dns bind dlz 主從環境搭建

 

 

參考文檔: http://blog.csdn.net/lishangwen_alan/article/details/53332889

              http://www.cnblogs.com/xiongpq/p/3384681.html

 

需求說明:  bind dlz 能夠動態加載配置, 方便配置管理, 可是加載速度比較慢, bind file 速度比較快,可是修改文件容易出錯,並且須要重啓服務,會比較麻煩,

本文采用bind主從模式, master(bind dlz)用來作配置管理, slave(bind file)用來提供服務.

 

requirements:

兩臺服務器:   10.1.61.123(master)   10.1.61.124(slave)

mysql:  mysql-5.6.35.tar.gz

bind:    bind-9.11.0.tar.gz

 

1. mysql 編譯安裝:

 安裝依賴包
 yum -y install make gcc-c++ cmake bison-devel  ncurses-devel
 
 下載mysql

 wget http://cdn.mysql.com/Downloads/MySQL-5.6/mysql-5.6.35.tar.gz

 tar xvf mysql-5.6.35.tar.gz

 cd mysql-5.6.35

 編譯安裝:

cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DSYSCONFDIR=/etc \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_MEMORY_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock \
-DMYSQL_TCP_PORT=3306 \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DEXTRA_CHARSETS=all \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci

make && make install

配置mysql
設置權限:
# groupadd mysql
# groupadd -g mysql mysql
# chown -R mysql:mysql /usr/local/mysql

初始化配置:
# cd /usr/local/mysql
# scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql

注意: 將/etc/my.cnf 改爲其餘名字,以防衝突

啓動MySQl

# cp support-files/mysql.server /etc/init.d/mysql
# chkconfig mysql on
# service mysql start  --啓動MySQL

配置用戶

# PATH=/usr/local/mysql/bin:$PATH

# export PATH

# source /etc/profile

# mysql -uroot
mysql> set password = password('123456')

設置遠程訪問
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;

mysql 配置完成


2. bind 編譯安裝(bind-9.11.0.tar.gz):
 # ./configure --prefix=/usr/local/bind/ --with-dlz-mysql=/usr/local/mysql --enable-threads=no --enable-largefile --disable-ipv6 --with-openssl=no 

  //--enable-threads 多線程支持（官網解析是須要關閉）,--enable-largefile 啓用大文件支持,--disable-ipv6 關閉ipv6支持,--with-dlz-mysql意思是使用mysql存儲域名解析 
 
 # make && make install

3. 配置bind:
# cd /usr/local/bind/etc/ 
# /usr/local/bind/sbin/rndc-confgen > rndc.conf 
# cat rndc.conf >rndc.key 
# tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf

4.  named.conf (master)文件

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;};    //寮�鍚睛鍚�53絝彛錛宎ny琛ㄧず鎺ュ彈浠繪剰ip榪炴帴
    directory "/usr/local/bind/var";
    pid-file "named.pid";  //鏂囦歡鍐呭灝辨槸named榪涗▼鐨剗d  
    allow-query{any;};     //鍏佽浠繪剰ip鏌ヨ
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;};   //璁劇疆杞彂鐨勫叕緗慽p
};

acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

dlz "Mysql zone" {
   database "mysql
   {dbname=db_ops port=3306 host=119.90.48.154 user=op_oss pass=JqIrsM1hVvo8 ssl=false}
   {select zone from t_dns_records where zone = '$zone$' and status = 1}
   {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
        when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
        else data end from t_dns_records where zone = '$zone$' and host = '$record$' and status = 1}
   {}
   {select ttl, type, host, mx_priority, case when lower(type)='txt' then
        concat('\"', data, '\"') else data end, resp_person, serial, refresh, retry, expire,
        minimum from t_dns_records where zone = '$zone$' and status = 1}
   {select zone from t_dns_xfr_table where zone = '$zone$' and client = '$client$' and status = 1}";
};

named.conf(slave) 配置文件

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;};    //開啓偵聽53端口，any表示接受任意ip鏈接
    directory "/usr/local/bind/var";
    pid-file "named.pid";  //文件內容就是named進程的id  
    allow-query{any;};     //容許任意ip查詢
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;};   //設置轉發的公網ip
};

acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

zone "phpfensi.com." IN {
      type slave;
      file "slaves/phpfensi.com.zone";
      masterfile-format text;
      masters{ 10.1.61.123; };
};

5. mysql 配置:

create table `t_dns_records` (
  `id` bigint(20) not null auto_increment comment '主健',
  `zone` varchar(255) not null default '' comment '域名',
  `host` varchar(255) not null default '' comment '記錄名稱',
  `type` varchar(255) not null default '' comment '記錄類型',
  `data` varchar(255) not null default '' comment '記錄值',
  `ttl` int(11) default null comment 'ttl(存活時間)',
  `mx_priority` int(11) default null comment 'mx優先級',
  `refresh` int(11) default null comment '刷新時間間隔',
  `retry` int(11)  default null comment '重試時間間隔',
  `expire` int(11) default null comment '過時時間',
  `minimum` int(11) default null comment '最小時間',
  `serial` bigint(20) default null comment '序列號,每次更改配置都會在原來的基礎上加1',
  `resp_person` varchar(64) default null comment '責任人',
  `primary_ns` varchar(64) default null comment '主域名',
  `status` tinyint(4) default 1 comment '0:該記錄無效, 1:該記錄有效',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '建立時間',
  `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新時間',
  primary key (`id`),
  key `ix_zone` (`zone`),
  key `ix_host` (`host`),
  key `ix_data` (`data`),
  key `ix_type` (`type`),
  key `ix_status` (`status`),
  key `ix_created_at` (`created_at`),
  key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment='內網DNS記錄';

create table `t_dns_xfr_table` (
  `id` bigint(20) not null auto_increment comment '主健',
  `zone` varchar(255) not null default '' comment '域名',
  `client` varchar(255) not null default '' comment 'BIND SLAVE 客戶端',
  `status` tinyint(4) default 1 comment '0:該記錄無效, 1:該記錄有效',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '建立時間',
  `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新時間',
  primary key (`id`),
  key `ix_created_at` (`created_at`),
  key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment='DNS傳送信息';

6. 插入數據

插入正向解析數據

INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'www', 'A', '1.1.1.1', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'cloud', 'A', '2.2.2.2', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'ns', 'A', '10.1.61.123', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'blog', 'CNAME', 'cloud.phpfensi.com.', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', '@', 'NS', 'ns.phpfensi.com.', '60');
INSERT INTO t_dns_records (zone, host, type,  ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES ('phpfensi.com', '@', 'SOA', '60', 'ns', '28800', '14400', '86400', '86400', '2012020809', 'admin');

插入反向解析數據

insert into t_dns_records (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com');   //添加SOA（受權區域定義）記錄
insert into t_dns_records (zone,host,type,data)values('1.168.192.in-addr.arpa','@','NS','node02.example.com.');   //添加NS（標記區域的域名服務器以及受權子域）記錄
insert into t_dns_records(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.');     //添加PTR（與A記錄相反，將ip轉換成主機名，反向解析操做）記錄

插入客戶端數據

insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.123")

insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.124")

８． debug 模式下運行 bind 服務
# /usr/local/bind/sbin/named -g -d 1

-g -d 1 是debug的參數 能夠查看到後臺的日誌信息

8. 測試結果:

 

9. slave 配置

zone "phpfensi.com." in {
type slave;
file "phpfensi.com";
masterfile-format text;
masters{ 10.1.61.120; };
};

masterfile-format 必需要手動設置， 要否則同步過來的是二進制文件， 沒法閱覽

 FAQ:

1. salve 爲何沒法同步master的數據

1.1 檢查 t_dns_xfr_table  是否配置相應的zone 及  client, client是slave的ip， 只有配置，slave才能被受權同步1.2 檢查 SOA 序列號(serial),每次更改配置都會在原來的基礎上加1, 保證master比slave大1.3 檢查 refresh 字段， 通常設置300s， 5分鐘同步一次