#!/bin/bash
##################################################################
# dns master-slave-dnscache(dnsmasq) installation and configuration
# history v1 201706/22 author:davidu
# Organization: tencent
##################################################################
hostip=`ifconfig | awk '/Link/{getline ip_line;sub("addr:","",ip_line);split(ip_line,ips);print ips[2]}' | grep -P "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"`
log_time="date +%Y%m%d_%H:%M:%S"
base_dir=/var/named
master_ip=`echo $hostip|awk '{print $1}'`
slave_ip=`echo $hostip|awk '{print $1}'`
cache_ip=192.168.0.14
lo_ip=127.0.0.1
lock_dir=/var/lock/subsys/
Usage() {
echo "USAGE:$0 {install_dnsmaster|install_dnsslave|install_dnsmasq}"
}
write_log() {
content=$1
echo "`${log_time}` $content" >> /tmp/dns_install.log
}
check_installpkg() {
rpm -qa|grep ^bind >/tmp/pkgcheck.log
count=`egrep "bind-chroot|bind-[0-9].[0-9].[0-9]|bind-utils|bind-devel|bind-libs" /tmp/pkgcheck.log |wc -l`
if [ $count -eq 5 ];then
echo "dns bind is already installed.."
flag=0
else
echo "dns bind is not installed.."
flag=1
fi
}
dns_installpkg() {
write_log "check pkg installation or not"
check_installpkg
if [ $flag -eq 1 ];then
yum -y install bind* >>/tmp/dnsmaster_pkg_install.log || {
echo "dns master node install failture..";
exit 1;
}
fi
}
dnspub_config() {
init_zone="teg-netplatform.com"
forwardsip1="114.114.114.114"
forwardsip2="8.8.8.8"
dns_config2=/etc/rndc.key
#**************config /etc/rndc.key*********************
[ -s ${dns_config2} ] && cp -a ${dns_config2} ${dns_config2}.ori;rndc-confgen -r /dev/urandom -a ||exit 1
rndckey=$(grep "secret" /etc/rndc.key|awk -F"[\"\" ]*" '{print $2}')
dns_config3=/etc/rndc.conf
#***************config /etc/rndc.conf*******************
cat << EOF3 > ${dns_config3}
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "${rndckey}";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
EOF3
#******************config /etc/named.conf****************
dns_config1=/etc/named.conf
if [ -s ${dns_config1} ];then
cp -a ${dns_config1} ${dns_config1}.ori
fi
cat << EOF1 > ${dns_config1}
options {
version "1.1.1";
listen-on port 53 {any;};
directory "/var/named/chroot/etc/";
pid-file "/var/named/chroot/var/run/named/named.pid";
allow-query { any; };
Dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {$forwardsip1;$forwardsip2; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "${rndckey}";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
EOF1
}
dnsmasterpri_config() {
#*********config /var/named/chroot/etc/view.conf*************
dns_config4=$(grep "include" ${dns_config1} |head -n 1|awk '{print $2}'|tr -d \"\"\;)
cat << EOF4 > ${dns_config4}
view "View" {
# ixfr-from-differences yes;
zone "${init_zone}" {
type master;
file "${init_zone}.zone";
allow-transfer {
${slave_ip};
};
notify yes;
also-notify {
${slave_ip};
};
};
};
EOF4
# ***config /var/named/chroot/etc/com.zone***
dns_config5="/var/named/chroot/etc/${init_zone}.zone"
cat << EOF5 > ${dns_config5}
\$TTL 3600
@ IN SOA op.${init_zone}. dns.${init_zone}. (
2002 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
IN NS op.${init_zone}.
op IN A ${master_ip}
EOF5
}
dns_init_startup() {
chown -R named.named ${base_dir}
chmod 755 /etc/named.conf
chkconfig named on
/etc/init.d/named start
#*****check install status*******
cd /var/named/chroot/etc
local prefix_dns=`grep "NS" ${init_zone}.zone |awk -F"[. ]*" '{print $4}'`
local dns_ip=`grep ^op ${init_zone}.zone|awk '{print $4}'`
check_cmd=`host -W 3 op.${init_zone} 127.0.0.1|grep ${dns_ip}`
if [ -z "${check_cmd}" ]
then
echo "<ERROR!> pls,check.install bind --- ERROR!"
exit 5
else
echo "<OK> install bind --- ok."
rndc stats
fi
}
dnsslave_config() {
slave_view_tag="slaveView"
check_installpkg
dns_installpkg
dnspub_config
cat << SLAVE > /var/named/chroot/etc/view.conf
view ${slave_view_tag} {
zone "teg-netplatform.com" {
type slave;
masters {${master_ip}; };
file "slave.${init_zone}";
};
};
SLAVE
dns_init_startup
}
dnscache_pkg_config() {
addr="listen-address"
check_pkg=`rpm -qa|grep dnsmasq|wc -l`
if [ ${check_pkg} -lt 1 ];then
write_log "install dnsmasq"
yum -y install dnsmasq >/tmp/dnsmasq_install.log
fi
#*********config dnsmasq.conf*************
[ -f /etc/dnsmasq.conf ] && cp -a /etc/dnsmasq.conf /etc/dnsmasq.conf.ori
sed -i 's@#resolv-file=@resolv-file=/etc/resolv.dnsmasq.conf@g' /etc/dnsmasq.conf
sed -i '/strict-order/s/^#//g' /etc/dnsmasq.conf
sed -i '/'$addr'/s@#'$addr'=@'$addr'='${cache_ip}','${lo_ip}'@g' /etc/dnsmasq.conf
#************config resolv.conf**********8
echo -n "nameserver ${lo_ip}" >/etc/resolv.conf
#************config resolv.dnsmasq.conf*******
grep -q "${master_ip}" /etc/resolv.dnsmasq.conf || echo -e "nameserver ${master_ip}\nnameserver ${slave_ip}" >>/etc/resolv.dnsmasq.conf
chkconfig dnsmasq on
/etc/init.d/dnsmasq start
}
main() {
if [ $# -eq 0 ];then
Usage
fi
chattr -i /etc/passwd;chattr -i /etc/group;chattr -i /etc/shadow;chattr -i /etc/gshadow
while [ $# -ge 1 ]
do
install_option=$1
case "${install_option}" in
install_dnsmaster)
check_installpkg;
dns_installpkg;
dnspub_config;
dnsmasterpri_config;
dns_init_startup;
shift;;
install_dnsslave)
check_installpkg;
dns_installpkg;
dnspub_config;
dnsslave_config;
dns_init_startup;
shift;;
install_dnsmasq)
dnscache_pkg_config;
shift;;
*)
Usage;
exit 2
esac
done
}
(
flock -n 200
if [ $? -ne 0 ];then
echo "script is running..."
exit 2
fi
main "$@"
flock -u 200
)200>${lock_dir}dns_install.lock
