标签:DNS
智能DNS一、智能DNS作用
1、减少动态服务响应延迟
2、CDN加速(静态服务缓存)
3、负载均衡
4、防DDoS攻击
二、智能DNS缺陷
1、成本增加(如:硬件成本、维护成本)
2、不配套支持应用检测机制
三、智能DNS的实现
1、IP库(能提供完整且准确的IP地址和地理位置信息)
2、获取途径(商业第三方机构、ISP提供、自己修正或者弥补)
3、通过APNIC生成IP库(http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest)
三、获取ip库并按运营商分类
#!/bin/bash
#########
#获取IP库#
#########
FILE=/opt/apnic/ip_apnic
rm -f $FILE
wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE
grep ‘apnic|CN|ipv4|‘ $FILE | cut -f4,5 -d‘|‘|sed -e ‘s/|/ /g‘ | while read ip cnt
do
echo $ip:$cnt
mask=$(cat << EOF | bc | tail -1
pow=32;
define log2(x) {
if (x<=1) return (pow);
pow--;
return (log2(x/2));
}
log2($cnt)
EOF
)
echo $ip/$mask >> cn.net
if whois $ip@whois.apnic.net |grep -i ".*chinanet.*\|.*telecom.*" >/dev/null;then
echo $ip/$mask>> chinanet
elif whois $ip@whois.apnic.net |grep -i ".*unicom.*" >/dev/null;then
echo $ip/$mask>> unicom
else
echo $ip/$mask>> others
fi
done
四、将ip库转化为acl文件
BIND中的ACL
acl ACL_NAME {
<需要定义的网段>
};
/var/named/chinanet.acl
/var/named/unicom.acl
/var/named/other.acl
五、编辑/etc/named.conf
......
include "/var/named/chinanet.acl";
include "/var/named/unicom.acl";
include "/var/named/other.acl"
view "test.com.chinanet.zone" {
recursion no;
match-clients { chinanet; };
zone "test.com" {
type master;
file "test.com.chinanet.zone";
};
};
view "test.com.unicom.zone" {
recursion no;
match-clients { unicom; };
zone "test.com" {
type master;
file "test.com.unicom.zone";
};
};
view "test.com.other.zone" {
recursion no;
match-clients { other; };
zone "test.com" {
type master;
file "test.com.other.zone";
};
};
重启named服务。
六、测试智能DNS
在各acl文件加入测试的IP,
然后在不同的机器中dig测试。
标签:DNS
原文地址:http://blog.51cto.com/gdutcxh/2109222