Bind+DLZ+MySql构建企业智能DNS

<一>前言

1. 智能DNS(Bind-view):

智能DNS 原理很简单:在用户解析一个域名的时候的,判断一下用户使用的IP,然后跟DNS 服务器内部的IP 表匹配一下,看看用户是电信还是网通用户,然后给用户返回对应的IP 地址。目前的域名服务运营商不提供智能DNS 服务,所以必须自行架设DNS 服务或者使用网上免费的智能DNS 服务,如DNSPOD.

2.Bind-DLZ

Bind-DLZ主页:http://bind-dlz.sourceforge.net/

DLZ(Dynamically Loadable Zones)与传统的BIND9不同,BIND的不足之处:

* BIND从文本文件中获取数据,这样容易因为编辑错误出现问题。

* BIND需要将数据加载到内存中,如果域或者记录较多,会消耗大量的内存。

* BIND启动时解析Zone文件,对于一个记录较多的DNS来说,会耽误更多的时间。

* 如果近修改一条记录,那么要重新加载或者重启BIND 才能生效,那么需要时   间,可能会影响客户端查询。而Bind-dlz 即将帮你解决这些问题, 对Zone文件操作也更方便了,直接对数据库操作,可以很方便扩充及开发管理程序。

3. DLZ(可动态加载的区域)是BIND9的一个补丁,它能简化BIND的管理和减少内存使用量和启动时间。也可以让数据存储在数据库中。与使用脚本时,改变你的数据库会立即反映在BIND的响应DNS查询,所以没有必要重新加载或重新启动BIND。

<二>搭建环境

系统要求:

CentOS6.4 32位系统

所需软件包:

mysql-5.5.15-linux2.6-i686.tar.gz

bind-9.8.6-P1.tar.gz

拓扑图:

wKiom1LZ8KXgbJitAAEc20DV7Jo960.jpg

设备要求:

防火墙 H3C F100-C

地址规划:

DNS服务器 192.168.2.200/24

H3C防火墙

eth0/0 192.168.2.254/24

eth0/1 61.130.130.1/24

PC1-IP   61.130.130.100/24

PC1-DNS  61.130.130.1

<三>配置mysql

[root@localhost ~]# tar -zxvf mysql-5.5.15-linux2.6-i686.tar.gz -C /usr/local/

[root@localhost ~]# cd /usr/local/

[root@localhost local]# ll

drwxr-xr-x. 13 root root 4096 Jan 15 22:18 mysql-5.5.15-linux2.6-i686

[root@localhost local]# ln -s mysql-5.5.15-linux2.6-i686/ mysql

[root@localhost local]# ll

lrwxrwxrwx.  1 root root   27 Jan 15 22:20 mysql -> mysql-5.5.15-linux2.6-i686/

drwxr-xr-x. 13 root root 4096 Jan 15 22:18 mysql-5.5.15-linux2.6-i686

[root@localhost local]# cd

[root@localhost ~]# groupadd mysql

[root@localhost ~]# useradd -r -g mysql mysql

[root@localhost ~]# cd /usr/local/mysql

[root@localhost mysql]# chown -R mysql .

[root@localhost mysql]# chgrp -R mysql .

[root@localhost mysql]# scripts/mysql_install_db --user=mysql  //初始mysql

[root@localhost mysql]# cp support-files/my-medium.cnf /etc/my.cnf

cp: overwrite `/etc/my.cnf'? y

[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld  //mysql脚本

[root@localhost mysql]# chmod a+x /etc/init.d/mysqld

[root@localhost mysql]# service mysqld start

Starting MySQL... SUCCESS!

[root@localhost mysql]# netstat -tupln |grep 3306

tcp        0      0 0.0.0.0:3306       0.0.0.0:*     LISTEN      6421/mysqld        

[root@localhost mysql]# chkconfig --add mysqld

[root@localhost mysql]# chkconfig mysqld on     //开机即启动

[root@localhost mysql]# vi /etc/profile         //方便系统调用mysql工具

wKiom1LY6YngMBt1AAAvZ7Vp1h8667.jpg

[root@localhost mysql]# . /etc/profile         //重新读取

[root@localhost mysql]# mysql     //能正常进入

mysql> \q

Bye

[root@localhost mysql]# mysqladmin -u root -p password '123'  //创建mysql密码

Enter password:                 //此处回车即可,意思是让输入上次mysql的密码。

[root@localhost mysql]# mysql -u root -p

Enter password:

mysql> \q

Bye


<四>配置bind

[root@localhost ~]#tar -zxvf bind-9.8.6-P1.tar.gz -C /usr/local/src/

[root@localhost ~]# cd /usr/local/src/

[root@localhost src]# ll

drwxrwxr-x. 12 10132 wheel 4096 Oct 15 17:09 bind-9.8.6-P1

[root@localhost src]# cd bind-9.8.6-P1/

//执行编译和安装

[root@localhost bind-9.8.6-P1]# ./configure --prefix=/usr/local/bind9 --with-dlz-mysql=/usr/local/mysql --enable-threads=no --disable-openssl-version-check

[root@localhost bind-9.8.6-P1]# make && make install

[root@localhost bind-9.8.6-P1]# cd

[root@localhost ~]# cd /usr/local/bind9/sbin/

[root@localhost sbin]# ./rndc-confgen -a       //1.产生钥匙文件;

wrote key file "/usr/local/bind9/etc/rndc.key"

[root@localhost sbin]# cd ../etc

[root@localhost etc]# ll

-rw-r--r--. 1 root root 2389 Jan 15 23:08 bind.keys

-rw-------. 1 root root   77 Jan 15 23:13 rndc.key

[root@localhost etc]# cd ../sbin/

[root@localhost sbin]# ./rndc-confgen >../etc/named.conf   //2.产生DNS配置文件(name.conf)

[root@localhost ~]# cd /usr/local/bind9/etc/

[root@localhost etc]# ll

-rw-r--r--. 1 root root 2389 Jan 15 23:08 bind.keys

-rw-r--r--. 1 root root  479 Jan 15 23:14 named.conf

-rw-------. 1 root root   77 Jan 15 23:13 rndc.key

[root@localhost etc]# vi named.conf   //添加2-7,14-18和33-54行内容

 2 acl "lan" {

 3 192.168.2.0/24;

 4 };

 5 acl "wan" {

 6 61.130.130.0/24;

 7 };


13 options {

14         directory "/usr/local/bind9/etc/";

15         pid-file "/usr/local/bind9/var/run/named.pid";

16         allow-query { any; };

17         recursion no;

18         version "gaint-d1";

19 };


33 view "lan-view" {

34         match-clients {lan;};

35         dlz "Mysql zone" {

36         database "mysql

37         {host=127.0.0.1 dbname=mydata ssl=false user=root pass=123}

38         {select zone from lan_dns_records where zone='$zone$'}

39         {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')

40         when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)

41         else data end from lan_dns_records where zone='$zone$' and host='$record$'}";

42         };

43         };

44 view "wan-view" {

45         match-clients {wan;};

46         dlz "Mysql zone" {

47         database "mysql

48         {host=127.0.0.1 dbname=mydata ssl=false user=root pass=123}

49         {select zone from wan_dns_records where zone='$zone$'}

50         {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')

51         when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)

52         else data end from wan_dns_records where zone='$zone$' and host='$record$'}";

53         };

54         };

[root@localhost etc]# mysql -u root -p     //配置mysql

Enter password:

mysql> create database mydata;             //创建数据库mydata

mysql> use mydata;

mysql> create table lan_dns_records (      //创建lan_dns_records表

   -> zone varchar (255),

   -> host varchar (255),

   -> type varchar (255),

   -> data varchar (255),

   -> ttl int(11),

   -> mx_priority varchar (255),

   -> refresh int(11),

   -> retry int(11),

   -> expire int(11),

   -> minimum int(11),

   -> serial bigint(20),

   -> resp_person varchar (255),

   -> primary_ns varchar (255)

   -> );

mysql> create table wan_dns_records (       //创建wan_dns_records表

   -> zone varchar (255),

   -> host varchar (255),

   -> type varchar (255),

   -> data varchar (255),

   -> ttl int(11),

   -> mx_priority varchar (255),

   -> refresh int(11),

   -> retry int(11),

   -> expire int(11),

   -> minimum int(11),

   -> serial bigint(20),

   -> resp_person varchar (255),

   -> primary_ns varchar (255)

   -> );

mysql> show tables;

+------------------+

| Tables_in_mydata |

+------------------+

| lan_dns_records  |

| wan_dns_records  |

+------------------+

//在表中插入内容,内网访问www.abc.com,得到地址192.168.2.100,外网访问www.abc.com,得到地址61.130.130.1

mysql> insert into lan_dns_records (zone,host,type,data,ttl,retry) values ('abc.com','www','A','192.168.2.100','86400','15');

mysql> insert into wan_dns_records (zone,host,type,data,ttl,retry) values ('abc.com','www','A','61.130.130.1','86400','15');

mysql> select * from lan_dns_records;    

+---------+------+------+---------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+

| zone    | host | type | data          | ttl   | mx_priority | refresh | retry | expire | minimum | serial | resp_person | primary_ns |

+---------+------+------+---------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+

| abc.com | www  | A    | 192.168.2.100 | 86400 | NULL        |    NULL |    15 |   NULL |    NULL |   NULL | NULL        | NULL       |

+---------+------+------+---------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+

mysql> select * from wan_dns_records;

+---------+------+------+--------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+

| zone    | host | type | data         | ttl   | mx_priority | refresh | retry | expire | minimum | serial | resp_person | primary_ns |

+---------+------+------+--------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+

| abc.com | www  | A    | 61.130.130.1 | 86400 | NULL        |    NULL |    15 |   NULL |    NULL |   NULL | NULL        | NULL       |

+---------+------+------+--------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+

mysql> \q

Bye

[root@localhost ~]# cd /usr/local/mysql

[root@localhost mysql]# vi  /etc/ld.so.conf.d/mysql.conf

wKioL1LY6Xeg41ufAAAZ3LqHPJA870.jpg          //指明需要使用的库路径

[root@localhost mysql]# ldconfig    //刷新缓存

[root@localhost mysql]# ldconfig  -pv |grep mysql   //搜索是否存在,已存在。

libmysqlclient.so.18 (libc6) => /usr/local/mysql/lib/libmysqlclient.so.18

[root@localhost sbin]#/usr/local/bind9/sbin/named -g -d 1 -c /usr/local/bind9/etc/named.conf  //启动bind

切换终端

[root@localhost ~]# cd /usr/local/bind9/bin

[root@localhost bin]# ll

-rwxr-xr-x. 1 root root 5229715 Jan 15 23:08 dig

-rwxr-xr-x. 1 root root 5211034 Jan 15 23:08 host

-rwxr-xr-x. 1 root root    3200 Jan 15 23:08 isc-config.sh

-rwxr-xr-x. 1 root root 5211792 Jan 15 23:08 nslookup

-rwxr-xr-x. 1 root root 5172913 Jan 15 23:08 nsupdate

[root@localhost bin]# vim /etc/profile     //方便系统调用bind工具(如dig)

wKioL1LY6YuQB5NZAABIAbdKl2U860.jpg

[root@localhost bin]# . /etc/profile

[root@localhost bin]# dig www.abc.com @192.168.2.200   (内部网络解析正常)

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> www.abc.com @192.168.2.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2399

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;www.abc.com.        IN       A

;; ANSWER SECTION:

www.abc.com.      86400     IN    A      192.168.2.100

;; Query time: 7 msec

;; SERVER: 192.168.2.200#53(192.168.2.200)

;; WHEN: Thu Jan 16 05:04:57 2014

;; MSG SIZE  rcvd: 45


<五>配置H3C防火墙

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C]int eth0/0

[H3C-Ethernet0/0]ip add 192.168.2.254 24

[H3C-Ethernet0/0]int eth0/4

[H3C-Ethernet0/4]ip add 61.130.130.1 24

[H3C-Ethernet0/4]quit

[H3C]firewall zone untrust

[H3C-zone-untrust]add int eth0/4

[H3C-zone-untrust]quit

[H3C]undo insulate

[H3C]int eth0/4

[H3C-Ethernet0/4]nat server protocol udp global 61.130.130.1 53 inside 192.168.2.200 53

<六>主机测试  (外部网络解析正常)

wKiom1LYt17Aq7jgAABeRA64qlo536.jpgwKioL1LYt3PSxEaEAABeRA64qlo047.jpg


你可能感兴趣的:(1)