自建内部dns管理系统开发

Linux系统
301
0
0
2024-02-04
标签   DNS

   BIND(Berkeley internet Name Daemon)也叫做NAMED,是现今互联网上使用最为广泛的DNS 服务器程序,本项目旨在更简单的维护我们内部的dns系统。

自建内部dns管理系统开发_mysql

环境

数据库: mysql5.6
应用: bind-9.11.2
环境: python3.8 , django3

0x01 安装数据库

  1. 安装mysql数据库
  2. 执行sql 建表语句
use mysql
create database bind9; -- 创建库
CREATE USER  'admin'@'%' identified by 'pass123456';  -- 创建用户
GRANT ALL PRIVILEGES ON bind9.*  TO 'admin'@'%' WITH GRANT OPTION; --  数据库赋权 ;WITH GRANT OPTION 选项表示可以将自己拥有的权限授权给别人,可不加
flush privileges; -- 刷新权限

0x02 web 管理平台部署

容器方式

sudo docker run --name bind9 -d \
 --restart=always \
 -p 8000:8000 \
 -e DB_HOST=172.16.0.181 \
 -e DB_PORT=3306 \
 -e DB_USER=admin \
 -e DB_PASSWORD='pass123456' \
 -e DB_NAME=bind9 \
 lghost/bind9

本地部署

  1. 创建项目
python3 -m venv env
source  env/bin/activate
# 配置虚拟环境

pip  install -i http://mirrors.aliyun.com/pypi/simple  --trusted-host mirrors.aliyun.com  -r requirements.txt
# 安装pip包
  1. 数据库连接配置: `bind9/website/settings.py`
DB_HOST = os.getenv('DB_HOST', '192.168.0.181')
DB_NAME = os.getenv('DB_NAME', 'bind9')
DB_USER = os.getenv('DB_USER', 'admin')
DB_PASSWORD = os.getenv('DB_PASSWORD', 'pass123456')
DB_PORT = os.getenv('DB_PORT', 3306)
# 以上替换成实际连接帐号,也可在容器中传入变量

本地方式启动 web

sh run.sh
# 启动脚本

0x03 部署 bind9 dns

安装依赖

yum install -y perl-devel openssl-devel bind-utils

安装 bind9

wget  -c http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz
# 下载地址

cd bind-9.11.2/
./configure --prefix=/usr/local/bind/ \
--with-dlz-mysql=/usr/local/mysql \
--enable-threads=no --with-openssl=no \
--disable-ipv6 --enable-largefile \
--disable-openssl-version-check
make && make install
# 编译安装 ; 类似yum安装mysql的指定路径 --with-dlz-mysql=/usr

cd /usr/local/bind/sbin/named/etc
wget -c ftp://ftp.internic.net/domain/named.root
/usr/local/bind/sbin/rndc-confgen -r /dev/urandom -a

mkdir -p /usr/local/bind/var/{logs,zones}
# 创建logs目录
ln -s /usr/local/bind/sbin/named /bin/
#  软链接

bind 配置

/usr/local/bind/sbin/named/etc/named.conf 此处主要添加实际的数据库权限

// acl白名单
acl trust-lan {
        10.0.0.0/8;
        172.16.0.0/16;
        192.168.0.0/16;
        127.0.0.1;
};

# 通信通道,以访问named统计信息
statistics-channels {
    inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
};



// 全局配置,所有配置都要以分号结尾
options {


    // 开启监听53端口,any表示接受任意ip连接
    listen-on port 53 { any; };
    zone-statistics yes;
    tcp-clients 50000;
    dnssec-enable no;
    dnssec-validation no;
    datasize unlimited;
    stacksize unlimited;

    // 允许用户发起递归查询的地址范围
    allow-query { trust-lan; };
    // 允许哪些主机从服务器接受传送
    allow-transfer { 172.20.10.61;};
    directory "/usr/local/bind/var/";
    // named进程的pid
    pid-file "named.pid";

    // 设置转发dns服务器地址
    forwarders {
      223.5.5.5;
      114.114.114.114;
      8.8.8.8;
      };

    // 允许递归查询
    recursion yes;

    max-cache-size 60%;
    };

// 根域名
zone "." IN {
       type hint;
       file "/usr/local/bind/etc/named.root";
};

logging {
    channel bind_log {
        file "/usr/local/bind/var/logs/bind.log" versions 3 size 100m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    category default { bind_log; };
    category queries { query_log; };
};

dlz "My zone" {
   database "mysql
   {host=192.168.0.110 dbname=bind9 ssl=false port=3306 user=root pass=xxxxxx}
   {select zone from dns_zones where zone='$zone$'}
   {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
        when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
        else data end from dns_records LEFT JOIN dns_zones ON dns_records.zone_id = dns_zones.id WHERE dns_zones.status=1 and dns_zones.zone='$zone$' and dns_records.host='$record$'}";
};
// 添加自己的数据库连接信息

启动 bind dns 服务

/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -g
# 指定配置文件和开启调试
pkill named # 结束进程

useradd  -s  /sbin/nologin  named
chown  -R named:named /usr/local/bind/
# 设置普通用户运行服务
cat > /etc/systemd/system/named.service <<EOF
[Unit]
Description=Internet domain name server
After=network.target

[Service]
ExecStart=/usr/local/bind/sbin/named -f -u named -4 -n 2
ExecReload=/usr/local/bind/sbin/rndc reload
ExecStop=/usr/local/bind/sbin/rndc stop

[Install]
WantedBy=multi-user.target
Alias=bind.service
# 启动文件
EOF
systemctl daemon-reload
# 载入配置
systemctl start named
# 启动服务

0x04 web 默认地址和密码

http://主机ip:8000
# 帐号:admin 密码:admin123456

0x05 性能问题

如何提升查询自定义记录速度?

1.添加数据库索引 2.提升mysql数据库本身性能

如何测试压测bind9性能?

cd bind-9.11.2/contrib/queryperf/
make
# 编译生成文件

queryperf -d input_file -s server
# input_file读取的文件列表,格式为: www.rootman.cn A
# server 为bind服务器
#!/bin/sh
var=1
while [ $var -le 10000 ]
do
echo "www.rootman.cn A " >> test.txt
var=$(($var + 1 ))
done
# shell 循环生成1000条记录供测试