BIND+SQUID打造WIN2003下的CDN菜鸟图文版

来源:本站原创 服务器技术 超过883 views围观 0条评论

BIND+SQUID打造WIN2003下的CDN菜鸟图文版

大家问:CDN是什么东西?不知道,找GOOGLE去吧!又问:为什么用WIN2003?,最主要是为了方便,省去了编译等麻烦的事,如果实际应用中,最好用LINUX。当然了,步骤是差不多了。本文参照了coolice的<<DNS智能解析 for windows 2003>>,和奶罩的<<用DNSPod和Squid打造自己的CDN>>。这文章,对这两篇文章做了一个总结合并!接下来就看CDN流水版!

首先要准备软件,vmware5.5,bind 9.3.2,squid2.6stable16,下载地址分别为:

Vmware:http://www.vmware.com http://www.vmware.cn

BIND: http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.2-P2

Squid: http://www.acmeconsulting.it/pagine/opensource/squid/SquidNT.htm

接下来看一个网络拓扑图,我们用它来模拟网通电信:

clip_image002

这个是简单的,模拟CDN的拓朴图,首先们在在VM5。5上装6个模拟机组,具体看下图:

clip_image004

clip_image006

全部启动后如下:

clip_image008

下面介绍后服务器IP分配情况!

Server1

10.0.0.2

IIS

Server2

192.168.0.2

squid

Server3

172.16.0.2

squid

Server4

10.0.0.1 192.168.0.1 172.16.0.2

LAN路由

Server5

192.168.0.8

测试机

Server6

192.168.0.3

DNS

首先安装server6,也就是DNS,也就是智能DNS,,下载安装包解压,用按bindinstall.exe进行安装,设置如下:

clip_image010

安装完后,”运行”CMD,进入c: \windows\system32\dns\bin目录

C:\WINDOWS\system32\dns\bin>rndc-confgen –a

C:\WINDOWS\system32\dns\bin>rndc-confgen > ..\etc\rndc.conf

进入etc目录,用 notepad 新建 named.conf 复制下面的内容,注意把rndc.conf中# Use with the following in named.conf, adjusting the allow list as needed: 以后的内容复制到named.conf文件中,去掉全面的#。

==============Named.conf内容如下:===================

acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/24;};

options {

directory "C:\WINDOWS\system32\dns\etc";

recursion no;

version "0.0.0";

allow-transfer { "trust-lan";};

allow-notify { "trust-lan"; };

auth-nxdomain no;

forwarders { 202.106.196.115;202.106.0.20;};

};

#这一段内容拷贝来自rndc.conf

key "rndc-key" {

algorithm hmac-md5;

secret "evrVA7eeZSMXTnnunYptCQ==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

#注意在C:\WINDOWS\system32\dns\log\ 下建dns_warnings.txt dns_logs.txt

logging {

channel warning

{ file "C:\WINDOWS\system32\dns\log\dns_warnings.txt" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file "C:\WINDOWS\system32\dns\log\dns_logs.txt" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

#将网通的地址范围数据

include "cnc.conf";

# 判断如果是网通的地址范围,则会执行此处,调用网通的解析

view "view_cnc" {

match-clients { CNC; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/cnc.def";

};

view "view_any" {

match-clients { any; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/telecom.def";

};

=====================named.conf======================================

=====================cnc.conf文件内空如下:============================

# 2007-11-14 by badb0y

#

acl "CNC" {

10.0.0.1/24;

};

========这个可以到网上找,测试,所以就加这么一段了========================

===========================named.root文件内容如下=======================

###################### named.root############################

; This file holds the information on root name servers needed to

; initialize cache of Internet domain name servers

; (e.g. reference this file in the "cache . <file>"

; configuration file of BIND domain name servers).

;

; This file is made available by InterNIC

; under anonymous FTP as

; file /domain/named.root

; on server FTP.INTERNIC.NET

; -OR- RS.INTERNIC.NET

;

; last update: Jan 29, 2004

; related version of root zone: 2004012900

;

;

; formerly NS.INTERNIC.NET

;

. 3600000 IN NS A.ROOT-SERVERS.NET.

A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4

;

; formerly NS1.ISI.EDU

;

. 3600000 NS B.ROOT-SERVERS.NET.

B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201

;

; formerly C.PSI.NET

;

. 3600000 NS C.ROOT-SERVERS.NET.

C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12

;

; formerly TERP.UMD.EDU

;

. 3600000 NS D.ROOT-SERVERS.NET.

D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90

;

; formerly NS.NASA.GOV

;

. 3600000 NS E.ROOT-SERVERS.NET.

E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10

;

; formerly NS.ISC.ORG

;

. 3600000 NS F.ROOT-SERVERS.NET.

F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241

;

; formerly NS.NIC.DDN.MIL

;

. 3600000 NS G.ROOT-SERVERS.NET.

G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4

;

; formerly AOS.ARL.ARMY.MIL

;

. 3600000 NS H.ROOT-SERVERS.NET.

H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53

;

; formerly NIC.NORDU.NET

;

. 3600000 NS I.ROOT-SERVERS.NET.

I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17

;

; operated by VeriSign, Inc.

;

. 3600000 NS J.ROOT-SERVERS.NET.

J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30

;

; operated by RIPE NCC

;

. 3600000 NS K.ROOT-SERVERS.NET.

K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129

;

; operated by ICANN

;

. 3600000 NS L.ROOT-SERVERS.NET.

L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12

;

; operated by WIDE

;

. 3600000 NS M.ROOT-SERVERS.NET.

M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33

; End of File

###################### named.root############################

=================================named.root==========================

新建master文件夹 并在里面新建cnc 和 telecom 文件夹

进入masrer文件夹 用notepad 新建cnc.def 和telecom.def

======================cnc.def========================

zone "kl.com" {

type master;

file "C:\WINDOWS\system32\dns\etc\master\cnc\kl.com.txt";

};

======================cnc.def========================

======================telecom.def======================

zone "kl.com" {

type master;

file "C:\WINDOWS\system32\dns\etc\master\telecom\kl.com.txt";

};

======================telecom.def======================

分别进入cnc和telecom文件夹建立kl.com.txt的文件,文件内空如下:

===================\cnc\kl.com.txt=====================

$TTL 3600

$ORIGIN kl.com.

@ IN SOA ns.kl.com. root.kl.com.(

2006111520 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.kl.com.

@ IN A 10.0.0.2

www IN A 10.0.0.2

* IN A 10.0.0.2

;

;end

=======================\cnc\kl.com.txt========================

====================\telecom\kl.com.txt========================

$TTL 3600

$ORIGIN kl.com.

@ IN SOA ns.kl.com. root.kl.com.(

2006111520 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.kl.com.

@ IN A 192.168.0.2

@ IN A 172.16.0.2

www IN A 192.168.0.2

www IN A 172.16.0.2 有两个IP,做平衡,163就是这么做的

* IN A 192.168.0.2

;

;end

======================\telecom\kl.com.txt==========================

设置安后,目录显示如下:

clip_image012

然后进入到服务,开启DNS,将登录用户改成本地系统用户,再启动:

clip_image014

如果有什么错误,看日志,排除错误!

到此,智能DNS就安装好了,所有的服务器都加这个DNS,我们在SERVER5上测试如下:

运行nslookup

> www.kl.com

Server: UnKnown

Address: 192.168.0.3

Name: www.kl.com

Addresses: 192.168.0.2, 172.16.0.2

接下来我们开如装SQUID,,首先在server2上安装!

将下载来的squid-2.6.STABLE16-bin-SSL.zip解压到C盘squid目录里面,装system32里面的文件复制到C:\WINDOWS\SYSTEM32目录里面,再进入c:\squid\etc目录中,将将里面的本个文件,去掉.default的后缀!

修改squid.conf文件,修改后文件内容如下:

=================squid.conf用的是奶罩的,把他改成WIN上的=============

http_port 80 vhost vport=80

cache_dir ufs C:\squid\var\cache 256 16 256

cache_mem 32 MB

cache_store_log none

cache_access_log C:\squid\var\logs\access.log

cache_log C:\squid\var\logs\cache.log

error_directory C:\squid\share\errors\Simplify_Chinese

hosts_file C:\WINDOWS\system32\drivers\etc\hosts

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i kl.com 240 100% 1440 ignore-reload

refresh_pattern -i www.kl.com 240 100% 1440 ignore-reload

refresh_pattern -i .gif 180 20% 10080 override-expire ignore-reload reload-into-ims

refresh_pattern -i .jpg 180 20% 10080 override-expire ignore-reload reload-into-ims

refresh_pattern . 120 50% 1440

acl d-domains dstdomain .kl.com

acl all src 0.0.0.0/0.0.0.0

acl p-manager proto cache_object

acl s-localhost src 127.0.0.1/255.255.255.255

acl d-localhost dst 127.0.0.0/8

acl p-ssl port 443 563

acl p-safe port 80 443 563

acl m-conn method CONNECT

acl m-purge method PURGE

acl n-maxconn maxconn 15

http_access allow p-manager s-localhost

http_access allow m-purge

http_access allow p-manager

http_access allow d-domains

http_access deny !p-safe

http_access deny m-conn !p-ssl

http_access deny n-maxconn

http_access deny all

http_reply_access allow all

acl r-url urlpath_regex realtime

cache deny r-url

icp_access allow all

visible_hostname cnc.kl.com

logfile_rotate 0

always_direct allow all

cache_mgr akin@kl.com

===============================squid.conf========================

想要看注解,可以去看一下奶罩的,他的上面写的非常清楚!接下来就是修改hosts文件,把它指向到内容服务器上:

10.0.0.2 www.kl.com cnc.kl.com kl.com

然后再运行cmd,进入到c:\squid\sbin目录

C:\squid\sbin>squid –z

再运行

C:\squid\sbin>squid –d 1

这样一台SQUID就完成了,但是这里可能还不成,因为DNS的原因,可能会出错,所以运行不起来,错误如下:

clip_image016

我们做跳过DNS检测,,所以改用

C:\squid\sbin>squid –D

大字的d,不要搞错了,但是这个没有日志输出,可以看cache.log,说明是运行成功的,然后我们测试一下我们的SQUID!

在测试squid前,我们先对SERVER1,也就是IIS服务器进行一下设置,,建立一个首页index.htm,内容为: server1网页测试

我们先到server5,,,,ping一下www.kl.com,,,可以看出,返回的是192.168.0.2这台

clip_image018

证明智能DNS是成功的,接下来就是测试网页是不是被缓冲,,,下一个curl来测,,可以清楚的看出!

C:\>curl -I http://192.168.0.2

HTTP/1.0 403 Forbidden

Server: squid/2.6.STABLE16

Date: Wed, 14 Nov 2007 01:56:36 GMT

Content-Type: text/html

Content-Length: 1139

Expires: Wed, 14 Nov 2007 01:56:36 GMT

X-Squid-Error: ERR_ACCESS_DENIED 0

X-Cache: MISS from cnc.kl.com

X-Cache-Lookup: NONE from cnc.kl.com:80

Via: 1.0 cnc.kl.com:80 (squid/2.6.STABLE16)

Connection: close

C:\>curl -I http://www.kl.com

HTTP/1.0 200 OK

Content-Length: 15

Content-Type: text/html

Content-Location: http://www.kl.com/index.htm

Last-Modified: Tue, 13 Nov 2007 02:04:13 GMT

Accept-Ranges: bytes

ETag: "d6ad117d9925c81:220"

Server: Microsoft-IIS/6.0

Date: Tue, 13 Nov 2007 06:42:00 GMT

X-Cache: HIT from cnc.kl.com

X-Cache-Lookup: HIT from cnc.kl.com:80

Via: 1.0 cnc.kl.com:80 (squid/2.6.STABLE16)

Connection: close

证明是可以的,再从IE里面打开看看!

clip_image020

好了,别一台squid配置了一样,复制一个squid.conf文件就可以了!

到此,CDN菜鸟版就差不多完成了,不过文章写的很乱,大家不明白的,可以去CU上去问!

还有,,不知道能否缓冲动态页,有人如果知道的话,,可以给我MAIL:h3ewhack@163.com

错误之处,老鸟多多指正!

Badb0y

2007-11-14

文章出自:CCIE那点事 http://www.jdccie.com/ 版权所有。本站文章除注明出处外,皆为作者原创文章,可自由引用,但请注明来源。 禁止全文转载。
本文链接:http://www.jdccie.com/?p=3330转载请注明转自CCIE那点事
如果喜欢:点此订阅本站
  • 相关文章
  • 为您推荐
  • 各种观点

暂时还木有人评论,坐等沙发!
发表评论

您必须 [ 登录 ] 才能发表留言!