Bind-DLZ with MySQL
系统环境:
系统:centos 6.8 Mysql: 5.1 BIND: bind-9.11.0-P2.tar.gz IP地址:192.168.153.130 软件下载地址:http://ftp.isc.org/
一、安装并配置MySQL.
1.编译环境相关依赖包安装.
yum install openssl-devel openldap-devel unixODBC-devel gcc
2.安装MySQL数据库
yum -y install mysql mysql-server mysql-devel
3.验证是否安装成功
[root@localhost ~]# rpm -qi mysql-server
4.启动MySql服务
[root@localhost ~]# /etc/init.d/mysqld start
5.登录并设置密码
[root@localhost ~]# mysql -u root mysql> show databases; mysql> use mysql; mysql> update user set password=password('123456') where user='root';
6.开放远程登录权限
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
7.设置开机启动(非必须)
[root@localhost ~]#chkconfig mysqld on
二、下载并安装Bind-DLZ
1.下载并解压Bind-DLZ软件包
[root@localhost opt]#wget http://ftp.isc.org/isc/bind9/9.11.0-P2/bind-9.11.0-P2.tar.gz [root@localhost opt]#tar -zxvf bind-9.11.0-P2.tar.gz
2.在64位系统上编译,您可能需要设置一些变量,以便找到适当的mysql库:
[root@localhost ~]# export CPPFLAGS="-I/usr/lib64/mysql $CPPFLAGS" [root@localhost ~]# export LDFLAGS="-L/usr/lib64/mysql $LDFLAGS" [root@localhost ~]# export LD_LIBRARY_PATH="/usr/lib64/mysql"
3.编译安装Bind-DLZ.
[root@localhost opt]# cd bind-9.11.0-P2 [root@localhost bind-9.11.0-P2]#./configure --prefix=/usr/local/bind --enable-threads \ --enable-largefile --disable-ipv6 \ --disable-openssl-version-check \ --with-dlz-mysql=yes [root@localhost bind-9.11.0-P2]# make [root@localhost bind-9.11.0-P2]# make install
4.查看版本并测试软件是否安装成功
[root@localhost bind-9.11.0-P2]# /usr/local/bind/sbin/named -v BIND 9.11.0-P2 <id:9713922>
5.配置rndc.conf和named.conf文件
生成rndc.conf:
[root@localhost ~]# cd /usr/local/bind/etc/
[root@localhost etc]# rndc-confgen -r /dev/urandom > rndc.conf
提供ca文件
[root@localhost etc]#wget -O named.ca http://www.internic.net/domain/named.root
创建并生成named.conf
[root@localhost etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
生成的named.conf文件只key和controls部分,需要自己手动添加logging和options部分,完整文件如下:
[root@localhost etc]# cat named.conf key "rndc-key" { algorithm hmac-md5; secret "X0k0Uz62Actu11IXrnA48A=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; logging { channel bind_log { file "/tmp/bind.log" versions 3 size 20m; severity info; print-time yes; print-severity yes; print-category yes; }; category default { bind_log; }; }; options { listen-on port 53 { 192.168.153.130; }; directory "/usr/local/bind"; Pid-file "named.pid"; allow-query-cache { any; }; allow-query { any; }; }; dlz "Mysql zone" { database "mysql {host=192.168.153.130 dbname=bind ssl=false port=3306 user=root pass=123456} {select zone from dns_records where zone = '$zone$' and view = 'any' limit 1} {select ttl,type,if(mx_priority>0,mx_priority,NULL),case when lower(type)='txt' then concat('\"',data,'\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '$zone$' and host = '$record$' and view = 'any'}"; }; [root@localhost etc]#
6.创建named用户,使bind服务以named用户运行,
[root@localhost ~]#groupadd -r -g 25 named [root@localhost ~]#useradd -r -u 25 -s /bin/nologin -d /usr/local/named -g named named [root@localhost ~]#chown -R named:named /usr/local/bind/
7.前台启动named服务,看看配置是否正常.
[root@localhost ~]#/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named
如果以上的配置启动都没有报错,那么接下来就可以添加MySQL,这样就可以将区域信息写入到数据库中.
三、配置dlz数据库查询
1.登录MySQL,并创建库和表.
mysql> create database bind; Query OK, 1 row affected (0.00 sec) > CREATE TABLE IF NOT EXISTS `dns_records` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `zone` varchar(255) NOT NULL, `host` varchar(255) NOT NULL DEFAULT '@', `type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL, `data` varchar(255) DEFAULT NULL, `ttl` int(11) NOT NULL DEFAULT '3600', `mx_priority` int(11) DEFAULT NULL, `view` enum('any', 'Telecom', 'Unicom', 'CMCC', 'ours') NOT NULL DEFAULT "any" , `priority` tinyint UNSIGNED NOT NULL DEFAULT '255', `refresh` int(11) NOT NULL DEFAULT '28800', `retry` int(11) NOT NULL DEFAULT '14400', `expire` int(11) NOT NULL DEFAULT '86400', `minimum` int(11) NOT NULL DEFAULT '86400', `serial` bigint(20) NOT NULL DEFAULT '2015050917', `resp_person` varchar(64) NOT NULL DEFAULT 'ddns.net', `primary_ns` varchar(64) NOT NULL DEFAULT 'ns.ddns.net.', PRIMARY KEY (`id`), KEY `type` (`type`), KEY `host` (`host`), KEY `zone` (`zone`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; Query OK, 0 rows affected (0.02 sec)
2.数据库中插入数据:
mysql> insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('testinfo.com', 'www', 'A', '1.1.1.1', '600'); Query OK, 1 row affected (0.00 sec) mysql> insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('testinfo.com', 'bbs', 'A', '2.2.2.2', '600'); Query OK, 1 row affected (0.00 sec) mysql> insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('testinfo.com', 'm', 'A', '3.3.3.3', '600'); Query OK, 1 row affected (0.00 sec) mysql>
3.后台启动named服务:
[root@localhost ~]# /usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named &
4.在/etc/resolv.conf 文件中添加本机192.168.153.130为第一dns解析地址:
[root@localhost ~]# vim /etc/resolv.conf ; generated by /sbin/dhclient-script #search localdomain nameserver 192.168.153.130 nameserver 192.168.153.2 nameserver 8.8.8.8
5.解析测试:本地添加的test.info.com域名通过192.168.153.130解析,外网的www.baidu.com使用第二个dns解析.
[root@localhost ~]# nslookup > www.testinfo.com Server: 192.168.153.130 Address: 192.168.153.130#53 Name: www.testinfo.com Address: 1.1.1.1 > bbs.testinfo.com Server: 192.168.153.130 Address: 192.168.153.130#53 Name: bbs.testinfo.com Address: 2.2.2.2 > m.testinfo.com Server: 192.168.153.130 Address: 192.168.153.130#53 Name: m.testinfo.com Address: 3.3.3.3 > www.baidu.com Server: 192.168.153.2 Address: 192.168.153.2#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 220.181.111.188 Name: www.a.shifen.com Address: 220.181.112.244
至此Bind-MySQL部署完成.
参考文档:
https://itsecureadmin.com/2010/09/bind-dlz-with-mysql/
https://www.jianshu.com/p/1318ef8865ba
https://www.cnblogs.com/jiangxu67/p/4801230.html