智能DNS+JBOSS集群
最近公司准备新上一个系统,领导要求自己做智能DNS服务器进行域名智能解析以解决南北互联的问题,同时还要考虑大并发,以下是前期规划的网络拓扑图(操作系统为Centos 5.2):
一、 智能DNS设置
1、安装openssl
tar -zxvf openssl-0.9.8d.tar.gz
cd openssl-0.9.8d
./config --prefix=/usr/local/openssl
make;make install
2、安装bind
tar -zxvf bind-9.5.1-P2.tar.gz
cd bind-9.5.1-P2
./configure --prefix=/usr/local/named/ --mandir=/usr/local/share/man/ --enable-threads --with-openssl=/usr/local/openssl/
make;make install
groupadd -g 25 named
useradd -u 25 -g 25 -d /usr/local/named -s /sbin/nologin named
mkdir /usr/local/named/namedb
开始配置bind
创建 rndc.conf文件,用bind自带程序生成
cd /usr/local/named/
sbin/rndc-confgen > etc/rndc.conf
把rndc.conf 中的key信息(被注释的一部份信息)输出到 named.conf 中
cd /etc/
tail –n10 rndc.conf | head -n9 | sed -e s/#\ //g > ../named.conf
编辑named.conf
vi named.conf
写入以下内容:
options {
directory "/usr/local/named";
dump-file "/usr/local/named/data/cache_dump.db";
statistics-file "/usr/local/named/data/named_stats.txt";
version "";
datasize 40M;
allow-transfer {
"trusted-lan";
};
recursion yes;
allow-notify {
"trusted-lan";
};
allow-recursion {
"trusted-lan";
};
auth-nxdomain no;
forwarders {
202.103.44.150;
202.103.24.68;
};
};
logging {
channel warning {
file "/usr/local/named/var/dns_warning" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/usr/local/named/var/dns_log" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "cnc_acl.conf";
include "telecom_acl.conf";
view "view_cnc" {
match-clients {
CNC;
};
zone "." {
type hint;
file "named.ca";
};
include "master/cnc.def";
};
view "view_telecom" {
match-clients {
TELECOM;
};
zone "." {
type hint;
file "named.ca";
};
include "master/telecom.def";
};
view "view_any" {
match-clients {
any;
};
zone "." {
type hint;
file "named.ca";
};
include "master/any.def";
};
保存,退出。
3、安装IP地址段查询工具Ripe-dbase-client-v3:
下载软件包:
wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz
tar zxvf ripe-dbase-client-v3.tar.gz
cd whois-3.1
./configure --prefix=/usr
make;make install
4、设置配置文件
mkdir /usr/local/named/data
mkdir /usr/local/named/master
wget ftp://ftp.internic.org/domain/named.root -O /usr/local/named/named.ca
配置ACL文件
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/cnc_acl.conf
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/telecom_acl.conf
这样获取的IP表感觉有问题,后面附上一份比较完整的IP表
增加域名解析配置文件
设置网通解析配置文件:
vi /usr/local/named/master/cnc.def
==========cnc.def begin==========
zone "king.com"{
type master;
file "master/cnc/king.com";
allow-transfer { 192.168.1.100 ; };
notify yes;
also-notify { 192.168.1.100 ; };
};
==========cnc.def end===========
设置电信解析配置文件:
vi /usr/local/named/master/telecom.def
==========telecom.def begin==========
zone "king.com"{
type master;
file "master/telecom/king.com";
allow-transfer { 192.168.1.100 ; };
notify yes;
also-notify { 192.168.1.100 ; };
};
==========telecom.def end===========
设置网通电信以外解析配置文件:
vi /usr/local/named/master/any.def
==========any.def begin==========
zone "king.com"{
type master;
file "master/any/king.com";
allow-transfer { 192.168.1.100 ; };
notify yes;
also-notify { 192.168.1.100 ; };
};
==========any.def end===========
增加域名定义文件
设置网通域名定义文件:
vi /usr/local/named/master/cnc/king.com
==========cnc/king.com begin==========
$TTL 3600
$ORIGIN king.com.
@ IN SOA ns.king.com. root.king.com. (
2009041701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.king.com.
@ IN A 218.108.238.221
ns IN A 218.108.238.221
www IN A 218.108.238.221
;
;end
==========cnc/king.com end===========
设置电信域名定义文件:
vi /usr/local/named/master/telecom/king.com
==========telecom/king.com begin==========
$TTL 3600
$ORIGIN king.com.
@ IN SOA ns.king.com. root.king.com. (
2009041701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.king.com.
@ IN A 61.152.241.97
ns IN A 61.152.241.97
www IN A 61.152.241.97
;
;end
==========telecom/king.com end===========
设置其它区域域名定义文件:
vi /usr/local/named/master/any/king.com
==========any/king.com begin==========
$TTL 3600
$ORIGIN king.com.
@ IN SOA ns.king.com. root.king.com. (
2009041701 ;Serial
3600 ;Refresh ( seconds )
900 ;Retry ( seconds )
68400 ;Expire ( seconds )
15 ;Minimum TTL for Zone ( seconds )
)
@ IN NS ns.king.com.
@ IN A 61.152.241.97
ns IN A 61.152.241.97
www IN A 61.152.241.97
;
;end
==========any/king.com end===========
启动bind
/usr/local/named/sbin/named –gc /usr/local/named/named.conf &
设为开机启动:
echo "/usr/local/named/sbin/named –gc /usr/local/named/named.conf &" >> /etc/rc.local
全部安装结束,就可以开展应用的配置和测试了。
5、设置域名DNS解析
先注册DNS服务器
本文转自king_819 51CTO博客,原文链接:http://blog.51cto.com/kerry/156270,如需转载请自行联系原作者
