bind+dlz+mysql實作區域記錄動态更新

BIND-DLZ實驗:http://bind-dlz.sourceforge.net/

實驗環境:RHEL4,BIND-9.5.0-P2.tar.gz(9.4.0以上版本都已含DLZ更新檔),Mysql-5.0.56.tar.gz

1、安裝mysql(先安裝gcc等相關軟體包)

   #tar zxvf mysql-5.0.56.tar.gz 

   #cd mysql-5.0.56

   #./configure --prefix=/usr/local/mysql --localstatedir=/usr/loal/mysql/data --   libexecdir=/usr/local/mysql/lib --disable-shared

   #make

   #make install

   #cd /usr/local/mysql/

   #groupadd -g 1003 mysql

   #useradd -g 1003 mysql

   #chown -R mysql .

   #chgrp -R mysql .

   #chown -R mysql lib

   #./bin/mysql_install_db --user=mysql //以mysql的使用者身份安裝

   #chown -R root .

   #./bin/mysqld_safe --user=mysql & //在背景啟動mysql

# cd /root/mysql-5.0.56

# cp support-files/my-medium.cnf /etc/my.cnf

# cp support-files/mysql.server /etc/rc.d/init.d/mysqld

# chmod 700 !$

# chkconfig --add mysqld

# chkconfig --list mysqld

  mysqld 1:off 2:on 3:on 4:on 5:on 6:off

# service mysqld start[restart/reload/stop]

# vi /etc/my.cnf

 add this:(防止mysql伺服器無查詢後8小時自動重連)

wait_timeout = 86400

interactive_timeout = 86400

   #/usr/local/mysql/bin/mysqladmin -uroot password 'aptech'

   #./bin/mysql -uroot -paptech

   #echo "PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile

   #. !$

2、安裝bind

   #tar zxvf bind-9.5.0-P2.tar.gz 

   #cd bind-9.5.0-P2

   #./configure --prefix=/usr/local/bind9 --with-dlz-mysql=/usr/local/mysql --enable-threads=no

   //--with-dlz-mysql=/usr/local/mysql 要求bind安裝中支援DLZ

   //--enable-threads=no 關閉多線程 

   //--disable-openssl-version-check 禁止openssl版本的檢查

3、建立database,table

   create database mydata;

   use mydata;

   create table other_dns_records(

   zone varchar(255),

   host varchar(255),

   type varchar(255),

   data varchar(255),

   ttl int(11),

   mx_priority varchar(255), 

   refresh int(11),

   retry int(11),

   expire int(11),

   minimum int(11),

   serial bigint(11),

   resp_person varchar(255), 

   primary_ns varchar(255));

   create table cnc_dns_records(

   insert other_dns_records(zone,host,type,data,ttl,retry)

   values('aaa.com','www','A','192.168.199.2','86400','13');

   insert cnc_dns_records(zone,host,type,data,ttl,retry)

   values('bbb.com','www','A','192.55.199.199','86400','13');

4、編輯/usr/local/bind9/etc/named.conf

   #cd /usr/local/bind9/etc

   #../sbin/rndc-confgen -a

   #../sbin/rndc-confgen > named.conf

   #vi !$   //vi named.conf

   #less named.conf

 # Use with the following in named.conf, adjusting the allow list as needed:

 key "rndc-key" {

        algorithm hmac-md5;

        secret "c4aUV+N7GbOF773V+/LnAA==";

 };

 controls {

        inet 127.0.0.1 port 953

                allow { 127.0.0.1; } keys { "rndc-key"; };

# End of named.conf

options {

directory "/usr/local/bind9/etc/";

pid-file "/usr/local/bind9/var/run/named.pid";

allow-query { any; };

recursion no;

version "gaint-d1";

};

include "/usr/local/bind9/etc/cnc.cl";

include "/usr/local/bind9/etc/other.cl";

view "cnc-user" {

match-clients { cnc; };

dlz "Mysql zone" {

database "mysql

{host=localhost dbname=mydata ssl=false port=3306 user=root pass=aptech}

{select zone from cnc_dns_records where zone = '%zone%'}

{select ttl, type, mx_priority, case when lower(type)='txt' then concat('/"', data,

'/"')

when lower(type) = 'soa' then concat_ws('

', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from

cnc_dns_records where zone = '%zone%' and host = '%record%'}";

view "other-user" {

match-clients { other; };

{select zone from other_dns_records where zone='%zone%'}

{select ttl, type, mx_priority, case when lower(type) = 'txt' then concat('/"', data,

when lower(type)='soa' then concat_ws('

other_dns_records where zone = '%zone%' and host = '%record%'}";

[root@dlz etc]# less cnc.cl

acl "cnc"{

192.168.9.0/24;

[root@dlz etc]# less other.cl

acl "other" {

127.0.0.0/18;

5、啟動&測試

[root@dlz ~]# /usr/local/bind9/sbin/named -gc  /usr/local/bind9/etc/named.conf

06-Mar-2009 22:23:02.569 starting BIND 9.5.0-P2 -gc /usr/local/bind9/etc/named.conf

06-Mar-2009 22:23:02.579 loading configuration from '/usr/local/bind9/etc/named.conf'

06-Mar-2009 22:23:02.583 listening on IPv4 interface lo, 127.0.0.1#53

06-Mar-2009 22:23:02.586 listening on IPv4 interface eth0, 192.168.1.5#53

06-Mar-2009 22:23:02.588 Loading 'Mysql zone' using driver mysql

06-Mar-2009 22:23:02.604 default max-cache-size (33554432) applies: view cnc-user

06-Mar-2009 22:23:02.609 Loading 'Mysql zone' using driver mysql

06-Mar-2009 22:23:02.612 default max-cache-size (33554432) applies: view other-user

06-Mar-2009 22:23:02.616 default max-cache-size (33554432) applies: view _bind

06-Mar-2009 22:23:02.621 command channel listening on 127.0.0.1#953

06-Mar-2009 22:23:02.621 ignoring config file logging statement due to -g option

06-Mar-2009 22:23:02.623 running

注:加-gc參數可顯示出啟動日志,以便出錯排查;顯示running表示配置正确.