服务器安装pdnsd做DNS解析

    服务器 泡泡 14881次浏览 已收录 0个评论

    服务器安装pdnsd做DNS解析

    1、pdnsd安装
    下载附件pdnsd-1.2.9a-par_sl6.i686.rpm

    wget http://down.xuqunxiong.com/soft/pdnsd-1.2.9a-par_sl6.i686.rpm
    cd /root
    yum localinstall pdnsd-1.2.9a-par_sl6.i686.rpm
    

    2、配置pdnsd
    安装完pdnsd以后会在/etc/下生成一个pdnsd.conf.sample,而pdnsd读的配置文件是/etc/pdnsd.conf,复制一下

    cp /etc/pdnsd.conf.sample /etc/pdnsd.conf
    

    编辑pdnsd.conf

    vi /etc/pdnsd.conf
    

    // pdnsd 配置 By Mokii 2014.08.02

    global {
    	perm_cache=1024;		//缓存大小,单位KB
    	cache_dir="/var/cache/pdnsd";		//缓存目录
    	run_as="pdnsd";	//运行用户,建议使用一个无权限用户运行
    	server_ip = 127.0.0.1;	//监听地址,改成自己VPS的ip
    	server_port = 30053;		//监听端口,不要用53
    	query_method=tcp_only;	//向上级dns upstream请求的方式:
    					// tcp_only(只用TCP),udp_only(只用UDP),tcp_udp(tcp优先),udp_tcp(udp优先)
    	status_ctl = on;		//pdnsd运行时通过pdnsd-ctl进行管理
    	tcp_server = on;		//是否打开TCP DNS
    	min_ttl=1m;      //最小TTL缓存时间,建议设置在1m~15m(默认单位秒,m=分钟,d=天,w=周)
    	max_ttl=1d;       //最大TTL缓存时间,一般来讲不影响性能和表现(默认单位秒,m=分钟,d=天,w=周)
    	paranoid=on;      //缓存污染预防
    	timeout=30;		//全局超时时间,建议时长大于upstream超时时长,如果使用tcp_udp建议大于upstream超时的两倍
    	randomize_recs = on;	//在返回多个ip的时候会随机重新排序缓存
    	debug = off;		//调试模式,打开你会发现你的/var/log会以大概一小时1G的速度写入log文件。除非调试否则打开就是作死
    	daemon = off;	//以后台模式运行,除非需要调试否则不要打开
    	verbosity = 1;	//日志的详细程度,1感觉挺好
    	#udpbufsize=1024;	//UDP报文大小的上限
    }
    
    
    /*
    # The servers provided by OpenDNS are fast, but they do not reply with
    # NXDOMAIN for non-existant domains, instead they supply you with an
    # address of one of their search engines. They also lie about the addresses of 
    # of the search engines of google, microsoft and yahoo.
    # If you do not like this behaviour the "reject" option may be useful.
    */
    
    server {	//谷歌dns,只解析下面指定的域
    	label = "GoogleDns";
    	ip = 8.8.8.8,8.8.4.4;
    	proxy_only = on;
    	timeout=10;
    	uptest=ping;
    	purge_cache=off;
    	policy = excluded;
    	include =.gmail.com,
    			.google-analytics.com,
    			.google.con,
    			.google.com;
    
    	reject_policy=fail; // 检测到以下污染源就跳过
    	reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
    	64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
    	66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
    	128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
    	202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
    	209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
    	216.221.188.182,216.234.179.13,243.185.187.39;
    }
    
    
    /*
    # The servers provided by OpenDNS are fast, but they do not reply with
    # NXDOMAIN for non-existant domains, instead they supply you with an
    # address of one of their search engines. They also lie about the addresses of 
    # of the search engines of google, microsoft and yahoo.
    # If you do not like this behaviour the "reject" option may be useful.
    */
    server {
    	label = "opendns";
    	ip = 208.67.222.222, 208.67.220.220;
        proxy_only = on;
    	reject = 208.69.32.0/24,  # You may need to add additional address ranges
    	         208.69.34.0/24,  # here if the addresses of their search engines
    	         208.67.219.0/24; # change.
    	reject_policy = fail;     # If you do not provide any alternative server
    	                          # sections, like the following root-server
    	                          # example, "negate" may be more appropriate here.
    	timeout = 10;
    	uptest = ping;            # Test availability using ICMP echo requests.
        ping_timeout = 100;       # ping test will time out after 10 seconds.
    	interval = 300m;           # Test every 15 minutes.
    	preset = off;
    }
    
    
    server{	//114dns,只解析其他server排除的
    	label = "114 DNS";	
    	ip = 114.114.114.114;
    	proxy_only = on;
    	policy = included; //以下网站排除
    	exclude =.gmail.com,
    			.google-analytics.com,
    			.google.cn,
    			.google.com;
    }
    
    server {	//使用根查询
    	label = "root-servers";
    	root_server = discover;
    	randomize_servers = on; 
    	ip = 	198.41.0.4,192.228.79.201,192.33.4.12,199.7.91.13,
    		192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,
    		192.58.128.30,193.0.14.129,199.7.83.42,202.12.27.33;
    	timeout = 5;
    	uptest = query;
    	query_test_name = .;
    	interval = 30m;  
    	ping_timeout = 300;
    	purge_cache = off;
    	edns_query = yes;
    	exclude = .localdomain;
    	policy = included;
    	preset = off;
    }
    
    
    
    
    rr {
    	name=localhost;
    	reverse=on;
    	a=127.0.0.1;
    	owner=localhost;
    	soa=localhost,root.localhost,42,86400,900,86400,86400;
    }
    rr {	//Mokii's Blog
    	name=leeraw.com;
    	reverse=on;
    	a=103.11.229.4;
    }
    
    
    
    source{
    	owner=localhost;
    #	serve_aliases=on;
    	file="/etc/hosts";
    }
    
    
    
    neg {
    	name=doubleclick.net;
    	types=domain;
    }
    neg {
    	name=bad.server.com;
    	types=A,AAAA;
    }
    #include {file="/etc/pdnsd.include";}
    

    设置pdnsd开机启动

    chkconfig pdnsd on
    

    pdnsd启动

    service pdnsd start
    

    开放端口

    /sbin/iptables -I INPUT -p tcp --dport 30053 -j ACCEPT
    /etc/init.d/iptables save
    service iptables restart
    

    卸载pdnsd

    rpm -e pdnsd
    

    喜欢 (3)
    发表我的评论
    取消评论
    表情 贴图 加粗 删除线 居中 斜体 签到

    Hi,您需要填写昵称和邮箱!

    • 昵称 (必填)
    • 邮箱 (必填)
    • 网址