MySQL+BIND-dlz 实现智能DNS

系统:centos 6.8
Mysql: 5.7
BIND: 9.11.0

CentOS6编译环境安装

yum groupinstall "Development Tools"
yum install openssl-devel

mysql 安装

这里直接使用官方yum源安装
1. 找对应系统版本的rpm包,https://dev.mysql.com/downloads/repo/yum/
2. sudo yum localinstall mysql57-community-release-el6-{version-number}.noarch.rpm
3. 查看开启的mysql是哪个版本的yum repolist enabled | grep "mysql.*-community.*"
4. 官方默认5.7直接安装 sudo yum install mysql-community-server mysql-community-devel
5. 启动 sudo service mysqld start
6. 查看状态 sudo service mysqld status
7. 找到临时密码 sudo grep 'temporary password' /var/log/mysqld.log
8. 登录并修改密码 mysql -uroot -p  
   ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
其他需求查看官网教程:https://dev.mysql.com/doc/refman/5.7/en/linux-installation-yum-repo.html

Bind编译安装dlz插件

下载: https://www.isc.org/downloads/

1. 添加用户,和编译安装bind 
# tar xvf bind-9.11.0-P1.tar.gz
# cd bind-9.11.0-P1
# groupadd -r named
# useradd -s /sbin/nologin -M -r -g named named
# ./configure --with-dlz-mysql --enable-largefile --enable-threads=yes --prefix=/usr/local/bind --with-openssl
# make -j 4
# make install 
注: 这里的--enable-threds一般建议为no,dlz开启mysql多线程会崩溃,我为了测试所以编译时开了多线程,结果不行.
2. 这里编译引用libmysqlclient.so可能会报错,我这里该库文件所在位置为/usr/lib64/mysql/libmysqlclient.so 需要在/usr/lib/下做个软链接
#ln -s /usr/lib64/mysql/libmysqlclient.so /usr/lib/libmysqlclient.so
3. 配置bind 环境变量
# chown -R named:named /usr/local/bind 
# echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile
# source /etc/profile
4. 配置rndc  配置named.conf
# cd /usr/local/bind/etc/
# rndc-confgen -r /dev/urandom >rndc.conf
# 添加其他配置
#  options {
        directory "/var/named/";
        recursion yes;
        listen-on port 53    { any; };
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        allow-query { any; };
        blackhole { none; };
 };
# mkdir /var/named/
# wget -O /var/named/named.ca  http://www.internic.net/domain/named.root
# chown -R named:named /var/named/
5. 启动named,查看根递归解析域名是否成功
#named -u named -n 1 -c /usr/local/bind/etc/named.conf
#dig www.baidu.com @127.0.0.1
如果这一步成功的话,一个基本的dns就搭建成功了。

配置dlz数据库查询

1. 创建单独的数据库
# mysql -uroot -p
# > create database bind;
2. 建表
#> CREATE TABLE IF NOT EXISTS `dns_records` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `zone` varchar(255) NOT NULL,
  `host` varchar(255) NOT NULL DEFAULT '@',
  `type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL,
  `data` varchar(255) DEFAULT NULL,
  `ttl` int(11) NOT NULL DEFAULT '3600',
  `mx_priority` int(11) DEFAULT NULL,
  `view`  enum('any', 'Telecom', 'Unicom', 'CMCC', 'ours') NOT NULL  DEFAULT "any" ,
  `priority` tinyint UNSIGNED NOT NULL DEFAULT '255',
  `refresh` int(11) NOT NULL DEFAULT '28800',
  `retry` int(11) NOT NULL DEFAULT '14400',
  `expire` int(11) NOT NULL DEFAULT '86400',
  `minimum` int(11) NOT NULL DEFAULT '86400',
  `serial` bigint(20) NOT NULL DEFAULT '2015050917',
  `resp_person` varchar(64) NOT NULL DEFAULT 'ddns.net',
  `primary_ns` varchar(64) NOT NULL DEFAULT 'ns.ddns.net.',
  PRIMARY KEY (`id`),
  KEY `type` (`type`),
  KEY `host` (`host`),
  KEY `zone` (`zone`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
view:是区分不同网络区域的字段.
Priority:是区分不同优先级的字段.
3. 创建单独用户,并授权
# grant all privileges on bind.* to [email protected]'%' identified by "named_passwd";
# flush privileges;
4. 创建view, 在named.conf中加入
#view "ours_domain" {
        match-clients           {127.0.0.1; };
        allow-query-cache           {any; };
        allow-recursion          {any; };
        allow-transfer          {none; };
 
        dlz "Mysql zone" {
               database        "mysql
               {host=localhost dbname=bind ssl=false port=3306 user=named pass=named}
               {select zone from dns_records where zone='$zone$'}
               {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}"; 
        };
        zone "."  IN {
            type hint;
            file "named.ca";
        };
 
};
5. 插入数据
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'www', 'A', '1.1.1.1', '60');
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'mail', 'CNAME', 'www', '60');
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', '@', 'NS', 'ns', '60');
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'ns', 'A', '127.0.0.1', '60');
6.测试结果
# dig  @127.0.0.1
# dig mail.test.info @127.0.0.1
# dig -t NS test.info @127.0.0.1 
# dig -t ANY test.info @127.0.0.1

启动脚本

#!/bin/bash
# named a network name service.
# chkconfig: 345 87 75
# description: a name server

[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions

Builddir=/usr/local/bind
PidFile=/usr/local/bind/var/run/named/named.pid
LockFile=/var/lock/subsys/named
Sbindir=${Builddir}/sbin
Configfile=${Builddir}/etc/named.conf
CheckConf=${Builddir}/sbin/named-checkconf
named=named

if [ ! -f ${Configfile} ]
then
    echo "Can't find named.conf "
    exit 1
fi

if [ ! -d /var/run/named/ ]
then
    echo "could not open directory '/var/run/named/': Permission denied "
    exit 1
elif [ ! -w /var/run/named/ ]
    then
        echo "could not open directory '/var/run/named/': Permission denied "
        exit 1
fi


if [ ! -r ${Configfile} ]
then
    echo "Error: ${Configfile} is not readfile!"
    exit 1
else
    $CheckConf
    if [ $? != 0 ]
    then
        echo -e "Please check config file in \033[31m${Configfile} \033[0m!"
        exit 2
    fi
fi

start() {
    [ -x ${Builddir}/sbin/$named ] ||   exit 4
    if [ -f $LockFile ]; then
        echo -n "$named is already running..."
        echo_failure
        echo
        exit 5
    fi

    echo -n "Starting $named: "
    daemon --pidfile "$PidFile" ${Sbindir}/$named -u named -n 1 -c ${Configfile}
    RETVAL=$?
    echo
    if [ $RETVAL -eq 0 ]; then
        touch $LockFile
        return 0
    else
        rm -f $LockFile $PidFile
        return 1
    fi
}

stop() {
    if [ ! -f $LockFile ];then
        echo "$named is not started."
        echo_failure
    fi

    echo -n "Stopping $named: "
    killproc $named
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f $LockFile
    return 0
}

restart() {
    stop
    sleep 1
    start
}

reload() {
    echo -n "Reloading $named: "
    killproc $named -HUP
    RETVAL=$?
    echo
    return $RETVAL
}


status() {
    if pidof $named > /dev/null && [ -f $PidFile ]; then
        echo "$named is running..."
    else
        echo "$named is stopped..."
    fi
}

case $1 in
start)
    start ;;
stop)
    stop ;;
restart)
    restart ;;
reload)
    reload ;;
status)
    status ;;
*)
    echo "Usage:named {start|stop|status|reload|restart}"
    exit 2;;
esac

发表评论

电子邮件地址不会被公开。 必填项已用*标注

This blog is kept spam free by WP-SpamFree.