利用Bind_DLZ_MySQL_构建智能DNS

1、CrazyLinux 工作室出自：crazylinux工作室网址：时间:2010.09.10转载请保留此信息禾I用Bi nd DLZ MySQL 构建智能DNS2010/09/10 第一版 By OperationEmail : crazyoperation 由于实验环境的原因，没有公网环境，只好采用局域网环境，效果看的不是很明显 目录【提纲】一、简介二、服务规划三、安装BIND及基本环境四、配置 Bind-View-DLZ-MYSQL五、添加相关记录并进行测试六、配置从DNS七、补充一、简介:1、智能 DNS（ Bind-view ）:智能DNS原理很简单：在用户解析一个域名的时候的， 判断

2、一下用户使用的IP，然后跟DNS服务器内 部的IP表匹配一下，看看用户是电信还是网通用户，然后给用户返回对应的IP地址。目前的域名服务运营商不提供智能 DNS服务，所以必须自行架设 DNS服务或者使用网上免费的智能 DNS服务，如 DNSPOD.2. Bind-DLZBind-DLZ主页：http:/bind-DLZ（Dynamically Loadable Zones）与传统的 BIND环同，BIND勺不足之处：* BIND从文本文件中获取数据，这样容易因为编辑错误出现问题。* BIND需要将数据加载到内存中，如果域或者记录较多，会消耗大量的内存。* BIND启动时解析Zone文件，对于一个

3、记录较多的DN来说，会耽误更多的时间。*如果近修改一条记录，那么要重新加载或者重启BIND才能生效，那么需要时间，可能会影响客户端查询。而Bind-dlz 即将帮你解决这些问题，对Zone文件操作也更方便了， 直接对数据库操作，可以很方便扩充及开发管理程序。二、服务规划1、NameServer服务器注册 倒新网或者万网后台添加 ，本次实验采用局域网）服务名称服务类型IPn s1.crazyli nu x.c nDNS （主）00n s2.crazyli nu x.c nDNS （从）01网站（cnc）00网站（ct）192.16

4、8.1.201网站（edu）02CrazvLinux 工作室 wvw crazylanux cnIN CNC00192.16B. 1.100 firsl crazylinjux cnIN CT01www crzylinwc c IIN EDU ig2.16ft.l.202192.168. L101n'l'fii.CrAEyhrtuMLCriBind Masler/Slave0192.1&a.l.2DLocal DNS IN EDU“一.一“一“:j说亦 当黑自饷匚的向丰地DNS诸求时

5、* 1_曲机DNS IN 3亡这台D隔会追归誉询最佶把谙求囲M到仙.craEylirUPC.Hlit台DNE上a nal .crazy'根据诵求的用户ip斯属范围来进行择优选捣 将ww crazy! inux cn住UHU的ipd回绮Lncml DNS .英他的如上2、Bind-View 规划运营商（View）网通CNC电信CT教育网EDUIP000所属区域文件cn c_acl.c onfct_acl.c onfedu_acl.c onfCrazyLinux 工作室即当您是网通用户的时候,输入智能DNS服务器将把你分配到

6、00 这台服务器，其它同例。ViewDF （默认）CNC （网通），CT（电信），EDU （教育网）include "/usr/local/bind/etc/cnc_acl.conf：include "/usr/local/bind/etc/ct_acl.conf"include "/usr/local/bind/etc/edu_acl.conf"【注】IP库及ACL，如果你有比较详细的按城市或者地域的IP库，在设计BIND-VIEW 这个字段的时候，VIEW就可以以城市或地区来命名和规划.二、安装Bind及基本环境1、编

7、译安装MySQLuseradd -M -s /sb in/no log in mysqltar -zxvf mysql-5.5.3-m3.tar.gzcd mysql-5.5.3-m3./configure -prefix=/usr/local/mysql/ -enable-assembler -with-extra-charsets=complex -enable-thread-safe-client -with-big-tables -with-readline -with-ssl -with-embedded-server -en able-local-in file -with-plu

8、gi ns=partiti on ,i nn obase,myisammrgmake && make in stallmkdir /usr/local/mysql/data,biniog,relaylog,varvarchown mysql:mysql -R /usr/local/mysql/usr/local/mysql/b in/mysql_i nstall_db-basedir=/usr/local/mysql-datadir=/usr/local/mysql/data -user=mysqlcp support-files/my-f/usr/local/mysql/mm

9、cnnf/usr/local/mysql/b in/mysqld_safe-defaults-file=/usr/local/mysql/my.c nf&echo 'export PATH=$PATH:/usr/local/mysql/bin' >>/etc/profilesource /etc/profile2、编译安装Bindwget /isc/bind9/9.6.0-P1/bind-960-P1.tar.gztar zxvf bind-960-P1.tar.gzcd bind-9.6.0-P1./c on figure

10、-with-dlz-mysql-e nable-largefile-e nable-threads=no -prefix=/usr/local/bi nd-with-ope nssl=/usr/local/ope nssl/make && make in stall创建相关配置文件cd /usr/local/bind/etc/./sb in/rndc-c onfgen>rn dc.c onftail -n10 rndc.conf| head -n9 | sed -e s/#V/g>named.confvim localhost.zonettl 86400 IN SO

11、A localhost. root.localhost.(1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS localhost.1 IN PTR localhost.dig >named.root此步骤需要能连通外网才能做。如果不能上网可以参考如下;<<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>>global options: printcmd;Got answer:;->&

12、gt;HEADER<<- opcode: QUERY, status: NOERROR, id: 10624;flags: qr rd ra; QUERY: 1,ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14;QUESTION SECTION:;.IN NS;ANSWER SECTION:378766INNSj.root-servers .n et.378766INNSk.root-servers. net.378766INNSl.root-servers. net.378766INNSm.root-servers .n et.378766INNS

13、a.root-servers .n et.378766INNSb.root-servers .n et.378766INNSc.root-servers .n et.378766INNSd.root-servers .n et.378766INNSe.root-servers. net.378766INNSf.root-servers .n et.378766INNSg.root-servers .n et.378766 INNSh.root-servers .n et.378766 INNSi.root-servers. net.;ADDITIONAL SECTION:b.root-serv

14、ers .n et.465166INA 01c.root-servers .n et.465166INA 2d.root-servers .n et.465166INA 0g.root-servers .n et.465166INA h.root-servers .n et.465166INA 3h.root-servers .n et.465166INAAAA 2001:500:1:803f:235i.root-servers .n et.465166INA 7

15、i.root-servers .n et.465166INAAAA 2001:7fe:53j.root-servers .n et.465166INA 0j.root-servers .n et.465166INAAAA 2001:503:c27:2:30k.root-servers. net.465166INA 29k.root-servers. net.465166INAAAA 2001:7fd:1m.root-servers. net.465166INA 3m.root-servers. net.465166INAAAA

16、2001:dc3:35;Query time: 26 msec;SERVER: #53();WHEN: Sun Sep 5 04:32:12 2010;MSG SIZE rcvd: 512#vi named.conf在后面加入如下：include "/usr/local/bind/etc/cnc_acl.conf： /网通ACL include "/usr/local/bind/etc/ct_acl.conf" /电信 ACL include "/usr/local/bind/etc/edu_acl.conf：

17、 /教育网 ACLinclude "/usr/local/bind/etc/view.conf" /DLZ 相关的配置以下是我整个named.conf的配置key "rndc-key" algorithm hmac-md5; secret "ruD3cp5FTZcLji n65jcMgQ=”；;con trolsinet port 953allow ; keys "rndc-key" ;loggi ngcha nnel query log file"/var/log/named

18、 .log"versions 3 size 20m;severity info;prin t-timeyes;prin t-categoryyes;prin t-severityyes;category queries query_log;optio nsdirectory"/usr/local/b in d/etc"pid-file "n amed.pid"acl "dns-ip-list"00; #master DNSIP01; #slave DNSIP;include &qu

19、ot;/usr/local/bind/etc/cnc_acl.conf" /网通ACLinclude "/usr/local/bind/etc/ct_acl.conf" /电信 ACLinclude "/usr/local/bind/etc/edu_acl.conf" /教育网 ACLinclude"/usr/local/bind/etc/view.conf"/DLZ 相关的配置配置CNC、CT、EDU的ACL，由于是在局域网环境所以只按照规划表里的ip添加ACL ,如需全国各地的ip地址表可以联系我！# cat cnc_a

20、cl.confacl cnc 0/32;/这里是网通的所有ip。由于是局域网就用这个ip代替了！;# cat ct_acl.confacl ct 0/32;# cat edu_acl.confacl edu 0/32;四、配置 Bind-view-DLZ-MySQL/ Bind-DLZ 核心部分1、配置 view.conf#vi /usr/local/bind/etc/view.conf /创建 view 相关的配置文件 view " cnc_view " match-clients cnc;dns-ip-l

21、ist;dlz "Mysql zone" database "mysqlhost=dbname=cdn_view ssl=false port= 3306 user= root pass= select zone from dns_recordswhere zone = ' %zone% and view = ' CNC limit 1 select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', d

22、ata, ''") when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone ='%zone% and host = ' %record%' and (view = ' CNC or view = ' DF)select ttl, type, h

23、ost, mx_priority, case when lower(type)='txt'then concat('"',data, '"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = ' %zone% and view=' CNCselect zone from xfr_table where zone = '%zone%'

24、; and client = '%client%'andview='CNC' limit 1update data_count set count ;l=count + 1 where zone='%zone% and view=' CNC"；J Jview " ct_view " match-clie ntsct ;dns-ip-list;dlz "Mysql zone"database "mysqlhost=dbname=cdn_view ssl=falseport

25、=3306user=rootpass=select zone from dns_recordswhere zone='%zo ne%'and view ='CTlimit1select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data, '"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, s

26、erial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone ='%zone%' and host = '%record%' and view = ' CTselect ttl, type, host, mx_priority, case when lower(type)='txt'then concat('"',data, '"') else data end as

27、 mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and view=' CTselect zone from xfr_table where zone = '%zone%' and client= '%client%'andview=' CT limit 1update data_count set count = count + 1 where zone ='%zone%

28、' and view=' CT"view " edu_view" match-clients edu;dns-ip-list;dlz "Mysql zone" database "mysqlhost=dbname=cdn_view ssl=false port=3306 user=root pass= select zone from dns_records where zone = '%zone%' and view = 'EDU' limit 1 select tt

29、l, type, mx_priority, case when lower(type)='txt' then concat('"', data, '"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone ='%zone%

30、9; and host = '%record%' and view = ' EDCselect ttl, type, host, mx_priority, case when lower(type)='txt' then concat('"', data, '"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%&

31、#39; and view=' EDCselect zone from xfr_table where zone = '%zone%' and client = '%client%' and view=' EDU limit 1update data_count set count = count + 1 where zone ='%zone%' and view=' EDU；2、DLZ相关数据库表结构建立mysql>create databasecdn_view; /创建数据库名为 cdn_view 与view 中

32、的 dbname对应 mysql>use cdn_view;DROP TABLE IF EXISTS、dns_records'CREATE TABLE 'dns_records' ('id' int(10) unsigned NOT NULL auto_increment,'zone' varchar(255) NOT NULL,'host' varchar(255) NOT NULL default ,'type' enum('MX','CNAME','NS&

33、#39;,'SOA','A','PTR') NOT NULL,'data' varchar(255) default NULL,'ttl' int(11) NOT NULL default '800','view' char(20) default 'DF','mx_priority' int(11) default NULL,'refresh' int(11) NOT NULL default '3600','

34、retry' int(11) NOT NULL default '3600','expire' int(11) NOT NULL default '86400','minimum' int(11) NOT NULL default '3600','serial' bigint(20) NOT NULL default '2008082700','resp_person' varchar(64) NOT NULL default '.','

35、;primary_ns' varchar(64) NOT NULL default '.','data_count' int(11) NOT NULL default '0',PRIMARY KEY ('id'),KEY 'type' ('type'),KEY 'host' ('host'),KEY 'zone' ('zone')ENGINE=MylSAM AUTO_INCREMENT=1 DEFAULT CHARSET=gbk

36、;3、查看表结构desc dns_records 查看数据库的表结构desc (Jns_recortfs;ul_._L.-.j /ww.crazylinux. cnul_. jL.JL.| FiEld1Type1Hull1Key | DeFault| ExtraI1 id18) unsig1ND1PR I | HULL| auto incrementI| zone|uarchar(255)1HO1HUL | HULLII| |uarchar(255)1MO1HUL | &II1 type1en*un( NK.p BNSB . "SDfi J* 1HD1HUL | HULLII

37、| data|uar(-har(255)1VES11 HULLIIII ttl11ND1Il sagII| view|char(2Bj1YES11 MII| nx priurity |1VES1| HULLII| reFresh11| 36 QOII| r etr iyi|int(H)1HO1| 3600IIi|lilt(ll)1HD1|II| niniiniun1Nil1I 36 QQII| serial|digint(zo)1HU1|刻砂號顶II| resp_person |uarclur(6Ji)1HD1| raot.duraain £打再亠II| primaryjns |ua

38、rchar(A4)1HO1| n.II|j dataccount |1W1II «IILib-一一一一一一4f -鼻-416 fciw% in setsec)4、启动bind服务.#ln -s/usr/local/mysql/lib/mysql/libmysqlclient.so.16 /usr/lib/#ldc onfig#/usr/local/bind/sbin/named -uroot -g -d 9/调试状态，如果没有报错说明环境配置正确。做成启动服务.Debug的时候多用此模式启动bi nd.,如果没问题，杀掉进程使用下面的命令启动服务# /usr/local/bind/s

39、bin/rndc reload 重载 named.conf相关配置文件.# /usr/local/b in d/sb in/n amed -uroot -c /usr/local/bi nd/etc/ named.c onf 启动 bi nd 服务.五、添加相关记录并进行测试1、添加记录-SOAINSERT INTO 'dns_.records'(' zone ' ,' host' ,' type' ,'data', 'ttl','mx_priority','refresh&

40、#39;,'retry',expire ,minimum , serial ,'resp_pers on',primary_ ns','data_cou nt')VALUES('crazyli nu x.c n',','SOA', 'n sl.crazyli .',10, NULL, 3600,3600,86400,10, 2008082700,'root.crazyli nu x.c n.','n sl.crazyli nu x.c n.',0);-

41、 NSINSERT INTO、dns_records '(' zone ' ,' host' ,' type' ,'data') VALUES('crazyli nu x.c n',','NS','n sl.crazyli .'),('crazyli nu x.c n',','NS','n s2.crazyli .');-NS AINSERT INTO、dns_records '(' zone &

42、#39; ,' host' ,' type' ,'data') VALUES('crazyli nu x.c n','n s1','A','00'),('crazyli nu x.c n','n s2','A','01');-AINSERT INTO、dns_records'(' zone ' ,' host' ,' type &

43、#39; ,'data', 'ttl','view')VALUES('crazyli nu x.c n','www','A','00',3600, 'CNC'),('crazyli nu x.c n','www','A','01',3600, 'CT'),('crazyli nu x.c n','www','

44、;A','02',3600, 'EDU');-CNAMEINSERT INTO dnsrecords(zon e,host,type,DATA,view)VALUES('crazyli nu x.c n'.'bbs','CNAME', 'www','CNC'),('crazyli nu x.c n','bbs','CNAME', 'www','CT'),('crazy

45、li nu x.c n','bbs','CNAME', 'www','EDU');2、测试。试着换客户ip来解析就能解析出不同的地址ErootP 1 oca 1 host J# dig 060 ljuu.crazy 1 +short 19Z.168.1.Z0Broots 1oca 1host J# ifconf ig ethB i sed -n J 2pJ inet addr:19Z .168.1.10 Beast:19Z .168.1.Z55 Mask:Z55.Z55.255.0roots 1oca

46、 1host J# _|rootsIoca 1host JttrroptD lacalhost B dig P13Z . 169.1 h 10H uliw,crazy! *shqrt 13Z.163.1.Z01root?oca 1host -J# ifconf ig ethB i sed -n J Zp" inet addr:192 .Beast:19Z . 1&B + 1.Z55：Z55.Z55.E55*0rootDlacalhost "J# _rroot?loca1H dig»168 >1.109 uuw.cra&yI rhurt192.

47、168.1.202root® 1 oca 1 host "IK if conf ig ethRi i sed -n " Zp1inet a<Sdr：192rlbB.1.3a Beast ： 192 . IBB. 1 ,Z55 Mask ：Z55 . Z55. Z55-0 rootQ Laca lhost 1 it六、配置从DNS1、安装 MYSQL安装配置方法如上第五部分2、安装Bind安装配置方法如上(配置文件可以选择从主配置端拷贝过来，也可以考虑sersync来做数据同步。)Sersync 文档 数据库不要动，采用Mysql M/S同步！3、Mysql主

48、/从复制1)Master 配置创建同步用户mysql -u rootmysql> UNLOCK TABLES ；mysql>GRANT ALL PRIVILEGES ON *.* TO 'crazy''%' IDENTIFIED BY 'linux' WITH GRANT OPTION;mysql>exit修改配置文件，并打包data文件到Slave端cd /usr/local/mysqlvim fmysqld 在mysqld里添加如下几项Ion g_query_time= 5expire_logs_days= 3 binl o

49、g-do-db=cd n_view mysqladmin -u root -S /tmp/mysql.sockshutdown/ 重启 Mysql/usr/local/mysql/b in/mysqld safe-defaults-file=/usr/local/mysql/my.c nf&tar -zcf mysql.slave.tar.gz data/scp mysql.slave.tar.gz 01:/usr/local/mysql/2)、Slave 配置cd /usr/local/mysqltar -zxvf mysql.slave.tar.gz将 f 中

50、的 server-id=1 改成 2mysql d server-id=2#log-bi n=mysql-bi n注释掉这两行。#b in log_format=mixedmysqladmin -u root -S /tmp/mysql.sockshutdown/ 重启 Mysql/usr/local/mysql/b in/mysqld_safe-defaults-file=/usr/local/mysql/my.c nf&msql -u rootmysql>CHANGE MASTER TOASTER_HOST='00', /Master I

51、P MASTER_USER='crazy',/ 用户MASTER_PASSWORD='li nux', / 密码 MASTER_LOG_FILE='mysql-bi n.000005',MASTER_LOG_POS=953;以上两行必须按照 Master端的 master状态写show master status;mysql>START SLAVE;【注】：Slave不要动库里的东西。否则会破坏主从关系和数据。所有操作到Master端做3）、验证Kootiocalhost dig BB uuw.crazj|;«

52、;» DIG 9.3.6-P1-RedHat-9.3.6-4,P1.el5 «» 8192.16B.1.1M ;(1 seruer Found);global option弓： printcmd;Got answer:;-»HEADER«- opcode： QUERY, status： HDERROR, id； 27053；flags： qr aa rd ra； QUERV： 1, ANSUER： 1, AUTHORITV：札 ADDITIONAL： 0;QUESTION SECTION:;.INA;ANSWER SECTION：3608 IN

53、A82;Query tine: 6 nsec；SERUER： 192Jfi8J.1fl0#53(192.168.1.l00);WHEN: Sun Sep S 15:39:1ii 2010:;HSG SI2E rcud: 51rootlocalhost dig 600 uuu.craz; «» DiG 9.9.6-P1-RedHat-9-3-6-4,P1 .el 5 «» 192.168.1 .100 uw.crazlinux .cn ;(1 5eru电萨 Found):;global options: prin

54、tcmd;Got answer:;-»HEADER«- opcode: QUERY, status: NOERRDR, id： 46D82;flags: qr aa rd ra; QUERY: 1t ANSWER: 1f AUTHORITY:乩 ADDITIONAL: 0；QUESTION SECTION:;uw.craylinux .cn.INH；;ANSWER SECTION:uuu.crazi/linux _cn.3600 INA192.168 -1 282;Quer time: 7 msec；;SERUER： 192.168.1 .im?3(192.1dB.1.1M);:UHEN: Sun Sep 5 15:39:59 2010;MSG SIZE rcud: 51在Master端修改 IN EDU 的A记录，看 Slave端是否同步 rootlocalhost # mysql -u root cdn_view;AReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -AWelcome to the