计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (11): 157-160.

• 网络、通信与安全 • 上一篇    下一篇

智能DNS系统的设计与实现

李静梅 吴鹏   

  1. 哈尔滨工程大学计算机学院 哈尔滨工程大学计算机学院04研应用三班
  • 收稿日期:2006-05-17 修回日期:1900-01-01 出版日期:2007-04-11 发布日期:2007-04-11
  • 通讯作者: 李静梅

The Design and Implementation of Smart DNS

  • Received:2006-05-17 Revised:1900-01-01 Online:2007-04-11 Published:2007-04-11

摘要: DNS(Domain Name System)域名解析系统是Internet上的一项基础服务,它为网络应用程序提供域名解析服务,作为网络一项中枢组件有许多功能需要提高和完善,通过优化DNS可以缩短查询时间,减少不必要的网络流量,提高网络的安全性能,对整个互联网的发展起到推动作用。文章主要介绍了一个符合工业标准并能应用于电信级需求的DNS系统的基本架构,系统由权威型DNS服务器、递归型DNS服务器和DNS管理系统组成,支持多种数据存储方式,通过模块化设计能做到各模块自由组合。系统具有领先于市场上同类产品的创新之处:主从数据库的热备份和用虚拟地址池实现绑定客户端IP的功能。这两个功能在不同方面改进了现存DNS系统,前者的数据备份分通用和专用两种,其中通用部分遵照RFC标准采用AXFR和NOTIFY的方式传输备份,而专用部分引进先进的数据库主从备份思想于DNS系统中并根据DNS数据库特点通过保存DML方式完成数据的持久化;后者引入虚拟地址池概念为客户端和域名的IP地址中间引入新的层次,从而可完成双方的配置,这样既可做到负载平衡也对DNS的安全问题提出了一种新的解决方案,因为用这种方法同样能达到硬件防火墙的功能,从而节约了成本并提升了性能。最后通过搭建模拟环境,用软件虚拟大流量访问数据测试系统性能,实验证明系统完全符合电信级需要。

Abstract: DNS (Domain Name System), which provides domain name resolving service, is the basic service on the Internet. By the method of optimizing the DNS , which can be regarded as the promotion of the develop of Internet, we can shorten the time of query, reduce unnecessary quantity of net flow, enhance the safe ability of network. A basic constructor of DNS system qualified for the need on the level of telecomm in accordance with the industrial standard, which is composted by authorized DNS server, recursive DNS server and DNS manage system, support several methods of data backup, and every module can group freely in the way of modularly design. The system has the creative point that leads the internet market, hot database backup between master and slave and binding with customer IP, is described in the article. Both of the characters improve the existing DNS system in different ways, the former can be divided to general and private ways, in the general way AXFR and NOTIFY is used to transfer data in accordance with RFC, and in the private way the advanced database backup technology is introduced to the DNS and persist the data via the way of saving DML oriented with the character of database. The concept of virtual address pool is introduced in the former character to insert a new virtual level between the client and the IP of domain name so that the configuration of both sides can be set easily. As a result, load balance is achieved and a new solution for the safety of DNS is supplied. The hardware firewall can be substituted because in this way the same goal can be achieved. Finally a modeling environment is architected, large flux data is mocked by special software to test the ability of system, it is confirmed that the system is qualified for the need of telecomm.