Работа высоконагруженного DNS-сервера
Preview:
Citation preview
- 1. DNS Djbdns tiny-dns Multilog lxc Daemon tools shared ip
iptables, ip ro multilog
- 2. Djbdns Daniel Julius Bernstein(October 29, 1971. ) , , ,
.
- 3. BIND Problem: Set up an external cache on 1.2.3.4 for
clients in the 1.2.3.* network. Problem: Also allow queries from
clients in the 1.5.* network. Problem: Run the cache non-root and
chrooted. Problem: Arrange for the cache to be restarted if someone
accidentally kills it.
- 4. Djbdns DNS 1) 2) dnscache-conf dnscache dnslog
/etc/dnscache
- 5. Djbdns 3) CACHESIZE DNS- DATALIMIT IP ip-, 53 UDP . IPSEND
ip-, ROOT - ( FORWARDONLY - "1" , .
- 6. tiny dns .domain.com::ns1.domain.com.:2500
&domain.com::ns2.domain.com.:2500
@domain.com::mail.domain.com.:10:2500 +domain.com:serverip:2500
+*.domain.com:serverip:2500
- 7. Djbdns 3) CACHESIZE DNS- DATALIMIT IP ip-, 53 UDP . IPSEND
ip-, ROOT - ( FORWARDONLY - "1" , .
- 8. Multilog 1)multilog script 2) -+pattern 3)Time stamps
@400000003b4a39c23294b13c fatal: out of memory 4)
- 9. LXC LXC userspace , . LXC Linux . : pid mount network
utsname ipc user
- 10. lxc-create -t debian min-base -n Debian Lxc-start lxc-info
lxc-console
- 11. Daemon tools daemontools - UNIX-". ( rcx.d rc.d rc.local .)
(multilog). Svc -u Svc -kd
- 12. shared ip Zebra , TCP/IP- . : Routing Information Protocol
RIP, Open Shortest Path First OSPF Border Gateway Protocol BGP
- 13. iptables, ip ro INTPUT -A hashbalancer0 -j MARK --set-xmark
0x2710/0xffffffff INTPUT -A hashbalancer1 -j HMARK --hmark-
src-prefix 32 --hmark-rnd 0x0000053e --hmark- mod 4 --hmark-offset
11000
- 14. iptables, ip ro 4001: from all fwmark 0x2af8 lookup
dns1a.tab 4001: from all fwmark 0x2af9 lookup dns1c.tab 4001: from
all fwmark 0x2afa lookup dns1e.tab 4001: from all fwmark 0x2afb
lookup dns1g.tab 4001: from all fwmark 0x2af8 lookup dns1a.tab
4001: from all fwmark 0x2af9 lookup dns1c.tab 4001: from all fwmark
0x2afa lookup dns1e.tab 4001: from all fwmark 0x2afb lookup
dns1g.tab 78.85.1.1 dev dns1e.0 proto static src 78.85.0.27
- 15.