亲手架设Master/Slave智能DNS的流程

简介:
[背景]这是老早我做的一个案例,今天拿出来供大家参考!
所需资料
:M/S DNS 架设流程
:TSIG技术用与不同view区域传输
:获取电信与网通IP shell脚本
:服务器端修改路由表bat
:服务器安全
:
DNS架设流程
配置步骤:  

1
  软件列表  

BIND 9.3.2 
[url]ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz[/url] 

2
  安装 BIND 9 

安装 BIND9  

# tar zxvf bind-9.3.2.tar.gz 
# cd bind-9.3.2 
# ./configure 
--prefix=/usr/local/named 
--disable-ipv6 
# make && make install 

建立 BIND 用户:  

# groupadd bind 
# useradd -g bind -d /usr/local/named -s /sbin/nologin bind 

创建配置文件目录:  

# mkdir –p /usr/local/named/etc 
# chown bind:bind /usr/local/named/etc 
# chmod 700 /usr/local/named/etc 

创建主要的配置文件:  

# vi /usr/local/named/etc/named.conf 
===========================named.conf=======================
key "rndc-key" {
       algorithm hmac-md5;
       secret "7cMD1EIkZIVVcdO52D24Aw==";
 };
 
key "hahazhu"{
        algorithm hmac-md5;
        secret "cnXsAYNrypKcTdhfy3FABA==";
};
controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 
 
acl "trust-lan" { 127.0.0.1/8;};
 
options {
 
directory "/usr/local/named/etc/";
 
pid-file "/var/run/named/named.pid";
 
version "0.0.0";
 
datasize 40M;
 
allow-transfer {
 
"trust-lan";};
 
recursion yes;
 
allow-notify {
 
"trust-lan";
 
};
 
allow-recursion {
"trust-lan";
};
 
auth-nxdomain yes;
 
forwarders {
202.102.192.68;
 
202.102.200.101;};
 
};
logging {
 
channel warning
 
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
 
print-category yes;
 
print-severity yes;
 
print-time yes;
 
};
 
channel general_dns
 
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
 
severity info;
 
print-category yes;
 
print-severity yes;
 
print-time yes;
 
};
 
category default { warning; };
 
category queries { general_dns; };
};
zone "." {
type hint;
file "named.root";
};
acl "CNC" {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.242.161.0/29;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.158.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.180.128.0/17;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.16.128.0/18;
210.21.0.0/16;
210.51.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
211.152.0.0/13;
218.7.0.0/16;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.28.0.0/15;
218.56.0.0/14;
218.60.0.0/15;
218.62.0.0/17;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
218.106.81.0/29;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.7.128.0/17;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.214.0.0/16;
221.215.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
219.235.56.194;
};
view "view_cnc"{
match-clients { key hahazhu;CNC;};
recursion no;
allow-transfer {key hahazhu;};
server 218.22.93.237 {keys hahazhu;};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";};
include "master/cnc.def";};
view "view_any" {
match-clients { key rndc-key;any; };
recursion no;
allow-transfer {key rndc-key;};
server 218.22.93.237 {keys rndc-key;};
zone "." {
type hint;
file "named.root";};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/telecom.def";};
添加完成后,保存。  

更新根区文件:  

# cd /usr/local/named/etc/ 
# wget [url]ftp://ftp.internic.org/domain/named.root[/url] 

创建 PID 和日志文件:  

# mkdir /var/run/named/ 
# chmod 777 /var/run/named/ 
# chown bind:bind /var/run/named/ 

# mkdir /var/log/named/ 
# touch /var/log/named/dns_warnings 
# touch /var/log/named/dns_logs 
# chown bind:bind /var/log/named/* 

# mkdir master 
# touch master/cnc.def 
# touch master/telecom.def 

生成 rndc-key  

# cd /usr/local/named/etc/ 
# ../sbin/rndc-confgen > rndc.conf 

rndc.conf 中:  
# Use with the following in named.conf, adjusting the allow list as needed: 
后面以的部分加到 /usr/local/named/etc/named.conf 中并去掉注释  

运行测试:  

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf & 

状态检查:  

# /usr/local/named/sbin/rndc status 

建立启动脚本:  

# vi /etc/init.d/named 
============================== named.sh============================ 
#!/bin/bash 

# named        a network name service. 


# chkconfig: 545 35 75 
# description: a name server 

if [ `id -u` -ne 0 ] 
then 
echo "ERROR:For bind to port 53,must run as root." 
exit 1 
fi 
case "$1" in 

start) 
if [ -x /usr/local/named/sbin/named ]; then 
/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.' 
fi 
;; 

stop) 
kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.' 
;; 
restart) 
echo . 
echo "Restart BIND9 server" 
$0 stop 
sleep 10 
$0 start 
;; 
*) 
echo "$0 start | stop | restart" 
;; 

esac 
===============================named.sh============================ 

# chmod 755 /etc/init.d/named 
# chown root:root /etc/init.d/named 
# chkconfig --add named 
# chkconfig named on 


到这里 bind 已经安装完毕  . 下面是解析部分 .
3   添加一个 NS
注册两个 dns
Ns2.yyyy.com
4   添加一个域名  
# cd /usr/local/named/etc/master 
# mkdir cnc 
# mkdir telecom 
# vi cnc.def 
添加
zone "18l.net" {
type master;
file "master/cnc/18l.net";
};
zone "bbtsd.com"{
type master;
file "master/cnc/bbtsd.com";
};
# vi telecom.def 
添加
zone "18l.net" {
type master;
file "master/telecom/18l.net";
};
zone "bbtsd.com"{
type master;
file "master/telecom/bbtsd.com";
};
添加网通的解析
#vi cnc/18l.net
$TTL 3600
$ORIGIN 18l.net.
18l.net.        IN      SOA ns2.yyyy. root.yyyy.com.(
        2007070901
        3600
        900
        68400
        15)
@       IN NS ns2.yyyy.com.
;ns2.yyyy.com. IN A    218.22.93.242
@ IN A 218.106.81.34
www IN A 58.242.161.2
mail    IN      A       218.106.81.34
        IN      MX      10      mail
#Vi cnc/bbtsd.com
$TTL 3600
$ORIGIN bbtsd.com.
bbtsd.com.      IN      SOA ns2.yyyy.com. root.yyyy.com.(
        2007070901
        3600
        900
        68400
        15)
@       IN NS ns2.yyyy.com.
;ns2.yyyy.com. IN A    218.22.93.242
www IN A        58.242.161.4
mail    IN      A       218.106.81.34
        IN      MX      10      mail
@       IN      A       58.242.161.4
添加电信的解析
#vi telecom/18l.net
$TTL 3600
$ORIGIN 18l.net.
@       IN SOA ns2.yyyy.com. root.yyyy.com.(
        2007070901
        3600
        900
        68400
        15 )
 
@       IN      NS              ns2.yyyy.com.
ns2.yyyy.com   IN      A       218.22.93.242
@       IN      A               218.22.93.244
www     IN      A               218.22.93.244
mail    IN      A               218.106.81.34
        IN      MX      10      mail
#vi telecom/bbtsd.com
$TTL 3600
$ORIGIN bbtsd.com.
bbtsd.com. IN SOA ns2.yyyy.com. root.yyyy.com.(
        2007070901
        3600
        900
        68400
        15 )
 
@       IN      NS      ns2.yyyy.com.
ns2.yyyy.com    IN      A       218.22.93.242
www IN A 218.22.93.253
mail    IN      A       218.106.81.34
        IN      MX      10      mail
@       IN      A       218.22.93.253
#/usr/local/named/sbin/rndc reload
OK ,到此你的主 DNS 服务器配置就算是搞起来了。
DNS 架设流程
配置步骤:  

1
  软件列表  

BIND 9.3.2 
[url]ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz[/url] 

2
  安装 BIND 9 

安装 BIND9  

# tar zxvf bind-9.3.2.tar.gz 
# cd bind-9.3.2 
# ./configure 
--prefix=/usr/local/named 
--disable-ipv6 
# make && make install 

建立 BIND 用户:  

# groupadd bind 
# useradd -g bind -d /usr/local/named -s /sbin/nologin bind 

创建配置文件目录:  

# mkdir –p /usr/local/named/etc 
# chown bind:bind /usr/local/named/etc 
# chmod 700 /usr/local/named/etc 

创建主要的配置文件:  

# vi /usr/local/named/etc/named.conf 
===========================named.conf=======================
key "rndc-key" {
       algorithm hmac-md5;
        secret "7cMD1EIkZIVVcdO52D24Aw==";
 };
 key"hahazhu"{
        algorithm hmac-md5;
        secret "cnXsAYNrypKcTdhfy3FABA==";
 };
 controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 
 
acl "trust-lan" { 127.0.0.1/8;};
 
options {
 
directory "/usr/local/named/etc/";
 
pid-file "/var/run/named/named.pid";
 
version "0.0.0";
 
datasize 40M;
/*
allow-transfer {
 
"trust-lan";};
 
recursion yes;
 
allow-notify {
 
"trust-lan";
 
};
 
allow-recursion {
"trust-lan";
 
};
auth-nxdomain no;
*/
recursion yes;
forwarders {
202.102.192.68;
202.102.200.101;};
 
};
logging {
 
channel warning
 
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
 
print-severity yes;
 
print-time yes;
 
};
 
channel general_dns
 
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
 
severity info;
 
print-category yes;
 
print-severity yes;
 
print-time yes;
 
};
 
category default { warning; };
 
category queries { general_dns; };
 
};
zone "." {
type hint;
file "named.root";
};
acl "CNC" {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.242.161.0/29;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.158.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.180.128.0/17;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.16.128.0/18;
210.21.0.0/16;
210.51.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
211.152.0.0/13;
218.7.0.0/16;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.28.0.0/15;
218.56.0.0/14;
218.60.0.0/15;
218.62.0.0/17;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
218.106.81.0/29;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.7.128.0/17;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.214.0.0/16;
221.215.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
219.235.56.194;
};
view "view_cnc"{
match-clients { key hahazhu;CNC;};
recursion no;
allow-transfer {none;};
server 218.22.93.242 {keys hahazhu;};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";};
include "master/cnc.def";};
view "view_any" {
match-clients { key rndc-key;any; };
recursion yes;
allow-transfer {none;};
server 218.22.93.242 {keys rndc-key;};
zone "." {
type hint;
file "named.root";};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/telecom.def";};
添加完成后,保存。  

更新根区文件:  

# cd /usr/local/named/etc/ 
# wget [url]ftp://ftp.internic.org/domain/named.root[/url] 

创建 PID 和日志文件:  

# mkdir /var/run/named/ 
# chmod 777 /var/run/named/ 
# chown bind:bind /var/run/named/ 

# mkdir /var/log/named/ 
# touch /var/log/named/dns_warnings 
# touch /var/log/named/dns_logs 
# chown bind:bind /var/log/named/* 

# mkdir master 
# touch master/cnc.def 
# touch master/telecom.def 

生成 rndc-key
将从主 DNS 中把其复制过来 . 从主的 key 内容一样 .
rndc.conf 中:  
# Use with the following in named.conf, adjusting the allow list as needed: 
后面以的部分加到 /usr/local/named/etc/named.conf 中并去掉注释  

运行测试:  

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf & 

状态检查:  

# /usr/local/named/sbin/rndc status 

建立启动脚本:  

# vi /etc/init.d/named 
============================== named.sh============================ 
#!/bin/bash 

# named        a network name service. 


# chkconfig: 545 35 75 
# description: a name server 

if [ `id -u` -ne 0 ] 
then 
echo "ERROR:For bind to port 53,must run as root." 
exit 1 
fi 
case "$1" in 

start) 
if [ -x /usr/local/named/sbin/named ]; then 
/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.' 
fi 
;; 

stop) 
kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.' 
;; 
restart) 
echo . 
echo "Restart BIND9 server" 
$0 stop 
sleep 10 
$0 start 
;; 
*) 
echo "$0 start | stop | restart" 
;; 

esac 
===============================named.sh============================ 

# chmod 755 /etc/init.d/named 
# chown root:root /etc/init.d/named 
# chkconfig --add named 
# chkconfig named on 


到这里 bind 已经安装完毕  . 下面是解析部分


3
  添加一个 NS
Ns.xxxx.net
4   添加一个域名  
# cd /usr/local/named/etc/master 
# mkdir cnc 
# mkdir telecom 
# vi cnc.def
zone "18l.net" {
type slave;
masters {218.22.93.242;};
file "master/cnc/18l.net";
};
zone "bbtsd.com"{
type slave;
masters {218.22.93.242;};
file "master/cnc/bbtsd.com";
};
# vi telecom.def 
添加
zone "18l.net" {
type slave;
masters {218.22.93.242;};
file "master/telecom/18l.net";
};
zone "bbtsd.com"{
type slave;
masters {218.22.93.242;};
file "master/telecom/bbtsd.com";
};
OK,到这里,DNS就算架设成功了.至于出现错误,请检查日志/var/log/messages 还有定义的日志.
记住,架设容易,维护难.以后,还需要好好看管,才行噢!!!
至于这一部分,已经在配置文件中体现了.我只需要将在bind9管理手册中的资料复制来来,看下如何操作就成了.
5.4 TSIG (信号安全处理)
这是一个基于BIND 中的安全处理的Transaction SIGnature (TSIG)。它描述了配置文件
的更新和在不同情况下的更新要求,包括产生处理密匙和使用BIND TSIG 的过程。
BIND 主要支持服务器对服务器之间通讯的TSIG。包括域传送(zone transfer),通报
notify)和递归查询信息。基于BIND8 的新版本对TSIG 的支持较为有限。
TSIG 可能对动态更新最有用了,一个动态域的主DNS 服务器使用访问控制来控制更
新,而基于IP 的访问控制是不够的。基于密匙的访问控制要高级的多了,参看推荐标准。
nsupdate 程序通过-k -y 命令选项支持TSIG
5.4.1   为每对主机产生共享密匙
产生一个共享的加密方式就是在host1 host2 之间共享使用。可选择任意的密
匙: “host1-host2”。但密匙必须在两个主机上是一样的。
5.4.1 .1  自动产生
下列命令将会产生一个如上所述128 位(16 字节)HAMC-MD5 的密匙。越长的键越
好,但是较短的键比较容易读取。注意键的最大长度是512 比特;更长的键将会被MD5 
化以产生128 位的密匙。
dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2.
密匙存在于Khost1-host2.+157+00000.private 文件中。文件不直接被调用,但是在”Key:”
之后的base-64 编码字符串可以直接拷贝出作为共享密匙:
DNS  BIND9 )  RunStone Tech. Inc.
[url]http://www.runstone.com[/url]  , 2003  22
Key: La/E5CjG9O+os1jq0a2jdA==
字符串"La/E5CjG9O+os1jq0a2jdA=="可以作为共享密匙使用
5.4.1 .2  手工生成
共享密匙仅仅是使用base-64 编码的随机序列结果。大多数ASCII 字符串是有效的
base-64 字符串(假设长度是的倍数,只有有效的字符被使用),所以共享密匙可以被手工
生成。
而且,一个熟知的字符串可以通过mmencode 或者一个相似的程序以产生base-64 编码
数据。
5.4.2   把共享密匙拷到两台机器中
这超过了DNS 的范围。使用一种安全传输机制,例如可以是安全FTPssh、电话等。
5.4.3   通知服务器密匙的存在
设想host1 host2 是这台服务器。下列语句将会加到每个服务器中的named.conf file
中:
key host1-host2. {
algorithm hmac-md5;
secret "La/E5CjG9O+os1jq0a2jdA==";
};
BIND 只支持hmac-md5 算法。密匙就是在上面产生的这个。既然这是一个密匙,建议
named.conf 设为不可读,或者在named.conf 中调用一个包含了密匙的不可读的文件。
这样,key 就被认可了。这意味着如果服务器受到一则被这个key 标记的消息,它可以
对这个签字进行校验。如果校验成功,应答就会被同一个key 所标记。
5.4.4   通知服务器使用密匙
既然密匙只在两个主机之间共享,服务器就必须被告知什么时候使用key。下列是加入
host1 named.conf 文件中的配置,如果host2 IP 地址是10.1.2.3:
server 10.1.2.3 {
DNS  BIND9 )  RunStone Tech. Inc.
[url]http://www.runstone.com[/url]  , 2003  23
keys { host1-host2. ;};
};
多个key 可能同时被使用,但是只有第一个有效。这个指示不包括任何加密,所以它
可能是一个普遍可读文件。
如果host1 向那个地址发送一个消息,此消息将会被特殊的key 标记。host1 则会等待
任何使用了相同key 标记的回复信息。
一个相似的语句也会存在于host2 的配置文件中(使用host1 的地址),这样host2 就会
在回复host1 的消息中标记相同的key
5.4.5   基于TSIG 密匙的访问控制
BIND 承认在ACL 定义中使用IP 地址和地址段和allow-{ query | transfer | update }。这
也拓展到允许使用TSIG 密匙。上述key 可以表示为key host1-host2
一个allow-update 的例子是:
allow-update { key host1-host2. ;};
它只允许那些带有”host1-host2”标记的动态更新请求被接受。后面的update-policy 还有
更加强大的功能。
5.4.6   _________
在处理用TSIG 标记信息时会发生一些错误。如果一个标记信息被发送到一个不兼容
TSIG 的服务器中,服务器不能识别记录,就会返回一个FORMERR。这是配置错误的结果,
服务器应该配置清楚要发送到的特定的server
如果识别TSIG 的服务器收到一则由未知key 标志的信息,响应时就不会用TSIG 标记,
且会带有错误编码BADKEY。如果一个识别TSIG 服务器收到一个带着无效标记的信息,
回应就不会用TSIG 标记,且会带有错误编码BADSIG。如果一台识别TSIG 服务器接收到
一个超过规定时限的信息,响应时就会带有TSIG 标记的错误代码BADTIME,且时间值将
会被重新调整,使得响应可以被成功验证。在所有这些情况中,消息的错误代码都被设置
NOTAUTH
*记住,主辅DNS时间差不能大于5分钟,最好做个网络同步时间服务.不过,我没做.嘿嘿~~
(1)
以下方法可以查询到 3 个服务商大致的地址范围,不过是否完整还需要大家验证。  

下载并编译最新的 ripe-dbase-client 
# wget [url]http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz[/url] 

#tar zxvf ripe-dbase*.gz 
#cd whois-3.1 
#./configure;make 
执行查询并输出结果  
#./whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP >/tmp/cnc 
#./whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET >/tmp/chinanet 
#./whois3 -h whois.apnic.net -l -i mb MAINT-CN-CRTC > /tmp/crtc 

如果想得到具体的服务商比如江苏省电信的 IP 池,就把 mb 的值改为 MAINT-CHINANET-JS ,或者是辽宁网通,那就改为 MAINT-CNCGROUP-LN 

然后用 grep  sed 去掉多余的文字就可以得到了。
(2)
#!/bin/sh
FILE=/root/study/apnic/ip_apnic
rm -f $FILE
wget [url]http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest[/url] -O $FILE
grep 'apnic|CN|ipv4|' $FILE | cut -f 4,5 -d'|'|sed -e 's/|/ /g' | while read ip
cnt
do
        echo $ip:$cnt
        mask=$(cat << EOF | bc | tail -1
pow=32;
define log2(x) {
if (x<=1) return (pow);
pow--;
return(log2(x/2));
}
log2($cnt)
EOF)
        echo $ip/$mask>> cn.net
        NETNAME=`whois $[email]ip@whois.apnic.net[/email] | sed -e '/./{H;$!d;}' -e 'x;/netnum/!d' |grep ^netname | sed -e 's/.*:      \(.*\)/\1/g' | sed -e 's/-.*//g'`
        case $NETNAME in
        CHINANET|CNCGROUP)
                echo $ip/$mask >> $NETNAME
        ;;
# 如果你還要其他  ISP ,  請在這邊加上去即可 , 透過  apnic whois ,  你可以知道他的  NETNAME
        OTHER_NETNAME_here)
        ;;
        Esac
done
以前写的,用于放在服务器端判定的.不过,比这复杂,考略系统资源,就不用这么复杂了.只需要一条Bat,就可以了.
REM Version 20060830,Copyright Netbank Co.LTD
 
@echo off
echo 正在启动网通链路,请稍候...
 
REM CNC
route add 58.16.0.0 mask 255.248.0.0 58.242.161.1 -p
route add 58.240.0.0 mask 255.240.0.0 58.242.161.1 -p
route add 60.0.0.0 mask 255.224.0.0 58.242.161.1 -p
route add 60.55.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 60.208.0.0 mask 255.240.0.0 58.242.161.1 -p
route add 60.255.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.48.0.0 mask 255.248.0.0 58.242.161.1 -p
route add 61.133.0.0 mask 255.255.128.0 58.242.161.1 -p
route add 61.134.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 61.136.0.0 mask 255.255.128.0 58.242.161.1 -p
route add 61.137.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 61.138.0.0 mask 255.255.128.0 58.242.161.1 -p
route add 61.138.128.0 mask 255.255.192.0 58.242.161.1 -p
route add 61.139.128.0 mask 255.255.192.0 58.242.161.1 -p
route add 61.148.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 61.156.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.158.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.159.0.0 mask 255.255.192.0 58.242.161.1 -p
route add 61.161.0.0 mask 255.255.192.0 58.242.161.1 -p
route add 61.161.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 61.162.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 61.167.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.168.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.176.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.179.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.180.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 61.181.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.182.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 61.189.0.0 mask 255.255.128.0 58.242.161.1 -p
route add 121.16.0.0 mask 255.240.0.0 58.242.161.1 -p
route add 121.89.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 124.64.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 124.66.0.0 mask 255.255.128.0 58.242.161.1 -p
route add 124.67.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 124.88.0.0 mask 255.248.0.0 58.242.161.1 -p
route add 124.128.0.0 mask 255.248.0.0 58.242.161.1 -p
route add 124.160.0.0 mask 255.248.0.0 58.242.161.1 -p
route add 125.32.0.0 mask 255.240.0.0 58.242.161.1 -p
route add 202.38.143.0 mask 255.255.255.0 58.242.161.1 -p
route add 202.74.8.0 mask 255.255.248.0 58.242.161.1 -p
route add 202.75.208.0 mask 255.255.240.0 58.242.161.1 -p
route add 202.90.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 202.96.0.0 mask 255.255.192.0 58.242.161.1 -p
route add 202.96.64.0 mask 255.255.224.0 58.242.161.1 -p
route add 202.97.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 202.98.0.0 mask 255.255.224.0 58.242.161.1 -p
route add 202.99.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 202.102.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 202.106.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 202.107.0.0 mask 255.255.128.0 58.242.161.1 -p
route add 202.108.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 202.110.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 202.111.128.0 mask 255.255.192.0 58.242.161.1 -p
route add 202.130.224.0 mask 255.255.224.0 58.242.161.1 -p
route add 203.93.8.0 mask 255.255.255.0 58.242.161.1 -p
route add 203.93.192.0 mask 255.255.192.0 58.242.161.1 -p
route add 203.175.192.0 mask 255.255.192.0 58.242.161.1 -p
route add 210.13.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 210.14.160.0 mask 255.255.224.0 58.242.161.1 -p
route add 210.14.192.0 mask 255.255.224.0 58.242.161.1 -p
route add 210.15.32.0 mask 255.255.224.0 58.242.161.1 -p
route add 210.15.96.0 mask 255.255.224.0 58.242.161.1 -p
route add 210.15.128.0 mask 255.255.192.0 58.242.161.1 -p
route add 210.21.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 210.22.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 210.51.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 210.52.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 210.74.96.0 mask 255.255.224.0 58.242.161.1 -p
route add 210.74.128.0 mask 255.255.224.0 58.242.161.1 -p
route add 210.78.0.0 mask 255.255.224.0 58.242.161.1 -p
route add 210.82.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 211.144.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 211.152.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 218.7.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 218.8.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 218.12.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 218.21.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 218.24.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 218.28.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 218.56.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 218.60.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 218.62.0.0 mask 255.255.128.0 58.242.161.1 -p
route add 218.67.128.0 mask 255.255.128.0 58.242.161.1 -p
route add 218.68.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 218.104.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 218.244.32.0 mask 255.255.224.0 58.242.161.1 -p
route add 218.247.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 219.154.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 219.156.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 219.158.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 219.159.0.0 mask 255.255.192.0 58.242.161.1 -p
route add 219.232.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 220.248.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 220.252.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 221.0.0.0 mask 255.240.0.0 58.242.161.1 -p
route add 221.136.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 221.192.0.0 mask 255.224.0.0 58.242.161.1 -p
route add 222.128.0.0 mask 255.240.0.0 58.242.161.1 -p
route add 222.160.0.0 mask 255.252.0.0 58.242.161.1 -p
 
REM HZCNC
route add 58.100.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 125.210.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 211.155.224.0 mask 255.255.240.0 58.242.161.1 -p
route add 218.108.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 219.82.0.0 mask 255.255.0.0 58.242.161.1 -p
 
REM CRC
route add 61.232.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 61.236.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 211.98.0.0 mask 255.255.0.0 58.242.161.1 -p
route add 221.172.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 222.32.0.0 mask 255.224.0.0 58.242.161.1 -p
route add 58.82.176.0 mask 255.255.240.0 58.242.161.1 -p
route add 58.82.224.0 mask 255.255.240.0 58.242.161.1 -p
route add 61.29.240.0 mask 255.255.240.0 58.242.161.1 -p
route add 121.46.0.0 mask 255.255.192.0 58.242.161.1 -p
route add 121.46.192.0 mask 255.255.224.0 58.242.161.1 -p
route add 122.198.32.0 mask 255.255.224.0 58.242.161.1 -p
route add 124.156.112.0 mask 255.255.240.0 58.242.161.1 -p
route add 124.156.128.0 mask 255.255.240.0 58.242.161.1 -p
route add 124.249.224.0 mask 255.255.240.0 58.242.161.1 -p
 
REM UNICOM
route add 61.240.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 211.90.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 211.92.0.0 mask 255.252.0.0 58.242.161.1 -p
route add 211.96.0.0 mask 255.254.0.0 58.242.161.1 -p
route add 220.192.0.0 mask 255.240.0.0 58.242.161.1 –p
保存为cncstart.bat
REM Version 20060830,Copyright Netbank Co.LTD
 
@echo off
echo 正在关闭网通链路,请稍候...
 
REM CNC
route delete 58.16.0.0 mask 255.248.0.0
route delete 58.240.0.0 mask 255.240.0.0
route delete 60.0.0.0 mask 255.224.0.0
route delete 60.55.0.0 mask 255.255.0.0
route delete 60.208.0.0 mask 255.240.0.0
route delete 60.255.0.0 mask 255.255.0.0
route delete 61.48.0.0 mask 255.248.0.0
route delete 61.133.0.0 mask 255.255.128.0
route delete 61.134.0.0 mask 255.254.0.0
route delete 61.136.0.0 mask 255.255.128.0
route delete 61.137.128.0 mask 255.255.128.0
route delete 61.138.0.0 mask 255.255.128.0
route delete 61.138.128.0 mask 255.255.192.0
route delete 61.139.128.0 mask 255.255.192.0
route delete 61.148.0.0 mask 255.254.0.0
route delete 61.156.0.0 mask 255.255.0.0
route delete 61.158.0.0 mask 255.255.0.0
route delete 61.159.0.0 mask 255.255.192.0
route delete 61.161.0.0 mask 255.255.192.0
route delete 61.161.128.0 mask 255.255.128.0
route delete 61.162.0.0 mask 255.254.0.0
route delete 61.167.0.0 mask 255.255.0.0
route delete 61.168.0.0 mask 255.255.0.0
route delete 61.176.0.0 mask 255.255.0.0
route delete 61.179.0.0 mask 255.255.0.0
route delete 61.180.128.0 mask 255.255.128.0
route delete 61.181.0.0 mask 255.255.0.0
route delete 61.182.0.0 mask 255.255.0.0
route delete 61.189.0.0 mask 255.255.128.0
route delete 121.16.0.0 mask 255.240.0.0
route delete 121.89.0.0 mask 255.255.0.0
route delete 124.64.0.0 mask 255.254.0.0
route delete 124.66.0.0 mask 255.255.128.0
route delete 124.67.0.0 mask 255.255.0.0
route delete 124.88.0.0 mask 255.248.0.0
route delete 124.128.0.0 mask 255.248.0.0
route delete 124.160.0.0 mask 255.248.0.0
route delete 125.32.0.0 mask 255.240.0.0
route delete 202.38.143.0 mask 255.255.255.0
route delete 202.74.8.0 mask 255.255.248.0
route delete 202.75.208.0 mask 255.255.240.0
route delete 202.90.0.0 mask 255.255.0.0
route delete 202.96.0.0 mask 255.255.192.0
route delete 202.96.64.0 mask 255.255.224.0
route delete 202.97.128.0 mask 255.255.128.0
route delete 202.98.0.0 mask 255.255.224.0
route delete 202.99.0.0 mask 255.255.0.0
route delete 202.102.128.0 mask 255.255.128.0
route delete 202.106.0.0 mask 255.255.0.0
route delete 202.107.0.0 mask 255.255.128.0
route delete 202.108.0.0 mask 255.255.0.0
route delete 202.110.0.0 mask 255.255.0.0
route delete 202.111.128.0 mask 255.255.192.0
route delete 202.130.224.0 mask 255.255.224.0
route delete 203.93.8.0 mask 255.255.255.0
route delete 203.93.192.0 mask 255.255.192.0
route delete 203.175.192.0 mask 255.255.192.0
route delete 210.13.128.0 mask 255.255.128.0
route delete 210.14.160.0 mask 255.255.224.0
route delete 210.14.192.0 mask 255.255.224.0
route delete 210.15.32.0 mask 255.255.224.0
route delete 210.15.96.0 mask 255.255.224.0
route delete 210.15.128.0 mask 255.255.192.0
route delete 210.21.0.0 mask 255.255.0.0
route delete 210.22.0.0 mask 255.255.0.0
route delete 210.51.0.0 mask 255.255.0.0
route delete 210.52.0.0 mask 255.254.0.0
route delete 210.74.96.0 mask 255.255.224.0
route delete 210.74.128.0 mask 255.255.224.0
route delete 210.78.0.0 mask 255.255.224.0
route delete 210.82.0.0 mask 255.254.0.0
route delete 211.144.0.0 mask 255.254.0.0
route delete 211.152.0.0 mask 255.254.0.0
route delete 218.7.0.0 mask 255.255.0.0
route delete 218.8.0.0 mask 255.252.0.0
route delete 218.12.0.0 mask 255.255.0.0
route delete 218.21.128.0 mask 255.255.128.0
route delete 218.24.0.0 mask 255.252.0.0
route delete 218.28.0.0 mask 255.254.0.0
route delete 218.56.0.0 mask 255.252.0.0
route delete 218.60.0.0 mask 255.254.0.0
route delete 218.62.0.0 mask 255.255.128.0
route delete 218.67.128.0 mask 255.255.128.0
route delete 218.68.0.0 mask 255.254.0.0
route delete 218.104.0.0 mask 255.252.0.0
route delete 218.244.32.0 mask 255.255.224.0
route delete 218.247.0.0 mask 255.255.0.0
route delete 219.154.0.0 mask 255.254.0.0
route delete 219.156.0.0 mask 255.254.0.0
route delete 219.158.0.0 mask 255.255.0.0
route delete 219.159.0.0 mask 255.255.192.0
route delete 219.232.0.0 mask 255.252.0.0
route delete 220.248.0.0 mask 255.252.0.0
route delete 220.252.0.0 mask 255.255.0.0
route delete 221.0.0.0 mask 255.240.0.0
route delete 221.136.0.0 mask 255.255.0.0
route delete 221.192.0.0 mask 255.224.0.0
route delete 222.128.0.0 mask 255.240.0.0
route delete 222.160.0.0 mask 255.252.0.0
 
REM HZCNC
route delete 58.100.0.0 mask 255.254.0.0
route delete 125.210.0.0 mask 255.255.0.0
route delete 211.155.224.0 mask 255.255.240.0
route delete 218.108.0.0 mask 255.254.0.0
route delete 219.82.0.0 mask 255.255.0.0
 
REM CRC
route delete 61.232.0.0 mask 255.248.0.0
route delete 61.236.0.0 mask 255.254.0.0
route delete 211.98.0.0 mask 255.255.0.0
route delete 221.172.0.0 mask 255.252.0.0
route delete 222.32.0.0 mask 255.224.0.0
route delete 58.82.176.0 mask 255.255.240.0
route delete 58.82.224.0 mask 255.255.240.0
route delete 61.29.240.0 mask 255.255.240.0
route delete 121.46.0.0 mask 255.255.192.0
route delete 121.46.192.0 mask 255.255.224.0
route delete 122.198.32.0 mask 255.255.224.0
route delete 124.156.112.0 mask 255.255.240.0
route delete 124.156.128.0 mask 255.255.240.0
route delete 124.249.224.0 mask 255.255.240.0
 
REM UNICOM
route delete 61.240.0.0 mask 255.252.0.0
route delete 211.90.0.0 mask 255.254.0.0
route delete 211.92.0.0 mask 255.252.0.0
route delete 211.96.0.0 mask 255.254.0.0
route delete 220.192.0.0 mask 255.240.0.0
保存为:cncstop.bat
,服务器安全,那就多了.不过,我将其iptables复制下来.
# Generated by iptables-save v1.2.11 on Sun Jul  8 20:36:32 2007
*filter
:INPUT DROP [1:75]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m tcp --dport 222 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -f -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 222 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
COMMIT
# Completed on Sun Jul  8 20:36:32 2007
将其保存到/etc/sysconfig/iptables,
Service iptables start
至于其他资料,我以并打包.
 

本文转自hahazhu0634 51CTO博客,原文链接:http://blog.51cto.com/5ydycm/116635,如需转载请自行联系原作者
相关文章
|
4月前
|
传感器 人工智能 物联网
穿戴科技新风尚:智能服装设计与技术全解析
穿戴科技新风尚:智能服装设计与技术全解析
421 85
|
7月前
|
监控 安全 开发工具
鸿蒙HarmonyOS应用开发 | HarmonyOS Next-从应用开发到上架全流程解析
HarmonyOS Next是华为推出的最新版本鸿蒙操作系统,强调多设备协同和分布式技术,提供丰富的开发工具和API接口。本文详细解析了从应用开发到上架的全流程,包括环境搭建、应用设计与开发、多设备适配、测试调试、应用上架及推广等环节,并介绍了鸿蒙原生应用开发者激励计划,帮助开发者更好地融入鸿蒙生态。通过DevEco Studio集成开发环境和华为提供的多种支持工具,开发者可以轻松创建并发布高质量的鸿蒙应用,享受技术和市场推广的双重支持。
1094 11
|
8月前
|
机器学习/深度学习 安全 大数据
揭秘!企业级大模型如何安全高效私有化部署?全面解析最佳实践,助你打造智能业务新引擎!
【10月更文挑战第24天】本文详细探讨了企业级大模型私有化部署的最佳实践,涵盖数据隐私与安全、定制化配置、部署流程、性能优化及安全措施。通过私有化部署,企业能够完全控制数据,确保敏感信息的安全,同时根据自身需求进行优化,提升计算性能和处理效率。示例代码展示了如何利用Python和TensorFlow进行文本分类任务的模型训练。
508 6
|
5月前
|
编解码 缓存 Prometheus
「ximagine」业余爱好者的非专业显示器测试流程规范,同时也是本账号输出内容的数据来源!如何测试显示器?荒岛整理总结出多种测试方法和注意事项,以及粗浅的原理解析!
本期内容为「ximagine」频道《显示器测试流程》的规范及标准,我们主要使用Calman、DisplayCAL、i1Profiler等软件及CA410、Spyder X、i1Pro 2等设备,是我们目前制作内容数据的重要来源,我们深知所做的仍是比较表面的活儿,和工程师、科研人员相比有着不小的差距,测试并不复杂,但是相当繁琐,收集整理测试无不花费大量时间精力,内容不完善或者有错误的地方,希望大佬指出我们好改进!
346 16
「ximagine」业余爱好者的非专业显示器测试流程规范,同时也是本账号输出内容的数据来源!如何测试显示器?荒岛整理总结出多种测试方法和注意事项,以及粗浅的原理解析!
|
4月前
|
监控 Shell Linux
Android调试终极指南:ADB安装+多设备连接+ANR日志抓取全流程解析,覆盖环境变量配置/多设备调试/ANR日志分析全流程,附Win/Mac/Linux三平台解决方案
ADB(Android Debug Bridge)是安卓开发中的重要工具,用于连接电脑与安卓设备,实现文件传输、应用管理、日志抓取等功能。本文介绍了 ADB 的基本概念、安装配置及常用命令。包括:1) 基本命令如 `adb version` 和 `adb devices`;2) 权限操作如 `adb root` 和 `adb shell`;3) APK 操作如安装、卸载应用;4) 文件传输如 `adb push` 和 `adb pull`;5) 日志记录如 `adb logcat`;6) 系统信息获取如屏幕截图和录屏。通过这些功能,用户可高效调试和管理安卓设备。
|
5月前
|
Java 数据库 开发者
详细介绍SpringBoot启动流程及配置类解析原理
通过对 Spring Boot 启动流程及配置类解析原理的深入分析,我们可以看到 Spring Boot 在启动时的灵活性和可扩展性。理解这些机制不仅有助于开发者更好地使用 Spring Boot 进行应用开发,还能够在面对问题时,迅速定位和解决问题。希望本文能为您在 Spring Boot 开发过程中提供有效的指导和帮助。
228 12
|
4月前
|
机器学习/深度学习 人工智能 自然语言处理
DeepSeek 实践应用解析:合力亿捷智能客服迈向 “真智能” 时代
DeepSeek作为人工智能领域的创新翘楚,凭借领先的技术实力,在智能客服领域掀起变革。通过全渠道智能辅助、精准对话管理、多语言交互、智能工单处理、个性化推荐、情绪分析及反馈监控等功能,大幅提升客户服务效率和质量,助力企业实现卓越升级,推动智能化服务发展。
195 1
|
5月前
|
域名解析 弹性计算 负载均衡
新手上云教程参考:阿里云服务器租用、域名注册、备案及域名解析流程图文教程
对于想要在阿里云上搭建网站或应用的用户来说,购买阿里云服务器和注册域名,绑定以及备案的流程至关重要。本文将以图文形式为您介绍阿里云服务器购买、域名注册、备案及绑定的全流程,以供参考,帮助用户轻松上手。
|
6月前
|
Serverless 对象存储 人工智能
智能文件解析:体验阿里云多模态信息提取解决方案
在当今数据驱动的时代,信息的获取和处理效率直接影响着企业决策的速度和质量。然而,面对日益多样化的文件格式(文本、图像、音频、视频),传统的处理方法显然已经无法满足需求。
238 4
智能文件解析:体验阿里云多模态信息提取解决方案
|
7月前
|
域名解析 弹性计算 安全
阿里云服务器租用、注册域名、备案及域名解析完整流程参考(图文教程)
对于很多初次建站的用户来说,选购云服务器和注册应及备案和域名解析步骤必须了解的,目前轻量云服务器2核2G68元一年,2核4G4M服务器298元一年,域名注册方面,阿里云推出域名1元购买活动,新用户注册com和cn域名2年首年仅需0元,xyz和top等域名首年仅需1元。对于建站的用户来说,购买完云服务器并注册好域名之后,下一步还需要操作备案和域名绑定。本文为大家展示阿里云服务器的购买流程,域名注册、绑定以及备案的完整流程,全文以图文教程形式为大家展示具体细节及注意事项,以供新手用户参考。

相关产品

  • 云解析DNS
  • 推荐镜像

    更多
  • DNS