Post on 18-Mar-2016
description
Cdn
,
cdnFLV
Cdn
Cdn-http://www.roxbeam.com/CDN/gn.htmCDNContent Delivery NetworkInternet
CdnDns(view)
Cdn (1) dns(view):bind (2):squid (1):lvs+keepalived (2):nagios,mrtg
Cdn2ipipDns
cdn2ipdns3VIEW
dnsdnsAIP.cdndnsCNAMEcdnIPdl IN CNAME sery.cn.ccdn.com.
dl.sery.cn sery.cn.ccdn.com
CdnDNSCdn2 DNSinternetDNScdncdnHosts
dnsCdn sibling parent
dnsCdndnsview3cdnView.ViewDNSview
dns
### KEYS FOR TSIG ####key telecomkey {algorithm hmac-md5;secret "LaA4Y1MHlFSTTMz1mzwarA==";};
key cnckey {algorithm hmac-md5;secret "l/rlorcG+7hhabIFKe8Kjg=="; };
key anykey {algorithm hmac-md5;secret "YMXXBAck4i5Sb4PlUg00Uw==";};
include "cnc_acl.conf";include "telecom_acl.conf";
view "view_cnc" { match-clients {key cnckey;CNC;}; recursion yes; allow-transfer { key cnckey;}; server 61.135.210.20 { keys cnckey; }; server 61.135.210.10 { keys cnckey; };
zone "." IN { type hint; file "named.ca"; };
zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };
zone sery.cn" IN { type master; file "cnc.sery.cn.zone"; allow-update { none;} ; };
zone "210.135.61.in-addr.arpa" IN { type master ; file "210.135.61.in-addr.arpa.zone"; allow-update { none; }; };};
### KEYS FOR TSIG ####key telecomkey {algorithm hmac-md5;secret "LaA4Y1MHlFSTTMz1mzwarA==";};
key cnckey {algorithm hmac-md5;secret "l/rlorcG+7hhabIFKe8Kjg=="; };
key anykey {algorithm hmac-md5;secret "YMXXBAck4i5Sb4PlUg00Uw==";};
include "cnc_acl.conf";include "telecom_acl.conf";
view "view_cnc" { match-clients {key cnckey;CNC;}; recursion yes; allow-transfer { key cnckey;}; server 60.28.210.20 { keys cnckey; }; server 60.28.210.10 { keys cnckey; };
zone "." IN { type hint; file "named.ca"; };
zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };
zone "maxthon.cn" IN { type master; file "cnc.maxthon.cn.zone"; allow-update { none;} ; };
zone "210.28.60.in-addr.arpa" IN { type master ; file "210.28.60.in-addr.arpa.zone"; allow-update { none; }; };};
[root@nagios /var/named]# more cnc_acl.confacl "CNC" {58.16.0.0/16;58.168.225.0/24;58.17.0.0/17;58.17.128.0/17;58.17.180.0/24;58.17.186.0/24;58.18.0.0/16;58.19.0.0/16;58.20.0.0/16;58.21.0.0/16;58.22.0.0/15;58.22.0.0/16;58.23.0.0/16;58.240.0.0/15;58.242.0.0/15;222.163.128.0/17;222.163.32.0/19;222.163.64.0/18;};
parent sibling ip
acl CNSERY dstdomain www.sery.cncache_peer www.sery.cn parent 80 3130 no-query originservercache_peer_access www.sery.cn allow CNSERY
cache_peer ccrshct02.html.ccdn.cn sibling 80 3130cache_peer ccrshct03.html.ccdn.cn sibling 80 3130cache_peer ccrshct04.html.ccdn.cn sibling 80 3130
ipipacl IP dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$http_access deny IP
DNSLvskeepalived
Keepalived #guration File for keepalivedglobal_defs { router_id LVS_sery_2}vrrp_sync_group VGM { group { VI_OUT1 }}vrrp_sync_group VGB { group { VI_INT1 }}vrrp_instance VI_OUT1 { state BACKUP interface eth2 lvs_sync_daemon_inteface eth2 virtual_router_id 51 priority 150 advert_int 5 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 61.135.210.4 61.135.220.123 }}..
nagiossquid cactimrtg
sery@163.com2008-01-03