[App] DNS Bind + MySQL

环境：rhel 7.2

登录  https://dev.mysql.com/downloads/mysql/ 该网址下载以下rpm

mysql-community-client-5.7.19-1.el7.x86_64.rpm mysql-community-common-5.7.19-1.el7.x86_64.rpm mysql-community-devel-5.7.19-1.el7.x86_64.rpm mysql-community-libs-5.7.19-1.el7.x86_64.rpm mysql-community-server-5.7.19-1.el7.x86_64.rpm

 

1、初始化

# systemctl disable firewalld

# hostnamectl set-hostname mysql-01

# bash

# vi /etc/selinux/config

SELINUX=disabled

# systemctl disbale firewalld

# reboot

 

2、安装 MySQL

# rpm -qa | egrep "mysql|maria"

# rpm -e mariadb-libs-5.5.44-2.el7.x86_64 --nodeps   # 卸载旧的

# yum -y install net-tools perl

# cd /usr/local/src/

# rpm -ivh mysql-community-*

# systemctl enable mysqld

# systemctl start mysqld

 

3、MySQL 配置与验证

# more /var/log/mysqld.log | grep pass       # 查看初始密码

# mysql_secure_installation        # 修改密码

# mysql -uroot -p       # 验证

 

4、配置安装 Bind

# cd /usr/local/src

# wget http://ftp.isc.org/isc/bind9/9.11.0/bind-9.11.0.tar.gz

# tar -zxf bind-9.11.0.tar.gz

# groupadd -r named

# useradd -s /sbin/nologin -M -r -g named named

# yum -y install openssl-devel wget gcc

# ln -s /usr/lib64/mysql/libmysqlclient.so /usr/lib/libmysqlclient.so

# cd bind-9.11.0

# ./configure --with-dlz-mysql --enable-largefile --enable-threads=yes--prefix=/usr/local/bind --with-openssl

# make && make install

# chown -R named:named /usr/local/bind

# echo "exportPATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >>/etc/profile

# source  /etc/profile

# cd /usr/local/bind/etc/

# rndc-confgen -r /dev/urandom >rndc.conf

# tail -10 rndc.conf  | head -9| sed s/#\ //g >> named.conf

# vi /usr/local/bind/etc/named.conf

options {                directory "/var/named/";                recursion yes;                listen-on port 53    { any; };                dump-file "/var/named/data/cache_dump.db";                statistics-file "/var/named/data/named_stats.txt";                allow-query { any; };                blackhole { none; }; };   view "ours_domain" {                match-clients           {127.0.0.1; };                allow-query-cache           {any; };                allow-recursion          {any; };                allow-transfer          {none; };                 dlz "Mysql zone" {                               database        "mysql                               {host=127.0.0.1 dbname=bind ssl=false port=3306 user=named pass=MySQL-password}                               {select zone from dns_records where zone='$zone$'}                               {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person , serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}";         };                zone "."  IN {                            type hint;                            file "named.ca";                }; };   key "rndc-key" {         algorithm hmac-md5;         secret "yp955j6yrX7mWoz5oOoZ0w=="; };   controls {         inet 127.0.0.1 port 953                 allow { 127.0.0.1; } keys { "rndc-key"; }; };

 

# mkdir /var/named/

# wget -O /var/named/named.ca  http://www.internic.net/domain/named.root

# chown -R named:named /var/named/

 

 

5、配置dlz数据库查询

# mysql -uroot -p

mysql> create database bind;   mysql> use bind;   mysql> CREATE TABLE IF NOT EXISTS `dns_records` (  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,  `zone` varchar(255) NOT NULL,  `host` varchar(255) NOT NULL DEFAULT '@',  `type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL,  `data` varchar(255) DEFAULT NULL,  `ttl` int(11) NOT NULL DEFAULT '3600',  `mx_priority` int(11) DEFAULT NULL,  `view`  enum('any', 'Telecom', 'Unicom', 'CMCC', 'ours') NOT NULL  DEFAULT "any" ,  `priority` tinyint UNSIGNED NOT NULL DEFAULT '255',  `refresh` int(11) NOT NULL DEFAULT '28800',  `retry` int(11) NOT NULL DEFAULT '14400',  `expire` int(11) NOT NULL DEFAULT '86400',  `minimum` int(11) NOT NULL DEFAULT '86400',  `serial` bigint(20) NOT NULL DEFAULT '2015050917',  `resp_person` varchar(64) NOT NULL DEFAULT 'ddns.net',  `primary_ns` varchar(64) NOT NULL DEFAULT 'ns.ddns.net.',  PRIMARY KEY (`id`),  KEY `type` (`type`),  KEY `host` (`host`),  KEY `zone` (`zone`)) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;     # view:是区分不同网络区域的字段.     Priority:是区分不同优先级的字段.   mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'www', 'A', '1.1.1.1', '60');   mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'mail', 'CNAME', 'www', '60');   mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', '@', 'NS', 'ns', '60');   mysql> insert into dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'ns', 'A', '127.0.0.1', '60');   mysql> grant all privileges on bind.* to named@'%' identified by "Ma991218#";   mysql> flush privileges;

 

# 官网给的mysql驱动模板：

dlz "mysqlzone" {

    database "mysql

    {host=127.0.0.1 dbname=name ssl=falseport=3306 user=user pass=pass}

    {select zone from dns_records where zone ='$zone$' limit 1}

    {select ttl, type, mx_priority, case whenlower(type)='txt' then concat('\"', data, '\"') else data end fromdns_records where zone = '$zone$' and host = '$record$' and not (type = 'SOA'or type = 'NS') and IsLive=1}

    {select ttl, type, mx_priority, data fromdns_records where zone = '$zone$' and (type = 'SOA' or type='NS')}

    {select ttl, type, host, mx_priority, data,resp_person, serial, refresh, retry, expire, minimum from dns_records wherezone = '$zone$' and not (type = 'SOA' or type = 'NS') and IsLive=1}

    {select zone from xfr_table where zone ='$zone$' and client = '$client$'}";

};

 

 

6、启动测试

# vi /etc/rc.d/init.d/named

#!/bin/bash # named a network name service. # chkconfig: 345 87 75 # description: a name server   [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions   Builddir=/usr/local/bind PidFile=/usr/local/bind/var/run/named/named.pid LockFile=/var/lock/subsys/named Sbindir=${Builddir}/sbin Configfile=${Builddir}/etc/named.conf CheckConf=${Builddir}/sbin/named-checkconf named=named   if [ ! -f ${Configfile} ] then     echo "Can't find named.conf "     exit 1 fi   if [ ! -d /var/run/named/ ] then     echo "could not open directory '/var/run/named/': Permission denied "     exit 1 elif [ ! -w /var/run/named/ ]     then         echo "could not open directory '/var/run/named/': Permission denied "         exit 1 fi     if [ ! -r ${Configfile} ] then     echo "Error: ${Configfile} is not readfile!"     exit 1 else     $CheckConf     if [ $? != 0 ]     then         echo -e "Please check config file in \033[31m${Configfile} \033[0m!"         exit 2     fi fi   start() {     [ -x ${Builddir}/sbin/$named ] ||   exit 4     if [ -f $LockFile ]; then         echo -n "$named is already running..."         echo_failure         echo         exit 5     fi       echo -n "Starting $named: "     daemon --pidfile "$PidFile" ${Sbindir}/$named -u named -n 1 -c ${Configfile}     RETVAL=$?     echo     if [ $RETVAL -eq 0 ]; then         touch $LockFile         return 0     else         rm -f $LockFile $PidFile         return 1     fi }   stop() {     if [ ! -f $LockFile ];then         echo "$named is not started."         echo_failure     fi       echo -n "Stopping $named: "     killproc $named     RETVAL=$?     echo     [ $RETVAL -eq 0 ] && rm -f $LockFile     return 0 }   restart() {     stop     sleep 1     start }   reload() {     echo -n "Reloading $named: "     killproc $named -HUP     RETVAL=$?     echo     return $RETVAL }     status() {     if pidof $named > /dev/null && [ -f $PidFile ]; then         echo "$named is running..."     else         echo "$named is stopped..."     fi }   case $1 in start)     start ;; stop)     stop ;; restart)     restart ;; reload)     reload ;; status)     status ;; *)     echo "Usage:named {start|stop|status|reload|restart}"     exit 2;; esac

 

# chmod +x /etc/rc.d/init.d/named

# /etc/rc.d/init.d/named start

# tailf /var/log/messages

# ps -ef | grep name

# netstat -tunlp | grep named

# vi /etc/resolv.conf

nameserver 127.0.0.1

# dig mail.test.info @127.0.0.1

 

 

 

正向解析例子：

mysql> insert INTO example  (zone,host,type,data,ttl,retry) values ('example.com','no','A','10.255.1.27',86400,15);     //添加几条域名解析记录 mysql> insert INTO example  (zone,host,type,data,ttl,retry) values ('alan.com','no','A','10.255.1.29',86400,15); mysql> insert INTO example  (zone,host,type,data,ttl,retry) values ('example.com','node','A','10.255.1.252',86400,15); mysql> insert INTO example  (zone,host,type,data,ttl,retry) values ('example.com','node02','A','192.168.1.250',86400,15);

 

反向解析例子：

mysql> insert into example (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com');   //添加SOA（授权区域定义）记录 mysql> insert into example (zone,host,type,data)values('example.com','@','NS','node02.example.com.');   //添加NS（标记区域的域名服务器以及授权子域）记录 mysql> insert into example(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.');     //添加PTR（与A记录相反，将ip转换成主机名，反向解析操作）记录