Cdn

,

cdnFLV

Cdn

Cdn-http://www.roxbeam.com/CDN/gn.htmCDNContent Delivery NetworkInternet

CdnDns(view)

Cdn (1) dns(view):bind (2):squid (1):lvs+keepalived (2):nagios,mrtg

Cdn2ipipDns

cdn2ipdns3VIEW

dnsdnsAIP.cdndnsCNAMEcdnIPdl IN CNAME sery.cn.ccdn.com.

dl.sery.cn sery.cn.ccdn.com

CdnDNSCdn2 DNSinternetDNScdncdnHosts

dnsCdn sibling parent

dnsCdndnsview3cdnView.ViewDNSview

dns

### KEYS FOR TSIG ####key telecomkey {algorithm hmac-md5;secret "LaA4Y1MHlFSTTMz1mzwarA==";};

key cnckey {algorithm hmac-md5;secret "l/rlorcG+7hhabIFKe8Kjg=="; };

key anykey {algorithm hmac-md5;secret "YMXXBAck4i5Sb4PlUg00Uw==";};

include "cnc_acl.conf";include "telecom_acl.conf";

view "view_cnc" { match-clients {key cnckey;CNC;}; recursion yes; allow-transfer { key cnckey;}; server 61.135.210.20 { keys cnckey; }; server 61.135.210.10 { keys cnckey; };

zone "." IN { type hint; file "named.ca"; };

zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; };

zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };

zone sery.cn" IN { type master; file "cnc.sery.cn.zone"; allow-update { none;} ; };

zone "210.135.61.in-addr.arpa" IN { type master ; file "210.135.61.in-addr.arpa.zone"; allow-update { none; }; };};

### KEYS FOR TSIG ####key telecomkey {algorithm hmac-md5;secret "LaA4Y1MHlFSTTMz1mzwarA==";};

key cnckey {algorithm hmac-md5;secret "l/rlorcG+7hhabIFKe8Kjg=="; };

key anykey {algorithm hmac-md5;secret "YMXXBAck4i5Sb4PlUg00Uw==";};

include "cnc_acl.conf";include "telecom_acl.conf";

view "view_cnc" { match-clients {key cnckey;CNC;}; recursion yes; allow-transfer { key cnckey;}; server 60.28.210.20 { keys cnckey; }; server 60.28.210.10 { keys cnckey; };

zone "." IN { type hint; file "named.ca"; };

zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; };

zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };

zone "maxthon.cn" IN { type master; file "cnc.maxthon.cn.zone"; allow-update { none;} ; };

zone "210.28.60.in-addr.arpa" IN { type master ; file "210.28.60.in-addr.arpa.zone"; allow-update { none; }; };};

[root@nagios /var/named]# more cnc_acl.confacl "CNC" {58.16.0.0/16;58.168.225.0/24;58.17.0.0/17;58.17.128.0/17;58.17.180.0/24;58.17.186.0/24;58.18.0.0/16;58.19.0.0/16;58.20.0.0/16;58.21.0.0/16;58.22.0.0/15;58.22.0.0/16;58.23.0.0/16;58.240.0.0/15;58.242.0.0/15;222.163.128.0/17;222.163.32.0/19;222.163.64.0/18;};

parent sibling ip

acl CNSERY dstdomain www.sery.cncache_peer www.sery.cn parent 80 3130 no-query originservercache_peer_access www.sery.cn allow CNSERY

cache_peer ccrshct02.html.ccdn.cn sibling 80 3130cache_peer ccrshct03.html.ccdn.cn sibling 80 3130cache_peer ccrshct04.html.ccdn.cn sibling 80 3130

ipipacl IP dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$http_access deny IP

DNSLvskeepalived

Keepalived #guration File for keepalivedglobal_defs { router_id LVS_sery_2}vrrp_sync_group VGM { group { VI_OUT1 }}vrrp_sync_group VGB { group { VI_INT1 }}vrrp_instance VI_OUT1 { state BACKUP interface eth2 lvs_sync_daemon_inteface eth2 virtual_router_id 51 priority 150 advert_int 5 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 61.135.210.4 61.135.220.123 }}..

nagiossquid cactimrtg

sery@163.com2008-01-03