dnspython库使用
dnspython
dnspython是python实现的一个DNS的工具包,可以用于查询、传输并动态 更新ZONE信息,支持TSIG(事务签名)验证消息和EDNS0(扩展DNS)。在系统管理方面,我们可以利用查询功能来实现DNS服务监控以及解析结果的校验。
源码安装
wget http://www.dnspython.org/kits/1.9.4/dnspython-1.9.4.tar.gz
tar -zxvf dnspython-1.9.4.tar.gz
cd dnspython-1.9.4
python setup.py install
pip安装
pip3 install dnspython
注:升级pip3
pip3 install --upgrade pip
举例
测试代码一
测试结果一
测试代码二
配置好rndc.conf和/etc/named.conf 参考两一篇文章bind配置工具rndc使用
编辑 /etc/named.rfc.1912.zone
zone "mnn.com" IN {
type master;
file "mnn.com.zone";
allow-update {
key rndc-key; ##允许这个key更新
};
};
编辑 /var/named/mnn.com.zone
$TTL 600 ; 10 minutes
mnn.com IN SOA dns.mnn.com. dnsadmin.mnn.com. (
2019040411 ; serial
7200 ; refresh (2 hours)
240 ; retry (4 minutes)
604800 ; expire (1 week)
172800 ; minimum (2 days)
)
NS dns.mnn.com.
NS ns2.mnn.com.
MX 10 mail.mnn.com.
$ORIGIN mnn.com.
dns A 192.168.6.54
mail A 192.168.6.11
ns2 A 192.168.14.41
www A 192.168.6.22
xxx A 192.168.5.21
$TTL 300 ; 5 minutes
yw A 1.0.1.0
启动named进程dig测试
[root@heweiwei api]# dig xxx.mnn.com @127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> xxx.mnn.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35174
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;xxx.mnn.com. IN A
;; ANSWER SECTION:
xxx.mnn.com. 600 IN A 192.168.5.21
;; AUTHORITY SECTION:
mnn.com. 600 IN NS dns.mnn.com.
mnn.com. 600 IN NS ns2.mnn.com.
[root@heweiwei api]# dig yw.mnn.com @127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> yw.mnn.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37907
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;yw.mnn.com. IN A
;; ANSWER SECTION:
yw.mnn.com. 300 IN A 1.0.1.0
;; AUTHORITY SECTION:
mnn.com. 600 IN NS ns2.mnn.com.
mnn.com. 600 IN NS dns.mnn.com.
;; ADDITIONAL SECTION:
dns.mnn.com. 600 IN A 192.168.6.54
ns2.mnn.com. 600 IN A 192.168.14.41
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 28 19:41:27 2019
;; MSG SIZE rcvd: 112
[root@heweiwei api]# dig yyy.mnn.com @127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> yyy.mnn.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48625
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;yyy.mnn.com. IN A
;; AUTHORITY SECTION:
mnn.com. 600 IN SOA dns.mnn.com. dnsadmin.mnn.com. 2019040411 7200 240 604800 172800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 28 19:41:54 2019
;; MSG SIZE rcvd: 78
[root@heweiwei api]#
代码二
#!/usr/bin/env python3
# -*- coding=utf-8 -*-
from dns import *
import dns
keyring = dns.tsigkeyring.from_text({
'rndc-key': "bX9vkARihmd5lvuiGzmDRA==" #用到了刚刚key的sec
})
update = dns.update.Update('mnn.com', keyring=keyring) #需要更新的域,以及认证所用的key
update.replace('yw', 300, 'A', '1.1.1.1') #这个是追加记录
update.add('yyy', 300, 'A', '2.2.2.2') #这个是直接更新覆盖,改为这个记录.如果没有则添
加记录
update.delete('xxx') ##删除主机头为xxx的记录
response = dns.query.tcp(update,'127.0.0.1', timeout=3) #更新
print('-----response-----\n',response)
return_code=response.rcode() ##这个是返回代码,0才是成功
print('-----return_code-----\n',return_code)
Result_Text=dns.rcode._by_value[return_code] ##代码转换为对应结果
print('-----Result_Text-----\n',Result_Text)
运行后测试
[root@heweiwei api]# python3 update.py
-----response-----
id 8187
opcode UPDATE
rcode NOERROR
flags QR RA
;ZONE
mnn.com. IN SOA
;PREREQ
;UPDATE
;ADDITIONAL
-----return_code-----
0
-----Result_Text-----
NOERROR
[root@heweiwei api]#
[root@heweiwei api]# dig yyy.mnn.com @127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> yyy.mnn.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14674
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;yyy.mnn.com. IN A
;; ANSWER SECTION:
yyy.mnn.com. 300 IN A 2.2.2.2
;; AUTHORITY SECTION:
mnn.com. 600 IN NS ns2.mnn.com.
mnn.com. 600 IN NS dns.mnn.com.
;; ADDITIONAL SECTION:
dns.mnn.com. 600 IN A 192.168.6.54
ns2.mnn.com. 600 IN A 192.168.14.41
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 28 19:44:14 2019
;; MSG SIZE rcvd: 113
[root@heweiwei api]#
[root@heweiwei api]# dig xxx.mnn.com @127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> xxx.mnn.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40038
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;xxx.mnn.com. IN A
;; AUTHORITY SECTION:
mnn.com. 600 IN SOA dns.mnn.com. dnsadmin.mnn.com. 2019040412 7200 240 604800 172800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 28 19:44:47 2019
;; MSG SIZE rcvd: 78
[root@heweiwei api]#
[root@heweiwei api]# dig yw.mnn.com @127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> yw.mnn.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48982
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;yw.mnn.com. IN A
;; ANSWER SECTION:
yw.mnn.com. 300 IN A 1.1.1.1
;; AUTHORITY SECTION:
mnn.com. 600 IN NS ns2.mnn.com.
mnn.com. 600 IN NS dns.mnn.com.
;; ADDITIONAL SECTION:
dns.mnn.com. 600 IN A 192.168.6.54
ns2.mnn.com. 600 IN A 192.168.14.41
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 28 19:45:18 2019
;; MSG SIZE rcvd: 112
[root@heweiwei api]#
重启named进程查看/var/named/mnn.com.zone
$TTL 600 ; 10 minutes
mnn.com IN SOA dns.mnn.com. dnsadmin.mnn.com. (
2019040412 ; serial
7200 ; refresh (2 hours)
240 ; retry (4 minutes)
604800 ; expire (1 week)
172800 ; minimum (2 days)
)
NS dns.mnn.com.
NS ns2.mnn.com.
MX 10 mail.mnn.com.
$ORIGIN mnn.com.
dns A 192.168.6.54
mail A 192.168.6.11
ns2 A 192.168.14.41
www A 192.168.6.22
$TTL 300 ; 5 minutes
yw A 1.1.1.1
yyy A 2.2.2.2
以上说明测试成功
参考
