自建内部dns管理系统开发

BIND（Berkeley internet Name Daemon)也叫做NAMED，是现今互联网上使用最为广泛的DNS 服务器程序,本项目旨在更简单的维护我们内部的dns系统。

自建内部dns管理系统开发_mysql

环境：

 
数据库: mysql5.6
应用: bind-9.11.2
环境: python3.８ , django3

0x01 安装数据库

安装mysql数据库
执行sql 建表语句

 
use mysql
create database bind9; -- 创建库
CREATE USER  'admin'@'%' identified by 'pass123456';  -- 创建用户
GRANT ALL PRIVILEGES ON bind9.*  TO 'admin'@'%' WITH GRANT OPTION; --  数据库赋权 ;WITH GRANT OPTION 选项表示可以将自己拥有的权限授权给别人,可不加
flush privileges; -- 刷新权限

0x02 web 管理平台部署

容器方式

 
sudo docker run --name bind9 -d \
 --restart=always \
 -p 8000:8000 \
 -e DB_HOST=172.16.0.181 \
 -e DB_PORT=3306 \
 -e DB_USER=admin \
 -e DB_PASSWORD='pass123456' \
 -e DB_NAME=bind9 \
 lghost/bind9

本地部署

创建项目

 
python3 -m venv env
source  env/bin/activate
# 配置虚拟环境
 
pip  install -i http://mirrors.aliyun.com/pypi/simple  --trusted-host mirrors.aliyun.com  -r requirements.txt
# 安装pip包

数据库连接配置: `bind9/website/settings.py`

 
DB_HOST = os.getenv('DB_HOST', '192.168.0.181')
DB_NAME = os.getenv('DB_NAME', 'bind9')
DB_USER = os.getenv('DB_USER', 'admin')
DB_PASSWORD = os.getenv('DB_PASSWORD', 'pass123456')
DB_PORT = os.getenv('DB_PORT', 3306)
# 以上替换成实际连接帐号，也可在容器中传入变量

本地方式启动 web

 
sh run.sh
# 启动脚本

0x03 部署 bind9 dns

安装依赖


yum install -y perl-devel openssl-devel bind-utils

安装 bind9

 
wget  -c http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz
# 下载地址
 
cd bind-9.11.2/
./configure --prefix=/usr/local/bind/ \
--with-dlz-mysql=/usr/local/mysql \
--enable-threads=no --with-openssl=no \
--disable-ipv6 --enable-largefile \
--disable-openssl-version-check
make && make install
# 编译安装 ;　类似yum安装mysql的指定路径 --with-dlz-mysql=/usr
 
cd /usr/local/bind/sbin/named/etc
wget -c ftp://ftp.internic.net/domain/named.root
/usr/local/bind/sbin/rndc-confgen -r /dev/urandom -a
 
mkdir -p /usr/local/bind/var/{logs,zones}
# 创建logs目录
ln -s /usr/local/bind/sbin/named /bin/
#  软链接

bind 配置

/usr/local/bind/sbin/named/etc/named.conf 此处主要添加实际的数据库权限

 
// acl白名单
acl trust-lan {
        10.0.0.0/8;
        172.16.0.0/16;
        192.168.0.0/16;
        127.0.0.1;
};
 
# 通信通道，以访问named统计信息
statistics-channels {
    inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
};
 
 
 
// 全局配置，所有配置都要以分号结尾
options {
 
 
    // 开启监听53端口，any表示接受任意ip连接
    listen-on port 53 { any; };
    zone-statistics yes;
    tcp-clients 50000;
    dnssec-enable no;
    dnssec-validation no;
    datasize unlimited;
    stacksize unlimited;
 
    // 允许用户发起递归查询的地址范围
    allow-query { trust-lan; };
    // 允许哪些主机从服务器接受传送
    allow-transfer { 172.20.10.61;};
    directory "/usr/local/bind/var/";
    // named进程的pid
    pid-file "named.pid";
 
    // 设置转发dns服务器地址
    forwarders {
      223.5.5.5;
      114.114.114.114;
      8.8.8.8;
      };
 
    // 允许递归查询
    recursion yes;
 
    max-cache-size 60%;
    };
 
// 根域名
zone "." IN {
       type hint;
       file "/usr/local/bind/etc/named.root";
};
 
logging {
    channel bind_log {
        file "/usr/local/bind/var/logs/bind.log" versions 3 size 100m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    category default { bind_log; };
    category queries { query_log; };
};
 
dlz "My zone" {
   database "mysql
   {host=192.168.0.110 dbname=bind9 ssl=false port=3306 user=root pass=xxxxxx}
   {select zone from dns_zones where zone='$zone$'}
   {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
        when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
        else data end from dns_records LEFT JOIN dns_zones ON dns_records.zone_id = dns_zones.id WHERE dns_zones.status=1 and dns_zones.zone='$zone$' and dns_records.host='$record$'}";
};
// 添加自己的数据库连接信息

启动 bind dns 服务

 
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -g
# 指定配置文件和开启调试
pkill named # 结束进程
 
useradd  -s  /sbin/nologin  named
chown  -R named:named /usr/local/bind/
# 设置普通用户运行服务
cat > /etc/systemd/system/named.service <<EOF
[Unit]
Description=Internet domain name server
After=network.target
 
[Service]
ExecStart=/usr/local/bind/sbin/named -f -u named -4 -n 2
ExecReload=/usr/local/bind/sbin/rndc reload
ExecStop=/usr/local/bind/sbin/rndc stop
 
[Install]
WantedBy=multi-user.target
Alias=bind.service
# 启动文件
EOF
systemctl daemon-reload
# 载入配置
systemctl start named
# 启动服务

0x04 web 默认地址和密码

 
http://主机ip:8000
# 帐号:admin　密码:admin123456

0x05 性能问题

如何提升查询自定义记录速度？

1.添加数据库索引 2.提升mysql数据库本身性能

如何测试压测bind9性能？

 
cd bind-9.11.2/contrib/queryperf/
make
# 编译生成文件
 
queryperf -d input_file -s server
# input_file读取的文件列表，格式为： www.rootman.cn A
# server 为bind服务器
#!/bin/sh
var=1
while [ $var -le 10000 ]
do
echo "www.rootman.cn A " >> test.txt
var=$(($var + 1 ))
done
# shell 循环生成1000条记录供测试

	数据库: mysql5.6
	应用: bind-9.11.2
	环境: python3.８ , django3

	use mysql
	create database bind9; -- 创建库
	CREATE USER 'admin'@'%' identified by 'pass123456'; -- 创建用户
	GRANT ALL PRIVILEGES ON bind9.* TO 'admin'@'%' WITH GRANT OPTION; -- 数据库赋权 ;WITH GRANT OPTION 选项表示可以将自己拥有的权限授权给别人,可不加
	flush privileges; -- 刷新权限

	sudo docker run --name bind9 -d \
	--restart=always \
	-p 8000:8000 \
	-e DB_HOST=172.16.0.181 \
	-e DB_PORT=3306 \
	-e DB_USER=admin \
	-e DB_PASSWORD='pass123456' \
	-e DB_NAME=bind9 \
	lghost/bind9

	python3 -m venv env
	source env/bin/activate
	# 配置虚拟环境

	pip install -i http://mirrors.aliyun.com/pypi/simple --trusted-host mirrors.aliyun.com -r requirements.txt
	# 安装pip包

	DB_HOST = os.getenv('DB_HOST', '192.168.0.181')
	DB_NAME = os.getenv('DB_NAME', 'bind9')
	DB_USER = os.getenv('DB_USER', 'admin')
	DB_PASSWORD = os.getenv('DB_PASSWORD', 'pass123456')
	DB_PORT = os.getenv('DB_PORT', 3306)
	# 以上替换成实际连接帐号，也可在容器中传入变量

	wget -c http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz
	# 下载地址

	cd bind-9.11.2/
	./configure --prefix=/usr/local/bind/ \
	--with-dlz-mysql=/usr/local/mysql \
	--enable-threads=no --with-openssl=no \
	--disable-ipv6 --enable-largefile \
	--disable-openssl-version-check
	make && make install
	# 编译安装 ;　类似yum安装mysql的指定路径 --with-dlz-mysql=/usr

	cd /usr/local/bind/sbin/named/etc
	wget -c ftp://ftp.internic.net/domain/named.root
	/usr/local/bind/sbin/rndc-confgen -r /dev/urandom -a

	mkdir -p /usr/local/bind/var/{logs,zones}
	# 创建logs目录
	ln -s /usr/local/bind/sbin/named /bin/
	# 软链接

	// acl白名单
	acl trust-lan {
	10.0.0.0/8;
	172.16.0.0/16;
	192.168.0.0/16;
	127.0.0.1;
	};

	# 通信通道，以访问named统计信息
	statistics-channels {
	inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
	};



	// 全局配置，所有配置都要以分号结尾
	options {


	// 开启监听53端口，any表示接受任意ip连接
	listen-on port 53 { any; };
	zone-statistics yes;
	tcp-clients 50000;
	dnssec-enable no;
	dnssec-validation no;
	datasize unlimited;
	stacksize unlimited;

	// 允许用户发起递归查询的地址范围
	allow-query { trust-lan; };
	// 允许哪些主机从服务器接受传送
	allow-transfer { 172.20.10.61;};
	directory "/usr/local/bind/var/";
	// named进程的pid
	pid-file "named.pid";

	// 设置转发dns服务器地址
	forwarders {
	223.5.5.5;
	114.114.114.114;
	8.8.8.8;
	};

	// 允许递归查询
	recursion yes;

	max-cache-size 60%;
	};

	// 根域名
	zone "." IN {
	type hint;
	file "/usr/local/bind/etc/named.root";
	};

	logging {
	channel bind_log {
	file "/usr/local/bind/var/logs/bind.log" versions 3 size 100m;
	severity debug;
	print-time yes;
	print-severity yes;
	print-category yes;
	};
	channel error_log {
	file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
	severity info;
	print-time yes;
	print-severity yes;
	print-category yes;
	};
	channel query_log {
	file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
	severity info;
	print-time yes;
	print-severity yes;
	print-category yes;
	};
	category default { bind_log; };
	category queries { query_log; };
	};

	dlz "My zone" {
	database "mysql
	{host=192.168.0.110 dbname=bind9 ssl=false port=3306 user=root pass=xxxxxx}
	{select zone from dns_zones where zone='$zone$'}
	{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
	when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
	else data end from dns_records LEFT JOIN dns_zones ON dns_records.zone_id = dns_zones.id WHERE dns_zones.status=1 and dns_zones.zone='$zone$' and dns_records.host='$record$'}";
	};
	// 添加自己的数据库连接信息

	/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -g
	# 指定配置文件和开启调试
	pkill named # 结束进程

	useradd -s /sbin/nologin named
	chown -R named:named /usr/local/bind/
	# 设置普通用户运行服务
	cat > /etc/systemd/system/named.service <<EOF
	[Unit]
	Description=Internet domain name server
	After=network.target

	[Service]
	ExecStart=/usr/local/bind/sbin/named -f -u named -4 -n 2
	ExecReload=/usr/local/bind/sbin/rndc reload
	ExecStop=/usr/local/bind/sbin/rndc stop

	[Install]
	WantedBy=multi-user.target
	Alias=bind.service
	# 启动文件
	EOF
	systemctl daemon-reload
	# 载入配置
	systemctl start named
	# 启动服务

	cd bind-9.11.2/contrib/queryperf/
	make
	# 编译生成文件

	queryperf -d input_file -s server
	# input_file读取的文件列表，格式为： www.rootman.cn A
	# server 为bind服务器
	#!/bin/sh
	var=1
	while [ $var -le 10000 ]
	do
	echo "www.rootman.cn A " >> test.txt
	var=$(($var + 1 ))
	done
	# shell 循环生成1000条记录供测试