智能DNS+JBOSS集群<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

最近公司準備新上一個系統，領導要求自己做智能DNS服務器進行域名智能解析以解決南北互聯的問題，同時還要考慮大并發，以下是前期規劃的網絡拓撲圖（操作系統為Centos 5.2）：

<?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" />

一、??????? 智能DNS設置

1、安裝openssl

tar -zxvf openssl-<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.9.8d.tar.gz

cd openssl-0.9.8d

./config --prefix=/usr/local/openssl

make;make install

?

?

2、安裝bind

tar -zxvf bind-9.5.1-P2.tar.gz

cd bind-9.5.1-P2

./configure --prefix=/usr/local/named/ --mandir=/usr/local/share/man/ --enable-threads --with-openssl=/usr/local/openssl/

make;make install

?

groupadd -g 25 named

useradd -u 25 -g 25 -d /usr/local/named -s /sbin/nologin named

?

mkdir /usr/local/named/namedb

開始配置bind

創建 rndc.conf文件，用bind自帶程序生成

cd /usr/local/named/

sbin/rndc-confgen > etc/rndc.conf

把rndc.conf 中的key信息（被注釋的一部份信息）輸出到 named.conf 中

cd /etc/

tail –n10 rndc.conf | head -n9 | sed -e s/#\ //g > ../named.conf

編輯named.conf

vi named.conf

寫入以下內容：

options {

?? directory "/usr/local/named";

?? dump-file "/usr/local/named/data/cache_dump.db";

?? statistics-file "/usr/local/named/data/named_stats.txt";

?? version "";

?? datasize 40M;

?? allow-transfer {

??? "trusted-lan";

?? };

?? recursion yes;

?? allow-notify {

?????? "trusted-lan";

?? };

?? allow-recursion {

?????? "trusted-lan";

?? };

?? auth-nxdomain no;

?? forwarders {

?????? 202.103.44.150;

?????? 202.103.24.68;

?? };

};

logging {

?? channel warning {

??? file "/usr/local/named/var/dns_warning" versions 3 size 1240k;

??? severity warning;

??? print-category yes;

??? print-severity yes;

??? print-time yes;

?? };

?? channel general_dns {

?????? file "/usr/local/named/var/dns_log" versions 3 size 1240k;

?????? severity info;

?????? print-category yes;

?????? print-severity yes;

?????? print-time yes;

?? };

?? category default {

?????? warning;

?? };

?? category queries {

?????? general_dns;

?? };

};

include "cnc_acl.conf";

include "telecom_acl.conf";

view "view_cnc" {

?? match-clients {

???????? CNC;

?? };

?? zone "." {

???????? type hint;

???????? file "named.ca";

?? };

?? include "master/cnc.def";

};

view "view_telecom" {

?? match-clients {

???????? TELECOM;

?? };

?? zone "." {

???????? type hint;

???????? file "named.ca";

?? };

?? include "master/telecom.def";

};

view "view_any" {

?? match-clients {

???????? any;

?? };

?? zone "." {

???????? type hint;

???????? file "named.ca";

?? };

?? include "master/any.def";

};

保存,退出。

?

3、安裝IP地址段查詢工具Ripe-dbase-client-v3：

下載軟件包：

wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz

tar zxvf ripe-dbase-client-v3.tar.gz

cd whois-3.1

./configure --prefix=/usr

make;make install

?

4、設置配置文件

mkdir /usr/local/named/data

mkdir /usr/local/named/master

?

wget ftp://ftp.internic.org/domain/named.root -O /usr/local/named/named.ca

?

配置ACL文件

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/cnc_acl.conf

?

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/telecom_acl.conf

這樣獲取的IP表感覺有問題，后面附上一份比較完整的IP表

?

增加域名解析配置文件

設置網通解析配置文件：

vi /usr/local/named/master/cnc.def

?

==========cnc.def begin==========

zone "king.com"{

??? type master;

??? file "master/cnc/king.com";

??? allow-transfer { 192.168.1.100 ; };

??? notify yes;

??? also-notify { 192.168.1.100 ; };

};

==========cnc.def end===========???

?

設置電信解析配置文件：

vi /usr/local/named/master/telecom.def

?

==========telecom.def begin==========

zone "king.com"{

??? type master;

??? file "master/telecom/king.com";

??? allow-transfer { 192.168.1.100 ; };

??? notify yes;

??? also-notify { 192.168.1.100 ; };

};

==========telecom.def end===========

?

設置網通電信以外解析配置文件：

vi /usr/local/named/master/any.def

?

==========any.def begin==========

zone "king.com"{

??? type master;

??? file "master/any/king.com";

??? allow-transfer { 192.168.1.100 ; };

??? notify yes;

??? also-notify { 192.168.1.100 ; };

};

==========any.def end===========

?

增加域名定義文件

?

設置網通域名定義文件：

vi /usr/local/named/master/cnc/king.com

?

==========cnc/king.com begin==========

$TTL 3600

$ORIGIN king.com.

@ IN SOA ns.king.com. root.king.com. (

????????????????????? 2009041701? ;Serial

????????????????????? 3600??? ;Refresh ( seconds )

????????????????????? 900??? ;Retry ( seconds )

????????????????????? 68400?????? ;Expire ( seconds )

???????????????? ?????15????????? ;Minimum TTL for Zone ( seconds )

????????????????????? )

@?????? IN????? NS???? ns.king.com.

@?????? IN????? A????? 218.108.238.221

ns????? IN????? A????? 218.108.238.221

www???? IN????? A????? 218.108.238.221

;

;end

==========cnc/king.com end===========

?

設置電信域名定義文件：

vi /usr/local/named/master/telecom/king.com

?

==========telecom/king.com begin==========

$TTL 3600

$ORIGIN king.com.

@ IN SOA ns.king.com. root.king.com. (

?????????????????????? 2009041701? ;Serial

?????????????????????? 3600 ??;Refresh ( seconds )

?????????????????????? 900?? ;Retry ( seconds )

?????????????????????? 68400?? ;Expire ( seconds )

?????????????????????? 15?? ;Minimum TTL for Zone ( seconds )

?????????????????????? )

@????? IN?????? NS????? ns.king.com.

@????? IN ??????A?????? 61.152.241.97

ns???? IN?????? A?????? 61.152.241.97

www??? IN?????? A?????? 61.152.241.97

;

;end

==========telecom/king.com end===========

?

設置其它區域域名定義文件：

vi /usr/local/named/master/any/king.com

?

==========any/king.com begin==========

$TTL 3600

$ORIGIN king.com.

@ IN SOA ns.king.com. root.king.com. (

?????????????????????? 2009041701? ;Serial

?????????????????????? 3600?? ;Refresh ( seconds )

?????????????????????? 900?? ;Retry ( seconds )

?????????????????????? 68400?? ;Expire ( seconds )

?????????????????????? 15?? ;Minimum TTL for Zone ( seconds )

?????????????????????? )

@????? IN?????? NS????? ns.king.com.

@????? IN?????? A?????? 61.152.241.97

ns???? IN?????? A?????? 61.152.241.97

www??? IN?????? A?????? 61.152.241.97

;

;end

==========any/king.com end===========

?

啟動bind

/usr/local/named/sbin/named –gc /usr/local/named/named.conf &

?

設為開機啟動：

echo "/usr/local/named/sbin/named –gc /usr/local/named/named.conf &" >> /etc/rc.local

?

全部安裝結束，就可以開展應用的配置和測試了。

?

5、設置域名DNS解析

先注冊DNS服務器

?

?

?

轉載于:https://blog.51cto.com/kerry/156270

總結

以上是生活随笔為你收集整理的智能DNS解析+JBOSS集群(一)的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。