<一>前言
1. 智能DNS(Bind-view):
智能DNS 原理很简单:在用户解析一个域名的时候的,判断一下用户使用的IP,然后跟DNS 服务器内部的IP 表匹配一下,看看用户是电信还是网通用户,然后给用户返回对应的IP 地址。目前的域名服务运营商不提供智能DNS 服务,所以必须自行架设DNS 服务或者使用网上免费的智能DNS 服务,如DNSPOD.
2.Bind-DLZ
Bind-DLZ主页:http://bind-dlz.sourceforge.net/
DLZ(Dynamically Loadable Zones)与传统的BIND9不同,BIND的不足之处:
* BIND从文本文件中获取数据,这样容易因为编辑错误出现问题。
* BIND需要将数据加载到内存中,如果域或者记录较多,会消耗大量的内存。
* BIND启动时解析Zone文件,对于一个记录较多的DNS来说,会耽误更多的时间。
* 如果近修改一条记录,那么要重新加载或者重启BIND 才能生效,那么需要时 间,可能会影响客户端查询。而Bind-dlz 即将帮你解决这些问题, 对Zone文件操作也更方便了,直接对数据库操作,可以很方便扩充及开发管理程序。
3. DLZ(可动态加载的区域)是BIND9的一个补丁,它能简化BIND的管理和减少内存使用量和启动时间。也可以让数据存储在数据库中。与使用脚本时,改变你的数据库会立即反映在BIND的响应DNS查询,所以没有必要重新加载或重新启动BIND。
<二>搭建环境
系统要求:
CentOS6.4 32位系统
所需软件包:
mysql-5.5.15-linux2.6-i686.tar.gz
bind-9.8.6-P1.tar.gz
拓扑图:
设备要求:
防火墙 H3C F100-C
地址规划:
DNS服务器 192.168.2.200/24
H3C防火墙
eth0/0 192.168.2.254/24
eth0/1 61.130.130.1/24
PC1-IP 61.130.130.100/24
PC1-DNS 61.130.130.1
<三>配置mysql
[root@localhost ~]# tar -zxvf mysql-5.5.15-linux2.6-i686.tar.gz -C /usr/local/
[root@localhost ~]# cd /usr/local/
[root@localhost local]# ll
drwxr-xr-x. 13 root root 4096 Jan 15 22:18 mysql-5.5.15-linux2.6-i686
[root@localhost local]# ln -s mysql-5.5.15-linux2.6-i686/ mysql
[root@localhost local]# ll
lrwxrwxrwx. 1 root root 27 Jan 15 22:20 mysql -> mysql-5.5.15-linux2.6-i686/
drwxr-xr-x. 13 root root 4096 Jan 15 22:18 mysql-5.5.15-linux2.6-i686
[root@localhost local]# cd
[root@localhost ~]# groupadd mysql
[root@localhost ~]# useradd -r -g mysql mysql
[root@localhost ~]# cd /usr/local/mysql
[root@localhost mysql]# chown -R mysql .
[root@localhost mysql]# chgrp -R mysql .
[root@localhost mysql]# scripts/mysql_install_db --user=mysql //初始mysql
[root@localhost mysql]# cp support-files/my-medium.cnf /etc/my.cnf
cp: overwrite `/etc/my.cnf'? y
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld //mysql脚本
[root@localhost mysql]# chmod a+x /etc/init.d/mysqld
[root@localhost mysql]# service mysqld start
Starting MySQL... SUCCESS!
[root@localhost mysql]# netstat -tupln |grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6421/mysqld
[root@localhost mysql]# chkconfig --add mysqld
[root@localhost mysql]# chkconfig mysqld on //开机即启动
[root@localhost mysql]# vi /etc/profile //方便系统调用mysql工具
[root@localhost mysql]# . /etc/profile //重新读取
[root@localhost mysql]# mysql //能正常进入
mysql> \q
Bye
[root@localhost mysql]# mysqladmin -u root -p password '123' //创建mysql密码
Enter password: //此处回车即可,意思是让输入上次mysql的密码。
[root@localhost mysql]# mysql -u root -p
Enter password:
mysql> \q
Bye
<四>配置bind
[root@localhost ~]#tar -zxvf bind-9.8.6-P1.tar.gz -C /usr/local/src/
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# ll
drwxrwxr-x. 12 10132 wheel 4096 Oct 15 17:09 bind-9.8.6-P1
[root@localhost src]# cd bind-9.8.6-P1/
//执行编译和安装
[root@localhost bind-9.8.6-P1]# ./configure --prefix=/usr/local/bind9 --with-dlz-mysql=/usr/local/mysql --enable-threads=no --disable-openssl-version-check
[root@localhost bind-9.8.6-P1]# make && make install
[root@localhost bind-9.8.6-P1]# cd
[root@localhost ~]# cd /usr/local/bind9/sbin/
[root@localhost sbin]# ./rndc-confgen -a //1.产生钥匙文件;
wrote key file "/usr/local/bind9/etc/rndc.key"
[root@localhost sbin]# cd ../etc
[root@localhost etc]# ll
-rw-r--r--. 1 root root 2389 Jan 15 23:08 bind.keys
-rw-------. 1 root root 77 Jan 15 23:13 rndc.key
[root@localhost etc]# cd ../sbin/
[root@localhost sbin]# ./rndc-confgen >../etc/named.conf //2.产生DNS配置文件(name.conf)
[root@localhost ~]# cd /usr/local/bind9/etc/
[root@localhost etc]# ll
-rw-r--r--. 1 root root 2389 Jan 15 23:08 bind.keys
-rw-r--r--. 1 root root 479 Jan 15 23:14 named.conf
-rw-------. 1 root root 77 Jan 15 23:13 rndc.key
[root@localhost etc]# vi named.conf //添加2-7,14-18和33-54行内容
2 acl "lan" {
3 192.168.2.0/24;
4 };
5 acl "wan" {
6 61.130.130.0/24;
7 };
13 options {
14 directory "/usr/local/bind9/etc/";
15 pid-file "/usr/local/bind9/var/run/named.pid";
16 allow-query { any; };
17 recursion no;
18 version "gaint-d1";
19 };
33 view "lan-view" {
34 match-clients {lan;};
35 dlz "Mysql zone" {
36 database "mysql
37 {host=127.0.0.1 dbname=mydata ssl=false user=root pass=123}
38 {select zone from lan_dns_records where zone='$zone$'}
39 {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
40 when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
41 else data end from lan_dns_records where zone='$zone$' and host='$record$'}";
42 };
43 };
44 view "wan-view" {
45 match-clients {wan;};
46 dlz "Mysql zone" {
47 database "mysql
48 {host=127.0.0.1 dbname=mydata ssl=false user=root pass=123}
49 {select zone from wan_dns_records where zone='$zone$'}
50 {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
51 when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
52 else data end from wan_dns_records where zone='$zone$' and host='$record$'}";
53 };
54 };
[root@localhost etc]# mysql -u root -p //配置mysql
Enter password:
mysql> create database mydata; //创建数据库mydata
mysql> use mydata;
mysql> create table lan_dns_records ( //创建lan_dns_records表
-> zone varchar (255),
-> host varchar (255),
-> type varchar (255),
-> data varchar (255),
-> ttl int(11),
-> mx_priority varchar (255),
-> refresh int(11),
-> retry int(11),
-> expire int(11),
-> minimum int(11),
-> serial bigint(20),
-> resp_person varchar (255),
-> primary_ns varchar (255)
-> );
mysql> create table wan_dns_records ( //创建wan_dns_records表
-> zone varchar (255),
-> host varchar (255),
-> type varchar (255),
-> data varchar (255),
-> ttl int(11),
-> mx_priority varchar (255),
-> refresh int(11),
-> retry int(11),
-> expire int(11),
-> minimum int(11),
-> serial bigint(20),
-> resp_person varchar (255),
-> primary_ns varchar (255)
-> );
mysql> show tables;
+------------------+
| Tables_in_mydata |
+------------------+
| lan_dns_records |
| wan_dns_records |
+------------------+
//在表中插入内容,内网访问www.abc.com,得到地址192.168.2.100,外网访问www.abc.com,得到地址61.130.130.1
mysql> insert into lan_dns_records (zone,host,type,data,ttl,retry) values ('abc.com','www','A','192.168.2.100','86400','15');
mysql> insert into wan_dns_records (zone,host,type,data,ttl,retry) values ('abc.com','www','A','61.130.130.1','86400','15');
mysql> select * from lan_dns_records;
+---------+------+------+---------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+
| zone | host | type | data | ttl | mx_priority | refresh | retry | expire | minimum | serial | resp_person | primary_ns |
+---------+------+------+---------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+
| abc.com | www | A | 192.168.2.100 | 86400 | NULL | NULL | 15 | NULL | NULL | NULL | NULL | NULL |
+---------+------+------+---------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+
mysql> select * from wan_dns_records;
+---------+------+------+--------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+
| zone | host | type | data | ttl | mx_priority | refresh | retry | expire | minimum | serial | resp_person | primary_ns |
+---------+------+------+--------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+
| abc.com | www | A | 61.130.130.1 | 86400 | NULL | NULL | 15 | NULL | NULL | NULL | NULL | NULL |
+---------+------+------+--------------+-------+-------------+---------+-------+--------+---------+--------+-------------+------------+
mysql> \q
Bye
[root@localhost ~]# cd /usr/local/mysql
[root@localhost mysql]# vi /etc/ld.so.conf.d/mysql.conf
//指明需要使用的库路径
[root@localhost mysql]# ldconfig //刷新缓存
[root@localhost mysql]# ldconfig -pv |grep mysql //搜索是否存在,已存在。
libmysqlclient.so.18 (libc6) => /usr/local/mysql/lib/libmysqlclient.so.18
[root@localhost sbin]#/usr/local/bind9/sbin/named -g -d 1 -c /usr/local/bind9/etc/named.conf //启动bind
切换终端
[root@localhost ~]# cd /usr/local/bind9/bin
[root@localhost bin]# ll
-rwxr-xr-x. 1 root root 5229715 Jan 15 23:08 dig
-rwxr-xr-x. 1 root root 5211034 Jan 15 23:08 host
-rwxr-xr-x. 1 root root 3200 Jan 15 23:08 isc-config.sh
-rwxr-xr-x. 1 root root 5211792 Jan 15 23:08 nslookup
-rwxr-xr-x. 1 root root 5172913 Jan 15 23:08 nsupdate
[root@localhost bin]# vim /etc/profile //方便系统调用bind工具(如dig)
[root@localhost bin]# . /etc/profile
[root@localhost bin]# dig www.abc.com @192.168.2.200 (内部网络解析正常)
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> www.abc.com @192.168.2.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2399
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.abc.com. IN A
;; ANSWER SECTION:
www.abc.com. 86400 IN A 192.168.2.100
;; Query time: 7 msec
;; SERVER: 192.168.2.200#53(192.168.2.200)
;; WHEN: Thu Jan 16 05:04:57 2014
;; MSG SIZE rcvd: 45
<五>配置H3C防火墙
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]int eth0/0
[H3C-Ethernet0/0]ip add 192.168.2.254 24
[H3C-Ethernet0/0]int eth0/4
[H3C-Ethernet0/4]ip add 61.130.130.1 24
[H3C-Ethernet0/4]quit
[H3C]firewall zone untrust
[H3C-zone-untrust]add int eth0/4
[H3C-zone-untrust]quit
[H3C]undo insulate
[H3C]int eth0/4
[H3C-Ethernet0/4]nat server protocol udp global 61.130.130.1 53 inside 192.168.2.200 53
<六>主机测试 (外部网络解析正常)