bind+dlz+mysql实现区域记录动态更新

BIND-DLZ实验:http://bind-dlz.sourceforge.net/

实验环境:RHEL4,BIND-9.5.0-P2.tar.gz(9.4.0以上版本都已含DLZ补丁),Mysql-5.0.56.tar.gz

1、安装mysql(先安装gcc等相关软件包)

#tar zxvf mysql-5.0.56.tar.gz 
   #cd mysql-5.0.56
   #./configure --prefix=/usr/local/mysql --localstatedir=/usr/loal/mysql/data --   libexecdir=/usr/local/mysql/lib --disable-shared
   #make
   #make install
   #cd /usr/local/mysql/
   #groupadd -g 1003 mysql
   #useradd -g 1003 mysql
   #chown -R mysql .
   #chgrp -R mysql .
   #chown -R mysql lib
   #./bin/mysql_install_db --user=mysql //以mysql的用户身份安装
   #chown -R root .
   #./bin/mysqld_safe --user=mysql & //在后台启动mysql

# cd /root/mysql-5.0.56
# cp support-files/my-medium.cnf /etc/my.cnf
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chmod 700 !$
# chkconfig --add mysqld
# chkconfig --list mysqld
  mysqld 1:off 2:on 3:on 4:on 5:on 6:off
# service mysqld start[restart/reload/stop]
# vi /etc/my.cnf
 add this:(防止mysql服务器无查询后8小时自动重连)
wait_timeout = 86400

interactive_timeout = 86400

#/usr/local/mysql/bin/mysqladmin -uroot password ‘aptech‘
   #./bin/mysql -uroot -paptech

#echo "PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile

#. !$

2、安装bind

#tar zxvf bind-9.5.0-P2.tar.gz 
   #cd bind-9.5.0-P2
   #./configure --prefix=/usr/local/bind9 --with-dlz-mysql=/usr/local/mysql --enable-threads=no

//--with-dlz-mysql=/usr/local/mysql 要求bind安装中支持DLZ

//--enable-threads=no 关闭多线程

//--disable-openssl-version-check 禁止openssl版本的检查
   #make
   #make install

3、创建database,table

create database mydata;

use mydata;

create table other_dns_records(

zone varchar(255),

host varchar(255),

type varchar(255),

data varchar(255),

ttl int(11),

mx_priority varchar(255),

refresh int(11),

retry int(11),

expire int(11),

minimum int(11),

serial bigint(11),

resp_person varchar(255),

primary_ns varchar(255));

create table cnc_dns_records(

   host varchar(255),

type varchar(255),

data varchar(255),

ttl int(11),

mx_priority varchar(255),

refresh int(11),

retry int(11),

expire int(11),

minimum int(11),

serial bigint(11),

resp_person varchar(255),

primary_ns varchar(255));

insert other_dns_records(zone,host,type,data,ttl,retry)

values(‘aaa.com‘,‘www‘,‘A‘,‘192.168.199.2‘,‘86400‘,‘13‘);

insert cnc_dns_records(zone,host,type,data,ttl,retry)

values(‘bbb.com‘,‘www‘,‘A‘,‘192.55.199.199‘,‘86400‘,‘13‘);

4、编辑/usr/local/bind9/etc/named.conf

#cd /usr/local/bind9/etc

#../sbin/rndc-confgen -a

#../sbin/rndc-confgen > named.conf

#vi !$   //vi named.conf

#less named.conf

# Use with the following in named.conf, adjusting the allow list as needed:
 key "rndc-key" {
        algorithm hmac-md5;
        secret "c4aUV+N7GbOF773V+/LnAA==";
 };
 
 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };
# End of named.conf
options {
directory "/usr/local/bind9/etc/";
pid-file "/usr/local/bind9/var/run/named.pid";
allow-query { any; };
recursion no;
version "gaint-d1";
};
include "/usr/local/bind9/etc/cnc.cl";
include "/usr/local/bind9/etc/other.cl";
view "cnc-user" {
match-clients { cnc; };
dlz "Mysql zone" {
database "mysql
{host=localhost dbname=mydata ssl=false port=3306 user=root pass=aptech}
{select zone from cnc_dns_records where zone = ‘%zone%‘}
{select ttl, type, mx_priority, case when lower(type)=‘txt‘ then concat(‘\"‘, data, 
‘\"‘)
when lower(type) = ‘soa‘ then concat_ws(‘
‘, data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from
cnc_dns_records where zone = ‘%zone%‘ and host = ‘%record%‘}";
};
};
view "other-user" {
match-clients { other; };
dlz "Mysql zone" {
database "mysql
{host=localhost dbname=mydata ssl=false port=3306 user=root pass=aptech}
{select zone from other_dns_records where zone=‘%zone%‘}
{select ttl, type, mx_priority, case when lower(type) = ‘txt‘ then concat(‘\"‘, data, 
‘\"‘)
when lower(type)=‘soa‘ then concat_ws(‘
‘, data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from
other_dns_records where zone = ‘%zone%‘ and host = ‘%record%‘}";
};
};
[[email protected] etc]# less cnc.cl 
acl "cnc"{
192.168.9.0/24;
};

[[email protected] etc]# less other.cl 
acl "other" {
127.0.0.0/18;
};

5、启动&测试

[[email protected] ~]# /usr/local/bind9/sbin/named -gc  /usr/local/bind9/etc/named.conf
06-Mar-2009 22:23:02.569 starting BIND 9.5.0-P2 -gc /usr/local/bind9/etc/named.conf
06-Mar-2009 22:23:02.579 loading configuration from ‘/usr/local/bind9/etc/named.conf‘
06-Mar-2009 22:23:02.583 listening on IPv4 interface lo, 127.0.0.1#53
06-Mar-2009 22:23:02.586 listening on IPv4 interface eth0, 192.168.1.5#53
06-Mar-2009 22:23:02.588 Loading ‘Mysql zone‘ using driver mysql
06-Mar-2009 22:23:02.604 default max-cache-size (33554432) applies: view cnc-user
06-Mar-2009 22:23:02.609 Loading ‘Mysql zone‘ using driver mysql
06-Mar-2009 22:23:02.612 default max-cache-size (33554432) applies: view other-user
06-Mar-2009 22:23:02.616 default max-cache-size (33554432) applies: view _bind
06-Mar-2009 22:23:02.621 command channel listening on 127.0.0.1#953
06-Mar-2009 22:23:02.621 ignoring config file logging statement due to -g option
06-Mar-2009 22:23:02.623 running

注:加-gc参数可显示出启动日志,以便出错排查;显示running表示配置正确.

来源： http://blog.chinaunix.net/uid-10435474-id-2957057.html

来自为知笔记(Wiz)