DNS 服务器分成两组,每组在不同的机房。保障一组机器出现问题,减少对用户的影响。 针对不同运营商的用户,可以将dns 服务器分成两个view(我分成了电信和其它,你可以根据自己的业务进行定义)。 使用dns的dlz功能,将zone和记录都保存至数据库,每次更改记录时,无需重新启动服务。 DNS管理平台对zone和记录进行管理
DNS服务器搭建
1. 添加用户和编译安装bind
下载:https://www.isc.org/download/\
ftp://ftp.isc.org/isc/bind/9.11.5/bind-9.11.5.tar.gz\
tar xvf bind-9.11.5.tar.gz && cd bind-9.11.5 && groupadd -r named && useradd -s /sbin/nologin -M -r -g named named\
./configure --prefix=/usr/local/bind/ \\
--enable-threads=no \\
--enable-newstats \\
--with-dlz-mysql \\
--disable-openssl-version-check\
make -j 4 && make install\
注: 这里的--enable-threds一般建议为no,dlz开启mysql多线程会崩溃,我为了测试所以编译时开了多线程,结果不行.\
再注:后面有开启多线程的方法,所以推荐开启多线程。
2. 这里编译引用libmysqlclient.so可能会报错
为/usr/lib64/mysql/libmysqlclient.so 需要在/usr/lib/下做个软链接\
ln -s /usr/lib64/mysql/libmysqlclient.so /usr/lib/libmysqlclient.so\
3. 配置bind 环境变量
chown -R named:named /usr/local/bind && chmod 777 /usr/local/bind /usr/local/bind/var/run\
echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile\
source /etc/profile\
4. 配置named.conf
options {\
directory "/usr/local/bind/";\
version "bind-9.11.5";\
listen-on port 53 { any; };\
allow-query-cache { any; };\
listen-on-v6 port 53 { ::1; };\
allow-query { any; };\
recursion yes;\
dnssec-enable yes;\
dnssec-validation yes;\
dnssec-lookaside auto;\
forwarders { 114.114.114.114; 8.8.8.8;};
};\
key "rndc-key" {\
algorithm hmac-md5;\
secret "C4Fg6OGjJipHKfgUWcAh+g==";
};\
logging {\
channel bind_log {\
file "bind.log" versions 5 size 50m;\
severity info;\
print-time yes;\
print-category yes;\
print-severity yes;\
};\
category queries {\
bind_log;\
};\
category resolver {\
bind_log;\
};
};\
view "ours_domain" {\
match-clients {any; };\
allow-query-cache {any; };\
allow-recursion {any; };\
allow-transfer {any; };\
dlz "Mysql zone" {\
database "mysql\
{host=127.0.0.1 dbname=bind_dns ssl=false port=3306 user=root pass=root}\
{select zone from dns_records where zone='$zone$'}\
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}";\
};\
zone "." IN {\
type hint;\
file "/usr/local/bind/etc/named.ca";\
};\
};
5. 生成 name.ca文件
dig -t NS . >/usr/local/bind/etc/named.ca\
配置dlz数据库查询
1. 建库
create database bind_dns;
2. 建表
DROP TABLE IF EXISTS `dns_records`;\
CREATE TABLE `dns_records` (\
`id` int(11) NOT NULL AUTO_INCREMENT,\
`zone` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,\
`host` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,\
`type` varchar(5) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,\
`data` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,\
`ttl` int(11) NOT NULL,\
`mx_priority` int(11) DEFAULT NULL,\
`view` varchar(7) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,\
`priority` int(11) NOT NULL,\
`refresh` int(11) NOT NULL,\
`retry` int(11) NOT NULL,\
`expire` int(11) NOT NULL,\
`minimum` int(11) NOT NULL,\
`serial` bigint(20) NOT NULL,\
`resp_person` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,\
`primary_ns` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,\
PRIMARY KEY (`id`),\
KEY `dns_records_zone_host_40d048ac_idx` (`zone`,`host`)\
) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;\
3. 插入数据
INSERT INTO `dns_records` VALUES ('1', 'u51.com', 'h5', 'A', '10.10.10.30', '60', null, '', '0', '0', '0', '0', '0', '0', '', '');\
INSERT INTO `dns_records` VALUES ('2', 'u51.com', '*', 'web', '10.10.10.30', '60', null, '', '0', '0', '0', '0', '0', '0', '', '');\
启动named服务
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf
测试结果
dig h5.u51.com @10.1.126.14
