112.0.0.0/10

……

221.176.0.0/13

223.64.0.0/10

}

At this point, the view of bind has been configured.

Start bind

/ home/bind/sbin/named-u root-c / home/bind/etc/named.conf

(it's best to create a bind account to start, chown-R bind:bind / home/bind)

Ps-ef | grep named to check whether the service is started

Use / home/bind/sbin/named-u root-c / home/bind/etc/named.conf-g to view the startup process and facilitate troubleshooting

During the test, the source is determined based on the source IP, and then resolved to the specified address, as follows:

Domain name telecom user resolution IP Unicom user resolution IP mobile user resolution IP other user resolution IP

Www.test.com 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4

Parse command

Dig @ 115.182.75.10 www.test.com A

Nslookup www.test.com 115.182.75.10

Host-t A www.test.com 115.182.75.10

Attach a stress testing tool queryperf that comes with bind

After decompressing bind-9.9.5-P1.tar.gz, there is a directory of queryperf in the extracted file, and the specific path is: bind-9.9.5-P1/contrib/queryperf

Execute under the queryperf directory: sh configure & & make

A queryperf execution file is then generated

The basic usage is as follows:

. / queryperf-d domain-file-s 8.8.8.8-l 60-T100

-d is followed by a domain name list file, one domain name per line, and the format is: domain type

Www.163.com A

Qq.com MX

Www.baidu.com CNAME

Www.test.com NS

-s DNS server IP used for subsequent testing

-l test time in seconds

-T requests sent per second (qps)

The result is output after the command execution is completed, as follows:

Statistics:

Parse input file: multiple times

Run time limit: 60 seconds

Ran through file: 5999 times

Queries sent: 6000 queries # total number of query requests

Queries completed: 6000 queries # requests for successful queries

Queries lost: 0 queries # number of failed requests for query

Queries delayed: 0 queries

RTT max: 0.000520 sec

RTT min: 0.000109 sec

RTT average: 0.000291 sec

RTT std deviation: 0.000062 sec

RTT out of range: 0 queries

Percentage completed: 100.005%

Percentage lost: 0.005%

Started at: Fri Aug 15 10:42:00 2014

Finished at: Fri Aug 15 10:43:00 2014

Ran for: 60.000338 seconds

Queries per second: 99.999437 qps # queries per second (qps)

Total QPS/target: 99.999437/100 qps

Thank you for reading! This is the end of this article on "how to build an Intelligent DNS". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.