DNS 服务器分成两组,每组在不同的机房。保障一组机器出现问题,减少对用户的影响。
针对不同运营商的用户,可以将dns 服务器分成两个view(我分成了电信和其它,你可以根据自己的业务进行定义)。
使用dns的dlz功能,将zone和记录都保存至数据库,每次更改记录时,无需重新启动服务。
DNS管理平台对zone和记录进行管理
DNS服务器搭建
1. 添加用户和编译安装bind
下载:https://www.isc.org/download/
ftp://ftp.isc.org/isc/bind/9.11.5/bind-9.11.5.tar.gz
tar xvf bind-9.11.5.tar.gz && cd bind-9.11.5 && groupadd -r named && useradd -s /sbin/nologin -M -r -g named named
./configure --prefix=/usr/local/bind/ \
--enable-threads=no \
--enable-newstats \
--with-dlz-mysql \
--disable-openssl-version-check
make -j 4 && make install
注: 这里的--enable-threds一般建议为no,dlz开启mysql多线程会崩溃,我为了测试所以编译时开了多线程,结果不行.
再注:后面有开启多线程的方法,所以推荐开启多线程。
2. 这里编译引用libmysqlclient.so可能会报错,
为/usr/lib64/mysql/libmysqlclient.so 需要在/usr/lib/下做个软链接
ln -s /usr/lib64/mysql/libmysqlclient.so /usr/lib/libmysqlclient.so
3. 配置bind 环境变量
chown -R named:named /usr/local/bind && chmod 777 /usr/local/bind /usr/local/bind/var/run
echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile
source /etc/profile
4. 配置named.conf
options {
directory "/usr/local/bind/";
version "bind-9.11.5";
listen-on port 53 { any; };
allow-query-cache { any; };
listen-on-v6 port 53 { ::1; };
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
forwarders { 114.114.114.114; 8.8.8.8;};
};
key "rndc-key" {
algorithm hmac-md5;
secret "C4Fg6OGjJipHKfgUWcAh+g==";
};
logging {
channel bind_log {
file "bind.log" versions 5 size 50m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category queries {
bind_log;
};
category resolver {
bind_log;
};
};
view "ours_domain" {
match-clients {any; };
allow-query-cache {any; };
allow-recursion {any; };
allow-transfer {any; };
dlz "Mysql zone" {
database "mysql
{host=127.0.0.1 dbname=bind_dns ssl=false port=3306 user=root pass=root}
{select zone from dns_records where zone='$zone$'}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}";
};
zone "." IN {
type hint;
file "/usr/local/bind/etc/named.ca";
};
};
5. 生成 name.ca文件
dig -t NS . >/usr/local/bind/etc/named.ca
配置dlz数据库查询
1. 建库
create database bind_dns;
2. 建表
DROP TABLE IF EXISTS `dns_records`;
CREATE TABLE `dns_records` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`zone` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`host` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`type` varchar(5) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`data` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
`ttl` int(11) NOT NULL,
`mx_priority` int(11) DEFAULT NULL,
`view` varchar(7) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`priority` int(11) NOT NULL,
`refresh` int(11) NOT NULL,
`retry` int(11) NOT NULL,
`expire` int(11) NOT NULL,
`minimum` int(11) NOT NULL,
`serial` bigint(20) NOT NULL,
`resp_person` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`primary_ns` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`),
KEY `dns_records_zone_host_40d048ac_idx` (`zone`,`host`)
) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
3. 插入数据
INSERT INTO `dns_records` VALUES ('1', 'epai.com', 'web', 'A', '10.10.10.30', '60', null, '', '0', '0', '0', '0', '0', '0', '', '');
INSERT INTO `dns_records` VALUES ('2', 'club.com', '*', 'A', '10.10.10.30', '60', null, '', '0', '0', '0', '0', '0', '0', '', '');
启动named服务
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf
测试结果
dig h5.u51.com @10.1.126.14
