sRm3tA

ppt.cc/fVjECx ppt.cc/fEnHsx ppt.cc/fRZTnx ppt.cc/fSZ3cx ppt.cc/fLOuCx ppt.cc/fE9Nux ppt.cc/fL5Kyx ppt.cc/fIr1ax ppt.cc/f71Yqx tecmint.com linuxcool.com linux.die.net linux.it.net.cn ostechnix.com unix.com ubuntugeek.com runoob.com man.linuxde.net bit.ly/2EzoUDo bit.ly/2tW6eYT bit.ly/2X6vadl bit.ly/2viLpHU linuxprobe.com linuxtechi.com howtoforge.com linuxstory.org systutorials.com ghacks.net linuxopsys.com v.gd/2P9wTx v.gd/FtfpqE v.gd/eMfHsm v.gd/Ub7mqv v.gd/RReVk0 v.gd/vS3uTI v.gd/4Zxmba

Thursday, 11 July 2019

用Bind-DLZ + Flask + Mysql 搭建的DNS管理平台：Bind-Web

系统环境:CentOS 6.5 X64

软件版本:

  bind-9.9.5.tar.gz  
  mysql-5.6.16.tar.gz

描述：数据库安装就不在絮叨，了解运维的同学都应该知道

一．源码安装配置Bind:

1.源码编译安装

 tar -zxvf  bind-9.9.5.tar.gz           #解压压缩包
 cd bind-9.9.5
 ./configure --prefix=/usr/local/bind/  \
 --enable-threads=no \
 --enable-newstats   \
 --with-dlz-mysql    \
 --disable-openssl-version-check
 
 #官网说明强调编译关闭多线程，即--enable-threads=no
 
 make
 make install           #源码编译安装完成

2.环境变量配置

cat >>  /etc/profile  <

3.用户添加授权目录

 useradd  -s  /sbin/nologin  named
 chown  -R named:named /usr/local/bind/

4.配置Bind vi /usr/local/bind/etc/named.conf

 options {
   directory       "/usr/local/bind/";
   version         "bind-9.9.9";
   listen-on port 53 { any; };
   allow-query-cache { any; };
   listen-on-v6 port 53 { ::1; };
   allow-query     { any; };
   recursion yes;    
   dnssec-enable yes;
   dnssec-validation yes;
   dnssec-lookaside auto;

 };
  
  
 key "rndc-key" {
   algorithm hmac-md5;
   secret "C4Fg6OGjJipHKfgUWcAh+g==";

 };
  
 controls {
   inet 127.0.0.1 port 953
     allow { 127.0.0.1; } keys { "rndc-key"; };
 };
  
  
 view "ours_domain" {
   match-clients           {any; };
   allow-query-cache           {any; };
   allow-recursion          {any; };
   allow-transfer          {any; };
  
   dlz "Mysql zone" {
     database        "mysql
     {host=127.0.0.1 dbname=named ssl=false port=3306 user=root pass=123456}
     {select zone from dns_records where zone='$zone$'}
     {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}"; 
   };
   zone "."  IN {
    type hint;
    file "/usr/local/bind/etc/named.ca";
   };
  
 };

保存退出

生成 name.ca文件

(demo) -bash-4.1# cd /usr/local/bind/etc/
(demo) -bash-4.1# dig -t NS .  >named.ca

5.配置数据库，导入sql 文件

 mysql -p   #登录数据库
mysql> CREATE DATABASE  named   CHARACTER SET utf8 COLLATE utf8_general_ci; 
mysql> source named.sql;             #注意路径，这里我放在当前目录
就两张表，一个dns用到的表，一个用户管理表

6.启动 Bind 服务并设置开机启动脚本

(demo) -bash-4.1# /usr/local/bind/sbin/named

监控系统日志：

 tail -f /var/log/messages

如下，说明服务启动正常

测试bind连接数据库是否正常:

设置 Bind 开机启动脚本

bind 本文档会附带，传到服务器  /etc/init.d/ 目录
(demo) -bash-4.1# chmod  755 /etc/init.d/bind 
(demo) -bash-4.1# #mkdir  /var/run/named/ && chown  named:named -R /var/run/named 
杀掉 named  服务，改用脚本启动

(demo) -bash-4.1# pkill  named
(demo) -bash-4.1# /etc/init.d/bind  start            #监控日志，查看启动状态
(demo) -bash-4.1# chkconfig  --add bind            #加入开机启动

tail -f /var/log/messages

二．配置Bind-Web 管理平台

上传 Bind-web-1.0.tar.gz 管理平台

(demo) -bash-4.1# git  clone  https://github.com/1032231418/Bind-Web.git  #git  克隆下来
(demo) -bash-4.1# cd Bind-Web
(demo) -bash-4.1# python  run.py

运行软件程序使用flask框架写的，要用pip安装该框架

http://ip/5000 访问WEB 界面登录账户 eagle 密码 123456

功能有，用户管理，域名管理

from https://github.com/wopost/Bind-Web

----

基于Tornado实现一套DNS域名管理系统，支持多区域智能解析、可视化Bind操作、操作日志记录等 http://www.opendevops.cn/

域名管理

简介：

本服务用来管理DNS，目前仅支持BIND

功能

可视化配置bind服务
支持多区域智能解析
支持多台DNS服务（agent修改配置文件，不强依赖DNS的数据库）
简单的规则校验（如果BIND校验区域文件不通过，则当前区域文件不生效）
对操作日志进行记录
对域名进行监控（暂无）

页面展示

域名列表

区域解析列表

操作日志

添加解析

同步配置文件

项目部署

创建数据库

create database `codo_dns` default character set utf8mb4 collate utf8mb4_unicode_ci;

初始化表结构

python3 /var/www/codo_dns/db_sync.py

修改配置

对settings 里面的配置文件进行修改主要为数据库地址和bind的初始化文件，启动的时候如果数据库不存在bind的初始配置，就会写入数据库
修改 doc/nginx_ops.conf 的server_name 例如改为 dns.opendevops.cn ,当然你也可以直接用IP
修改 doc/supervisor_ops.conf 内容来控制进程数量

编译镜像

docker build . -t codo_dns_image

docker 启动

默认映射出了8060端口

docker-compose up -d

启动后访问地址为 dns.opendevops.cn:8060

测试

curl -I -X GET -m  10 -o /dev/null -s -w %{http_code}  http://dns.opendevops.cn:8060/are_you_ok/
### 返回200 就代表成功了

注册网关用户登录 URI鉴权是通过网关来处理的（必须，莫忘）。

参考api网关

BIND部署（centos7）

BIND 搭建

多区域支持

把doc下的所有的named 开头的文件放入 bind服务器的 /var/named/chroot/etc/ 目录下
这里是和 settings 下的默认bind配置文件进行关联

自定义区域

略。。。请自行研究文档

获取最新配置（在BIND服务器上）

建议放入系统crontab 中，日志请自行重定向，并且建议报错发送报错日志
修改配置相关参数
- api_url 就是你系统API地址比如 https://demo.opendevops.cn/api/
- auth_key 为登录令牌，获取和使用方法详见 admin模块，创建一个用户，赋值权限，并获取其toekn
- 下面三个URI的GET权限/dns/v2/dns/bind/domain/ /dns/v2/dns/bind/zone/ /dns/v1/dns/bind/conf/
- 下面为获取配置的脚本，在项目的 libs目录下。
- domain_sync.py 使用python3 执行 python3 domain_sync.py
你也可以自己根据接口开发。

from https://github.com/opendevops-cn/codo-dns
------
DNS Control is a web based dns management tool for BIND 9 name server. http://tups.lv/blog/dns-control/

from https://github.com/hollodk/dns-control
-------------------

ProBIND v3 - Professional DNS Management https://pacoorozco.github.io/probind/

ProBIND - Professional DNS management made easy

Presentation

ProBIND is a web application designed for managing the DNS zones for one or more servers running the ISC BIND DNS server software. It works best for companies that need to manage a medium-sized pool of domains across a set of servers.

The application has been written using Laravel framework. It stores its data in a MySQL, Postgres database (see Laravel Database Backend) and generates configuration files for BIND on-demand.

What ProBIND Is

ProBIND is meant to be a time-saving tool for busy administrators, aiding in managing the configuration of DNS zones across multiple servers. It is intended for use by those already familiar with the components of a DNS zone file and who understand DNS concepts and methods.

This software acts as a configuration repository to help keep zones well-maintained and has several helping tools to ensure that common DNS issues are minimized.

What ProBIND Is Not

Although ProBIND uses a database to store zone data, it is not a replacement backend for ISC BIND. ProBIND merely creates the proper zone files for use with the default configuration method of BIND. If you are looking for a live SQL backend for ISC BIND, this is not one.

ProBIND is not a tool for those unfamiliar with DNS concepts. It assumes you know the differences between a CNAME and an A record. It also assumes you know about SOA records, what a lame server is, and what glue is.

ProBIND is not the ultimate solution to DNS management. It fits the needs of those who develop it, and it is hoped that others will also find it useful.

Changelog

See our CHANGELOG file in order to know what changes are implemented in every version.

Requirements

PHP 7.1+
A supported relational database and corresponding PHP extension.
Composer.

How to test ProBIND

There are two methods in order to test ProBIND:

Method 1: Using Docker containers. This is the quickest way
Method 2: Using Vagrant box. This is a preferred way to developers

Docker method

This will create several Docker containers to implement all ProBIND needs. An application server, a web server, a database server.

Prior this installation, you need to have installed this software:

Docker

Clone the repository locally

$ git clone https://github.com/pacoorozco/probind.git probind
$ cd probind

Install PHP dependencies with:

NOTE: You don't need to install neither PHP nor Composer, we are going to use a Composer image instead.
```
$ docker run --rm --interactive --tty \
      --volume $PWD:/app \
      --user $(id -u):$(id -g) \
      composer install
```
Copy .env.example to .env.

NOTE: You don't need to touch anything from this file. It works with default settings.

Start all containers with Docker Compose

$ docker-compose build
$ docker-compose up -d

Seed database in order to play with some data

$ docker-compose exec app php artisan key:generate 
$ docker-compose exec app php artisan migrate --seed

Go to http://localhost/install and finish ProBIND installation. Enjoy!

NOTE: Default credentials are admin/secret.

Homestead Vagrant Box method

This will create a VM box (a Vagrant one) where all needed software will be installed and configured. It's the best way to develop and test ProBIND.

Prior this installation, you need to have installed this software:

Vagrant 2.1+
Composer
PHP extensions/modules installed: php-mbstring php-xml

Clone the repository locally

$ git clone https://github.com/pacoorozco/probind.git probind

Install dependencies with:
```
$ cd probind
$ composer install
```
Copy .env.example to .env. By default this configuration will work with Homestead Vagrant Box.

Prepare Homestead envionment and Vagrant box

$ php vendor/bin/homestead make
$ vagrant box add laravel/homestead
$ vagrant up

Create a new application key and seed some values.

$ vagrant ssh
$ cd code
$ php artisan key:generate
$ php artisan migrate --seed
$ exit

Go to http://192.168.10.10/install and finish ProBIND installation. Enjoy!

NOTE: Default credentials are admin/secret.

Reporting issues

If you have issues with ProBIND, you can report them with the GitHub issues module.

Contibuting

Please see CONTRIBUTING for details.

License

ProBIND is released as free software under GPLv3

Authors

ProBIND was originally developed by Flemming S. Johansen as part of his duties as resident DNS manager at Proventum Solutions. Later, a fork of ProBIND called ProBIND2 was developed by Alexei P. Roudnev, a senior network/software engineer, at Exigen Group LTD.

With both projects lying dormant for a number of years, Michael Johnson, Systems Administrator at PhD Computing, attempted to revive the ProBIND project. The enhancements made in ProBIND2 were merged in and development were once again resumed.

Later, in 2016, Paco Orozco recoded all this application using Laravel Framework to bring a new version of this software. It was named ProBIND v3.

from https://github.com/pacoorozco/probind

-------

Bind基于DLZ实现智能DNS

简介

在我看来基于 Bind 的只能 DNS 方案主要包括两个部分：Geolocation 和 Dynamic Record。国内的业界对智能 DNS 的定位也无非这两点，但是我所理解的智能 DNS 是建立在这两条基础上的智能调度系统，比如我有三个负载能力不同的数据中心，DNS 可以根据数据中心的 metrics（这里可能包括带宽，服务能力等）实现流量的调度，限于个人水平个人未在这个方向有所实践，这个话题留作以后讨论，所以本文只针对前两个问题。由于 Bind 本身的配置可运维性比较差，这就引出本文主要讨论的 DLZ。

原理

DLZ 实际上就是扩展了 Bind，将 Zonefle 的内容放到外部数据库里，然后给 Bind 配置查询语句从数据库里查询记录。当修改数据库里的记录信息的时候，无需重启 Bind，下次客户请求时直接就能返回新的记录了。另外，DLZ 本身不支持缓存，所以需要自己根据实际情况解决查询的问题。

安装

注意： 这里我以 CentOS7 上安装 dlz-mysql 模块为例。

安装依赖

yum install mariadb-devel gcc wget patch make

下载源码

Bind9.8 之前的版本需要打 patch，具体可参考 DLZ 官方文档，Bind9.8 之后（包括 9.8）的版本已经集成 DLZ：

wget ftp://ftp.isc.org/isc/bind9/9.10.1/bind-9.10.1.tar.gz
tar xzf bind-9.10.1.tar.gz
cd  bind-9.10.1

配置

由于 CentOS7 目录结构上的变更，在编译 dlz-mysql 时会找不到库文件或者 head 文件，所以要做个软连接：

ln -s /usr/lib/mysql /usr/lib64/mysql
./configure --prefix /opt/bind --with-dlz-filesystem --with-dlz-mysql

编译

make

安装

make install

模型

注意： DLZ 没有限制用户的数据模型，你可以根据业务逻辑定义模型，然后构造自己的查询语句即可。官方给出了建议的模型。

建模

Field	Type	Null	Default
zone	text	YES	NULL
host	text	YES	NULL
type	text	YES	NULL
data	text
ttl	int(11)	YES	NULL
mx_priority	text	YES	NULL
refresh	int(11)	YES	NULL
retry	int(11)	YES	NULL
expire	int(11)	YES	NULL
minimum	int(11)	YES	NULL
serial	bigint(20)	YES	NULL
resp_person	text	YES	NULL
primary_ns	text	YES	NULL

zone 区域
host 记录名
type 记录类型
data 记录值
ttl 缓存时间
mx_priority mx 记录优先级
refresh SOA 记录的刷新时间
retry SOA 记录的重试时间
expire SOA 记录的过期时间
minimum SOA 记录的 minimum
serial SOA 记录的序列号
resp_person SOA 记录的序列号
primary_ns <尚不明确这个字段的意义>

建库建表

新建数据库：

create database demo;

新建 record 表：

CREATE TABLE IF NOT EXISTS `records` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `zone` varchar(255) NOT NULL,
  `host` varchar(255) NOT NULL,
  `type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL,
  `data` varchar(255) NOT NULL,
  `ttl` int(11) NOT NULL,
  `mx_priority` int(11) DEFAULT NULL,
  `refresh` int(11) DEFAULT NULL,
  `retry` int(11) DEFAULT NULL,
  `expire` int(11) DEFAULT NULL,
  `minimum` int(11) DEFAULT NULL,
  `serial` bigint(20) DEFAULT NULL,
  `resp_person` varchar(64) DEFAULT NULL,
  `primary_ns` varchar(64) DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `type` (`type`),
  KEY `host` (`host`),
  KEY `zone` (`zone`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;

新建 acl 表：

CREATE TABLE IF NOT EXISTS `acl` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `zone` varchar(255) NOT NULL,
  `client` varchar(255) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `client` (`client`),
  KEY `zone` (`zone`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;

配置

GeoIP

这块目前还没有那么灵活，基本上都是基于 acl 来实现的。虽然最新版的 bind 9.10 支持 maxmind 的 api 来做 Geo，但还是改写配置文件的方式。下面是一个示例：

acl "US" {
     3.0.0.0/8;
     4.0.0.0/25;
     4.0.0.128/26;
     4.0.0.192/28;
     4.0.0.208/29;
     4.0.0.216/30;
     4.0.0.220/31;
};

view "north_america" {
      match-clients { US; CA; MX; };
      recursion no;
      zone "foos.com" {
            type master;
            file "pri/foos-north-america.db";
      };
};

view "other" {
      match-clients { any; };
      recursion no;
      zone "foos.com" {
            type master;
            file "pri/foos-other.db";
      };
};

该示例引用自这里

但是我们可以通过 DLZ 实现 GeoIP，二次开发一个自己的 driver，然后在 driver 里根据 client ip，结合自己的业务系统实现真正的 Geo 以及智能业务调度。

Dynamic Record

DLZ 新定义了一个配置关键字 dlz，完整的配置项参考官方文档，这里给出简要说明：

dlz "Mysql zone" { //定义DLZ标识
   database "mysql //database为dlz这个block唯一可指定的关键字，mysql表示使用mysql driver
   {host=localhost dbname=dns_data ssl=tRue} //连接数据库的信息
   {select zone from dns_records where zone = '$zone$'} //用于findzone调用，查询zone
   {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
        else data end from dns_records where zone = '$zone$' and host = '$record$'
        and not (type = 'SOA' or type = 'NS')} //用于lookup调用，查询record
   {select ttl, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum
        from dns_records where zone = '$zone$' and (type = 'SOA' or type='NS')} //用于authority调用，查询SOA或者NS记录，注意这个配置是可选的，SOA和NS查询可以放到lookup调用里，具体见后文
   {select ttl, type, host, mx_priority, data, resp_person, serial, refresh, retry, expire,
        minimum from dns_records where zone = '$zone$' and not (type = 'SOA' or type = 'NS')} //用于allnode调用，和接下来的allowzonexfr一起来提供AXFR查询，可选的配置项
   {select zone from xfr_table where zone = '$zone$' and client = '$client$'} //用于allowzonexfr()调用，用于查询客户端是否可发起AXFR查询，可选的配置项
   {update data_count set count = count + 1 where zone ='$zone$'}";
};

注意： 此配置为最新 Bind 版本的配置，如果是打 patch 的版本请将$换成%，以下的配置同样。

这里也给出我的配置：

logging {
    channel all {
        file "/opt/bind/log/named.log" versions 1;
        print-time yes;
        severity dynamic;
        print-category yes;
        print-severity yes;
    };

    category default { all; };
    category queries { all; };

};

options {
    directory "/opt/bind/var/";
    listen-on-v6 { none; };
    listen-on { any; };
    pid-file "/var/run/named.pid";
    recursion yes;
    allow-transfer {127.0.0.1;};
};

dlz "mysql-dlz" {
    database "mysql
    {host=localhost dbname=demo ssl=false port=3306 user=root pass=thinkin}
    {select zone from records where zone = '$zone$' limit 1}
    {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from records where zone = '$zone$' and host = '$record$'}
    {}
    {select ttl, type, host, mx_priority, data from records where zone = '$zone$' and not (type = 'SOA' or type = 'NS')}
    {select zone from acl where zone = '$zone$' and client = '$client$'}";
};

zone "." IN {
    type hint;
    file "named.root";
};

key "rndc-key" {
    algorithm hmac-md5;
        secret "OdEg+tCn/bMe+/2vbJgQvQ==";
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

注意： 这里的配置开启了递归解析且支持本机发起的 AXFR 请求。

根 zonefile

wget -SO /opt/bind/var/named.root http://www.internic.net/domain/named.root

启动

/opt/bind/sbin/named -n1 -c /opt/bind/etc/named.conf -d9 -g

测试

导入数据

导入 records 数据：

INSERT INTO demo.records (zone, host, type, data, ttl) VALUES ('xdays.me', 'www', 'A', '1.1.1.1', '60');
INSERT INTO demo.records (zone, host, type, data, ttl) VALUES ('xdays.me', 'cloud', 'A', '2.2.2.2', '60');
INSERT INTO demo.records (zone, host, type, data, ttl) VALUES ('xdays.me', 'ns', 'A', '3.3.3.3', '60');
INSERT INTO demo.records (zone, host, type, data, ttl) VALUES ('xdays.me', 'blog', 'CNAME', 'cloud.xdays.me.', '60');
INSERT INTO demo.records (zone, host, type, data, ttl) VALUES ('xdays.me', '@', 'NS', 'ns.xdays.me.', '60');
INSERT INTO demo.records (zone, host, type,  ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES ('xdays.me', '@', 'SOA', '60', 'ns', '28800', '14400', '86400', '86400', '2012020809', 'admin');

导入 acl 数据：

INSERT INTO demo.acl (zone, client) VALUES ('xdays.me', '127.0.0.1');

测试记录

dig @127.0.0.1 www.mydomain.com a
dig @127.0.0.1 blog.mydomain.com a
dig @127.0.0.1 blog.mydomain.com cname
dig @127.0.0.1 mydomain.com ns
dig @127.0.0.1 www.mydomain.com axfr

#参考

配置指令参考 DLZ 官方文档
安装文档参考这篇
Bind 的 GeoIP 支持参考这篇

------
相关帖子：http://briteming.blogspot.com/2019/07/bind9dns-smartdns.html

Total Pageviews