# 软件环境

* Centos 7.6

* bind-9.14.1.tar.gz

* mariadb-server-5.5.60

* python 3.7

* django 2.2.1

QPS:单节点2400 qps

# bind UI 管理系统

https://github.com/cucker0/BindUI

具体安装可参考https://www.cnblogs.com/linkenpark/p/10862347.html

# bind安装

cd /usr/local/src

wget http://ftp.isc.org/isc/bind9/9.14.1/bind-9.14.1.tar.gz

wget https://www.openssl.org/source/openssl-1.0.2r.tar.gz

yum -y install ncursess ncurses-devel zlib perl mariadb-server mariadb mariadb-devel --skip-broken

cd /usr/local/src

tar -zxvf openssl-1.0.2r.tar.gz; cd openssl-1.0.2r; ./config; make; make install

tar -zxvf bind-9.14.1.tar.gz

cd /usr/local/src/bind-9.14.1

export LDFLAGS=-L/usr/lib64/mysql  #linker flags, e.g. -L<lib dir>,指定mysql lib所在目录,查找其lib所在目录mysql_config --libs

./configure --prefix=/usr/local/bind_9.14.1 --with-dlz-mysql=yes --enable-threads --enable-epoll --enable-largefile --with-openssl=/usr/local/src/openssl-1.0.2r

# bind-9.12.1配置方法,有多线程参数,bind-9.13、bind-9.14版本已经没有此参数

./configure --prefix=/usr/local/bind --with-dlz-mysql=yes --enable-threads --enable-epoll --enable-largefile --with-openssl=/usr/local/src/openssl-1.0.2r

# --enable-threads=no表示关闭多线程

make; make install

ln -s /usr/local/bind_9.14.1 /usr/local/bind

groupadd -g 25 named

useradd named -M -u 25 -g 25 -s /sbin/nologin

chown -R named:named /usr/local/bind/var

mkdir -p /var/log/named /etc/named/conf.d; chown -R named.named /var/log/named

systemctl 启动脚本

cat /usr/lib/systemd/system/named.service

[Unit]

Description=Berkeley Internet Name Domain (DNS)

After=network.target

[Service]

Type=forking

PIDFile=/usr/local/bind/var/named.pid

ExecStart=/usr/local/bind/sbin/named -n 1 -u named -c /usr/local/bind/etc/named.conf

ExecReload=/bin/sh -c '/usr/local/bind/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'

ExecStop=/bin/sh -c '/usr/local/bind/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'

PrivateTmp=true

Restart=always

RestartSec=10

[Install]

WantedBy=multi-user.target

# /usr/local/bind/sbin/named -n 1 线程数

注意

* bind-9.12.1 版本使用mysql作数据库时,使用单线程更快。有实验过启动2线程或4线程并发时相当慢(服务器CPU4核心),几乎全部超时。

* bind-9.12.1 dlz + mariadb-server-5.5.60单线程查询达600 qps左右,5个bind实例的集群查询达2700 qps左右

* bind-9.14.1 dlz + mariadb-server-5.5.60单线程查询达 2400 qps左右,且设置多个线程与1个线程的性能一样

* 如果需要调试时打印详细日志时,运行 /usr/local/bind/sbin/named -n 1 -u named -c /usr/local/bind/etc/named.conf -d 4 -g

配置bind

cd /usr/local/bind/etc/

/usr/local/bind/sbin/rndc-confgen > rndc.conf

// cat rndc.conf >rndc.key

ln -s /usr/local/bind/etc /etc/named

tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf    #内容类似下面这样:

key "rndc-key" {

    algorithm hmac-sha256;

    secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";

};

controls {

    inet 127.0.0.1 port 953

        allow { 127.0.0.1; } keys { "rndc-key"; };

};

cat /etc/name/named.conf

key "rndc-key" {

    algorithm hmac-sha256;

    secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";

};

controls {

    inet 127.0.0.1 port 953

    allow { 127.0.0.1; } keys { "rndc-key"; };

};

options {

    listen-on port 53 { any; };    # 开启侦听53端口,any表示接受任意ip连接

    directory "/usr/local/bind/var";

    dump-file "/usr/local/bind/var/named_dump.db"; # 执行rndc dumpdb [-all|-cache|-zones|-adb|-bad|-fail] [view ...]时保存数据的导出文件

    pid-file "named.pid";  # 文件内容就是named进程的id

    allow-query{ any; };     # 允许任意ip查询

    allow-query-cache { any; }; # 允许任意ip查询缓存

    recursive-clients 60000;

    forwarders{ # 设置转发的公网ip

        202.96.128.86;

        223.5.5.5;

    };

    forward only; # 置只使用forwarders DNS服务器做域名解析,如果查询不到则返回DNS客户端查询失败。

    # forward first; 设置优先使用forwarders DNS服务器做域名解析,如果查询不到再使用本地DNS服务器做域名解析。

    max-cache-size 4g;

    dnssec-enable no; # 9.13、9.14版本的bind做转发时需要设置关闭DNS安全设置,否则转发失败,报broken trust chain/broken trust chain错

    dnssec-validation no; # 9.13、9.14版本的bind做转发时需要设置关闭DNS安全验证设置

};

logging {

    channel query_log {    # 查询日志

        file "/var/log/named/query.log" versions 20 size 300m;

        severity info;

        print-time yes;

        print-category yes;

    };

    channel error_log {    # 报错日志

        file "/var/log/named/error.log" versions 3 size 10m;

        severity notice;

        print-time yes;

        print-severity yes;

        print-category yes;

    };

    category queries { query_log; };

    category default { error_log; };

};

# acl

include "/etc/named/conf.d/cn_dx.acl";

include "/etc/named/conf.d/cn_lt.acl";

include "/etc/named/conf.d/cn_yd.acl";

include "/etc/named/conf.d/cn_jy.acl";

include "/etc/named/conf.d/cn.acl";

# view

include "/etc/named/conf.d/cn_dx.conf";

include "/etc/named/conf.d/cn_lt.conf";

include "/etc/named/conf.d/cn_yd.conf";

include "/etc/named/conf.d/cn_jy.conf";

include "/etc/named/conf.d/cn.conf";

include "/etc/named/conf.d/default.conf";    # default view 放最后

日志级别:

在定义通道的语句中,severity是指定记录消息的级别。在bind中主要有以下几个级别(按照严重性递减的顺序):

critical
error
warning
notice
info
debug [ level ]
dynamic

versions 20:保留20个文件

acl配置:

ip列表:https://ip.cn/chnroutes.html

示例:

cat cn_yd.acl

# 中国移动

# 2017101711, 74 routes

acl cn_yd {

36.128.0.0/10;

39.128.0.0/10;

42.83.200.0/23;

43.239.172.0/22;

43.241.112.0/22;

43.251.244.0/22;

45.121.68.0/22;

45.121.72.0/22;

45.121.172.0/22;

45.121.176.0/22;

45.122.96.0/21;

45.123.152.0/22;

45.124.36.0/22;

45.125.24.0/22;

58.83.240.0/21;

59.153.68.0/22;

61.14.244.0/22;

103.20.112.0/22;

103.21.176.0/22;

103.35.104.0/22;

103.37.176.0/23;

103.40.12.0/22;

103.43.124.0/22;

103.45.160.0/22;

103.61.156.0/22;

103.61.160.0/22;

103.62.24.0/22;

103.62.204.0/22;

103.62.208.0/22;

103.83.72.0/22;

103.192.0.0/22;

103.192.144.0/22;

103.193.140.0/22;

103.205.116.0/22;

103.227.48.0/22;

111.0.0.0/10;

111.235.182.0/24;

112.0.0.0/10;

114.66.68.0/22;

117.128.0.0/10;

118.187.40.0/21;

118.191.248.0/21;

118.194.165.0/24;

120.192.0.0/10;

121.255.0.0/16;

131.228.96.0/24;

163.53.56.0/22;

183.192.0.0/10;

202.141.176.0/20;

211.103.0.0/17;

211.136.0.0/13;

211.148.224.0/19;

211.155.236.0/24;

218.200.0.0/13;

221.130.0.0/15;

221.176.0.0/19;

221.176.32.0/20;

221.176.48.0/21;

221.176.56.0/24;

221.176.58.0/23;

221.176.60.0/22;

221.176.64.0/18;

221.176.128.0/17;

221.177.0.0/16;

221.178.0.0/15;

221.180.0.0/14;

223.64.0.0/11;

223.96.0.0/12;

223.112.0.0/14;

223.116.0.0/15;

223.118.2.0/24;

223.118.10.0/24;

223.118.18.0/24;

223.120.0.0/13;

};

其他类似

view配置:

连接数据库帐号只需只读权限就可以

cat cn_yd.conf       # match-clients要与定义的acl匹配

view "cn_yd" {

match-clients { cn_yd; };

dlz "Mysql zone" {

    database "mysql

        {host=db_ip dbname=db_name ssl=false port=db_port user=bind_ui_r pass=db_pass}

        {select zone_name from DnsRecord_zonetag where zone_name = '$zone$'}

        {select ttl, type, mx_priority,

            case when lower(type)='txt' then

                concat('\"', data, '\"')

            when lower(type) = 'soa' then

                concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)

            else

                data

            end

            from DnsRecord_zonetag inner join DnsRecord_record on DnsRecord_record.zone_tag_id = DnsRecord_zonetag.id

                and DnsRecord_zonetag.zone_name = '$zone$'

                and DnsRecord_record.host = '$record$'

                where DnsRecord_zonetag.status = 'on'

                    and DnsRecord_record.status = 'on'

                    and (DnsRecord_record.resolution_line = '103' or DnsRecord_record.resolution_line = '0')

        }

    ";

};

};

注意:这里

DnsRecord_record.resolution_line 的值要与 bindUI定义值相同,以区别不同的解析线路

其他类似

cat default.conf    # 默认view,any  acl表示所有,不需要定义,所以默认view一定要放在配置中所有view的最后

view "default" {

match-clients { any; };

dlz "Mysql zone" {

    database "mysql

        {host=db_ip dbname=db_name ssl=false port=db_port user=bind_ui_r pass=db_pass}

        {select zone_name from DnsRecord_zonetag where zone_name = '$zone$'}

        {select ttl, type, mx_priority,

            case when lower(type)='txt' then

                concat('\"', data, '\"')

            when lower(type) = 'soa' then

                concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)

            else

                data

            end

            from DnsRecord_zonetag inner join DnsRecord_record on DnsRecord_record.zone_tag_id = DnsRecord_zonetag.id

                and DnsRecord_zonetag.zone_name = '$zone$'

                and DnsRecord_record.host = '$record$'

                where DnsRecord_zonetag.status = 'on'

                    and DnsRecord_record.status = 'on'

                    and DnsRecord_record.resolution_line = '0'

        }

    ";

};

};

# 初始化项目

# 初始化
python manage.py migrate
python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser
用django自带web运行:python manage.py runserver ipaddr:port

DNS压力测试:

http://www.cnblogs.com/linkenpark/p/8952350.html

DNS统计分析:

dnstop DNS分析工具

bind智能DNS + bindUI管理系统的更多相关文章

  1. bind智能DNS + bindUI管理系统(postgresql + bind dlz)

    # 软件环境: * Centos 7.6 * bind-9.14.1.tar.gz * postgresql 11 * python 3.7 * django 2.2.1 QPS:单节点1590 qp ...

  2. [系统开发] Python 实现的 Bind 智能 DNS Web 管理系统

    在公司的运营中,DNS还是很重要的,不仅名称解析需要DNS,一些重要的服务,比如负载均衡.HTTP 虚拟主机也会用到它.Bind 手工管理方式有一定的危险性,一旦写错格式就会造成 DNS 服务瘫痪. ...

  3. BindWeb - Bind智能DNS管理系统介绍

    2019-05-08 演示网站: https://bindw.cdneks.com demo/demo 2018-11-27 修改部署架构,取消网络共享存储设备,在每台BIND服务器启用NFS4并仅向 ...

  4. lvs+keepalived+bind实现负载均衡高可用智能dns【转】

    转:https://www.cnblogs.com/mikeluwen/p/7068356.html 整体架构: 1.IP地址规划: Dns1:172.28.0.54 Dns2:172.28.0.55 ...

  5. lvs+keepalived+bind实现负载均衡高可用智能dns

    整体架构: 1.IP地址规划: Dns1:172.28.0.54 Dns2:172.28.0.55 Dr服务器主:172.28.0.57 Dr服务器从:172.28.0.67 Vip:172.28.0 ...

  6. 使用BIND安装智能DNS服务器(三)---添加view和acl配置

    智能DNS的配置主要修改named.conf文件,利用view和acl来实现. acl文件内容,这里只列出一部分,具体详细的可以参考这个网址 纯真IP库,给出了十分详细的IP地址,下载安装后,打开软件 ...

  7. Bind+DLZ构建企业智能DNS/DNS

    Bind+DLZ构建企业智能DNS   目录:一.简介二.服务规划三.安装BIND及基本环境四.配置Bind-View-DLZ-MYSQL五.添加相关记录并进行测试六.配置从DNS七.补充 一.简介: ...

  8. Bind+DLZ+MySQL智能DNS的正向解析和反向解析实现方法

    使用文本配置文件的配置方式结合bind的最新的acl和view特性来实现智能DNS想必很多人已经很熟悉了,使用MySQL数据库来存放zone文件的方式可能也不少.对于两者都熟悉的,实现 Bind+DL ...

  9. DNS(bind)添加A、CNAME、MX、PTR记录、智能DNS(ACL)

    1.添加一条A记录(记得更改serial): vim /var/named/chroot/etc/lnh.com.zone 重启一下: rndc reload 查看从服务器: 测试结果: master ...

随机推荐

  1. 4.Python爬虫入门四之Urllib库的高级用法

    1.设置Headers 有些网站不会同意程序直接用上面的方式进行访问,如果识别有问题,那么站点根本不会响应,所以为了完全模拟浏览器的工作,我们需要设置一些Headers 的属性. 首先,打开我们的浏览 ...

  2. Tensorflow函数:tf.zeros

    tf.zeros函数 tf.zeros( shape, dtype=tf.float32, name=None ) 定义在:tensorflow/python/ops/array_ops.py. 创建 ...

  3. NSHashTable NSPointerArray

    NSHashTable和NSMapTable能够对持有的对象做strong或weak存储,弱持有weak引用对象,当weak对象释放后会自动从表中移除     http://blog.csdn.net ...

  4. switfmailer 邮件时间错误 处理

    Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use ...

  5. ArrayList方法综合练习

    package com.zs.windows; import java.util.ArrayList; import java.util.Scanner; import com.zs.entity.G ...

  6. react native 之 事件监听 和 回调函数

    同原生一样,react native 同样也有事件监听和回调函数这玩意. 场景很多,比如:A界面push到B界面,B界面再pop回A界面,可以给A界面传值或者告诉A刷新界面. 事件监听 事件监听类似于 ...

  7. 构建工具 —— Groovy 与 Gradle

    1. Gradle Gradle 是一个基于 Groovy 的构建工具,使用 Groovy 来编写构建脚本,类似 maven,支持依赖管理和多项目创建. 相比 maven,更轻量: windows c ...

  8. Python学习笔记第二十四周(JavaScript补充)

    目录: 一.JS补充 1.函数类型 2.string对象 3.instanceof 4.Array 数组对象 5.Date对象 6.RegExp 正则表达式 7.Math对象 二.BOM补充 1.wi ...

  9. python开发day02

    一 while循环 while 条件 代码块(循环体)  #:  判断条件是否为真,如果是真,则执行代码块, 然后再次回头判断条件是否为真,如果为真,则只执行代码块.......知道循环的判断出代码为 ...

  10. thinkphp error:no database select

    配置正确,项目运行时确出现,no database selected . 解决方法: 需要清除 /App/Runtime  runtime~.php文件