wget http://ftp.isc.org/isc/bind9/9.12.1/bind-9.12.1.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
yum -y install ncursess zlib perl mariadb-server mariadb mariadb-devel
cd /usr/local/src
tar -zxvf openssl-1.0.2o.tar.gz; cd openssl-1.0.2o; ./config; make; make install
export LDFLAGS=-L/usr/lib64/mysql
./configure --prefix=/usr/local/bind/ --with-dlz-mysql=yes --enable-threads --enable-largefile --with-openssl=/usr/local/src/openssl-1.0.2o
# --enable-threads=no表示关闭多线程
make; make install
groupadd -g 25 named
useradd named -M -u 25 -g 25 -s /sbin/nologin
chown -R named:named /usr/local/bind/var
mkdir -p /var/log/named; chown -R named.named /var/log/named
systemctl 启动脚本
cat /usr/lib/systemd/system/named.service
[Unit] Description=Berkeley Internet Name Domain (DNS) After=network.target [Service] Type=forking PIDFile=/usr/local/bind/var/named.pid ExecStart=/usr/local/bind/sbin/named -n 1 -u named -c /usr/local/bind/etc/named.conf ExecReload=/bin/sh -c '/usr/local/bind/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' ExecStop=/bin/sh -c '/usr/local/bind/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' PrivateTmp=true Restart=always RestartSec=10 [Install] WantedBy=multi-user.target
# /usr/local/bind/sbin/named -n 1 线程数
注意使用mysql作数据库时,使用单线程更快。有实验过启动2线程或4线程并发时相当慢,几乎全部超时。
配置bind
主配置文件
cd /usr/local/bind/etc/
/usr/local/bind/sbin/rndc-confgen > rndc.conf
// cat rndc.conf >rndc.key
tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf #内容类似下面这样:
cat named.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
设置连接mysql帐号信息:
cat named.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
listen-on port 53 { any; }; //开启侦听53端口,any表示接受任意ip连接
directory "/usr/local/bind/var";
pid-file "named.pid"; //文件内容就是named进程的id
allow-query{ any; }; //允许任意ip查询
recursive-clients 30000;
forwarders{ 202.96.128.86;223.5.5.5; }; //设置转发的公网ip
max-cache-size 4g;
allow-query-cache { any; };
};
logging {
channel query_log { //查询日志
file "/var/log/named/query.log" versions 20 size 300m;
severity info;
print-time yes;
print-category yes;
};
channel error_log { //报错日志
file "/var/log/named/error.log" versions 3 size 10m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { query_log; };
category default { error_log; };
};
dlz "Mysql zone" {
database "mysql
{host=172.16.1.24 dbname=bind_ui ssl=false port=3306 user=bind_ui_r pass=mysql_pass}
{select zone_name from DnsRecord_zonetag where zone_name = '$zone$'}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
else data end from DnsRecord_zonetag inner join DnsRecord_record on DnsRecord_record.zone_tag_id = DnsRecord_zonetag.id and DnsRecord_zonetag.zone_name = '$zone$' and DnsRecord_record.host = '$record$' where DnsRecord_zonetag.status = 'on' and DnsRecord_record.status = 'on'}";
};
日志级别:
在定义通道的语句中,severity是指定记录消息的级别。在bind中主要有以下几个级别(按照严重性递减的顺序):
critical
error
warning
notice
info
debug [ level ]
dynamic
versions 20:保留20个文件
数据库表
mysql> create database example; //建立example数据库
use example;
CREATE TABLE `example` ( //建表
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`zone` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL DEFAULT '@',
`type` enum('MX','CNAME','NS','SOA','A','PTR') NOT NULL,
`data` varchar(255) DEFAULT NULL,
`ttl` int(11) NOT NULL DEFAULT '800',
`mx_priority` int(11) DEFAULT NULL,
`refresh` int(11) NOT NULL DEFAULT '3600',
`retry` int(11) NOT NULL DEFAULT '3600',
`expire` int(11) NOT NULL DEFAULT '86400',
`minimum` int(11) NOT NULL DEFAULT '3600',
`serial` bigint(20) NOT NULL DEFAULT '2016111600',
`resp_person` varchar(64) NOT NULL DEFAULT 'node02.example.com.',
`primary_ns` varchar(64) NOT NULL DEFAULT 'node02.example.com.',
PRIMARY KEY (`id`)
);
insert INTO example (zone,host,type,data,ttl,retry) values ('example.com','no','A','10.255.1.27',86400,15); //添加几条域名解析记录
insert INTO example (zone,host,type,data,ttl,retry) values ('alan.com','no','A','10.255.1.29',86400,15);
insert INTO example (zone,host,type,data,ttl,retry) values ('example.com','node','A','10.255.1.252',86400,15);
insert INTO example (zone,host,type,data,ttl,retry) values ('example.com','node02','A','192.168.1.250',86400,15);