智能DNS的安装

转载FROM:http://blog.chinaunix.net/uid-20639775-id-288056.html

目录

一、相关术语简介

二、智能DNS系统服务规划

三、MYSQLReplication及添加GoogleTCMALLOC库降低系统负载

四、安装配置Bind-DLZ 及 相关脚本

五、测试Bind-DLZ相关总 结

 

一、相关术语简 介:


1、智能DNSBind-view
智能DNS的原理很简单:在用户解析一个域名的时候,判断一下用户 的IP,然后跟DNS服务器内部的IP表匹配一下,看看用户是电信还是网通用户,然后给用户返回对应的IP地址。目前的域名服务运营商不提供智能DNS服务,所以必须自行架设DNS服务或者使用网上免费的智能DNS服务,如DNSPOD.

2Bind-DLZ
Bind-DLZ主页:http://bind-dlz.sourceforge.net/
DLZ(Dynamically Loadable Zones)与传统的BIND9不同,BIND的不足之处:
* BIND从文本文件中获取数据,这样容易因为编辑错误出现问题。
* BIND需要将数据加载到内存中,如果域或者记录较多,会消耗大量的内存。
* BIND启动时解析Zone文件,对于一个记录较多的DNS来说,会耽误更多的时间。
* 如果近修改一条记录,那么要重新加载或者重启BIND才能生 效,那么需要时间,可能会影响客户端查询。
而Bind-dlz 即将帮你解决这些问题, 对Zone文件操作也更方便了,直接对数据库操作,可以很方
便扩充及开发管理程序。

 

 

二、     智能DNS系统服务规划

1.   NameServer服务器注册(到新网或者万网后台添加)

ns2.zhang.com  192.168.3.203
ns1.zhang.com  192.168.100.221
NS1是master ,NS2是slave。两者数据通过mysql来同步。
 

2.   测试NS记录是否生效

#dig www.zhang.com

#dig www.zhang.com +trace

 

3.   Bind-View规划

www.zhang.com 网通 (CNC)  192.168.100.224

www.zhang.com 电信(TELECOM) 192.168.100.225

www.zhang.com 教育网(EDU) 192.168.100.226

www.zhang.com 移动(ANY) 192.168.100.227

 

三、 Mysql的安装和主从的配置

 

关于mysql的安装以及主从的配置请参考:

http://blog.chinaunix.net/space.php?uid=20639775&do=blog&id=154497

http://blog.chinaunix.net/space.php?uid=20639775&do=blog&id=154420

 

 

四、安装配置Bind-DLZ 及 相关脚本

1.安装bind

#mkdir /usr/local/src/bind-dlz
#cd /usr/local/src/bind-dlz
#wget http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz
#tar zxvf bind-9.6.0-P1.tar.gz

#cd bind-9.6.0-P1
# ./configure --with-dlz-mysql=/usr/local/mysql/ --enable-largefile --enable-threads=no --prefix=/usr/local/bind --disable-openssl-version-check

#make && make install


 

2.创建相关配置文件

cd /usr/local/bind/etc
../sbin/rndc-confgen >rndc.conf
tail -n10 rndc.conf | head -n9 | sed -e s/#\//g >named.conf

# vi localhost.zone

ttl 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.

# dig >named.root
#vi named.conf 在后面加入如下:

include"/usr/local/bind/etc/cnc_acl.conf"; //网通ACL
include "/usr/local/bind/etc/telecom_acl.conf"; //电信ACL
include "/usr/local/bind/etc/edu_acl.conf"; //教育网ACL
include "/usr/local/bind/etc/view.conf"; //DLZ相关的配

 

3、配置DNSTSIG

  • 使用dnssec-keygenfunction 产生加密密钥,一个为public key,另一个为private key,本文假设应用服务器存在CNC,TELECOM,EDU,ANY

(1)产生加密金钥

#cd /usr/local/bind/sbin

#./dnssec-keygen -a hmac-md5 -b 128 -n HOST cnc

#./dnssec-keygen -a hmac-md5 -b 128 -n HOST telecom

#./dnssec-keygen -ahmac-md5 -b 128 -n HOST edu
#./dnssec-keygen -a hmac-md5 -b 128 -n HOST any


(2)查看生成的密钥文件

# cat Kcnc.+157+24406.private //以网通为例.

Private-key-format: v1.2

Algorithm: 157 (HMAC_MD5)

Key: YTjTOw00PzeEaasA16/Rvw==

Bits: AAA=

将:YTjTOw00PzeEaasA16/Rvw== 加入到named.conf,其它同例。

详细请参照named.conf配 置文件

Ø  配置named.conf
 

#vi /usr/local/bind/etc/named.conf
 

key "rndc-key" {

        algorithm hmac-md5;

        secret "gu0hQjfMt1+zBJbjQegTww==";

 };

 

 controls {

        inet 127.0.0.1 port 953

                allow { 127.0.0.1; } keys { "rndc-key"; };

 };

 

logging {

   channel warning {

    file "/var/log/bind/dns_warning" versions 3 size 1240k;

    severity warning;

    print-category yes;

    print-severity yes;

    print-time yes;

   };

   channel general_dns {

       file "/var/log/bind/dns_log" versions 3 size 1240k;

       severity info;

       print-category yes;

       print-severity yes;

       print-time yes;

   };

   category default {

       warning;

   };

   category queries {

       general_dns;

   };

};

 

#

options {

directory "/usr/local/bind/etc";

pid-file "named.pid";

};

 

 

#TSIG-key

key "cnc" {

        algorithm hmac-md5;

        secret "XA7Xp3G9vwBmSafyl+swiQ==";

 };

 

key "telecom" {

        algorithm hmac-md5;

        secret "rGJVJRLv7rNm0aoI+rw1Wg==";

 };

 

key "edu" {

        algorithm hmac-md5;

        secret "bbx8zD5DoFRyDz5Xb0wBWw==";

 };

 

key "any" {

        algorithm hmac-md5;

        secret "s16dv4VdR/BzEsxKjyDzOg==";

 };

 

 

#acl

acl "dns-ip-list"{

  192.168.100.203; #master DNS IP

  192.168.100.221; #slave DNS IP

};

 

#acl include

include "/usr/local/bind/etc/cnc_acl.conf";

include "/usr/local/bind/etc/telecom_acl.conf";

include "/usr/local/bind/etc/edu_acl.conf";

include "/usr/local/bind/etc/view.conf";

 

Ø  配置view.conf

#vi /usr/local/bind/etc/view.conf

#cnc-view

view "cnc_view" {

 

 match-clients           { key cnc;dns-ip-list;CNC; };

 allow-query-cache       { none; };

 allow-recursion         { none; };

 allow-transfer          { none; };

 recursion               no;

   

   dlz "Mysql zone" {

   database "mysql

   {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

   {select zone from dns_records where zone = '%zone%' and view='CNC' limit 1}

   {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'CNC' or view = 'DF')}

   {}

   {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view='CNC'}

   {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='CNC' limit 1}

   {update data_count set count = count + 1 where zone ='%zone%' and view='CNC'}";

   };

 

   zone "." IN {

      type hint;

      file "named.root";

      };

};

 

#telecom-view

view "telecom_view" {

 

 match-clients           { key telecom;dns-ip-list;TELECOM; };

 allow-query-cache       { none; };

 allow-recursion         { none; };

 allow-transfer          { none; };

 recursion               no;

    dlz "Mysql zone" {

   database "mysql

   {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

   {select zone from dns_records where zone = '%zone%' and view = 'TEL' limit 1}

   {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'TEL' or view = 'DF')}

   {}

   {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view = 'TEL'}

   {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='TEL' limit 1}

   {update data_count set count = count + 1 where zone ='%zone%' and view = 'TEL'}";

   };

 

};

 

#edu_view

view "edu_view" {

 

 match-clients           { key edu;dns-ip-list;EDU; };

 allow-transfer          { none; };

 recursion               no;

 

   dlz "Mysql zone" {

   database "mysql

   {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

   {select zone from dns_records where zone = '%zone%' and view='EDU' limit 1}

    {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'EDU' or view = 'DF')}

   {}

   {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view='EDU'}

   {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='EDU' limit 1}

   {update data_count set count = count + 1 where zone ='%zone%' and view='EDU'}";

   };

};

 

#any_view

view "any_view" {

 

 match-clients           { key any;dns-ip-list;ANY; };

 allow-query-cache       { none; };

 allow-recursion         { none; };

 allow-transfer          { none; };

 recursion               no;

 

   dlz "Mysql zone" {

   database "mysql

   {host=localhost dbname=dns_view ssl=false port=3306 user=root pass=123456 }

   {select zone from dns_records where zone = '%zone%' and view='ANY' limit 1}

   {select  ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then  concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '%zone%' and host = '%record%' and (view = 'ANY' or view = 'DF')}

   {}

   {select  ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view='ANY'}

   {select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='ANY' limit 1}

   {update data_count set count = count + 1 where zone ='%zone%'}";

   };

};

 

Ø  配置cnc_acl.conf、telecom_acl.conf、edu_acl.conf

至于这些文件的配置,请访问

http://www.lbase.net/ISPIPInfo.aspx //自己用脚步处理下

 

Ø  需要用到的sql语句:

 

 

CREATE DATABASE dns_view;

 

USE dns_view;

-- ----------------------------

-- Table structure for data_count

-- ----------------------------

DROP TABLE IF EXISTS `data_count`;

CREATE TABLE `data_count` (

  `zone` text NOT NULL,

  `count` bigint(20) default '0',

  `view` char(20) default 'DF',

  KEY `data_count_index` (`zone`(30))

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

 

-- ----------------------------

-- Table structure for dns_records

-- ----------------------------

DROP TABLE IF EXISTS `dns_records`;

CREATE TABLE `dns_records` (

  `id` int(10) unsigned NOT NULL auto_increment,

  `zone` varchar(255) NOT NULL,

  `host` varchar(255) NOT NULL default '@',

  `type` enum('MX','CNAME','NS','SOA','A','AAAA','PTR') default NULL,

  `data` varchar(255) default NULL,

  `ttl` int(11) NOT NULL default '800',

  `view` char(20) default 'DF',

  `mx_priority` int(11) default NULL,

  `refresh` int(11) NOT NULL default '3600',

  `retry` int(11) NOT NULL default '3600',

  `expire` int(11) NOT NULL default '86400',

  `minimum` int(11) NOT NULL default '3600',

  `serial` bigint(20) NOT NULL default '2008082700',

  `resp_person` varchar(64) NOT NULL default 'root.domain.com.',

  `primary_ns` varchar(64) NOT NULL default 'ns1.domain.com.',

  `data_count` int(11) NOT NULL default '0',

  PRIMARY KEY  (`id`),

  KEY `type` (`type`),

  KEY `host` (`host`),

  KEY `zone` (`zone`)

) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;

 

 

-- ----------------------------

-- Table structure for xfr_table

-- ----------------------------

DROP TABLE IF EXISTS `xfr_table`;

CREATE TABLE `xfr_table` (

  `view` enum('CNC','TELECOM','EDU','CRTC','ANY') NOT NULL,

  `zone` varchar(255) default NULL,

  `client` varchar(255) default NULL,

  KEY `zone_client_index` (`zone`(30),`client`(30))

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

 

-- ----------------------------

-- Records

-- ----------------------------

 

 

INSERT INTO `dns_records` VALUES ('1', 'zhang.com', '@', 'SOA', 'ns1.zhang.com.', '10', 'DF', null, '3600', '3600', '86400', '10', '2008082700', 'root.zhang.com.', 'ns1.zhang.com.', '0');

INSERT INTO `dns_records` VALUES ('2', 'zhang.com', '@', 'NS', 'ns1.zhang.com.', '800', 'DF', '0', '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

INSERT INTO `dns_records` VALUES ('3', 'zhang.com', '@', 'NS', 'ns2.zhang.com.', '800', 'DF', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

INSERT INTO `dns_records` VALUES ('4', 'zhang.com', 'ns1', 'A', '192.168.3.203', '800', 'DF', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

INSERT INTO `dns_records` VALUES ('5', 'zhang.com', 'ns2', 'A', '192.168.100.221', '800', 'DF', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.224', '3600', 'CNC', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.225 ', '3600', 'TELECOM', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.226', '3600', 'EDU', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

INSERT INTO `dns_records` VALUES ('8', 'zhang.com', 'www', 'A', '192.168.100.227', '3600', 'AYN', null, '3600', '3600', '86400', '3600', '2008082700', 'root.domain.com.', 'ns1.domain.com.', '0');

 


 

Ø  Bind 启动脚本

#!/bin/bash

#start/stop/restart/reload/status

case "$1" in

start)

if [ -x/usr/local/bind/sbin/named ]; then

/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -u root

echo "BIND9-named server started"

fi

;;

stop)

kill `cat /usr/local/bind/etc/named.pid` && echo . && echo 'BIND9 serverstopped'

;;

restart)

echo .

echo "Restart BIND9 server"

$0 stop

sleep 10

$0 start

;;

reload)

/usr/local/bind/sbin/rndc reload

;;

status)

/usr/local/bind/sbin/rndc status

;;

*)

echo"$0 start | stop | restart |reload |status"

;;

Esac

 

 

./bind.sh start 启动bind;

./bind.sh stop停止bind;
./bind.sh reload #重载配置文件

# /usr/local/bind/sbin/named -uroot -g -d 9 //调试状态,如果没有报错说明环境配置正确。

 

 

 

五、 智能DNS的测试

 

由于是在虚拟机上测试,因此,智能模拟dns查询场景,找一台192.168.100.0/24网段的机器和一台192.168.3.0/24网段的机器,更改文件

vi /etc/resolv.conf 添加如下一行

nameserver 192.168.3.203

然后运行nslookup www.zhang.com ,看返回的IP是?

将该网段添加到cnc_acl.conftelecom_acl.confedu_acl.conf,重启dns,再次运行

nslookup www.zhang.com,看返回的IP是否不同

posted @ 2012-02-27 14:52  痞子过  阅读(354)  评论(0编辑  收藏  举报