智能DNS解析+JBOSS集群(一)

智能DNS与JBOSS集群部署

最新推荐文章于 2025-09-12 14:04:02 发布

转载最新推荐文章于 2025-09-12 14:04:02 发布 · 103 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：http://blog.51cto.com/kerry/156270

文章标签：

#运维 #awk #操作系统

本文介绍了一个智能DNS服务器的搭建过程，用于解决南北互联的问题，并支持高并发访问。详细步骤包括安装openssl、bind等组件，配置域名解析文件，并实现基于运营商的智能解析。

智能DNS+JBOSS集群<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

最近公司准备新上一个系统，领导要求自己做智能DNS服务器进行域名智能解析以解决南北互联的问题，同时还要考虑大并发，以下是前期规划的网络拓扑图（操作系统为Centos 5.2）：

<?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" />

一、智能DNS设置

1、安装openssl

tar -zxvf openssl-<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.9.8d.tar.gz

cd openssl-0.9.8d

./config --prefix=/usr/local/openssl

make;make install

2、安装bind

tar -zxvf bind-9.5.1-P2.tar.gz

cd bind-9.5.1-P2

./configure --prefix=/usr/local/named/ --mandir=/usr/local/share/man/ --enable-threads --with-openssl=/usr/local/openssl/

make;make install

groupadd -g 25 named

useradd -u 25 -g 25 -d /usr/local/named -s /sbin/nologin named

mkdir /usr/local/named/namedb

开始配置bind

创建 rndc.conf文件，用bind自带程序生成

cd /usr/local/named/

sbin/rndc-confgen > etc/rndc.conf

把rndc.conf 中的key信息（被注释的一部份信息）输出到 named.conf 中

cd /etc/

tail –n10 rndc.conf | head -n9 | sed -e s/#\ //g > ../named.conf

编辑named.conf

vi named.conf

写入以下内容：

options {

directory "/usr/local/named";

dump-file "/usr/local/named/data/cache_dump.db";

statistics-file "/usr/local/named/data/named_stats.txt";

version "";

datasize 40M;

allow-transfer {

"trusted-lan";

};

recursion yes;

allow-notify {

"trusted-lan";

};

allow-recursion {

"trusted-lan";

};

auth-nxdomain no;

forwarders {

202.103.44.150;

202.103.24.68;

};

logging {

channel warning {

file "/usr/local/named/var/dns_warning" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns {

file "/usr/local/named/var/dns_log" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default {

warning;

};

category queries {

general_dns;

};

include "cnc_acl.conf";

include "telecom_acl.conf";

view "view_cnc" {

match-clients {

CNC;

};

zone "." {

type hint;

file "named.ca";

};

include "master/cnc.def";

};

view "view_telecom" {

match-clients {

TELECOM;

};

zone "." {

type hint;

file "named.ca";

};

include "master/telecom.def";

};

view "view_any" {

match-clients {

any;

};

zone "." {

type hint;

file "named.ca";

};

include "master/any.def";

};

保存,退出。

3、安装IP地址段查询工具Ripe-dbase-client-v3：

下载软件包：

wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz

tar zxvf ripe-dbase-client-v3.tar.gz

cd whois-3.1

./configure --prefix=/usr

make;make install

4、设置配置文件

mkdir /usr/local/named/data

mkdir /usr/local/named/master

wget ftp://ftp.internic.org/domain/named.root -O /usr/local/named/named.ca

配置ACL文件

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/cnc_acl.conf

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/telecom_acl.conf

这样获取的IP表感觉有问题，后面附上一份比较完整的IP表

增加域名解析配置文件

设置网通解析配置文件：

vi /usr/local/named/master/cnc.def

==========cnc.def begin==========

zone "king.com"{

type master;

file "master/cnc/king.com";

allow-transfer { 192.168.1.100 ; };

notify yes;

also-notify { 192.168.1.100 ; };

};

==========cnc.def end===========

设置电信解析配置文件：

vi /usr/local/named/master/telecom.def

==========telecom.def begin==========

zone "king.com"{

type master;

file "master/telecom/king.com";

allow-transfer { 192.168.1.100 ; };

notify yes;

also-notify { 192.168.1.100 ; };

};

==========telecom.def end===========

设置网通电信以外解析配置文件：

vi /usr/local/named/master/any.def

==========any.def begin==========

zone "king.com"{

type master;

file "master/any/king.com";

allow-transfer { 192.168.1.100 ; };

notify yes;

also-notify { 192.168.1.100 ; };

};

==========any.def end===========

增加域名定义文件

设置网通域名定义文件：

vi /usr/local/named/master/cnc/king.com

==========cnc/king.com begin==========

$TTL 3600

$ORIGIN king.com.

@ IN SOA ns.king.com. root.king.com. (

2009041701 ;Serial

3600 ;Refresh ( seconds )

900 ;Retry ( seconds )

68400 ;Expire ( seconds )

15 ;Minimum TTL for Zone ( seconds )

)

@ IN NS ns.king.com.

@ IN A 218.108.238.221

ns IN A 218.108.238.221

www IN A 218.108.238.221

;

;end

==========cnc/king.com end===========

设置电信域名定义文件：

vi /usr/local/named/master/telecom/king.com

==========telecom/king.com begin==========

$TTL 3600

$ORIGIN king.com.

@ IN SOA ns.king.com. root.king.com. (

2009041701 ;Serial

3600 ;Refresh ( seconds )

900 ;Retry ( seconds )

68400 ;Expire ( seconds )

15 ;Minimum TTL for Zone ( seconds )

)

@ IN NS ns.king.com.

@ IN A 61.152.241.97

ns IN A 61.152.241.97

www IN A 61.152.241.97

;

;end

==========telecom/king.com end===========

设置其它区域域名定义文件：

vi /usr/local/named/master/any/king.com

==========any/king.com begin==========

$TTL 3600

$ORIGIN king.com.

@ IN SOA ns.king.com. root.king.com. (

2009041701 ;Serial

3600 ;Refresh ( seconds )

900 ;Retry ( seconds )

68400 ;Expire ( seconds )

15 ;Minimum TTL for Zone ( seconds )

)

@ IN NS ns.king.com.

@ IN A 61.152.241.97

ns IN A 61.152.241.97

www IN A 61.152.241.97

;

;end

==========any/king.com end===========

启动bind

/usr/local/named/sbin/named –gc /usr/local/named/named.conf &

设为开机启动：

echo "/usr/local/named/sbin/named –gc /usr/local/named/named.conf &" >> /etc/rc.local

全部安装结束，就可以开展应用的配置和测试了。

5、设置域名DNS解析

先注册DNS服务器

转载于:https://blog.51cto.com/kerry/156270