安装 bind-dlz
BIND DLZ 配置
mysql: 172.17.0.2
BIND主: 172.17.0.3
BIND从: 172.17.0.4
mysql 5.7 BIND 9.16
BIND 安装:
yum -y install libcap* libuv libuv-devel wget https://downloads.isc.org/isc/bind9/9.16.0/bind-9.16.0.tar.xz tar -xf bind-9.16.0.tar.xz useradd -s /sbin/nologin -M named ./configure --with-dlz-mysql=/usr/local/mysql/ -enable-largefile --enable-threads=no --prefix=/usr/local/bind --with-openssl #--enable-threads 多线程支持(官网解析是需要关闭),--enable-largefile 启用大文件支持,--disable-ipv6 关闭ipv6支持,--with-dlz-mysql意思是使用mysql存储域名解析 make make install
查看依赖
[root@slave1 etc]# ldd /usr/local/bind/sbin/named linux-vdso.so.1 => (0x00007ffcf6933000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00002b8973ab1000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00002b8973cfe000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00002b8973fe7000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002b897421a000) libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00002b897441e000) libz.so.1 => /lib64/libz.so.1 (0x00002b8974881000) libmysqlclient.so.20 => /usr/local/mysql/lib/libmysqlclient.so.20 (0x00002b8974a97000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002b89752d9000) libm.so.6 => /lib64/libm.so.6 (0x00002b8975510000) libcap.so.2 => /lib64/libcap.so.2 (0x00002b8975812000) libuv.so.1 => /lib64/libuv.so.1 (0x00002b8975a17000) librt.so.1 => /lib64/librt.so.1 (0x00002b8975c46000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b8975e4e000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00002b897606a000) libdl.so.2 => /lib64/libdl.so.2 (0x00002b8976284000) libc.so.6 => /lib64/libc.so.6 (0x00002b8976488000) /lib64/ld-linux-x86-64.so.2 (0x00002b897388d000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00002b8976856000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002b8976a66000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002b8976c6a000) libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00002b8976e83000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00002b897718a000) libfreebl3.so => /lib64/libfreebl3.so (0x00002b89773a0000) libattr.so.1 => /lib64/libattr.so.1 (0x00002b89775a3000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00002b89777a8000) libpcre.so.1 => /lib64/libpcre.so.1 (0x00002b89779cf000)
如果依赖mysql
vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib/
ldconfig
BIND 配置
cd /usr/local/bind/etc/ /usr/local/bind/sbin/rndc-confgen > rndc.conf cat rndc.conf >rndc.key tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
bind 配置文件修改
bind主 配置文件
vi named.conf
key "rndc-key" { algorithm hmac-md5; secret "mvCUyhyDvNNGywhoVHbSaQ=="; }; controls { inet 0.0.0.0 port 953 allow { 0.0.0.0; } keys { "rndc-key"; }; }; options { listen-on port 53 {any;}; directory "/usr/local/bind/var"; pid-file "named.pid"; allow-query{any;}; allow-transfer { 172.17.0.4; }; also-notify { 172.17.0.4; }; forwarders{114.114.114.114;8.8.8.8;}; }; acl "dns-ip-list"{ 172.17.0.3; 172.17.0.4; }; logging { channel error_log { file "/usr/local/bind/var/logs/error.log" versions 10 size 32m; severity warning; print-time yes; print-severity yes; print-category yes; }; channel query_log { file "/usr/local/bind/var/logs/query.log" versions 10 size 32m; severity debug; print-time yes; print-severity yes; print-category yes; }; category default { error_log; }; category queries { query_log; }; }; dlz "Mysql zone" { database "mysql {dbname=db_ops port=3306 host=172.17.0.2 user=fengjian pass=123456 ssl=false} {select zone from t_dns_records where zone = '$zone$' and status = 1} {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from t_dns_records where zone = '$zone$' and host = '$record$' and status = 1} {} {select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end, resp_person, serial, refresh, retry, expire, minimum from t_dns_records where zone = '$zone$' and status = 1} {select zone from t_dns_xfr_table where zone = '$zone$' and client = '$client$' and status = 1}"; };
bind 从配置文件修改 vim named.conf(slave)
key "rndc-key" { algorithm hmac-md5; secret "mvCUyhyDvNNGywhoVHbSaQ=="; }; controls { inet 0.0.0.0 port 953 allow { 0.0.0.0; } keys { "rndc-key"; }; }; options { listen-on port 53 {any;}; //开启侦听53端口,any表示接受任意ip连接 directory "/usr/local/bind/var"; pid-file "named.pid"; //文件内容就是named进程的id allow-query{any;}; //允许任意ip查询 allow-transfer { 172.17.0.4; }; also-notify { 172.17.0.4; }; forwarders{114.114.114.114;8.8.8.8;}; //设置转发的公网ip }; acl "dns-ip-list"{ 172.17.0.3; 172.17.0.4; }; logging { channel error_log { file "/usr/local/bind/var/logs/error.log" versions 10 size 32m; severity warning; print-time yes; print-severity yes; print-category yes; }; channel query_log { file "/usr/local/bind/var/logs/query.log" versions 10 size 32m; severity debug; print-time yes; print-severity yes; print-category yes; }; category default { error_log; }; category queries { query_log; }; }; zone "fengjian.com." IN { type slave; file "slaves/fengjian.com.zone"; masterfile-format text; masters{ 172.17.0.3; }; };
masterfile-format 必须要手动设置, 要不然同步过来的是二进制文件, 无法阅览
mysql 插入数据
create database db_ops;
grant all on *.* to 'fengjian'@'172.17.0.%' identified by '123456';
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'www', 'A', '1.1.1.1', '60'); INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'cloud', 'A', '2.2.2.2', '60'); INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'ns', 'A', '172.17.0.3', '60'); INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'blog', 'CNAME', 'cloud.fengjian.com.', '60'); INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', '@', 'NS', 'ns.fengjian.com.', '60'); INSERT INTO t_dns_records (zone, host, type, ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES ('fengjian.com', '@', 'SOA', '60', 'ns', '28800', '14400', '86400', '86400', '2012020809', 'admin'); insert into t_dns_records (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com'); insert into t_dns_records (zone,host,type,data)values('1.168.192.in-addr.arpa','@','NS','node02.example.com.'); insert into t_dns_records(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.'); insert into t_dns_xfr_table (zone, client) values("fengjian.com", "172.17.0.3") insert into t_dns_xfr_table (zone, client) values("fengjian.com", "172.17.0.4")
8. debug 模式下运行 bind服务
/usr/local/bind/sbin/named -g -d 1
9. 测试
FAQ:
1. salve 为什么无法同步master的数据
1.1 检查 t_dns_xfr_table 是否配置相应的zone 及 client, client是slave的ip, 只有配置,slave才能被授权同步
1.2 检查 SOA 序列号(serial),每次更改配置都会在原来的基础上加1, 保证master比slave大
1.3 检查 refresh 字段, 一般设置300s, 5分钟同步一次
摘自:
https://www.cnblogs.com/weiguoyu/p/6601176.html