BIND(Berkeley internet Name Daemon)也叫做NAMED,是现今互联网上使用最为广泛的DNS 服务器程序,本项目旨在更简单的维护我们内部的dns系统。
环境:
数据库: mysql5.6
应用: bind-9.11.2
环境: python3.8 , django3
0x01 安装数据库
- 安装mysql数据库
- 执行sql 建表语句
use mysql
create database bind9; -- 创建库
CREATE USER 'admin'@'%' identified by 'pass123456'; -- 创建用户
GRANT ALL PRIVILEGES ON bind9.* TO 'admin'@'%' WITH GRANT OPTION; -- 数据库赋权 ;WITH GRANT OPTION 选项表示可以将自己拥有的权限授权给别人,可不加
flush privileges; -- 刷新权限
0x02 web 管理平台部署
容器方式
sudo docker run --name bind9 -d \
--restart=always \
-p 8000:8000 \
-e DB_HOST=172.16.0.181 \
-e DB_PORT=3306 \
-e DB_USER=admin \
-e DB_PASSWORD='pass123456' \
-e DB_NAME=bind9 \
lghost/bind9
本地部署
- 创建项目
python3 -m venv env
source env/bin/activate
# 配置虚拟环境
pip install -i http://mirrors.aliyun.com/pypi/simple --trusted-host mirrors.aliyun.com -r requirements.txt
# 安装pip包
- 数据库连接配置: `bind9/website/settings.py`
DB_HOST = os.getenv('DB_HOST', '192.168.0.181')
DB_NAME = os.getenv('DB_NAME', 'bind9')
DB_USER = os.getenv('DB_USER', 'admin')
DB_PASSWORD = os.getenv('DB_PASSWORD', 'pass123456')
DB_PORT = os.getenv('DB_PORT', 3306)
# 以上替换成实际连接帐号,也可在容器中传入变量
本地方式启动 web
sh run.sh
# 启动脚本
0x03 部署 bind9 dns
安装依赖
yum install -y perl-devel openssl-devel bind-utils
安装 bind9
wget -c http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz
# 下载地址
cd bind-9.11.2/
./configure --prefix=/usr/local/bind/ \
--with-dlz-mysql=/usr/local/mysql \
--enable-threads=no --with-openssl=no \
--disable-ipv6 --enable-largefile \
--disable-openssl-version-check
make && make install
# 编译安装 ; 类似yum安装mysql的指定路径 --with-dlz-mysql=/usr
cd /usr/local/bind/sbin/named/etc
wget -c ftp://ftp.internic.net/domain/named.root
/usr/local/bind/sbin/rndc-confgen -r /dev/urandom -a
mkdir -p /usr/local/bind/var/{logs,zones}
# 创建logs目录
ln -s /usr/local/bind/sbin/named /bin/
# 软链接
bind 配置
/usr/local/bind/sbin/named/etc/named.conf 此处主要添加实际的数据库权限
// acl白名单
acl trust-lan {
10.0.0.0/8;
172.16.0.0/16;
192.168.0.0/16;
127.0.0.1;
};
# 通信通道,以访问named统计信息
statistics-channels {
inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
};
// 全局配置,所有配置都要以分号结尾
options {
// 开启监听53端口,any表示接受任意ip连接
listen-on port 53 { any; };
zone-statistics yes;
tcp-clients 50000;
dnssec-enable no;
dnssec-validation no;
datasize unlimited;
stacksize unlimited;
// 允许用户发起递归查询的地址范围
allow-query { trust-lan; };
// 允许哪些主机从服务器接受传送
allow-transfer { 172.20.10.61;};
directory "/usr/local/bind/var/";
// named进程的pid
pid-file "named.pid";
// 设置转发dns服务器地址
forwarders {
223.5.5.5;
114.114.114.114;
8.8.8.8;
};
// 允许递归查询
recursion yes;
max-cache-size 60%;
};
// 根域名
zone "." IN {
type hint;
file "/usr/local/bind/etc/named.root";
};
logging {
channel bind_log {
file "/usr/local/bind/var/logs/bind.log" versions 3 size 100m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
channel error_log {
file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default { bind_log; };
category queries { query_log; };
};
dlz "My zone" {
database "mysql
{host=192.168.0.110 dbname=bind9 ssl=false port=3306 user=root pass=xxxxxx}
{select zone from dns_zones where zone='$zone$'}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
else data end from dns_records LEFT JOIN dns_zones ON dns_records.zone_id = dns_zones.id WHERE dns_zones.status=1 and dns_zones.zone='$zone$' and dns_records.host='$record$'}";
};
// 添加自己的数据库连接信息
启动 bind dns 服务
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -g
# 指定配置文件和开启调试
pkill named # 结束进程
useradd -s /sbin/nologin named
chown -R named:named /usr/local/bind/
# 设置普通用户运行服务
cat > /etc/systemd/system/named.service <<EOF
[Unit]
Description=Internet domain name server
After=network.target
[Service]
ExecStart=/usr/local/bind/sbin/named -f -u named -4 -n 2
ExecReload=/usr/local/bind/sbin/rndc reload
ExecStop=/usr/local/bind/sbin/rndc stop
[Install]
WantedBy=multi-user.target
Alias=bind.service
# 启动文件
EOF
systemctl daemon-reload
# 载入配置
systemctl start named
# 启动服务
0x04 web 默认地址和密码
http://主机ip:8000
# 帐号:admin 密码:admin123456
0x05 性能问题
如何提升查询自定义记录速度?
1.添加数据库索引 2.提升mysql数据库本身性能
如何测试压测bind9性能?
cd bind-9.11.2/contrib/queryperf/
make
# 编译生成文件
queryperf -d input_file -s server
# input_file读取的文件列表,格式为: www.rootman.cn A
# server 为bind服务器
#!/bin/sh
var=1
while [ $var -le 10000 ]
do
echo "www.rootman.cn A " >> test.txt
var=$(($var + 1 ))
done
# shell 循环生成1000条记录供测试