BIND+SQUID打造WIN2003下的CDN菜鳥圖文版

來源:本站原創 服務器技術 超過980 views圍觀 0條評論

BIND+SQUID打造WIN2003下的CDN菜鳥圖文版

大家問:CDN是什么東西?不知道,找GOOGLE去吧!又問:為什么用WIN2003?,最主要是為了方便,省去了編譯等麻煩的事,如果實際應用中,最好用LINUX。當然了,步驟是差不多了。本文參照了coolice的<<DNS智能解析 for windows 2003>>,和奶罩的<<用DNSPod和Squid打造自己的CDN>>。這文章,對這兩篇文章做了一個總結合并!接下來就看CDN流水版!

首先要準備軟件,vmware5.5,bind 9.3.2,squid2.6stable16,下載地址分別為:

Vmware:http://www.vmware.com http://www.vmware.cn

BIND: http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.2-P2

Squid: http://www.acmeconsulting.it/pagine/opensource/squid/SquidNT.htm

接下來看一個網絡拓撲圖,我們用它來模擬網通電信:

clip_image002

這個是簡單的,模擬CDN的拓樸圖,首先們在在VM5。5上裝6個模擬機組,具體看下圖:

clip_image004

clip_image006

全部啟動后如下:

clip_image008

下面介紹后服務器IP分配情況!

Server1

10.0.0.2

IIS

Server2

192.168.0.2

squid

Server3

172.16.0.2

squid

Server4

10.0.0.1 192.168.0.1 172.16.0.2

LAN路由

Server5

192.168.0.8

測試機

Server6

192.168.0.3

DNS

首先安裝server6,也就是DNS,也就是智能DNS,,下載安裝包解壓,用按bindinstall.exe進行安裝,設置如下:

clip_image010

安裝完后,”運行”CMD,進入c: \windows\system32\dns\bin目錄

C:\WINDOWS\system32\dns\bin>rndc-confgen –a

C:\WINDOWS\system32\dns\bin>rndc-confgen > ..\etc\rndc.conf

進入etc目錄,用 notepad 新建 named.conf 復制下面的內容,注意把rndc.conf中# Use with the following in named.conf, adjusting the allow list as needed: 以后的內容復制到named.conf文件中,去掉全面的#。

==============Named.conf內容如下:===================

acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/24;};

options {

directory "C:\WINDOWS\system32\dns\etc";

recursion no;

version "0.0.0";

allow-transfer { "trust-lan";};

allow-notify { "trust-lan"; };

auth-nxdomain no;

forwarders { 202.106.196.115;202.106.0.20;};

};

#這一段內容拷貝來自rndc.conf

key "rndc-key" {

algorithm hmac-md5;

secret "evrVA7eeZSMXTnnunYptCQ==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

#注意在C:\WINDOWS\system32\dns\log\ 下建dns_warnings.txt dns_logs.txt

logging {

channel warning

{ file "C:\WINDOWS\system32\dns\log\dns_warnings.txt" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file "C:\WINDOWS\system32\dns\log\dns_logs.txt" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

#將網通的地址范圍數據

include "cnc.conf";

# 判斷如果是網通的地址范圍,則會執行此處,調用網通的解析

view "view_cnc" {

match-clients { CNC; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/cnc.def";

};

view "view_any" {

match-clients { any; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/telecom.def";

};

=====================named.conf======================================

=====================cnc.conf文件內空如下:============================

# 2007-11-14 by badb0y

#

acl "CNC" {

10.0.0.1/24;

};

========這個可以到網上找,測試,所以就加這么一段了========================

===========================named.root文件內容如下=======================

###################### named.root############################

; This file holds the information on root name servers needed to

; initialize cache of Internet domain name servers

; (e.g. reference this file in the "cache . <file>"

; configuration file of BIND domain name servers).

;

; This file is made available by InterNIC

; under anonymous FTP as

; file /domain/named.root

; on server FTP.INTERNIC.NET

; -OR- RS.INTERNIC.NET

;

; last update: Jan 29, 2004

; related version of root zone: 2004012900

;

;

; formerly NS.INTERNIC.NET

;

. 3600000 IN NS A.ROOT-SERVERS.NET.

A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4

;

; formerly NS1.ISI.EDU

;

. 3600000 NS B.ROOT-SERVERS.NET.

B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201

;

; formerly C.PSI.NET

;

. 3600000 NS C.ROOT-SERVERS.NET.

C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12

;

; formerly TERP.UMD.EDU

;

. 3600000 NS D.ROOT-SERVERS.NET.

D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90

;

; formerly NS.NASA.GOV

;

. 3600000 NS E.ROOT-SERVERS.NET.

E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10

;

; formerly NS.ISC.ORG

;

. 3600000 NS F.ROOT-SERVERS.NET.

F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241

;

; formerly NS.NIC.DDN.MIL

;

. 3600000 NS G.ROOT-SERVERS.NET.

G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4

;

; formerly AOS.ARL.ARMY.MIL

;

. 3600000 NS H.ROOT-SERVERS.NET.

H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53

;

; formerly NIC.NORDU.NET

;

. 3600000 NS I.ROOT-SERVERS.NET.

I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17

;

; operated by VeriSign, Inc.

;

. 3600000 NS J.ROOT-SERVERS.NET.

J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30

;

; operated by RIPE NCC

;

. 3600000 NS K.ROOT-SERVERS.NET.

K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129

;

; operated by ICANN

;

. 3600000 NS L.ROOT-SERVERS.NET.

L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12

;

; operated by WIDE

;

. 3600000 NS M.ROOT-SERVERS.NET.

M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33

; End of File

###################### named.root############################

=================================named.root==========================

新建master文件夾 并在里面新建cnc 和 telecom 文件夾

進入masrer文件夾 用notepad 新建cnc.def 和telecom.def

======================cnc.def========================

zone "kl.com" {

type master;

file "C:\WINDOWS\system32\dns\etc\master\cnc\kl.com.txt";

};

======================cnc.def========================

======================telecom.def======================

zone "kl.com" {

type master;

file "C:\WINDOWS\system32\dns\etc\master\telecom\kl.com.txt";

};

======================telecom.def======================

分別進入cnc和telecom文件夾建立kl.com.txt的文件,文件內空如下:

===================\cnc\kl.com.txt=====================

$TTL 3600

$ORIGIN kl.com.

@ IN SOA ns.kl.com. root.kl.com.(

2006111520 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.kl.com.

@ IN A 10.0.0.2

www IN A 10.0.0.2

* IN A 10.0.0.2

;

;end

=======================\cnc\kl.com.txt========================

====================\telecom\kl.com.txt========================

$TTL 3600

$ORIGIN kl.com.

@ IN SOA ns.kl.com. root.kl.com.(

2006111520 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.kl.com.

@ IN A 192.168.0.2

@ IN A 172.16.0.2

www IN A 192.168.0.2

www IN A 172.16.0.2 有兩個IP,做平衡,163就是這么做的

* IN A 192.168.0.2

;

;end

======================\telecom\kl.com.txt==========================

設置安后,目錄顯示如下:

clip_image012

然后進入到服務,開啟DNS,將登錄用戶改成本地系統用戶,再啟動:

clip_image014

如果有什么錯誤,看日志,排除錯誤!

到此,智能DNS就安裝好了,所有的服務器都加這個DNS,我們在SERVER5上測試如下:

運行nslookup

> www.kl.com

Server: UnKnown

Address: 192.168.0.3

Name: www.kl.com

Addresses: 192.168.0.2, 172.16.0.2

接下來我們開如裝SQUID,,首先在server2上安裝!

將下載來的squid-2.6.STABLE16-bin-SSL.zip解壓到C盤squid目錄里面,裝system32里面的文件復制到C:\WINDOWS\SYSTEM32目錄里面,再進入c:\squid\etc目錄中,將將里面的本個文件,去掉.default的后綴!

修改squid.conf文件,修改后文件內容如下:

=================squid.conf用的是奶罩的,把他改成WIN上的=============

http_port 80 vhost vport=80

cache_dir ufs C:\squid\var\cache 256 16 256

cache_mem 32 MB

cache_store_log none

cache_access_log C:\squid\var\logs\access.log

cache_log C:\squid\var\logs\cache.log

error_directory C:\squid\share\errors\Simplify_Chinese

hosts_file C:\WINDOWS\system32\drivers\etc\hosts

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i kl.com 240 100% 1440 ignore-reload

refresh_pattern -i www.kl.com 240 100% 1440 ignore-reload

refresh_pattern -i .gif 180 20% 10080 override-expire ignore-reload reload-into-ims

refresh_pattern -i .jpg 180 20% 10080 override-expire ignore-reload reload-into-ims

refresh_pattern . 120 50% 1440

acl d-domains dstdomain .kl.com

acl all src 0.0.0.0/0.0.0.0

acl p-manager proto cache_object

acl s-localhost src 127.0.0.1/255.255.255.255

acl d-localhost dst 127.0.0.0/8

acl p-ssl port 443 563

acl p-safe port 80 443 563

acl m-conn method CONNECT

acl m-purge method PURGE

acl n-maxconn maxconn 15

http_access allow p-manager s-localhost

http_access allow m-purge

http_access allow p-manager

http_access allow d-domains

http_access deny !p-safe

http_access deny m-conn !p-ssl

http_access deny n-maxconn

http_access deny all

http_reply_access allow all

acl r-url urlpath_regex realtime

cache deny r-url

icp_access allow all

visible_hostname cnc.kl.com

logfile_rotate 0

always_direct allow all

cache_mgr [email protected]

===============================squid.conf========================

想要看注解,可以去看一下奶罩的,他的上面寫的非常清楚!接下來就是修改hosts文件,把它指向到內容服務器上:

10.0.0.2 www.kl.com cnc.kl.com kl.com

然后再運行cmd,進入到c:\squid\sbin目錄

C:\squid\sbin>squid –z

再運行

C:\squid\sbin>squid –d 1

這樣一臺SQUID就完成了,但是這里可能還不成,因為DNS的原因,可能會出錯,所以運行不起來,錯誤如下:

clip_image016

我們做跳過DNS檢測,,所以改用

C:\squid\sbin>squid –D

大字的d,不要搞錯了,但是這個沒有日志輸出,可以看cache.log,說明是運行成功的,然后我們測試一下我們的SQUID!

在測試squid前,我們先對SERVER1,也就是IIS服務器進行一下設置,,建立一個首頁index.htm,內容為: server1網頁測試

我們先到server5,,,,ping一下www.kl.com,,,可以看出,返回的是192.168.0.2這臺

clip_image018

證明智能DNS是成功的,接下來就是測試網頁是不是被緩沖,,,下一個curl來測,,可以清楚的看出!

C:\>curl -I http://192.168.0.2

HTTP/1.0 403 Forbidden

Server: squid/2.6.STABLE16

Date: Wed, 14 Nov 2007 01:56:36 GMT

Content-Type: text/html

Content-Length: 1139

Expires: Wed, 14 Nov 2007 01:56:36 GMT

X-Squid-Error: ERR_ACCESS_DENIED 0

X-Cache: MISS from cnc.kl.com

X-Cache-Lookup: NONE from cnc.kl.com:80

Via: 1.0 cnc.kl.com:80 (squid/2.6.STABLE16)

Connection: close

C:\>curl -I http://www.kl.com

HTTP/1.0 200 OK

Content-Length: 15

Content-Type: text/html

Content-Location: http://www.kl.com/index.htm

Last-Modified: Tue, 13 Nov 2007 02:04:13 GMT

Accept-Ranges: bytes

ETag: "d6ad117d9925c81:220"

Server: Microsoft-IIS/6.0

Date: Tue, 13 Nov 2007 06:42:00 GMT

X-Cache: HIT from cnc.kl.com

X-Cache-Lookup: HIT from cnc.kl.com:80

Via: 1.0 cnc.kl.com:80 (squid/2.6.STABLE16)

Connection: close

證明是可以的,再從IE里面打開看看!

clip_image020

好了,別一臺squid配置了一樣,復制一個squid.conf文件就可以了!

到此,CDN菜鳥版就差不多完成了,不過文章寫的很亂,大家不明白的,可以去CU上去問!

還有,,不知道能否緩沖動態頁,有人如果知道的話,,可以給我MAIL:[email protected]

錯誤之處,老鳥多多指正!

Badb0y

2007-11-14

文章出自:CCIE那點事 http://www.qdxgqk.live/ 版權所有。本站文章除注明出處外,皆為作者原創文章,可自由引用,但請注明來源。 禁止全文轉載。
本文鏈接:http://www.qdxgqk.live/?p=3330轉載請注明轉自CCIE那點事
如果喜歡:點此訂閱本站
  • 相關文章
  • 為您推薦
  • 各種觀點
?
暫時還木有人評論,坐等沙發!
發表評論

您必須 [ 登錄 ] 才能發表留言!

?
?
萌宠夺宝游戏