為什麼我的智能DNS有時不靈
大家好,我搭了一個智能DNS,有時候不靈,就是說,有時我的電信IP讓網通用戶PING到了,有時網通用戶PING到了我的電信IP,有時又好了,如果是這樣,那和DNS普通輪循就沒什麼區別了,下面是我的name.conf文件,大家看看有什麼不對的,我的CNC表就是網上找的,應該問題不大,先說一下, 我的DNS伺服器是單網卡,單線的,網通出口,不知道和這個有沒有關係。
//acl "trust-lan" {
// 127.0.0.1/8; 172.16.0.0/16;
// any;
//};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
// auth-nxdomain yes;
forwarders {
202.99.160.68;
202.99.168.8;
};
// allow-transfer {
// "trust-lan";
// };
};
logging {
channel warning{
file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/log/named/dns_logs" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/var/named/CNC.acl";
view "view_cnc" {
match-clients { CNC; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "kbk-kbk.com" {
type master;
file "master/kbk-kbk.com";
allow-update { none; };
notify yes;
allow-transfer { xx.xx.xx.xx; };
also-notify { xx.xx.xx.xx; };
};
zone "kbk.cn" {
type master;
file "master/cnc/kbk.cn";
allow-update { none; };
notify yes;
allow-transfer {xx.xx.xx.xx; };
also-notify { xx.xx.xx.xx; };
};
zone "xx.xx.xx.in-addr.arpa" {
type master;
file "master/xx.xx.xx.in-addr.arpa";
allow-update { none; };
notify yes;
allow-transfer { xx.xx.xx.xx; };
also-notify { xx.xx.xx.xx; };
};
};
view "view_any" {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "kbk-kbk.com" {
type master;
file "master/kbk-kbk.com";
allow-update { none; };
notify yes;
allow-transfer { xx.xx.xx.xx; };
also-notify { xx.xx.xx.xx; };
};
zone "kbk.cn" {
type master;
file "master/cnc/kbk.cn";
allow-update { none; };
notify yes;
allow-transfer {xx.xx.xx.xx; };
also-notify { xx.xx.xx.xx; };
};
zone "203.99.211.in-addr.arpa" {
type master;
file "master/203.99.211.in-addr.arpa";
allow-update { none; };
notify yes;
allow-transfer { 60.190.108.41; };
also-notify { 60.190.108.41; };
};
};
//zone "183.51.210.in-addr.arpa" IN {
// type master;
// file "master/183.51.210.named.lava-lava.com";
// allow-update { none; };
//};
include "/etc/rndc.key";
《解決方案》
為什麼我的智能DNS有時不靈
請大家給我看看,謝謝
《解決方案》
自己頂,大家都沒有遇到這個問題嗎
《解決方案》
自己頂,大家都沒有遇到這個問題嗎
《解決方案》
請大俠們給指點一下
《解決方案》
怎麼沒人說話,版主在哪,這個不是什麼大問題呀
《解決方案》
回復 #1 k1b2c3 的帖子
view_any里要把cnc的IP排除掉match-clients { !CNC; any;};
《解決方案》
1.你的IP庫有問題,收集的不全或網通電信交叉了。
2.有些上網用戶使用的線路和在其上網計算機上設置的DNS伺服器不符,如有的上網用戶使用的是網通的線路但是設置的dns伺服器是電信的dns伺服器就會出現網通用戶解析到電信IP的現象。
3.有個別運營商的DNS使用了一部分其他運營商的線路(IP),我這裡發現過幾個教育網DNS轉發到網通DNS的案例。
《解決方案》
回復 #7 fangjy2008 的帖子
希望老大,分享如何收集IP庫的辦法
《解決方案》
謝謝各位,現在已經基本解決,就是我的aclIP庫的問題,現在已經從官方更新成再新的了,正常了,下面是取IP庫的腳本,已與大家分享
運行方法為:php ip.php :
<?php
$iplist=file_get_contents("http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest");
$ipsplit=split("[\n]+",$iplist);
foreach($ipsplit as $val){
if(preg_match("/apnic\|CN\|ipv4\|/",$val)){
list($nic,$CN,$ver,$ip,$mask)=preg_split("/\|/",$val);
$iparray['set'][]=array("ip"=>$ip,"mask"=>$mask);
}
}
foreach($iparray['set'] as $val){
echo $val['ip']."\t".(32-log($val['mask'],2))."\n";
$flag=GetWhois($val['ip']);
switch($flag){
case "CHINANET":
$fpc=fopen("CHINANET","a+");
fwrite($fpc,$val['ip']."/".(32-log($val['mask'],2))."\n");
break;
case "CNC":
$fpc=fopen("CNC","a+");
fwrite($fpc,$val['ip']."/".(32-log($val['mask'],2))."\n");
break;
break;
case "CRTC":
$fpc=fopen("CRTC","a+");
fwrite($fpc,$val['ip']."/".(32-log($val['mask'],2))."\n");
break;
default:
$fpc=fopen("OTHERS","a+");
fwrite($fpc,$val['ip']."/".(32-log($val['mask'],2))."\n");
break;
}
}
function GetWhois($IP){
$rootwhois = 'whois.apnic.net';
$buffer1 = ReadSocket($rootwhois,$IP);
$flag="";
$buffer_result=nl2br($buffer1);
if(preg_match("/CHINANET/",$buffer_result)){
$flag="CHINANET";
return $flag;
}
if(preg_match("/CNC/",$buffer_result)){
$flag="CNC";
return $flag;
}
if(preg_match("/CRTC/",$buffer_result)){
$flag="CRTC";
return $flag;
}
if(!preg_match("/CHINANET|CRTC|CNC/",$buffer_result)){
$flag="OTHERS";
return $flag;
}
}
function ReadSocket($whois,$ip)
{
$buffer = '';
if (!$sock = fsockopen( $whois, 43, $errNum, $errStr, 20))
{
echo "Sorry,Can't fsockopen it";
}
else
{
fputs($sock,"$ip\n");
//$buffer = fread($sock, 8192);
while(!feof($sock)) $buffer.=fgets($sock, 8192);
fclose($sock);
}
return $buffer;
}
?>