Работа высоконагруженного dns-сервера
TRANSCRIPT
- 1. DNS Djbdns tiny-dns Multilog lxc Daemon tools shared ip iptables, ip ro multilog
- 2. Djbdns Daniel Julius Bernstein(October 29, 1971. ) , , , .
- 3. BIND Problem: Set up an external cache on 1.2.3.4 for clients in the 1.2.3.* network. Problem: Also allow queries from clients in the 1.5.* network. Problem: Run the cache non-root and chrooted. Problem: Arrange for the cache to be restarted if someone accidentally kills it.
- 4. Djbdns DNS 1) 2) dnscache-conf dnscache dnslog /etc/dnscache
- 5. Djbdns 3) CACHESIZE DNS- DATALIMIT IP ip-, 53 UDP . IPSEND ip-, ROOT - ( FORWARDONLY - "1" , .
- 6. tiny dns .domain.com::ns1.domain.com.:2500 &domain.com::ns2.domain.com.:2500 @domain.com::mail.domain.com.:10:2500 +domain.com:serverip:2500 +*.domain.com:serverip:2500
- 7. Djbdns 3) CACHESIZE DNS- DATALIMIT IP ip-, 53 UDP . IPSEND ip-, ROOT - ( FORWARDONLY - "1" , .
- 8. Multilog 1)multilog script 2) -+pattern 3)Time stamps @400000003b4a39c23294b13c fatal: out of memory 4)
- 9. LXC LXC userspace , . LXC Linux . : pid mount network utsname ipc user
- 10. lxc-create -t debian min-base -n Debian Lxc-start lxc-info lxc-console
- 11. Daemon tools daemontools - UNIX-". ( rcx.d rc.d rc.local .) (multilog). Svc -u Svc -kd
- 12. shared ip Zebra , TCP/IP- . : Routing Information Protocol RIP, Open Shortest Path First OSPF Border Gateway Protocol BGP
- 13. iptables, ip ro INTPUT -A hashbalancer0 -j MARK --set-xmark 0x2710/0xffffffff INTPUT -A hashbalancer1 -j HMARK --hmark- src-prefix 32 --hmark-rnd 0x0000053e --hmark- mod 4 --hmark-offset 11000
- 14. iptables, ip ro 4001: from all fwmark 0x2af8 lookup dns1a.tab 4001: from all fwmark 0x2af9 lookup dns1c.tab 4001: from all fwmark 0x2afa lookup dns1e.tab 4001: from all fwmark 0x2afb lookup dns1g.tab 4001: from all fwmark 0x2af8 lookup dns1a.tab 4001: from all fwmark 0x2af9 lookup dns1c.tab 4001: from all fwmark 0x2afa lookup dns1e.tab 4001: from all fwmark 0x2afb lookup dns1g.tab 78.85.1.1 dev dns1e.0 proto static src 78.85.0.27
- 15.