zoukankan      html  css  js  c++  java
  • 智能DNS的安装和配置


    智能DNS的安装和配置


     

    参考:http://coralzd.blog.51cto.com/90341/431848

    目录

    一、相关术语简介

    二、智能DNS系统服务规划

    三、MYSQLReplication及添加GoogleTCMALLOC库降低系统负载

    四、安装配置Bind-DLZ 及 相关脚本

    五、测试Bind-DLZ相关总 结

     

    一、相关术语简 介:


    1
    、智能DNSBind-view
    智能DNS的原理很简单:在用户解析一个域名的时候,判断一下用户 IP,然后跟DNS服务器内部的IP表匹配一下,看看用户是电信还是网通用户,然后给用户返回对应的IP地址。目前的域名服务运营商不提供智能DNS服务,所以必须自行架设DNS服务或者使用网上免费的智能DNS服务,如DNSPOD.

    2
    Bind-DLZ
    Bind-DLZ
    主页:http://bind-dlz.sourceforge.net/
    DLZ(Dynamically Loadable Zones)
    与传统的BIND9不同,BIND的不足之处:
    * BIND
    从文本文件中获取数据,这样容易因为编辑错误出现问题。
    * BIND
    需要将数据加载到内存中,如果域或者记录较多,会消耗大量的内存。
    * BIND
    启动时解析Zone文件,对于一个记录较多的DNS来说,会耽误更多的时间。
    *
    如果近修改一条记录,那么要重新加载或者重启BIND才能生 效,那么需要时间,可能会影响客户端查询。
    Bind-dlz 即将帮你解决这些问题, Zone文件操作也更方便了,直接对数据库操作,可以很方
    便扩充及开发管理程序。

     

     

    二、     智能DNS系统服务规划

    1.   NameServer服务器注册(到新网或者万网后台添加)

    ns2.zhang.com  192.168.3.203
    ns1.zhang.com  192.168.100.221
    NS1
    master NS2slave。两者数据通过mysql来同步。
     

    2.   测试NS记录是否生效

    #dig www.zhang.com

    #dig www.zhang.com +trace

     

    3.   Bind-View规划

    www.zhang.com 网通 (CNC)  192.168.100.224

    www.zhang.com 电信(TELECOM) 192.168.100.225

    www.zhang.com 教育网(EDU) 192.168.100.226

    www.zhang.com 移动(ANY) 192.168.100.227

     

    三、 Mysql的安装和主从的配置

     

    关于mysql的安装以及主从的配置请参考:

    http://blog.chinaunix.net/space.php?uid=20639775&do=blog&id=154497

    http://blog.chinaunix.net/space.php?uid=20639775&do=blog&id=154420

     

     

    四、安装配置Bind-DLZ 及 相关脚本

    1.安装bind

    #mkdir /usr/local/src/bind-dlz
    #cd /usr/local/src/bind-dlz
    #wget http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz
    #tar zxvf bind-9.6.0-P1.tar.gz

    #cd bind-9.6.0-P1
    # ./configure --with-dlz-mysql=/usr/local/mysql/ --enable-largefile --enable-threads=no --prefix=/usr/local/bind --disable-openssl-version-check

    #make && make install


     

    2.创建相关配置文件

    cd /usr/local/bind/etc
    ../sbin/rndc-confgen >rndc.conf
    tail -n10 rndc.conf | head -n9 | sed -e s/#\//g >named.conf

    # vi localhost.zone

    ttl 86400
    @ IN SOA localhost. root.localhost. (
    1997022700 ; Serial
    28800 ; Refresh
    14400 ; Retry
    3600000 ; Expire
    86400 ) ; Minimum
    IN NS localhost.
    1 IN PTR localhost.

    # dig >named.root
    #vi named.conf 在后面加入如下:

    include"/usr/local/bind/etc/cnc_acl.conf"; //网通ACL
    include "/usr/local/bind/etc/telecom_acl.conf"; //电信ACL
    include "/usr/local/bind/etc/edu_acl.conf"; //教育网ACL
    include "/usr/local/bind/etc/view.conf"; //DLZ相关的配

     

    3、配置DNSTSIG

    Ø  使用dnssec-keygenfunction 产生加密密钥,一个为public key,另一个为private key,本文假设应用服务器存在CNC,TELECOM,EDU,ANY

    (1)产生加密金钥

    #cd /usr/local/bind/sbin

    #./dnssec-keygen -a hmac-md5 -b 128 -n HOST cnc

    #./dnssec-keygen -a hmac-md5 -b 128 -n HOST telecom

    #./dnssec-keygen -ahmac-md5 -b 128 -n HOST edu
    #./dnssec-keygen -a hmac-md5 -b 128 -n HOST any


    (2)
    查看生成的密钥文件

    # cat Kcnc.+157+24406.private //以网通为例.

    Private-key-format: v1.2

    Algorithm: 157 (HMAC_MD5)

    Key: YTjTOw00PzeEaasA16/Rvw==

    Bits: AAA=

    :YTjTOw00PzeEaasA16/Rvw== 加入到named.conf,其它同例。

    详细请参照named.conf 置文件

    Ø  配置named.conf
     

    #vi /usr/local/bind/etc/named.conf
     

    key "rndc-key" {

            algorithm hmac-md5;

            secret "gu0hQjfMt1+zBJbjQegTww==";

     };

     

     controls {

            inet 127.0.0.1 port 953

                    allow { 127.0.0.1; } keys { "rndc-key"; };

     };

     

    logging {

       channel warning {

        file "/var/log/bind/dns_warning" versions 3 size 1240k;

        severity warning;

        print-category yes;

        print-severity yes;

        print-time yes;

       };

       channel general_dns {

           file "/var/log/bind/dns_log" versions 3 size 1240k;

           severity info;

           print-category yes;

           print-severity yes;

           print-time yes;

       };

       category default {

           warning;

       };

       category queries {

           general_dns;

       };

    };

     

    #

    options {

    directory "/usr/local/bind/etc";

    pid-file "named.pid";

    };

     

     

    #TSIG-key

    key "cnc" {

            algorithm hmac-md5;

            secret "XA7Xp3G9vwBmSafyl+swiQ==";

     };

     

    key "telecom" {

            algorithm hmac-md5;

            secret "rGJVJRLv7rNm0aoI+rw1Wg==";

     };

     

    key "edu" {

            algorithm hmac-md5;

            secret "bbx8zD5DoFRyDz5Xb0wBWw==";

     };

     

    key "any" {

            algorithm hmac-md5;

            secret "s16dv4VdR/BzEsxKjyDzOg==";

     };

     

     

    #acl

    acl "dns-ip-list"{

      192.168.100.203; #master DNS IP

      192.168.100.221; #slave DNS IP

    };

     

    #acl include

    include "/usr/local/bind/etc/cnc_acl.conf";

    include "/usr/local/bind/etc/telecom_acl.conf";

    include "/usr/local/bind/etc/edu_acl.conf";

    include "/usr/local/bind/etc/view.conf";

     

    Ø  配置view.conf

    #vi /usr/local/bind/etc/view.conf

    #cnc-view

    view "cnc_view" {

     

     match-clients           { key cnc;dns-ip-list;CNC; };

     allow-query-cache       { none; };

     allow-recursion         { none; };

     allow-transfer          { none; };

     recursion               no;

       

       dlz "Mysql zone" {

       database "mysql

       {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

       {select zone from dns_records where zone = '%zone%' and view='CNC' limit 1}

       {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'CNC' or view = 'DF')}

       {}

       {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view='CNC'}

       {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='CNC' limit 1}

       {update data_count set count = count + 1 where zone ='%zone%' and view='CNC'}";

       };

     

       zone "." IN {

          type hint;

          file "named.root";

          };

    };

     

    #telecom-view

    view "telecom_view" {

     

     match-clients           { key telecom;dns-ip-list;TELECOM; };

     allow-query-cache       { none; };

     allow-recursion         { none; };

     allow-transfer          { none; };

     recursion               no;

        dlz "Mysql zone" {

       database "mysql

       {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

       {select zone from dns_records where zone = '%zone%' and view = 'TEL' limit 1}

       {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'TEL' or view = 'DF')}

       {}

       {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view = 'TEL'}

       {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='TEL' limit 1}

       {update data_count set count = count + 1 where zone ='%zone%' and view = 'TEL'}";

       };

     

    };

     

    #edu_view

    view "edu_view" {

     

     match-clients           { key edu;dns-ip-list;EDU; };

     allow-transfer          { none; };

     recursion               no;

     

       dlz "Mysql zone" {

       database "mysql

       {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

       {select zone from dns_records where zone = '%zone%' and view='EDU' limit 1}

        {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'EDU' or view = 'DF')}

       {}

       {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view='EDU'}

       {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='EDU' limit 1}

       {update data_count set count = count + 1 where zone ='%zone%' and view='EDU'}";

       };

    };

     

    #any_view

    view "any_view" {

     

     match-clients           { key any;dns-ip-list;ANY; };

     allow-query-cache       { none; };

     allow-recursion         { none; };

     allow-transfer          { none; };

     recursion               no;

     

       dlz "Mysql zone" {

       database "mysql

       {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

       {select zone from dns_records where zone = '%zone%' and view='ANY' limit 1}

       {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'ANY' or view = 'DF')}

       {}

       {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view='ANY'}

       {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='ANY' limit 1}

       {update data_count set count = count + 1 where zone ='%zone%'}";

       };

    };

     

    Ø  配置cnc_acl.conftelecom_acl.confedu_acl.conf

    至于这些文件的配置,请访问

    http://www.lbase.net/ISPIPInfo.aspx //自己用脚步处理下

     

    Ø  需要用到的sql语句:

     

     

    CREATE DATABASE dns_view;


    USE dns_view;

    -- ----------------------------

    -- Table structure for data_count

    -- ----------------------------

    DROP TABLE IF EXISTS `data_count`;

    CREATE TABLE `data_count` (

      `zone` text NOT NULL,

      `count` bigint(20) default '0',

      `view` char(20) default 'DF',

      KEY `data_count_index` (`zone`(30))

    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

     

    -- ----------------------------

    -- Table structure for dns_records

    -- ----------------------------

    DROP TABLE IF EXISTS `dns_records`;

    CREATE TABLE `dns_records` (

      `id` int(10) unsigned NOT NULL auto_increment,

      `zone` varchar(255) NOT NULL,

      `host` varchar(255) NOT NULL default '@',

      `type` enum('MX','CNAME','NS','SOA','A','AAAA','PTR') default NULL,

      `data` varchar(255) default NULL,

      `ttl` int(11) NOT NULL default '800',

      `view` char(20) default 'DF',

      `mx_priority` int(11) default NULL,

      `refresh` int(11) NOT NULL default '3600',

      `retry` int(11) NOT NULL default '3600',

      `expire` int(11) NOT NULL default '86400',

      `minimum` int(11) NOT NULL default '3600',

      `serial` bigint(20) NOT NULL default '2008082700',

      `resp_person` varchar(64) NOT NULL default 'root.domain.com.',

      `primary_ns` varchar(64) NOT NULL default 'ns1.domain.com.',

      `data_count` int(11) NOT NULL default '0',

      PRIMARY KEY  (`id`),

      KEY `type` (`type`),

      KEY `host` (`host`),

      KEY `zone` (`zone`)

    ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;

     

     

    -- ----------------------------

    -- Table structure for xfr_table

    -- ----------------------------

    DROP TABLE IF EXISTS `xfr_table`;

    CREATE TABLE `xfr_table` (

      `view` enum('CNC','TELECOM','EDU','CRTC','ANY') NOT NULL,

      `zone` varchar(255) default NULL,

      `client` varchar(255) default NULL,

      KEY `zone_client_index` (`zone`(30),`client`(30))

    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

     

    -- ----------------------------

    -- Records

    -- ----------------------------

     

     

    INSERT INTO `dns_records` VALUES ('1', 'zhang.com', '@', 'SOA', 'ns1.zhang.com.', '10', 'DF', null, '3600', '3600', '86400', '10', '2008082700', 'root.zhang.com.', 'ns1.zhang.com.', '0');

    INSERT INTO `dns_records` VALUES ('2', 'zhang.com', '@', 'NS', 'ns1.zhang.com.', '800', 'DF', '0', '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

    INSERT INTO `dns_records` VALUES ('3', 'zhang.com', '@', 'NS', 'ns2.zhang.com.', '800', 'DF', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

    INSERT INTO `dns_records` VALUES ('4', 'zhang.com', 'ns1', 'A', '192.168.3.203', '800', 'DF', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

    INSERT INTO `dns_records` VALUES ('5', 'zhang.com', 'ns2', 'A', '192.168.100.221', '800', 'DF', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

    INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.224', '3600', 'CNC', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

    INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.225 ', '3600', 'TELECOM', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

    INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.226', '3600', 'EDU', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

    INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.227', '3600', 'AYN', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

     


     

    Ø  Bind 启动脚本

    #!/bin/bash

    #start/stop/restart/reload/status

    case "$1" in

    start)

    if [ -x/usr/local/bind/sbin/named ]; then

    /usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -u root

    echo "BIND9-named server started"

    fi

    ;;

    stop)

    kill `cat /usr/local/bind/etc/named.pid` && echo . && echo 'BIND9 serverstopped'

    ;;

    restart)

    echo .

    echo "Restart BIND9 server"

    $0 stop

    sleep 10

    $0 start

    ;;

    reload)

    /usr/local/bind/sbin/rndc reload

    ;;

    status)

    /usr/local/bind/sbin/rndc status

    ;;

    *)

    echo"$0 start | stop | restart |reload |status"

    ;;

    Esac

     

     

    ./bind.sh start 启动bind

    ./bind.sh stop停止bind;
    ./bind.sh reload #
    重载配置文件

    # /usr/local/bind/sbin/named -uroot -g -d 9 //调试状态,如果没有报错说明环境配置正确。

     

     

     

    五、 智能DNS的测试

     

    由于是在虚拟机上测试,因此,智能模拟dns查询场景,找一台192.168.100.0/24网段的机器和一台192.168.3.0/24网段的机器,更改文件

    vi /etc/resolv.conf 添加如下一行

    nameserver 192.168.3.203

    然后运行nslookup www.zhang.com ,看返回的IP是?

    将该网段添加到cnc_acl.conftelecom_acl.confedu_acl.conf,重启dns,再次运行

    nslookup www.zhang.com,看返回的IP是否不同



  • 相关阅读:
    浅谈软件开发项目的质量控制
    分布式系统稳定性模式
    正确使用 Volatile 变量
    我和 OI 的一些故事
    NOIP2020 退役记
    博弈论基础入门
    [HAOI2008]硬币购物(容斥/背包DP)
    [CF] 1307F Cow and Vacation(思维/贪心)
    [noi.ac 模拟赛8] c(容斥/DP)
    [noi.ac 模拟赛9] A.出征准备(同余最短路)
  • 原文地址:https://www.cnblogs.com/feihongwuhen/p/7170039.html
Copyright © 2011-2022 走看看