首页 > 代码库 > Bind+DLZ构建企业智能DNS
Bind+DLZ构建企业智能DNS
Bind+DLZ构建企业智能DNS
目录:
一、简介
二、服务规划
三、安装BIND及基本环境
四、配置Bind-View-DLZ-MYSQL
五、添加相关记录并进行测试
六、配置从DNS
七、补充
一、简介:
1、智能DNS(Bind-view):
智能DNS 原理很简单:在用户解析一个域名的时候的,判断一下用户使用的IP,然后跟DNS 服务器内
部的IP 表匹配一下,看看用户是电信还是网通用户,然后给用户返回对应的IP 地址。目前的域名服
务运营商不提供智能DNS 服务,所以必须自行架设DNS 服务或者使用网上免费的智能DNS 服务,如
DNSPOD.
2.Bind-DLZ
Bind-DLZ主页:http://bind-dlz.sourceforge.net/
DLZ(Dynamically Loadable Zones)与传统的BIND9不同,BIND的不足之处:
* BIND从文本文件中获取数据,这样容易因为编辑错误出现问题。
* BIND需要将数据加载到内存中,如果域或者记录较多,会消耗大量的内存。
* BIND启动时解析Zone文件,对于一个记录较多的DNS来说,会耽误更多的时间。
* 如果近修改一条记录,那么要重新加载或者重启BIND 才能生效,那么需要时间,可能会影响客户端查询。
而Bind-dlz 即将帮你解决这些问题, 对Zone文件操作也更方便了,直接对数据库操作,可以很方便扩充及开发管理程序。
二、服务规划:
1、nameserver服务器注册(需要到域名服务商那里注册)
主从dns之间实现mysql主从数据库同步:
主DNS: ns.larry.com 192.168.1.60
从DNS: ns1.larry.com 192.168.1.61
网站(cnc): www.larry.com 192.168.1.50
网站(ct): www.larry.com 192.168.1.52
网站(cmcc): www.larry.com 192.168.1.53
网站(edu): www.larry.com 192.168.1.54
网站(cc): www.larry.com 192.168.1.55
网站(cn其他): www.larry.com 192.168.1.56
注:当一个网通用户向本地DNS发www.larry.com的请求时,本地DNS会递归查询,最后把请求发给ns.larry.com这台DNS服务器上,
ns.larry.com会根据请求的用户IP所属的范围来择优选择,将www.larry.com在网通的ip返回给本地DNS.
2、Bind-view规划:
网通CNC cnc.txt
电信CT ct.txt
移动CMCC cmcc.txt
教育网EDU edu.txt
长城宽带CC cc.txt
cn其他 cn_other.txt
include "/usr/local/bind/etc/view/cnc_view.conf";
include "/usr/local/bind/etc/view/ct_view.conf";
include "/usr/local/bind/etc/view/cmcc_view.conf";
include "/usr/local/bind/etc/view/edu_view.conf";
include "/usr/local/bind/etc/view/cn_other_view.conf";
include "/usr/local/bind/etc/view/cn_cc_view.conf";
include "/usr/local/bind/etc/view/other_view.conf";(ip库里面没有的IP,单独划分区域)
IP库及ACL,如果你有比较详细的按城市或者地域的IP库,在设计BIND-VIEW这个字段的时候,VIEW就可以以城市或地区来命名和规划.
三、安装BIND及基本环境:
1、安装mysql:
wget http://soft.vpser.net/datebase/mysql/mysql-5.1.54.tar.gz
groupadd mysql
useradd -g mysql -s /sbin/nologin -M mysql
tar zxvf mysql-5.1.54.tar.gz
cd mysql-5.1.54
./configure --prefix=/usr/local/mysql/ --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client -with-big-tables --with-readline --with-ssl --
with-embedded-server --enable-local-infile --with-plugins=partition,innobase,myisammrg
make && make install
chown mysql:mysql -R /usr/local/mysql/
/usr/local/mysql/bin/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql
cd /usr/local/mysql/
cp share/mysql/my-medium.cnf? /etc/my.cnf
cp share/mysql/mysql.server? /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig? --add mysqld
sed -i ‘s/skip-locking/skip-external-locking/g‘ /etc/my.cnf
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
echo "/usr/local/lib" >>/etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
/usr/local/mysql/bin/mysqld_safe --defaults-file=/etc/my.cnf --user=mysql &
echo ‘export PATH=$PATH:/usr/local/mysql/bin‘ >>/etc/profile
source /etc/profile
/etc/init.d/mysql start
/usr/local/mysql/bin/mysqladmin -u root password 123456
2、编译安装bind:
wget http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz
tar zxvf bind-9.6.0-P1.tar.gz
cd bind-9.6.0-P1
./configure --with-dlz-mysql --enable-largefile --enable-threads=no --prefix=/usr/local/bind --disable-openssl-version-check
make && make install
创建相关配置文件:
cd /usr/local/bind/etc/
../sbin/rndc-confgen >rndc.conf
tail -n10 rndc.conf | head -n9 | sed -e s/#\//g >named.conf
vim localhost.zone
ttl 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
dig >named.root(需要连接外网)
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25148
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 408518 IN NS f.root-servers.net.
. 408518 IN NS g.root-servers.net.
. 408518 IN NS h.root-servers.net.
. 408518 IN NS i.root-servers.net.
. 408518 IN NS j.root-servers.net.
. 408518 IN NS k.root-servers.net.
. 408518 IN NS l.root-servers.net.
. 408518 IN NS m.root-servers.net.
. 408518 IN NS a.root-servers.net.
. 408518 IN NS b.root-servers.net.
. 408518 IN NS c.root-servers.net.
. 408518 IN NS d.root-servers.net.
. 408518 IN NS e.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 585058 IN A 198.41.0.4
a.root-servers.net. 153174 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 15676 IN A 192.228.79.201
c.root-servers.net. 20756 IN A 192.33.4.12
d.root-servers.net. 494933 IN A 128.8.10.90
d.root-servers.net. 153058 IN AAAA 2001:500:2d::d
e.root-servers.net. 21330 IN A 192.203.230.10
f.root-servers.net. 325589 IN A 192.5.5.241
f.root-servers.net. 325589 IN AAAA 2001:500:2f::f
g.root-servers.net. 249133 IN A 192.112.36.4
h.root-servers.net. 494933 IN A 128.63.2.53
h.root-servers.net. 494933 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 325589 IN A 192.36.148.17
i.root-servers.net. 325589 IN AAAA 2001:7fe::53
;; Query time: 5 msec
;; SERVER: 211.157.97.1#53(211.157.97.1)
;; WHEN: Thu Jun 9 15:58:52 2011
;; MSG SIZE rcvd: 512
named.conf内容如下:
key "rndc-key" {
algorithm hmac-md5;
secret "q6nZpVLNzIor85SFx4hvog==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel query_log {
file "/var/log/named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category queries {
query_log;
};
};
options {
directory "/usr/local/bind/etc";
pid-file "named.pid";
allow-query { any; };
listen-on {192.168.1.60;};
listen-on {127.0.0.1;};
};
acl "dns-ip-list"{
192.168.1.60; #master DNS IP
192.168.1.61; #slave DNS IP
};
###########EM_ip_base#########
#CNC_ip_base
include "/usr/local/bind/etc/ip_base/cnc.txt";
#CT_ip_base
include "/usr/local/bind/etc/ip_base/ct.txt";
#CMCC_ip_base
include "/usr/local/bind/etc/ip_base/cmcc.txt";
#EDU_ip_base
include "/usr/local/bind/etc/ip_base/edu.txt";
#CC_ip_base
include "/usr/local/bind/etc/ip_base/cn_cc.txt";
#CN_Other_ip_base
include "/usr/local/bind/etc/ip_base/cn_other.txt";
############Bind-view##########
include "/usr/local/bind/etc/view/cnc_view.conf";
include "/usr/local/bind/etc/view/ct_view.conf";
include "/usr/local/bind/etc/view/cmcc_view.conf";
include "/usr/local/bind/etc/view/edu_view.conf";
include "/usr/local/bind/etc/view/cn_other_view.conf";
include "/usr/local/bind/etc/view/cn_cc_view.conf";
include "/usr/local/bind/etc/view/other_view.conf";
配置各个服务商的对应的ACL:
#cat cn_other.txt (在此之举一个例子)
acl cn_other{
47.154.0.0/16;
47.153.128.0/17;
58.14.0.0/15;
58.24.0.0/15;
58.30.0.0/15;
58.60.0.0/14;
58.66.232.0/21;
58.67.128.0/21;
58.82.100.0/24;
58.82.96.0/22;
58.82.102.0/23;
};
四、配置Bind-View-DLZ-MYSQL:
1、配置view.conf
在此只列出下长城宽带对应的view:
vim /usr/local/bind/etc/view/cn_cc_view.conf
view "CN_CC_view" {
match-clients { CN_CC;dns-ip-list;};
dlz "Mysql zone" {
database "mysql
{host=127.0.0.1 dbname=cdn_view ssl=false port=3306 user=cdn pass=cdn123 }
{select zone from DNS_CC where zone = ‘%zone%‘ and view = ‘CN_CC‘ limit 1 }
{select ttl, type, mx_priority, case when lower(type)=‘txt‘ then concat(‘\"‘, data,
‘\"‘) when lower(type) = ‘soa‘ then concat_ws(‘ ‘, data, resp_person, serial,
refresh, retry, expire, minimum) else data end as mydata from DNS_CC where zone
= ‘%zone%‘ and host = ‘%record%‘ and (view = ‘CN_CC‘ or view = ‘CDN‘)}
{}
{select ttl, type, host, mx_priority, case when lower(type)=‘txt‘ then concat(‘\"‘,
data, ‘\"‘) else data end as mydata, resp_person, serial, refresh, retry, expire,
minimum from DNS_CC where zone = ‘%zone%‘ and view=‘CN_CC‘}
{select zone from xfr_table where zone = ‘%zone%‘ and client = ‘%client%‘ and
view=‘CN_CC‘ limit 1}
{update data_count set count = count + 1 where zone =‘%zone%‘ and view=‘CN_CC‘}";
};
};
2、DLZ相关数据库表结构建立(仅以DNS_CC为例)
mysql>create database cdn_view; //创建数据库名为cdn_view与view中的dbname对应
mysql>use cdn_view;
CREATE TABLE `DNS_CC` (
`id` int(10) unsigned NOT NULL auto_increment,
`zone` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL default ‘@‘,
`type` enum(‘MX‘,‘CNAME‘,‘NS‘,‘SOA‘,‘A‘,‘PTR‘) NOT NULL,
`data` varchar(255) default NULL,
`ttl` int(11) NOT NULL default ‘600‘,
`view` char(20) default ‘EM‘,
`mx_priority` int(11) default NULL,
`refresh` int(11) NOT NULL default ‘600‘,
`retry` int(11) NOT NULL default ‘3600‘,
`expire` int(11) NOT NULL default ‘86400‘,
`minimum` int(11) NOT NULL default ‘3600‘,
`serial` bigint(20) NOT NULL default ‘2011061200‘,
`resp_person` varchar(64) NOT NULL default ‘root.domain.com.‘,
`primary_ns` varchar(64) NOT NULL default ‘ns1.domain.com.‘,
`data_count` int(11) NOT NULL default ‘0‘,
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=gbk;
3、查看表结构
desc dns_records 查看数据库的表结构
4、启动bind服务
#ln -s /usr/local/mysql/lib/mysql/libmysqlclient.so.16 /usr/lib/
#ldconfig
#/usr/local/bind/sbin/named -uroot -g -d 9 //调试状态,如果没有报错说明环境配置正确。
做成启动服务. Debug的时候多用此模式启动bind. ,如果没问题,杀掉进程使用下面的命令启
动服务
# /usr/local/bind/sbin/rndc reload 重载named.conf相关配置文件.
# /usr/local/bind/sbin/named -uroot -c /usr/local/bind/etc/named.conf 启动bind 服务.
五、添加相关记录并进行测试
--SOA
INSERT INTO `DNS_CC` (`zone`, `host`, `type`, `data`, `ttl`,`mx_priority`,
`refresh`, `retry`, `expire`, `minimum`, `serial`, `resp_person`, `primary_ns`,
`data_count`) VALUES
(‘larry.com‘, ‘@‘, ‘SOA‘, ‘ns.larry.com.‘, 10, NULL, 600, 3600, 86400,
10, 2011061200, ‘sys.larry.com.‘, ‘ns.larry.com.‘, 0);
--@ NS
INSERT INTO `DNS_CC` (`zone`, `host`, `type`, `data`) VALUES
(‘larry.com‘, ‘@‘, ‘NS‘, ‘ns.larry.com.‘),
(‘larry.com‘, ‘@‘, ‘NS‘, ‘ns1.larry.com.‘);
--NS A
INSERT INTO `DNS_CC` (`zone`, `host`, `type`, `data`) VALUES
(‘larry.com‘, ‘ns‘, ‘A‘, ‘192.168.1.60‘),
(‘larry.com‘, ‘ns1‘, ‘A‘, ‘192.168.1.61‘);
--A
INSERT INTO `DNS_CC` (`zone`, `host`, `type`, `data`, `ttl`, `view`) VALUES
(‘larry.com‘, ‘www‘, ‘A‘, ‘192.168.1.55‘, 600, ‘CN_CC‘);
--CNAME
INSERT INTO DNS_CC (zone,host,type,DATA,view) VALUES
(‘larry.com‘, ‘bbs‘, ‘CNAME‘, ‘www‘,‘CN_CC‘);
2、测试。试着换客户ip 来解析就能解析出不同的地址
通过dig @192.168.1.60 www.larry.com测试
六、配置从DNS:
1、安装mysql(略)
2、安装bind配置和主的一样,可以通过rsync同步过来。
3、Mysql主从复制:
1)Master 配置
创建同步用户
mysql -u root
mysql>UNLOCK TABLES;
mysql>GRANT ALL PRIVILEGES ON *. TO ‘larry‘@‘%‘ IDENTIFIED BY ‘larrypasswd‘ WITH
GRANT OPTION;
mysql>exit
修改配置文件,并打包var文件到Slave 端
vim /etc/my.cnf
[mysqld] 在mysqld 里添加如下几项
long_query_time = 5
expire_logs_days= 3
binlog-do-db=cdn_view ==>要同步的数据库
binlog-ignore-db=mysql ==>不同步的数据库
binlog_format=mixed
server-id = 12760 ==>同一个网络唯一
mysqladmin -u root -S /tmp/mysql.sock shutdown 重启mysql
/usr/local/mysql/bin/mysqld_safe --defaults-file=/etc/my.cnf &
2)Slave配置:
将my.cnf 中的server-id=1 改成12761
#log-bin=mysql-bin //注释掉这两行。
#binlog_format=mixed //修改成如下内容
server-id = 12761
replicate-do-db=cdn_view
replicate-ignore-db=mysql
log-slave-updates
slave-skip-errors=all
slave-net-timeout=60
mysqladmin -u root -S /tmp/mysql.sock shutdown //重启Mysql
/usr/local/mysql/bin/mysqld_safe --defaults-file=/etc/my.cnf &
msql -u root
mysql>CHANGE MASTER TO
MASTER_HOST=‘192.168.1.60‘, //Master IP
MASTER_USER=‘larry‘, //用户
MASTER_PASSWORD=‘larrypasswd‘, //密码
MASTER_LOG_FILE=‘mysql-bin.000002‘,
MASTER_LOG_POS=2272;
以上两行必须按照Master 端的master 状态写show master status;
3)验证:
dig @192.168.1.60 www.larry.com
dig @192.168.1.61 www.larry.com
在Master端修改A记录的IP地址,看从是否有变化,如果变化一致说明mysql主从复制成功。
七、根据职能DNS可以轻松实现企业DNS功能,同时还可以结合Squid,Nginx,Varnish打造CDN架构。下次整理下主从智能DNS的负载均衡实验。
--------------------------------------------------------
为了方便安装和使用bind +mysql +webdns(php)
特制作了相关RPM包和安装源.有用的到的同学.请使用本人的源做为更新.
如果担心源是否安全.则自行参考官方和网上资料安装.
本程序只供交流使用,不做任何商业用途.
bind+mysql 环境为centos 5.x 64位(64位编译会提示找不到数据库.已经修改configure.in解决). 使用系统自身的mysql-server mysql-devel相关库和软件.安装过程会解决依赖关系.
webdns(php)是从bbs.linuxtone.org官方bbs中拿出来的.无做任何修改.并保留版权.
更多信息,请参考 :
http://www.selfcai.com.cn/rpm/a.html
首先下载Blog官方yum源:
wget http://www.selfcai.com.cn/rpm/yingcai-release-1.0-2.noarch.rpm
rpm -ivh yingcai-release-1.0-2.noarch.rpm
接着yum更新软件包
yum install bind-cdn web-dns
下载完成并安装后.会有相关提示
第一步.导入bind+mysql的views数据库
进入bind的etc目录
接着先进入mysql建一个数据库.名字为cdn,然后执行导入(建议新建一个用户,指定cdn数据库的权限.更为安全)
如果是新安装的mysql.则先给mysql设定一个root密码
mysqladmin -uroot password ‘123456′
mysql -uroot -p cdn
完成后修改view.conf中的查询数据库的用户名和密码
完成后.先测试bind+dlz是否正常工作(以debug方式调试并输出)
/usr/local/bind/sbin/named -g -u apache
这里以apache 身份为运行.(rpm包中指定身份为apache),在init 启动脚本中也为apache.
如果童鞋不喜欢.刚可以按自己的要求修改
OK.看到如下,表明成功了.
按一下crontl +c 结束.以init方式启动
接下来.导入webdns(php)管理的数据库().开启web管理操作.
按rpm包的常规管理web的方式.把安装路径定在了 /usr/share/web-dns下.
cd /usr/share/web-dns
mysql -uroot -p cdn
把web界面管理的数据导入到cdn数据库中.
rpm包安装完成后.会生成一个/etc/httpd/conf.d/web-dns.conf
内容如下:
Alias /dns /usr/share/web-dns
Order Allow,Deny
Allow from all
AllowOverride All
对此不满意的同学可以修改为Vhost的方式.方便您的域名使用
OK.完成后启动apache
http://xxx.xxx.xxx.xxx/dns
---------------------------------------------------------
http://wenku.baidu.com/view/8028d0d7c1c708a1284a444b.html
http://bbs.linuxtone.org/thread-6236-1-1.html
mysql-bind-0-1.tgz http://sourceforge.net/projects/mysql-bind/
DNSDusty
http://www.oschina.net/p/dnsdusty
Bind+DLZ构建企业智能DNS