bind DLZ
2010-10-31 v0.01 北京公司
系统环境:rhel 5.4
所需包:
bind-9.5.1-P2.tar.gz
ripe-dbase-client-v3.tar.gz
view
1. view_telecom
2. view_cnc
3. view_any
mysql
library: bind
table: cnc
telecom
any
master: ns1.jerome-1.com 192.168.166.202
slave : ns2.jerome-1.com 192.168.166.203
一.安装MySQL
//查看系统中是否已经安装了MySQL,如果是卸载所有以mysql开头的包。
rpm -qa | grep mysql
rpm -e mysql-*
rm -f /etc/my.cnf
groupadd mysql
useradd mysql -c "start mysqld's account" -d /dev/null -g mysql -s /sbin/nologin
cd /usr/local/src/
tar -xzvf mysql-5.1.36.tar.gz
cd mysql-5.1.36
./configure \
--prefix=/usr/local/mysql \
--with-mysqld-user=mysql \
--with-charset=utf8 --with-collation=utf8_bin --with-extra-charsets=big5,ascii,gb2312,gbk,utf8,latin1 \
--without-debug \
--with-client-ldflags=-all-static \
--with-mysqld-ldflags=-all-static \
--disable-shared \
--localstatedir=/var/lib/mysql \
--without-isam \
--without-innodb \
--enable-assembler
make && make install
cp support-files/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R root:mysql /usr/local/mysql/
chown -R mysql:mysql /var/lib/mysql
/usr/local/mysql/bin/mysqld_safe --user=mysql &
配置系统启动时自动启动MySQl
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
cd /etc/init.d
chmod 755 mysql
chkconfig --add mysql
chkconfig --level 3 mysql on
cp /usr/local/mysql/bin/mysql /usr/bin
mysql
use mysql;
UPDATE user SET Password=PASSWORD('1q2w3e') WHERE user='root';
FLUSH PRIVILEGES;
二.编译安装Bind
cd /usr/local/src/bind/
tar zxvf bind-9.6.0-P1.tar.gz
cd bind-9.6.0-P1
./configure --with-dlz-mysql \
--enable-largefile \
--enable-threads=no \
--prefix=/usr/local/bind \
--with-openssl=/usr/local/openssl/
make && make install
三.开始配置bind
1.创建 rndc.conf文件,用bind自带程序生成
把rndc.conf 中的key信息输出到 named.conf 中
cd /usr/local/bind/etc
../sbin/rndc-confgen >rndc.conf
tail -n10 rndc.conf | head -n9 | sed -e s/#\//g >named.conf
2.# vi localhost.zone
ttl 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
3.获得根域记录
cd /usr/local/bind/etc
dig > named.root
4、安装IP地址段查询工具Ripe-dbase-client-v3:
下载软件包:
wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz
cd /usr/local/src
tar zxvf ripe-dbase-client-v3.tar.gz
cd whois-3.1
./configure --prefix=/usr
make && make install
5、设置配置文件
配置ACL文件
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/etc/cnc_acl.conf
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/etc/telecom_acl.conf
6.#vi named.conf 在后面加入如下:
include "/usr/local/bind/etc/cnc_acl.conf";
include "/usr/local/bind/etc/telecom_acl.conf";
include "/usr/local/bind/etc/view.conf";
7. #vi /usr/local/bind/etc/view.conf //创建view相关的配置文件
##################### #######cnc_view ##########################
view "cnc_view" { //定义view
match-clients { CNC; }; //指定 cnc_acl.conf 此处CNC不同于下面的提到的CNC CNC
的ACL文件仅仅在此处指定
allow-query-cache { none; }; //不提供cache
allow-recursion { none; };
allow-transfer { none; }; // 禁止任何人向master服务器请求 zone transfer
recursion no; // 禁止处理来自 cnc 的主机的递归请求
dlz "Mysql zone" {
database "mysql
{host=127.0.0.1 dbname=bind ssl=false port=3306 user=root pass=1q2w3e}
{select zone from cnc where zone = '%zone%' and view='CNC' limit 1}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry,
expire, minimum) else data end as mydata from cnc where zone = '%zone%' and host = '%record%' and view='CNC'}
{}
{select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum
from cnc where zone = '%zone%' and view='CNC'}
{select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='CNC' limit 1}
{update data_count set count = count + 1 where zone ='%zone%' and view='CNC'}";
};
};
##################### #######cnc_view ##########################
dbname=bind //bind库
user=root pass=1q2w3e //用户root 密码1q2w3e
cnc <小写> //cnc表
CNC<大写> // 数据库中的记录VIEW=CNC
当定义其他view时在以上几处进行修改!
四.数据库 建 库 创建DLZ相关表的结构
不同的表只需要改下面红色标记的两处即可
一处是表的建立 另一处为指定默认域名
mysql>create database bind; //创建数据库名为bind
mysql>use bind;
CREATE TABLE `cnc` (
`id` int(10) unsigned NOT NULL auto_increment,
`zone` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL default '@',
`type` enum('MX','CNAME','NS','SOA','A','PTR') NOT NULL,
`data` varchar(255) default NULL,
`ttl` int(11) NOT NULL default '800',
`view` enum('CNC','TELECOM','ANY') NOT NULL,
`mx_priority` int(11) default NULL,
`refresh` int(11) NOT NULL default '3600',
`retry` int(11) NOT NULL default '3600',
`expire` int(11) NOT NULL default '86400',
`minimum` int(11) NOT NULL default '3600',
`serial` bigint(20) NOT NULL default '2008082700',
`resp_person` varchar(64) NOT NULL default 'root.jerome.com.',
`primary_ns` varchar(64) NOT NULL default 'ns1.jerome.com.',
`data_count` int(11) NOT NULL default '0',
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=gbk;
五. 关于DLZ 主从同步
1.按照该文档的第一二部分进行安装mysql和bind配置文件部分则可以直接从master上拷过来
#scp named.conf named.root cnc_acl.conf telecom_acl.conf view.conf localhost.zone
2.查看view.conf 文件中user=root pass=1q2w3e 该权限能否在本地查询
如果数据库帐户密码错误会导致 namd无法启动 提示msql connection failed
04-Nov-2010 07:29:04.463 mysql driver failed to create database connection after 4 attempts
3.如需做cache服务器,则按照以下注释方式进行修改即可.
view "telecom_view" {
match-clients { TELECOM; };
#allow-query-cache { none; };
#allow-recursion { none; };
#allow-transfer { none; };
recursion yes;
cnc表的建立结构和内容cnc-table-all.sql
可直接将此数据库脚本导入数据中 就可完成cnc表结构的建立 立会插入一些相关的Ay记录测试
DLZ相关数据库表结构建立.txt 此表同上 . 内容包含有三个view的表结构建立
TELECOM.sql
cnc.sql
any.sql
插入数据
插入PTR记录
insert into cnc (zone,host,type,data) values ("202.166.168.192.in-addr.arpa ","@","PTR","ns1.jerome-1.com.")