bind+dlz+mysql实现区域记录动态更新
BIND-DLZ实验:http://bind-dlz.sourceforge.net/
实验环境:RHEL4,BIND-9.5.0-P2.tar.gz(9.4.0以上版本都已含DLZ补丁),Mysql-5.0.56.tar.gz
1、安装mysql(先安装gcc等相关软件包)
#tar zxvf mysql-5.0.56.tar.gz
#cd mysql-5.0.56
#./configure --prefix=/usr/local/mysql --localstatedir=/usr/loal/mysql/data -- libexecdir=/usr/local/mysql/lib --disable-shared
#make
#make install
#cd /usr/local/mysql/
#groupadd -g 1003 mysql
#useradd -g 1003 mysql
#chown -R mysql .
#chgrp -R mysql .
#chown -R mysql lib
#./bin/mysql_install_db --user=mysql //以mysql的用户身份安装
#chown -R root .
#./bin/mysqld_safe --user=mysql & //在后台启动mysql
#cd mysql-5.0.56
#./configure --prefix=/usr/local/mysql --localstatedir=/usr/loal/mysql/data -- libexecdir=/usr/local/mysql/lib --disable-shared
#make
#make install
#cd /usr/local/mysql/
#groupadd -g 1003 mysql
#useradd -g 1003 mysql
#chown -R mysql .
#chgrp -R mysql .
#chown -R mysql lib
#./bin/mysql_install_db --user=mysql //以mysql的用户身份安装
#chown -R root .
#./bin/mysqld_safe --user=mysql & //在后台启动mysql
# cd /root/mysql-5.0.56
# cp support-files/my-medium.cnf /etc/my.cnf
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chmod 700 !$
# chkconfig --add mysqld
# chkconfig --list mysqld
mysqld 1:off 2:on 3:on 4:on 5:on 6:off
# service mysqld start[restart/reload/stop]
# vi /etc/my.cnf
add this:(防止mysql服务器无查询后8小时自动重连)
wait_timeout = 86400
#/usr/local/mysql/bin/mysqladmin -uroot password 'aptech'
#./bin/mysql -uroot -paptech
#echo "PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile
#. !$
2、安装bind
#tar zxvf bind-9.5.0-P2.tar.gz
#cd bind-9.5.0-P2
#./configure --prefix=/usr/local/bind9 --with-dlz-mysql=/usr/local/mysql --enable-threads=no
#cd bind-9.5.0-P2
#./configure --prefix=/usr/local/bind9 --with-dlz-mysql=/usr/local/mysql --enable-threads=no
//--with-dlz-mysql=/usr/local/mysql 要求bind安装中支持DLZ
//--enable-threads=no 关闭多线程
//--disable-openssl-version-check 禁止openssl版本的检查
#make
#make install
3、创建database,table
#make
#make install
3、创建database,table
create database mydata;
use mydata;
create table other_dns_records(
zone varchar(255),
host varchar(255),
type varchar(255),
data varchar(255),
ttl int(11),
mx_priority varchar(255),
refresh int(11),
retry int(11),
expire int(11),
minimum int(11),
serial bigint(11),
resp_person varchar(255),
primary_ns varchar(255));
create table cnc_dns_records(
host varchar(255),
type varchar(255),
data varchar(255),
ttl int(11),
mx_priority varchar(255),
refresh int(11),
retry int(11),
expire int(11),
minimum int(11),
serial bigint(11),
resp_person varchar(255),
primary_ns varchar(255));
insert other_dns_records(zone,host,type,data,ttl,retry)
values('aaa.com','www','A','192.168.199.2','86400','13');
insert cnc_dns_records(zone,host,type,data,ttl,retry)
values('bbb.com','www','A','192.55.199.199','86400','13');
4、编辑/usr/local/bind9/etc/named.conf
#cd /usr/local/bind9/etc
#../sbin/rndc-confgen -a
#../sbin/rndc-confgen > named.conf
#vi !$ //vi named.conf
#less named.conf
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "c4aUV+N7GbOF773V+/LnAA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
options {
directory "/usr/local/bind9/etc/";
pid-file "/usr/local/bind9/var/run/named.pid";
allow-query { any; };
recursion no;
version "gaint-d1";
};
include "/usr/local/bind9/etc/cnc.cl";
include "/usr/local/bind9/etc/other.cl";
view "cnc-user" {
match-clients { cnc; };
dlz "Mysql zone" {
database "mysql
{host=localhost dbname=mydata ssl=false port=3306 user=root pass=aptech}
{select zone from cnc_dns_records where zone = '%zone%'}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data,
'\"')
when lower(type) = 'soa' then concat_ws('
', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from
cnc_dns_records where zone = '%zone%' and host = '%record%'}";
};
};
view "other-user" {
match-clients { other; };
dlz "Mysql zone" {
database "mysql
{host=localhost dbname=mydata ssl=false port=3306 user=root pass=aptech}
{select zone from other_dns_records where zone='%zone%'}
{select ttl, type, mx_priority, case when lower(type) = 'txt' then concat('\"', data,
'\"')
when lower(type)='soa' then concat_ws('
', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from
other_dns_records where zone = '%zone%' and host = '%record%'}";
};
};
[root@dlz etc]# less cnc.cl
acl "cnc"{
192.168.9.0/24;
};
key "rndc-key" {
algorithm hmac-md5;
secret "c4aUV+N7GbOF773V+/LnAA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
options {
directory "/usr/local/bind9/etc/";
pid-file "/usr/local/bind9/var/run/named.pid";
allow-query { any; };
recursion no;
version "gaint-d1";
};
include "/usr/local/bind9/etc/cnc.cl";
include "/usr/local/bind9/etc/other.cl";
view "cnc-user" {
match-clients { cnc; };
dlz "Mysql zone" {
database "mysql
{host=localhost dbname=mydata ssl=false port=3306 user=root pass=aptech}
{select zone from cnc_dns_records where zone = '%zone%'}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data,
'\"')
when lower(type) = 'soa' then concat_ws('
', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from
cnc_dns_records where zone = '%zone%' and host = '%record%'}";
};
};
view "other-user" {
match-clients { other; };
dlz "Mysql zone" {
database "mysql
{host=localhost dbname=mydata ssl=false port=3306 user=root pass=aptech}
{select zone from other_dns_records where zone='%zone%'}
{select ttl, type, mx_priority, case when lower(type) = 'txt' then concat('\"', data,
'\"')
when lower(type)='soa' then concat_ws('
', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from
other_dns_records where zone = '%zone%' and host = '%record%'}";
};
};
[root@dlz etc]# less cnc.cl
acl "cnc"{
192.168.9.0/24;
};
[root@dlz etc]# less other.cl
acl "other" {
127.0.0.0/18;
};
acl "other" {
127.0.0.0/18;
};
5、启动&测试
[root@dlz ~]# /usr/local/bind9/sbin/named -gc /usr/local/bind9/etc/named.conf
06-Mar-2009 22:23:02.569 starting BIND 9.5.0-P2 -gc /usr/local/bind9/etc/named.conf
06-Mar-2009 22:23:02.579 loading configuration from '/usr/local/bind9/etc/named.conf'
06-Mar-2009 22:23:02.583 listening on IPv4 interface lo, 127.0.0.1#53
06-Mar-2009 22:23:02.586 listening on IPv4 interface eth0, 192.168.1.5#53
06-Mar-2009 22:23:02.588 Loading 'Mysql zone' using driver mysql
06-Mar-2009 22:23:02.604 default max-cache-size (33554432) applies: view cnc-user
06-Mar-2009 22:23:02.609 Loading 'Mysql zone' using driver mysql
06-Mar-2009 22:23:02.612 default max-cache-size (33554432) applies: view other-user
06-Mar-2009 22:23:02.616 default max-cache-size (33554432) applies: view _bind
06-Mar-2009 22:23:02.621 command channel listening on 127.0.0.1#953
06-Mar-2009 22:23:02.621 ignoring config file logging statement due to -g option
06-Mar-2009 22:23:02.623 running
06-Mar-2009 22:23:02.569 starting BIND 9.5.0-P2 -gc /usr/local/bind9/etc/named.conf
06-Mar-2009 22:23:02.579 loading configuration from '/usr/local/bind9/etc/named.conf'
06-Mar-2009 22:23:02.583 listening on IPv4 interface lo, 127.0.0.1#53
06-Mar-2009 22:23:02.586 listening on IPv4 interface eth0, 192.168.1.5#53
06-Mar-2009 22:23:02.588 Loading 'Mysql zone' using driver mysql
06-Mar-2009 22:23:02.604 default max-cache-size (33554432) applies: view cnc-user
06-Mar-2009 22:23:02.609 Loading 'Mysql zone' using driver mysql
06-Mar-2009 22:23:02.612 default max-cache-size (33554432) applies: view other-user
06-Mar-2009 22:23:02.616 default max-cache-size (33554432) applies: view _bind
06-Mar-2009 22:23:02.621 command channel listening on 127.0.0.1#953
06-Mar-2009 22:23:02.621 ignoring config file logging statement due to -g option
06-Mar-2009 22:23:02.623 running
注:加-gc参数可显示出启动日志,以便出错排查;显示running表示配置正确.
user:Felix
mail:wudonghang@wudonghang.com
If you have questions or suggestions, please contact the author.