环境:rhel 7.2
登录 https://dev.mysql.com/downloads/mysql/ 该网址下载以下rpm
mysql-community-client-5.7.19-1.el7.x86_64.rpm mysql-community-common-5.7.19-1.el7.x86_64.rpm mysql-community-devel-5.7.19-1.el7.x86_64.rpm mysql-community-libs-5.7.19-1.el7.x86_64.rpm mysql-community-server-5.7.19-1.el7.x86_64.rpm |
1、初始化
# systemctl disable firewalld
# hostnamectl set-hostname mysql-01
# bash
# vi /etc/selinux/config
SELINUX=disabled |
# systemctl disbale firewalld
# reboot
2、安装 MySQL
# rpm -qa | egrep "mysql|maria"
# rpm -e mariadb-libs-5.5.44-2.el7.x86_64 --nodeps # 卸载旧的
# yum -y install net-tools perl
# cd /usr/local/src/
# rpm -ivh mysql-community-*
# systemctl enable mysqld
# systemctl start mysqld
3、MySQL 配置与验证
# more /var/log/mysqld.log | grep pass # 查看初始密码
# mysql_secure_installation # 修改密码
# mysql -uroot -p # 验证
4、配置安装 Bind
# cd /usr/local/src
# wget http://ftp.isc.org/isc/bind9/9.11.0/bind-9.11.0.tar.gz
# tar -zxf bind-9.11.0.tar.gz
# groupadd -r named
# useradd -s /sbin/nologin -M -r -g named named
# yum -y install openssl-devel wget gcc
# ln -s /usr/lib64/mysql/libmysqlclient.so /usr/lib/libmysqlclient.so
# cd bind-9.11.0
# ./configure --with-dlz-mysql --enable-largefile --enable-threads=yes--prefix=/usr/local/bind --with-openssl
# make && make install
# chown -R named:named /usr/local/bind
# echo "exportPATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >>/etc/profile
# source /etc/profile
# cd /usr/local/bind/etc/
# rndc-confgen -r /dev/urandom >rndc.conf
# tail -10 rndc.conf | head -9| sed s/#\ //g >> named.conf
# vi /usr/local/bind/etc/named.conf
options { directory "/var/named/"; recursion yes; listen-on port 53 { any; }; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; allow-query { any; }; blackhole { none; }; };
view "ours_domain" { match-clients {127.0.0.1; }; allow-query-cache {any; }; allow-recursion {any; }; allow-transfer {none; }; dlz "Mysql zone" { database "mysql {host=127.0.0.1 dbname=bind ssl=false port=3306 user=named pass=MySQL-password} {select zone from dns_records where zone='$zone$'} {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person , serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}"; }; zone "." IN { type hint; file "named.ca"; }; };
key "rndc-key" { algorithm hmac-md5; secret "yp955j6yrX7mWoz5oOoZ0w=="; };
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; |
# mkdir /var/named/
# wget -O /var/named/named.ca http://www.internic.net/domain/named.root
# chown -R named:named /var/named/
5、配置dlz数据库查询
# mysql -uroot -p
mysql> create database bind;
mysql> use bind;
mysql> CREATE TABLE IF NOT EXISTS `dns_records` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `zone` varchar(255) NOT NULL, `host` varchar(255) NOT NULL DEFAULT '@', `type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL, `data` varchar(255) DEFAULT NULL, `ttl` int(11) NOT NULL DEFAULT '3600', `mx_priority` int(11) DEFAULT NULL, `view` enum('any', 'Telecom', 'Unicom', 'CMCC', 'ours') NOT NULL DEFAULT "any" , `priority` tinyint UNSIGNED NOT NULL DEFAULT '255', `refresh` int(11) NOT NULL DEFAULT '28800', `retry` int(11) NOT NULL DEFAULT '14400', `expire` int(11) NOT NULL DEFAULT '86400', `minimum` int(11) NOT NULL DEFAULT '86400', `serial` bigint(20) NOT NULL DEFAULT '2015050917', `resp_person` varchar(64) NOT NULL DEFAULT 'ddns.net', `primary_ns` varchar(64) NOT NULL DEFAULT 'ns.ddns.net.', PRIMARY KEY (`id`), KEY `type` (`type`), KEY `host` (`host`), KEY `zone` (`zone`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; # view:是区分不同网络区域的字段. Priority:是区分不同优先级的字段.
mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'www', 'A', '1.1.1.1', '60');
mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'mail', 'CNAME', 'www', '60');
mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', '@', 'NS', 'ns', '60');
mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'ns', 'A', '127.0.0.1', '60');
mysql> grant all privileges on bind.* to named@'%' identified by "Ma991218#";
mysql> flush privileges; |
# 官网给的mysql驱动模板:
dlz "mysqlzone" {
database "mysql
{host=127.0.0.1 dbname=name ssl=falseport=3306 user=user pass=pass}
{select zone from dns_records where zone ='$zone$' limit 1}
{select ttl, type, mx_priority, case whenlower(type)='txt' then concat('\"', data, '\"') else data end fromdns_records where zone = '$zone$' and host = '$record$' and not (type = 'SOA'or type = 'NS') and IsLive=1}
{select ttl, type, mx_priority, data fromdns_records where zone = '$zone$' and (type = 'SOA' or type='NS')}
{select ttl, type, host, mx_priority, data,resp_person, serial, refresh, retry, expire, minimum from dns_records wherezone = '$zone$' and not (type = 'SOA' or type = 'NS') and IsLive=1}
{select zone from xfr_table where zone ='$zone$' and client = '$client$'}";
};
6、启动测试
# vi /etc/rc.d/init.d/named
#!/bin/bash # named a network name service. # chkconfig: 345 87 75 # description: a name server
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
Builddir=/usr/local/bind PidFile=/usr/local/bind/var/run/named/named.pid LockFile=/var/lock/subsys/named Sbindir=${Builddir}/sbin Configfile=${Builddir}/etc/named.conf CheckConf=${Builddir}/sbin/named-checkconf named=named
if [ ! -f ${Configfile} ] then echo "Can't find named.conf " exit 1 fi
if [ ! -d /var/run/named/ ] then echo "could not open directory '/var/run/named/': Permission denied " exit 1 elif [ ! -w /var/run/named/ ] then echo "could not open directory '/var/run/named/': Permission denied " exit 1 fi
if [ ! -r ${Configfile} ] then echo "Error: ${Configfile} is not readfile!" exit 1 else $CheckConf if [ $? != 0 ] then echo -e "Please check config file in \033[31m${Configfile} \033[0m!" exit 2 fi fi
start() { [ -x ${Builddir}/sbin/$named ] || exit 4 if [ -f $LockFile ]; then echo -n "$named is already running..." echo_failure echo exit 5 fi
echo -n "Starting $named: " daemon --pidfile "$PidFile" ${Sbindir}/$named -u named -n 1 -c ${Configfile} RETVAL=$? echo if [ $RETVAL -eq 0 ]; then touch $LockFile return 0 else rm -f $LockFile $PidFile return 1 fi }
stop() { if [ ! -f $LockFile ];then echo "$named is not started." echo_failure fi
echo -n "Stopping $named: " killproc $named RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $LockFile return 0 }
restart() { stop sleep 1 start }
reload() { echo -n "Reloading $named: " killproc $named -HUP RETVAL=$? echo return $RETVAL }
status() { if pidof $named > /dev/null && [ -f $PidFile ]; then echo "$named is running..." else echo "$named is stopped..." fi }
case $1 in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; status) status ;; *) echo "Usage:named {start|stop|status|reload|restart}" exit 2;; esac |
# chmod +x /etc/rc.d/init.d/named
# /etc/rc.d/init.d/named start
# tailf /var/log/messages
# ps -ef | grep name
# netstat -tunlp | grep named
# vi /etc/resolv.conf
nameserver 127.0.0.1 |
# dig mail.test.info @127.0.0.1
正向解析例子:
mysql> insert INTO example (zone,host,type,data,ttl,retry) values ('example.com','no','A','10.255.1.27',86400,15); //添加几条域名解析记录 mysql> insert INTO example (zone,host,type,data,ttl,retry) values ('alan.com','no','A','10.255.1.29',86400,15); mysql> insert INTO example (zone,host,type,data,ttl,retry) values ('example.com','node','A','10.255.1.252',86400,15); mysql> insert INTO example (zone,host,type,data,ttl,retry) values ('example.com','node02','A','192.168.1.250',86400,15); |
反向解析例子:
mysql> insert into example (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com'); //添加SOA(授权区域定义)记录 mysql> insert into example (zone,host,type,data)values('example.com','@','NS','node02.example.com.'); //添加NS(标记区域的域名服务器以及授权子域)记录 mysql> insert into example(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.'); //添加PTR(与A记录相反,将ip转换成主机名,反向解析操作)记录 |