bind+dlz+mysql实现智能DNS

一、安装mysql

yum install gcc gcc-c++ openssl-devel wget ncurses-devel make
groupadd mysql
useradd -g mysql mysql -s /sbin/nologin
cd /tmp
wget http://cdn.mysql.com/Downloads/MySQL-5.1/mysql-5.1.65.tar.gz
tar xzf mysql-5.1.65.tar.gz
cd mysql-5.1.65
./configure --prefix=/usr/local/mysql/ --without-pthread --with-unix-socket-path=/tmp/mysql.sock --with-extra-charsets=gbk,gb2312,utf8
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R root.mysql /usr/local/mysql
chown -R mysql /usr/local/mysql/var
cp support-files/mysql.server /etc/init.d/mysqld
chown root.root /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
chkconfig  mysqld on
ln -s /usr/local/mysql/bin/mysql /usr/bin
ln -s /usr/local/mysql/bin/mysqladmin /usr/bin
service mysqld start
mysqladmin -u root password root

二、安装bind

cd /tmp
wget http://ftp.isc.org/isc/bind9/cur/9.9/bind-9.9.1-P2.tar.gz
tar xzf bind-9.9.1-P2.tar.gz
cd bind-9.9.1-P2
./configure --prefix=/usr/local/named/ --enable-largefile --enable-threads=no --disable-openssl-version-check --with-dlz-mysql=/usr/local/mysql
make
make install

三、配置bind

cd /usr/local/named/etc
../sbin/rndc-confgen -r /dev/urandom >rndc.conf
tail -n10 rndc.conf | head -n9 | sed -e s/#\//g>named.conf
      
vi named.conf
include "/usr/local/named/etc/CHINANET.acl"; //联通ACL
include "/usr/local/named/etc/CNC.acl"; //电信ACL
include "/usr/local/named/etc/view.conf"; //DLZ相关的配置

四、下载acl文件

wget http://www.centos.bz/wp-content/uploads/2012/02/CHINANET.acl
wget http://www.centos.bz/wp-content/uploads/2012/02/CNC.acl


五、配置view.conf

view "CHINANET_view" {
  match-clients  { CHINANET; };
  allow-query-cache { none; };
  allow-recursion { none; };
  allow-transfer { none; };
  recursion no;
      
    dlz "Mysql zone" {
    database "mysql
    {host=127.0.0.1 dbname=dns_data ssl=false port=3306 user=root pass=password}
    {select zone from dns_records where zone = '$zone$' and  view = 'CHINANET' limit 1}
    {select ttl,type,mx_priority,case when lower(type)='txt' then concat('\"',data,'\"') when lower(type)    =  'soa'  then   concat_ws(' ',  data,  resp_person,  serial,  refresh,  retry,  expire,  minimum)   else   data   end   as   mydata   from   dns_records where zone = '$zone$'   and host = '$record$' and view=(select view from dns_records where zone = '$zone$' and host = '$record$' and (view='CHINANET' or view='any') order by priority asc limit 1)}";
};
};
view "CNC_view" {
  match-clients  { CNC; };
  allow-query-cache { none; };
  allow-recursion { none; };
  allow-transfer { none; };
  recursion no;
      
    dlz "Mysql zone" {
    database "mysql
    {host=127.0.0.1 dbname=dns_data ssl=false port=3306 user=root pass=password}
    {select zone from dns_records where zone = '$zone$' and  view = 'CNC' limit 1}
    {select ttl,type,mx_priority,case when lower(type)='txt' then concat('\"',data,'\"') when lower(type)    =  'soa'  then   concat_ws(' ',  data,  resp_person,  serial,  refresh,  retry,  expire,  minimum)   else   data   end   as   mydata   from   dns_records where zone = '$zone$'   and host = '$record$' and view=(select view from dns_records where zone = '$zone$' and host = '$record$' and (view='CNC' or view='any') order by priority asc limit 1)}";
};
};
view "any_view" {
  match-clients  { any; };
  allow-query-cache { none; };
  allow-recursion { none; };
  allow-transfer { none; };
  recursion no;
      
    dlz "Mysql zone" {
    database "mysql
    {host=127.0.0.1 dbname=dns_data ssl=false port=3306 user=root pass=password}
    {select zone from dns_records where zone = '$zone$' and  view = 'any' limit 1}
    {select ttl,type,mx_priority,case when lower(type)='txt' then concat('\"',data,'\"') when lower(type)    =  'soa'  then   concat_ws(' ',  data,  resp_person,  serial,  refresh,  retry,  expire,  minimum)   else   data   end   as   mydata   from   dns_records where zone = '$zone$'   and host = '$record$' and view = 'any'}";
};
};

六、建库

create database dns_data;
use dns_data;
CREATE TABLE `dns_records` (
   `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
   `zone` VARCHAR(255) NOT NULL,
   `host` VARCHAR(255) NOT NULL DEFAULT '@',
   `type` ENUM('MX','CNAME','NS','SOA','A','PTR') NOT NULL,
   `data` VARCHAR(255) DEFAULT NULL,
   `ttl` INT(11) NOT NULL DEFAULT '800',
   `view` CHAR(20) DEFAULT 'any',     
   `mx_priority` INT(11) DEFAULT NULL,
   `priority` INT(3) DEFAULT 255, 
   `refresh` INT(11) NOT NULL DEFAULT '3600',
   `retry` INT(11) NOT NULL DEFAULT '3600',
   `expire` INT(11) NOT NULL DEFAULT '86400',
   `minimum` INT(11) NOT NULL DEFAULT '3600',
   `serial` BIGINT(20) NOT NULL DEFAULT '2008082700',
   `resp_person` VARCHAR(64) NOT NULL DEFAULT 'root.domain.com.',
   `primary_ns` VARCHAR(64) NOT NULL DEFAULT 'ns1.domain.com.',
   `data_count` INT(11) NOT NULL DEFAULT '0',
   PRIMARY KEY          (`id`),
   KEY `type` (`type`),
   KEY `host` (`host`),
   KEY `zone` (`zone`)
) ENGINE=MYISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;

七、启动bind

/usr/local/named/sbin/named -uroot -g -d 9   //调试状态,如果没有报错说明环境配置正确。做成启动服务. Debug 的时候多用此模式启动bind.。

这时报了一个错误:

/usr/local/named/sbin/named: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object file: No such file or directory

解决办法:

ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/libmysqlclient.so.18
ldconfig

接着又报一个错误:

02-Jul-2013 14:29:21.728 mysql driver failed to create database connection after 4 attempts

02-Jul-2013 14:29:21.728 SDLZ driver failed to load.

02-Jul-2013 14:29:21.729 DLZ driver failed to load.

02-Jul-2013 14:29:21.738 load_configuration: failure

02-Jul-2013 14:29:21.739 loading configuration: failure

02-Jul-2013 14:29:21.739 exiting (due to fatal error)

原因是view.conf中的数据库配置参数不对,修改为自己对应的即可。

/usr/local/bind/sbin/rndc reload //重载 named.conf 相关配置文件.
/usr/local/bind/sbin/named -uroot -c /usr/local/bind/etc/named.conf & //指定配置文件

设置开机启动,vim /etc/init.d/named

#!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server
# http://www.linuxtone.org
   
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/bind/sbin/named ]; then
for i in `seq 1 8`
do
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named1$i.conf -u root 
echo "BIND9-named1$i server started"
done
fi
;;
stop)
kill `cat /usr/local/bind/var/named.pid` && echo . && echo 'BIND9 server stopped'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
reload)
/usr/local/bind/sbin/rndc reload
;;
status)
/usr/local/bind/sbin/rndc status
;;
*)
echo "$0 start | stop | restart |reload |status"
;;
esac
chkconfig --add named
chkconfig named on

八、写入测试数据

INSERT   INTO   `dns_records`   (`zone`,   `host`,   `type`,   `data`,   `ttl`,`mx_priority`,   `refresh`,   `retry`,   `expire`,      `minimum`, `serial`, `resp_person`, `primary_ns`, `data_count`) VALUES    ('centos.bz',     '@',   'SOA',   'ns1.centos.bz.',    10,   NULL,     3600,    3600,   86400,    10,   2008082700, 'root.centos.bz.', 'ns1.centos.bz.', 0);
INSERT INTO `dns_records` (`zone`, `host`, `type`, `data`) VALUES      ('centos.bz', '@', 'NS', 'ns1.centos.bz.'),      ('centos.bz', '@', 'NS', 'ns2.centos.bz.');
INSERT INTO `dns_records` (`zone`, `host`, `type`, `data`) VALUES      ('centos.bz', 'ns1', 'A', '211.100.72.137'),   ('centos.bz', 'ns2', 'A', '219.232.244.11');
INSERT INTO `dns_records` (`zone`, `host`, `type`, `data`, `ttl`, `view`,`priority`) VALUES   ('centos.bz', 'www', 'A', '210.51.36.116', 3600, 'CNC',200),      ('centos.bz', 'www', 'A', '221.238.249.178', 3600, 'CHINANET',200),      ('centos.bz', 'www', 'A', '211.103.156.230', 3600, 'any',255);
INSERT INTO dns_records (`zone`,`host`,`type`,`DATA`,`view`,`priority`)      VALUES ('centos.bz', 'man', 'CNAME', 'www','CNC',200),      ('centos.bz', 'man', 'CNAME', 'www','CHINANET',200),  ('centos.bz', 'man', 'CNAME', 'www','any',255);

发表评论

电子邮件地址不会被公开。 必填项已用 * 标注


*

您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>