系統環境:
- Linux 系統
- 套件安裝
- 建立 DNS Table 表
- 位置:/var/named
- 檔名:Example (mytable.db)
$TTL 600 @ IN SOA root.example.com example.com (
2014102701 ; serial
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
@ IN NS root.example.com
root.example.com IN A 192.168.160.252
-------------------------------------------------------------------------
- 調整設定檔
- 位置:/etc
- 檔名:named.conf
listen-on port 53 { 127.0.0.1; 192.168.160.252; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.160.0/24; };
recursion yes;
forwarders { 168.95.1.1; 168.95.192.1; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic"; };
logging {
channel default_debug { file "data/named.run"; severity dynamic; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "hadoop.hosts.db";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
------------------------------------------------------------------------------------------
- 確認 /etc/sysconfig/named 內容
- 設定 /etc/resolv.conf
***********************************************************
PROXY SERVER (Use Squid)
***********************************************************
- /etc/squid/squid.conf
------------------------------------------------------------------------------------------------------
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid - Home Proxy Server
# auth_param basic credentialsttl 2 hours
# auth_param basic casesensitive off
# 開始基本環境設定
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.160.0/24
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl MyDomain dstdomain .example.com
# MyDomain 特殊 Port 號指定
acl SSL_ports port 443
acl Safe_ports port 8088
acl Safe_ports port 19888
acl Safe_ports port 8042
acl Safe_ports port 50070
acl Safe_ports port 50010
acl Safe_ports port 60010
acl Safe_ports port 60030
acl Safe_ports port 8085
acl Safe_ports port 9095
acl Safe_ports port 8080
acl Safe_ports port 18080
acl Safe_ports port 18081
acl CONNECT method CONNECT
acl AUTHUSERS proxy_auth REQUIRED
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow AUTHUSERS
http_access allow MyDomain
http_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
# 關閉 cache 功能
cache_mem 0 MB
cache_dir ufs /var/spool/squid 100 16 256 read-only
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
coredump_dir /var/spool/squid
minimum_object_size 0 KB
maximum_object_size 4096 KB
cache_swap_low 90
cache_swap_high 95
cache_mgr root
cache_effective_user squid
cache_effective_group squid
ipcache_size 1024
ipcache_low 90
ipcache_high 95
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
---------------------------------------------------------------------------------------------------------
# 如此,當 browser 採用 proxy (http://proxy_server:3128) 時,就能使用 內部的 DNS 環境。
== 客戶端使用 proxy.pac 建立 Proxy 分流 ==
function FindProxyForURL(url, host) {
if ( dnsDomainIs(host, ".aracluster") || isInNet(host, "192.168.1.0", "255.255.255.0")) {
return "PROXY proxy_server:3128";
} else {
return "DIRECT";
}
}
[相關資源查詢]
http://www.cses.tc.edu.tw/~chihwu/proxy-pac.htm
https://calomel.org/proxy_auto_config.html
http://technet.microsoft.com/en-us/library/dd361918.aspx
http://www.brennan.id.au/11-Squid_Web_Proxy.html
http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html
沒有留言:
張貼留言