High Performance caching-only (recursive) BIND9 Setup

支持海量域名的dns架构

环境 操作系统： Redhat 5.2 64位

dns服务器：bind9.5.0-p1

数据库： mysql5.1

Introduction

DNS (Domain Name Service) is one of the primary Internet services, which is to map human-friendly domain names to machine-friendly IP address. If there are a lot of people using DNS service (for example, subscribers use ISP's DNS server), one DNS server might be becoming a bottleneck, and the server might fail.

Scalable DNS cluster can help provide scalability and availability of DNS service.

The Example below is about setting up a cluster for recursive DNS but you can just as well use the same method for authorative DNS as well. Just remember that clients who use your cluster as a secondary nameservice would need to also-notify{} each of your realservers, not just the service-IP.

通常情况下，进程通过“/dev/log”向syslogd发送消息。由于“虚拟”根环境的限制，这种通信被禁止。因此syslogd需要改为监听“/var/named/chroot/dev/log”。可以通过编辑syslog的启动脚本来设定新的监听地点。
编辑syslog脚本（vi +24 /etc/rc.d/init.d/syslog），改变SYSLOGD_OPTIONS

Chroot-BIND HOWTO

Scott Wunsch, scott at wunsch.org

v1.5, 1 December 2001

This document describes installing the BIND 9 nameserver to run in a chroot jail and as a non-root user, to provide added security and minimise the potential effects of a security compromise. Note that this document has been updated for BIND 9; if you still run BIND 8, you want the Chroot-BIND8 HOWTO instead.

背景：

一台DNS服务器更换了，不过，因为解析关系仍然有一些查询在上面，希望将查询转发到新的DNS服务器上

BIND Dynamic Update DoS