Bind a tutorial on implementing intelligent DNS configuration based on DLZ

Brief introduction

In my opinion, the only DNS solution based on bind consists of two parts: geolocation and dynamic record. The domestic industry for smart DNS positioning is nothing more than these two points, but I understand that smart DNS is based on these two intelligent scheduling system, such as I have three load capacity of different data centers, DNS can be based on the data center metrics (here may include bandwidth, Service capacity, etc. to achieve traffic scheduling, limited to individual level the individual has not practiced in this direction, this topic remains for later discussion, so this article only for the first two issues. Because the configuration of bind itself is very poor, this leads to the dlz of the main discussion in this paper.

Principle

Dlz actually extends bind, puts Zonefle's content in an external database, and then queries the BIND configuration query from the database for records. When you modify the record information in the database, you do not need to restart bind, and the next time the client requests it, the new record will be returned directly. In addition, the DLZ itself does not support caching, so you need to solve the query based on the actual situation.

Installation

Note: Here I use the CentOS7 to install the Dlz-mysql module as an example.

Installation dependencies

Yum Install mariadb-devel gcc wget patch make
Download source

The previous version of Bind9.8 needs to be patch, which can be referenced DLZ official documentation, Bind9.8 after (including 9.8) version has been integrated DLZ:

wget ftp://ftp.isc.org/isc/bind9/9.10.1/bind-9.10.1.tar.gz
Tar xzf bind-9.10.1.tar.gz
CD bind-9.10.1
Configuration

Because of changes in the CENTOS7 directory structure, the library file or head file cannot be found when compiling dlz-mysql, so a soft connection is made:

Ln-s/usr/lib/mysql/usr/lib64/mysql
./configure--prefix/opt/bind--with-dlz-filesystem--with-dlz-mysql
Compile

Make
Installation

Make install
Model

Note: Dlz does not restrict the user's data model, you can define the model according to the business logic, and then construct your own query statement. The government gave the suggested model.

Modeling

Field Type Null Key Default Extra
Zone Text YES NULL
Host text YES NULL
Type text YES NULL
Data text
TTL int (one) YES NULL
Mx_priority text YES NULL
Refresh int (one) YES NULL
Retry int (one) YES NULL
expire int (one) YES NULL
Minimum int (one) YES NULL
Serial bigint YES NULL
Resp_person text YES NULL
Primary_ns text YES NULL
Zone Area
Host record name
Type record types
Data Record value
TTL Cache time
Mx_priority MX Record priority
Refresh time for the SOA record
Retry the SOA record's retry time
Expire the expiration time of an SOA record
Minimum of minimum SOA records
Serial number of serial SOA record
Serial number of Resp_person SOA record
Primary_ns < Not yet clear the meaning of this field >
Build a database to build a table

New database:

Create database demo;
New Record table:

CREATE TABLE IF not EXISTS records (
  ID int (a) unsigned not NULL auto_increment,
  Zone varchar (25 5) Not NULL,
  host varchar (255) NOT NULL,
  type enum (' A ', ' MX ', ' CNAME ', ' NS ', ' SOA ', ' PTR ', ' TXT ', ' AAAA ', ' SVR ', ' URL ') not NULL,
  data varchar (255) is not NULL,
  TTL int (one) not NULL,
  mx_priority Int ( One) default NULL,
  Refresh int (one) default NULL,
  retry int (one) default NULL,
  expire int (11 Default NULL,
  minimum int (one) default NULL,
  serial bigint () default null,
  Resp_person varchar ($) default NULL,
  Primary_ns varchar ($) default NULL,
  PRIMARY key (ID),
  key Typ E (type),
  key host (host),
  key zone (Zone)
) engine=myisam  DEFAULT Charset=utf8 Auto_incre Ment=1;
New ACL table:

CREATE TABLE IF not EXISTS ACL (
ID Int (a) unsigned not NULL auto_increment,
Zone varchar (255) Not NULL,
Client varchar (255) Not NULL,
PRIMARY KEY (ID),
KEY Client (client),
KEY Zone (Zone)
) Engine=myisam DEFAULT Charset=utf8 auto_increment=1;
Configuration

GeoIP

This piece is not so flexible at the moment, it's basically based on ACLs. Although the latest version of BIND 9.10 supports the Maxmind API to do Geo, it is still the way to overwrite the configuration file. Here is an example:

ACL "US" {
3.0.0.0/8;
4.0.0.0/25;
4.0.0.128/26;
4.0.0.192/28;
4.0.0.208/29;
4.0.0.216/30;
4.0.0.220/31;
};

View "North_America" {
match-clients {US; CA; MX; };
Recursion No;
Zone "Foos.com" {
Type master;
File "Pri/foos-north-america.db";
};
};

View "Other" {
match-clients {any;};
Recursion No;
Zone "Foos.com" {
Type master;
File "Pri/foos-other.db";
};
};
This example references from here

But we can achieve GeoIP by DLZ, two times to develop a own driver, and then in driver based on client IP, combining their own business systems to achieve real geo and intelligent business scheduling.

Dynamic Record

Dlz new definition of a configuration keyword DLZ, complete configuration items refer to the official documentation, here gives a brief description:

Dlz "Mysql zone" {//define DLZ identity
Database "MySQL//database for DLZ This block only can specify the keyword, mysql means the use of MySQL driver
{host=localhost Dbname=dns_data Ssl=true}//Connection database information
{Select zone from dns_records where zone = ' $zone $ '}//For Findzone invocation, query zone
{Select TTL, type, mx_priority, case when lower (type) = ' txt ' then concat (' \ ', data, ' \ ')

Else data end from dns_records where zone = ' $zone $ ' and host = ' $record $ '
And not (type = ' SOA ' or type = ' NS ')}//For lookup invocation, query record
{Select TTL, type, mx_priority, data, Resp_person, serial, refresh, retry, expire, minimum
From dns_records where zone = ' $zone $ ' and (type = ' SOA ' or type= ' ns ')}//For authority invocation, querying SOA or NS records, note that this configuration is optional, SOA and NS queries can be In the lookup call, see the following text
{Select TTL, type, host, mx_priority, data, Resp_person, serial, refresh, retry, expire,
Minimum from dns_records where zone = ' $zone $ ' and not (type = ' SOA ' or type = ' NS ')}//For Allnode invocation, together with next ALLOWZONEXFR AXFR queries, optional configuration items
{Select zone from xfr_table where zone = ' $zone $ ' and client = ' $client $ '}//For ALLOWZONEXFR () call to query whether the client can initiate a AXFR query, optional configuration items
{Update Data_count Set count = Count + 1 where zone = ' $zone $ '} ';
};
Note: This configuration is the latest BIND version of the configuration, if you are playing patch version please replace $%, the following configuration is the same.

Here also gives my configuration:

Logging {
Channel All {
File "/opt/bind/log/named.log" versions 1;
Print-time Yes;
Severity dynamic;
Print-category Yes;
Print-severity Yes;
};

Category default {all;};
Category queries {all;};

};

Options {
Directory "/opt/bind/var/";
listen-on-v6 {none;};
listen-on {any;};
Pid-file "/var/run/named.pid";
recursion Yes;
Allow-transfer {127.0.0.1;};
};

Dlz "Mysql-dlz" {
Database "MySQL
{host=localhost Dbname=demo ssl=false port=3306 user=root Pass=thinkin}
{Select zone from records where zone = ' $zone $ ' limit 1}
{Select TTL, type, mx_priority, case when lower (type) = ' txt ' then concat (' \ "', data, ' \ ') when lower (type) = ' SOA ' then CO Ncat_ws (', Data, Resp_person, serial, refresh, retry, expire, minimum) else data end from records where zone = ' $zone $ ' and host = ' $record $ '}
{}
{Select TTL, type, host, mx_priority, data from records where zone = ' $zone $ ' and not (type = ' SOA ' or type = ' NS ')}
{Select zone from ACL where zone = ' $zone $ ' and client = ' $client $ '} ';
};

Zone "." in {
Type hint;
File "Named.root";
};

Key "Rndc-key" {
Algorithm HMAC-MD5;
Secret "odeg+tcn/bme+/2vbjgqvq==";
};

Controls {
inet 127.0.0.1 allow {localhost;} keys {"Rndc-key";};
};

Note: The configuration here opens recursive parsing and supports native-initiated AXFR requests.

Root Zonefile

Wget-so/opt/bind/var/named.root Http://www.internic.net/domain/named.root
Start

/opt/bind/sbin/named-n1-c/opt/bind/etc/named.conf-d9-g
Test

Import data

Import Records data:

INSERT into demo.records (zone, host, type, data, TTL) VALUES (' 111cn.net ', ' www ', ' A ', ' 1.1.1.1 ', ' 60 ');
INSERT into demo.records (zone, host, type, data, TTL) VALUES (' 111cn.net ', ' cloud ', ' A ', ' 2.2.2.2 ', ' 60 ');
INSERT into demo.records (zone, host, type, data, TTL) VALUES (' 111cn.net ', ' ns ', ' A ', ' 3.3.3.3 ', ' 60 ');
INSERT into demo.records (zone, host, type, data, TTL) VALUES (' 111cn.net ', ' blogs ', ' CNAME ', ' cloud.111cn.net. ', ' 60 ');
INSERT into demo.records (zone, host, type, data, TTL) VALUES (' 111cn.net ', ' @ ', ' NS ', ' ns.111cn.net. ', ' 60 ');
INSERT into demo.records (zone, Host, type, TTL, Data,refresh, retry, expire, minimum, serial, Resp_person) VALUES (' 111c N.net ', ' @ ', ' SOA ', ' ', ' ns ', ' 28800 ', ' 14400 ', ' 86400 ', ' 86400 ', ' 2012020809 ', ' admin ';
To import ACL data:

INSERT into Demo.acl (zone, client) VALUES (' 111cn.net ', ' 127.0.0.1 ');
Test records

Dig @127.0.0.1 www.111cn.net a
dig @127.0.0.1 blog.111cn.net a
dig @127.0.0.1 blog.111cn.net cname
Dig @127 .0.0.1 111cn.net NS
Dig @127.0.0.1 www.111cn.net AXFR