摘要
主要介绍了一个符合工业标准并能应用于电信级需求的DNS系统的基本架构,系统由权威型DNS服务器、递归型DNS服务器和DNS管理系统组成,支持多种数据存储方式,通过模块化设计能做到各模块自由组合。系统具有领先于市场上同类产品的创新之处:主从数据库的热备份和用虚拟地址池实现绑定客户端IP的功能。这两个功能在不同方面改进了现存DNS系统,前者的数据备份分通用和专用两种,其中通用部分遵照RFC标准采用AXFR和NOTIFY的方式传输备份,而专用部分引进先进的数据库主从备份思想于DNS系统中,并根据DNS数据库特点通过保存DML方式完成数据的持久化;后者引入虚拟地址池概念为客户端和域名的IP地址中间引入新的层次,从而可完成双方的配置,这样既可做到负载平衡也对DNS的安全问题提出了一种新的解决方案,因为用这种方法同样能达到硬件防火墙的功能,从而节约了成本并提升了性能。最后通过搭建模拟环境,用软件虚拟大流量访问数据测试系统性能,实验证明系统完全符合电信级需要。
A basic constructor of DNS system qualified for the need on the level of telecomm in accordance with the industrial standard,which is composted by authorized DNS server,recursive DNS server and DNS management system,supports several methods of data backup ,and every module can group freely in the way of modular design.The system has the creative point that leads the internet market,hot database backup between master and slave and binding with customer IP,is described in the article.Both of the characters improve the existing DNS system in different ways,the former can be divided to general way and private way,in the general way AXFR and NOTIFY are used to transfer data in accordance with RFC,and in the private way the advanced database backup technology is introduced to the DNS and persists the data via the way of saving DML oriented with the character of database.The concept of virtual address pool is introduced in the former character to insert a new virtual level between the client and the IP of domain name so that the configuration of both sides can be set easily.As a result,load balance is achieved and a new solution for the safety of DNS is supplied.The hardware firewall can be substituted because in this way the same goal can be achieved.Finally a modeling environment is architected,large flux data is mocked by special software to test the ability of system,it is confirmed that the system is qualified for the need of telecomm.
出处
《计算机工程与应用》
CSCD
北大核心
2007年第11期157-160,共4页
Computer Engineering and Applications
关键词
DNS
热备份
访问控制
网络安全
Domain Name System (DNS)
hot backup
access control
network security
