����DNS��װ������

����ע��������������DNS����Ҫ��;Ϊ��1�������ͨ��������� 2��ʵ������滮����ͬ������ʸ�������ķ��������������Խ����ͨ�����������������á�����ʵ��2�Ĺ��ܣ�ֻ���ԼӸ��ļ��ɡ�

һ��DNS��������װ......................................................................................... 1

����named.conf������....................................................................................... 2

�������¸����ļ���.......................................................................................... 3

�ġ����������ű���.......................................................................................... 4

�塢����һ��NS............................................................................................... 5

��������һ������.............................................................................................. 5

������ȡIP��ַ��Χ����:................................................................................. 7




һ��DNS��������װ


1�� �����б�

BIND 9.3.2

ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

2�� ��װBIND 9

��װBIND9��

# tar zxvf bind-9.3.2.tar.gz

# cd bind-9.3.2

# ./configure

--prefix=/usr/local/named

--disable-ipv6

# make && make install

����BIND�û���

# groupadd bind

# useradd -g bind -d /usr/local/named -s /sbin/nologin bind

���������ļ�Ŀ¼��

# mkdir -p /usr/local/named/etc

# chown bind:bind /usr/local/named/etc

# chmod 700 /usr/local/named/etc



����named.conf������


������Ҫ�������ļ���

# vi /usr/local/named/etc/named.conf

===========================named.conf=======================

acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};

options {

directory "/usr/local/named/etc/";

pid-file "/var/run/named/named.pid";

version "0.0.0";

datasize 40M;

allow-transfer {

"trust-lan";};

recursion yes;

allow-notify {

"trust-lan";

};

allow-recursion {

"trust-lan";

};

auth-nxdomain no;

forwarders {

202.99.160.68;

202.99.168.8;};

};

logging {

channel warning

{ file "/var/log/named/dns_warnings" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file "/var/log/named/dns_logs" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

zone "." {

type hint;

file "named.root";

};

acl "CNC" {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

ע����Щ�����������IP��ַ��

};

view "view_cnc" {

match-clients { CNC; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/cnc.def";

};

view "view_any" {

match-clients { any; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/telecom.def";

};

������ɺ󣬱��档



�������¸����ļ���


# cd /usr/local/named/etc/

# wget ftp://ftp.internic.org/domain/named.root

����PID����־�ļ���

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

����rndc-key��

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

��rndc.conf��

# Use with the following in named.conf, adjusting the allow list as needed:

�����ԵIJ��ּӵ�/usr/local/named/etc/named.conf�в�ȥ��ע��

���в��ԣ�

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

״̬��飺

# /usr/local/named/sbin/rndc status



�ġ����������ű���


# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# named a network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo "ERROR:For bind to port 53,must run as root."

exit 1

fi

case "$1" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

;;

restart)

echo .

echo "Restart BIND9 server"

$0 stop

sleep 10

$0 start

;;

*)

echo "$0 start | stop | restart"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on



�塢����һ��NS


�������Ĺ�����վ�ϣ��趨NS������Ϊ�㰲װ��DNS



��������һ������


# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

����

zone "daoyou.com" {

type master;

file "master/cnc/daoyou.com";

};

# vi telecom.def

����

zone "daoyou.com" {

type master;

file "master/telecom/daoyou.com";

};

������ͨ�Ľ�������������IPΪ61.45.55.78

#vi cnc/daoyou.com

����

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 61.45.55.78

www IN A 61.45.55.78

;

;end

���ӵ��ŵĽ�������������IPΪ210.75.1.178

#vi telecom/daoyou.com

����

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 210.75.1.178

www IN A 210.75.1.178

;

;end

#/usr/local/named/sbin/rndc reload

OK���������DNS�������������������ˡ���һ�·ֱ�����ͨ�͵��ŵ���·pingһ�°�.


������ȡIP��ַ��Χ����:
1�� ����shell�����ȡIP��ַ��



#!/bin/sh

FILE=/root/study/apnic/ip_apnic

rm -f $FILE

wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE

grep 'apnic|CN|ipv4|' $FILE | cut -f 4,5 -d'|'|sed -e 's/|/ /g' | while read ip cnt

do

echo $ip:$cnt

mask=$(cat << EOF | bc | tail -1

pow=32;

define log2(x) {

if (x<=1) return (pow);

pow--;

return(log2(x/2));

}

log2($cnt)

EOF)

echo $ip/$mask>> cn.net

NETNAME=`whois $ip@whois.apnic.net | sed -e '/./{H;$!d;}' -e 'x;/netnum/!d' |grep ^netname | sed -e 's/.*: \(.*\)/\1/g' | sed -e 's/-.*//g'`

case $NETNAME in

CNC)

echo $ip/$mask >> CNCGROUP

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINATELECOM)

echo $ip/$mask >> CHINANET

;;

*)

echo $ip/$mask >> OTHER

;;

esac

done



2�� �����������ϵ����ϣ����������µ���Ϣ��Ȼ����awk�гɵ�ַ�μ��ɡ�


wget http://218.66.103.230/vpn_route/cnc.new �µ���ͨ·�ɱ�

wget http://218.66.103.230/vpn_route/chinanet.new �µĵ���·�ɱ�