bind mysql web_bind智能DNS + bindUI管理系统(mysql + bind dlz)
# 软件环境
* Centos 7.6
* bind-9.14.1.tar.gz
* mariadb-server-5.5.60
* python 3.7
* django 2.2.1
QPS:单节点2400 qps
# bind UI 管理系统
https://github.com/cucker0/BindUI
具体安装可参考https://www.cnblogs.com/linkenpark/p/10862347.html
# bind安装
cd /usr/local/src
wget http://ftp.isc.org/isc/bind9/9.14.1/bind-9.14.1.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2r.tar.gz
yum -y install ncursess ncurses-devel zlib perl mariadb-server mariadb mariadb-devel --skip-broken
cd /usr/local/src
tar -zxvf openssl-1.0.2r.tar.gz; cd openssl-1.0.2r; ./config; make; make install
tar -zxvf bind-9.14.1.tar.gz
cd /usr/local/src/bind-9.14.1
export LDFLAGS=-L/usr/lib64/mysql #linker flags, e.g. -L,指定mysql lib所在目录,查找其lib所在目录mysql_config --libs
./configure --prefix=/usr/local/bind_9.14.1 --with-dlz-mysql=yes --enable-threads --enable-epoll --enable-largefile --with-openssl=/usr/local/src/openssl-1.0.2r
# bind-9.12.1配置方法,有多线程参数,bind-9.13、bind-9.14版本已经没有此参数
./configure --prefix=/usr/local/bind --with-dlz-mysql=yes --enable-threads --enable-epoll --enable-largefile --with-openssl=/usr/local/src/openssl-1.0.2r
# --enable-threads=no表示关闭多线程
make; make install
ln -s /usr/local/bind_9.14.1 /usr/local/bind
groupadd -g 25 named
useradd named -M -u 25 -g 25 -s /sbin/nologin
chown -R named:named /usr/local/bind/var
mkdir -p /var/log/named /etc/named/conf.d; chown -R named.named /var/log/named
systemctl 启动脚本
cat /usr/lib/systemd/system/named.service
[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/bind/var/named.pid
ExecStart=/usr/local/bind/sbin/named -n 1 -u named -c /usr/local/bind/etc/named.conf
ExecReload=/bin/sh -c '/usr/local/bind/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/local/bind/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# /usr/local/bind/sbin/named -n 1 线程数
注意
* bind-9.12.1 版本使用mysql作数据库时,使用单线程更快。有实验过启动2线程或4线程并发时相当慢(服务器CPU4核心),几乎全部超时。
* bind-9.12.1 dlz + mariadb-server-5.5.60单线程查询达600 qps左右,5个bind实例的集群查询达2700 qps左右
* bind-9.14.1 dlz + mariadb-server-5.5.60单线程查询达 2400 qps左右,且设置多个线程与1个线程的性能一样
* 如果需要调试时打印详细日志时,运行 /usr/local/bind/sbin/named -n 1 -u named -c /usr/local/bind/etc/named.conf -d 4 -g
配置bind
cd /usr/local/bind/etc/
/usr/local/bind/sbin/rndc-confgen > rndc.conf
// cat rndc.conf >rndc.key
ln -s /usr/local/bind/etc /etc/named
tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf #内容类似下面这样:
key "rndc-key" {
algorithm hmac-sha256;
secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
cat /etc/name/named.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
listen-on port 53 { any; }; # 开启侦听53端口,any表示接受任意ip连接
directory "/usr/local/bind/var";
dump-file "/usr/local/bind/var/named_dump.db"; # 执行rndc dumpdb [-all|-cache|-zones|-adb|-bad|-fail] [view ...]时保存数据的导出文件
pid-file "named.pid"; # 文件内容就是named进程的id
allow-query{ any; }; # 允许任意ip查询
allow-query-cache { any; }; # 允许任意ip查询缓存
recursive-clients 60000;
forwarders{ # 设置转发的公网ip
202.96.128.86;
223.5.5.5;
};
forward only; # 置只使用forwarders DNS服务器做域名解析,如果查询不到则返回DNS客户端查询失败。
# forward first; 设置优先使用forwarders DNS服务器做域名解析,如果查询不到再使用本地DNS服务器做域名解析。
max-cache-size 4g;
dnssec-enable no; # 9.13、9.14版本的bind做转发时需要设置关闭DNS安全设置,否则转发失败,报broken trust chain/broken trust chain错
dnssec-validation no; # 9.13、9.14版本的bind做转发时需要设置关闭DNS安全验证设置
};
logging {
channel query_log { # 查询日志
file "/var/log/named/query.log" versions 20 size 300m;
severity info;
print-time yes;
print-category yes;
};
channel error_log { # 报错日志
file "/var/log/named/error.log" versions 3 size 10m;
severity notice;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { query_log; };
category default { error_log; };
};
# acl
include "/etc/named/conf.d/cn_dx.acl";
include "/etc/named/conf.d/cn_lt.acl";
include "/etc/named/conf.d/cn_yd.acl";
include "/etc/named/conf.d/cn_jy.acl";
include "/etc/named/conf.d/cn.acl";
# view
include "/etc/named/conf.d/cn_dx.conf";
include "/etc/named/conf.d/cn_lt.conf";
include "/etc/named/conf.d/cn_yd.conf";
include "/etc/named/conf.d/cn_jy.conf";
include "/etc/named/conf.d/cn.conf";
include "/etc/named/conf.d/default.conf"; # default view 放最后
日志级别:
在定义通道的语句中,severity是指定记录消息的级别。在bind中主要有以下几个级别(按照严重性递减的顺序):
critical
error
warning
notice
info
debug [ level ]
dynamic
versions 20:保留20个文件
acl配置:
ip列表:https://ip.cn/chnroutes.html
示例:
cat cn_yd.acl
# 中国移动
# 2017101711, 74 routes
acl cn_yd {
36.128.0.0/10;
39.128.0.0/10;
42.83.200.0/23;
43.239.172.0/22;
43.241.112.0/22;
43.251.244.0/22;
45.121.68.0/22;
45.121.72.0/22;
45.121.172.0/22;
45.121.176.0/22;
45.122.96.0/21;
45.123.152.0/22;
45.124.36.0/22;
45.125.24.0/22;
58.83.240.0/21;
59.153.68.0/22;
61.14.244.0/22;
103.20.112.0/22;
103.21.176.0/22;
103.35.104.0/22;
103.37.176.0/23;
103.40.12.0/22;
103.43.124.0/22;
103.45.160.0/22;
103.61.156.0/22;
103.61.160.0/22;
103.62.24.0/22;
103.62.204.0/22;
103.62.208.0/22;
103.83.72.0/22;
103.192.0.0/22;
103.192.144.0/22;
103.193.140.0/22;
103.205.116.0/22;
103.227.48.0/22;
111.0.0.0/10;
111.235.182.0/24;
112.0.0.0/10;
114.66.68.0/22;
117.128.0.0/10;
118.187.40.0/21;
118.191.248.0/21;
118.194.165.0/24;
120.192.0.0/10;
121.255.0.0/16;
131.228.96.0/24;
163.53.56.0/22;
183.192.0.0/10;
202.141.176.0/20;
211.103.0.0/17;
211.136.0.0/13;
211.148.224.0/19;
211.155.236.0/24;
218.200.0.0/13;
221.130.0.0/15;
221.176.0.0/19;
221.176.32.0/20;
221.176.48.0/21;
221.176.56.0/24;
221.176.58.0/23;
221.176.60.0/22;
221.176.64.0/18;
221.176.128.0/17;
221.177.0.0/16;
221.178.0.0/15;
221.180.0.0/14;
223.64.0.0/11;
223.96.0.0/12;
223.112.0.0/14;
223.116.0.0/15;
223.118.2.0/24;
223.118.10.0/24;
223.118.18.0/24;
223.120.0.0/13;
};
其他类似
view配置:
连接数据库帐号只需只读权限就可以
cat cn_yd.conf # match-clients要与定义的acl匹配
view "cn_yd" {
match-clients { cn_yd; };
dlz "Mysql zone" {
database "mysql
{host=db_ip dbname=db_name ssl=false port=db_port user=bind_ui_r pass=db_pass}
{select zone_name from DnsRecord_zonetag where zone_name = '$zone$'}
{select ttl, type, mx_priority,
case when lower(type)='txt' then
concat('\"', data, '\"')
when lower(type) = 'soa' then
concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
else
data
end
from DnsRecord_zonetag inner join DnsRecord_record on DnsRecord_record.zone_tag_id = DnsRecord_zonetag.id
and DnsRecord_zonetag.zone_name = '$zone$'
and DnsRecord_record.host = '$record$'
where DnsRecord_zonetag.status = 'on'
and DnsRecord_record.status = 'on'
and (DnsRecord_record.resolution_line = '103' or DnsRecord_record.resolution_line = '0')
}
";
};
};
注意:这里
DnsRecord_record.resolution_line 的值要与 bindUI定义值相同,以区别不同的解析线路
其他类似
cat default.conf # 默认view,any acl表示所有,不需要定义,所以默认view一定要放在配置中所有view的最后
view "default" {
match-clients { any; };
dlz "Mysql zone" {
database "mysql
{host=db_ip dbname=db_name ssl=false port=db_port user=bind_ui_r pass=db_pass}
{select zone_name from DnsRecord_zonetag where zone_name = '$zone$'}
{select ttl, type, mx_priority,
case when lower(type)='txt' then
concat('\"', data, '\"')
when lower(type) = 'soa' then
concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
else
data
end
from DnsRecord_zonetag inner join DnsRecord_record on DnsRecord_record.zone_tag_id = DnsRecord_zonetag.id
and DnsRecord_zonetag.zone_name = '$zone$'
and DnsRecord_record.host = '$record$'
where DnsRecord_zonetag.status = 'on'
and DnsRecord_record.status = 'on'
and DnsRecord_record.resolution_line = '0'
}
";
};
};
# 初始化项目
# 初始化
python manage.py migrate
python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser
用django自带web运行:python manage.py runserver ipaddr:port
DNS压力测试:
http://www.cnblogs.com/linkenpark/p/8952350.html
DNS统计分析:
bind mysql web_bind智能DNS + bindUI管理系统(mysql + bind dlz)相关推荐
- bind智能DNS + bindUI管理系统(postgresql + bind dlz)
# 软件环境: * Centos 7.6 * bind-9.14.1.tar.gz * postgresql 11 * python 3.7 * django 2.2.1 QPS:单节点1590 qp ...
- bind dlz mysql ptr_bind-dlz结合mysql实现智能DNS
下面介绍bind结合mysql实现智能dns,以centos-6 32为例安装 安装mysql yum install gcc gcc-c++ openssl-devel wget ncurses-d ...
- bind dlz mysql rpm_智能DNS --BIND DLZ+MYSQL
智能DNS --BIND DLZ+MYSQL 一.概念介绍: 1.智能DNS: 智能DNS就是根据用户的来路,自动智能化判断来路IP返回给用户,而不需要用户进行选择. 智能DNS与普通DNS区别: 普 ...
- 在Win2003中安装bind【部署智能DNS】
http://369369.blog.51cto.com/319630/811179 前言: 搞LINUX的朋友都知道,bind是linux下的DNS服务软件,但很多人不清楚,它也可以运行在w ...
- linux bind 分离 DNS,Linux智能DNS服务搭建之Bind服务(一)
一.准备工作 1.DNS学前准备 学习目标: 1.了解原理:dns实现原理及实际dns应用 2.动手搭建:掌握Bind服务的搭建过程及DNS测试方法 3.深入学习:dns负载均衡实现 4.掌握应用:只 ...
- bind9 dlz mysql_利用BIND+DLZ+MYSQL构建企业智能DNS
目录: 一.简介 二.服务规划 三.安装BIND及基本环境 四.配置Bind-View-DLZ-MYSQL 五.添加相关记录并进行测试 六.配置从DNS 七.本文以FreeBSD 10.2 stabl ...
- bind dlz mysql ptr_Bind+DLZ+MySQL智能DNS的正向解析和反向解析实现方法
使用文本配置文件的配置方式结合bind的最新的acl和view特性来实现智能DNS想必很多人已经很熟悉了,使用MySQL数据库来存放zone文件的方式可能也不少.对于两者都熟悉的,实现 Bind+DL ...
- mysql与dns_借助mysql和DNS view实现智能DNS(centos6.3 x64环境)
开篇说明 关于智能DNS和CDN的东西可以看我之前的一篇博文 上次的博文简单使用了BIND的视图功能实现了简单的智能dns,此篇博文结合了mysql实现真正意义上的智能DNS系统 需要准备东西 首先y ...
- 怎么删除已经安装的mysql_怎么样删除已经安装的mysql | wdlinux致力于Linux服务器架构,性能优化.免费CDN加速系统,免费智能DNS解析,负载均衡,集群分流...
[root@localhost ~]# rpm -qa|grep mysql php-mysql-5.1.6-27.el5 mysql-5.0.77-4.el5_5.3 perl-DBD-mysql- ...
最新文章
- 谷歌自动驾驶专利大曝光!
- 基于Springboot实现作业管理系统
- SCALA中类的继承
- 从点亮一个LED开始,Cortex-A9裸机程序设计
- java list 查找_java面试之容器
- 直播预告丨6 大趋势,5 种核心能力,证券业数字新基建趋势全面解读
- hdu 1534(差分约束)
- java 生成二维码
- __bridge,__bridge_retained,__bridge_transfer
- linux无后缀名程序运行,linux – 如何在Ubuntu上运行无扩展(也许是ELF)文件?
- Java 10新特性解密
- 职称计算机技巧集锦,2014职称计算机考试《Excel》使用技巧集锦(4)
- crypto在web的使用
- Python监控文件变化:watchdog
- 什么是Java中的守护程序线程?
- 好用的HTML文本编辑器BBEdit for Mac
- rails 表单嵌套
- 远程桌面连接不能复制粘贴怎么办 远程控制电脑无法复制粘贴的解决方法
- 谈谈Mysql 字符串连接 CONCAT CONCAT_WS GROUP_CONCAT区别及使用场景
- C++之三大特性 “封装”、“继承”、“多态”
热门文章
- python炫酷动画源代码_Python tkinter实现的图片移动碰撞动画效果【附源码下载】...
- 真是让人吐血三升啊......(转)
- Jquery实现即点即改
- 纸质文档转成电子档,30秒即可快速搞定(亲测有效)!
- 如何彻底删除打印机驱动程序
- python新手小练习(三)企业奖金提成
- sharepoint 2010 获取讨论板话题的所有评论回复信息 Get all replies
- 【网络】VLAN 及其配置详解
- 那一抹淡淡的汐蓝 (瀑瀑安)
- 微信小程序中使用iconfont图标