海运的博客

Bind View转发到PDNS

发布时间:May 17, 2014 // 分类:DNS // No Comments

options {
    listen-on port 53 { any; };
    directory       "/var/named";
};

logging {
    channel default_debug {
        file "data/named.run";
        print-time        yes;
        severity dynamic;
    };
    channel query_log {
        file "data/query.log" versions 3 size 20m;
        severity  info;
        print-time        yes;
        print-category  yes;
    };
    category queries {
        query_log;
    };
};

acl clients{
    192.168.1.0/24; 
};

view localhost {
    match-clients    { localhost; };
    allow-query      { localhost; };
    allow-query-cache { localhost; };
    recursion yes;  

};

view clients {
    match-clients    { clients; };
    allow-query      { clients; };
    allow-query-cache { clients; };

    zone "." {
        type forward;
        forwarders { 127.0.0.1 port 54;};
        forward only;
    };
};

view  external
{
    match-clients   { any; };
    allow-query     { any; };
    allow-query-cache { any; };
    recursion no; 
    allow-transfer  { none; }; 

    zone "." {
        type master;
        file "root.zone";
    };
};

PDNS实现智能DNS

发布时间:May 16, 2014 // 分类:DNS // No Comments

PDNS默认不支持bind view功能,通过PowerDNS Recursor加载Lua脚本判断再递归查询PowerDNS实现智能DNS。

#关闭数据包缓存,测试时开启查询时直接读缓存不经过lua preresolve()
disable-packetcache=yes
forward-zones=com=108.61.242.102
local-address=0.0.0.0
lua-dns-script=/tmp/b.lua
#转发所有域到pdns server
forward-zones=.=127.0.0.1:54

lua:

function preresolve ( remoteip, domain, qtype )
    pdnslog("a test message.. received query "..domain.." from "..remoteip.." on "..getlocaladdress());
    ret={}
    if qtype ~= pdns.A then return -1, ret end --非A记录查询跳过,后端查询
    local ips = {"192.168.1.1/32", "10.1.0.0/16", "127.0.0.0/24"}
    if matchnetmask(remoteip, ips) and domain == "www.example.com."
        then
            ret[1]= {qtype=pdns.A, content="85.17.220.215", ttl=86400}
            setvariable()
            return 0, ret
        else
            setvariable()
            return -1, ret 
        end
    end

PDNS缓存

发布时间:May 16, 2014 // 分类:DNS // No Comments

packet cache:数据包缓存,优先级高
query cache:后台数据库查询缓存,packet cache无时查询
negquery-cache:无域名或域名无记录缓存
缓存操作:

PDNS Server:
pdns_control ccounts
pdns_control purge example.net
pdns_control purge

PDNS Recursor
rec_control get cache-entries packetcache-entries negcache-entries nsspeeds-entries
rec_control dump-cache /tmp/dns-cache
rec_control wipe-cache example.net

PowerDNS使用

发布时间:February 1, 2014 // 分类:DNS // No Comments

使用EPEL源可直接安装:

yum install pdns pdns-backend-mysql

添加MySQL数据库:

create database powerdns;
grant all privileges on powerdns.* to 'powerdns'@'localhost' identified by 'password';
use powerdns;
create table domains (
 id              INT auto_increment,
 name            VARCHAR(255) NOT NULL,
 master          VARCHAR(128) DEFAULT NULL,
 last_check      INT DEFAULT NULL,
 type            VARCHAR(6) NOT NULL,
 notified_serial INT DEFAULT NULL, 
 account         VARCHAR(40) DEFAULT NULL,
 primary key (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE TABLE records (
  id              INT auto_increment,
  domain_id       INT DEFAULT NULL,
  name            VARCHAR(255) DEFAULT NULL,
  type            VARCHAR(10) DEFAULT NULL,
  content         VARCHAR(64000) DEFAULT NULL,
  ttl             INT DEFAULT NULL,
  prio            INT DEFAULT NULL,
  change_date     INT DEFAULT NULL,
  primary key(id)
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);

create table supermasters (
  ip         VARCHAR(64) NOT NULL, 
  nameserver VARCHAR(255) NOT NULL, 
  account    VARCHAR(40) DEFAULT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;

将SQL信息添加到PowerDNS配置文件:

launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=password
gmysql-dbname=powerdns

添加域名记录:

INSERT INTO domains (name, type) values ('example.com', 'NATIVE');
insert  into `records`(`domain_id`,`name`,`type`,`content`,`ttl`,`prio`,`change_date`) values 
 (1,'example.com','SOA','localhost root@example.com 1',86400,NULL,NULL);
insert  into `records`(`domain_id`,`name`,`type`,`content`,`ttl`,`prio`,`change_date`) values
 (1,'example.com','NS','ns.example.com',86400,NULL,NULL);
insert  into `records`(`domain_id`,`name`,`type`,`content`,`ttl`,`prio`,`change_date`) values
 (1,'example.com','A','192.0.2.10',120,NULL,NULL);
insert  into `records`(`domain_id`,`name`,`type`,`content`,`ttl`,`prio`,`change_date`) values
 (1,'*.example.com','A','192.0.2.10',120,NULL,NULL);
insert  into `records`(`domain_id`,`name`,`type`,`content`,`ttl`,`prio`,`change_date`) values
 (1,'ns.example.com','A','192.0.2.10',120,NULL,NULL);

看看效果:

/etc/init.d/pdns monitor

PHP:

<?php
   try { 
      $dbo = new PDO('mysql:host=localhost;dbname=powerdns', 'powerdns', 'password');
   } catch (PDOException $e) { 
      $error = $e->getMessage();
      die("PDO Execute Error : ".$error."\n");       
   }
   $domain = 'www.haiyun.me';
   $sql = "SELECT `id` FROM domains WHERE NAME = \"$domain\"";
   $stmt = $dbo->query($sql);
   //var_dump($stmt);
   $result = $stmt->fetch(PDO::FETCH_ASSOC);
   var_dump($result);
   if ($result) {
      $id = $result['id'];
   } else {
      $sql = "INSERT INTO domains (name, TYPE) VALUES (\"$domain\", 'NATIVE')";
      $dbo->query($sql);
      $id = $dbo->lastInsertId();
   }
   $sql = "INSERT INTO `records` (`domain_id`, `name`, `TYPE`, `content`, `ttl`) VALUES (:id, :name, :type, :content, :ttl)";
   $stmt = $dbo->prepare($sql);    
   $stmt->execute(array(':id'=>$id, ':name'=>'a.'.$domain, ':type'=>'A', ':content'=>'192.168.1.1', ':ttl'=>'600')); 
   $stmt->execute(array(':id'=>$id, ':name'=>'b.'.$domain, ':type'=>'A', ':content'=>'192.168.1.1', ':ttl'=>'600')); 
?>

此内容被密码保护

发布时间:February 21, 2013 // 分类:DNS,KMS // No Comments

请输入密码访问

分类
最新文章
最近回复
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
  • knetxp: 用浏览器F12网络拦截或监听后编辑重发请求,修改url中的set为set_super,将POS...
  • Albert: 啊啊啊啊啊啊啊啊啊 我太激动了,终于好了英文区搜索了半天,翻遍了 pve 论坛没找到好方法,博...
  • jiangker: good, very helpful to me
  • fengfeng: N1 armbian 能有编译下内核吗。。我要开启can 不懂怎么操作
  • 1: 方法一ngtcp2要改下:./configure PKG_CONFIG_PATH=/usr/l...