bind DLZ

2010-10-31       v0.01 　北京公司

 

系统环境：rhel 5.4

所需包：

bind-9.5.1-P2.tar.gz

ripe-dbase-client-v3.tar.gz

 

view

1.       view_telecom

2.       view_cnc

3.       view_any

 

mysql

library: bind

table:        cnc

                   telecom

                   any

 

master: ns1.jerome-1.com   192.168.166.202

slave  : ns2.jerome-1.com   192.168.166.203

 

一．安装MySQL

//查看系统中是否已经安装了MySQL，如果是卸载所有以mysql开头的包。

rpm -qa | grep mysql

rpm -e mysql-*

rm -f /etc/my.cnf

groupadd mysql

useradd mysql -c "start mysqld's account" -d /dev/null -g mysql -s /sbin/nologin

cd /usr/local/src/

tar -xzvf mysql-5.1.36.tar.gz

cd mysql-5.1.36

./configure \

--prefix=/usr/local/mysql \

--with-mysqld-user=mysql \

--with-charset=utf8 --with-collation=utf8_bin --with-extra-charsets=big5,ascii,gb2312,gbk,utf8,latin1 \

--without-debug \

--with-client-ldflags=-all-static \

--with-mysqld-ldflags=-all-static \

--disable-shared \

--localstatedir=/var/lib/mysql \

--without-isam \

--without-innodb \

--enable-assembler

make && make install

cp support-files/my-medium.cnf /etc/my.cnf

/usr/local/mysql/bin/mysql_install_db --user=mysql

chown -R root:mysql /usr/local/mysql/

chown -R mysql:mysql /var/lib/mysql

/usr/local/mysql/bin/mysqld_safe --user=mysql &

配置系统启动时自动启动MySQl

cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql

cd /etc/init.d

chmod 755 mysql

chkconfig --add mysql

chkconfig --level 3 mysql on

cp /usr/local/mysql/bin/mysql /usr/bin

mysql

use mysql;

UPDATE user SET Password=PASSWORD('1q2w3e') WHERE user='root';

FLUSH PRIVILEGES;

 

二．编译安装Bind

cd /usr/local/src/bind/

tar zxvf bind-9.6.0-P1.tar.gz

cd bind-9.6.0-P1

./configure --with-dlz-mysql  \

--enable-largefile  \

--enable-threads=no  \

--prefix=/usr/local/bind  \

--with-openssl=/usr/local/openssl/

 

make && make install

 

三．开始配置bind

1.创建 rndc.conf文件，用bind自带程序生成

把rndc.conf 中的key信息输出到 named.conf 中　

cd /usr/local/bind/etc

../sbin/rndc-confgen >rndc.conf

tail -n10 rndc.conf | head -n9 | sed -e s/#\//g >named.conf

 

2.# vi localhost.zone

ttl 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

 

3.获得根域记录

cd /usr/local/bind/etc

dig > named.root

 

4、安装IP地址段查询工具Ripe-dbase-client-v3：

下载软件包：

wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz

cd /usr/local/src

tar zxvf ripe-dbase-client-v3.tar.gz

cd whois-3.1

./configure --prefix=/usr

make  && make install

 

5、设置配置文件

 

配置ACL文件

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/etc/cnc_acl.conf

 

 

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/etc/telecom_acl.conf

 

6.#vi named.conf 在后面加入如下：

include "/usr/local/bind/etc/cnc_acl.conf";

include "/usr/local/bind/etc/telecom_acl.conf";

include "/usr/local/bind/etc/view.conf";

 

7. #vi /usr/local/bind/etc/view.conf                 //创建view相关的配置文件

 

##################### #######cnc_view ##########################

view "cnc_view" {                       //定义view

match-clients { CNC; };              //指定 cnc_acl.conf  此处CNC不同于下面的提到的CNC　CNC

                                                        　的ACL文件仅仅在此处指定

 

allow-query-cache { none; };    //不提供cache

allow-recursion { none; };

allow-transfer { none; };            // 禁止任何人向master服务器请求 zone transfer

recursion no;                               // 禁止处理来自 cnc 的主机的递归请求

dlz "Mysql zone" {

database "mysql

{host=127.0.0.1 dbname=bind ssl=false port=3306 user=root pass=1q2w3e}

{select zone from cnc where zone = '%zone%' and view='CNC' limit 1}

{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry,

 

expire, minimum) else data end as mydata from cnc where zone = '%zone%' and host = '%record%' and view='CNC'}

{}

{select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum

 

from cnc where zone = '%zone%' and view='CNC'}

{select zone from xfr_table where zone = '%zone%' and client = '%client%' and view='CNC' limit 1}

{update data_count set count = count + 1 where zone ='%zone%' and view='CNC'}";

};

};

##################### #######cnc_view ##########################

 

dbname=bind                     //bind库

user=root pass=1q2w3e　　//用户root　密码1q2w3e

cnc <小写>     //cnc表

CNC<大写>　　　// 数据库中的记录VIEW=CNC

 

当定义其他view时在以上几处进行修改！

 

 

四．数据库　建　库　创建DLZ相关表的结构

不同的表只需要改下面红色标记的两处即可

一处是表的建立　另一处为指定默认域名

 

mysql>create database bind; //创建数据库名为bind

mysql>use bind;

CREATE TABLE `cnc` (

`id` int(10) unsigned NOT NULL auto_increment,

`zone` varchar(255) NOT NULL,

`host` varchar(255) NOT NULL default '@',

`type` enum('MX','CNAME','NS','SOA','A','PTR') NOT NULL,

`data` varchar(255) default NULL,

`ttl` int(11) NOT NULL default '800',

`view` enum('CNC','TELECOM','ANY') NOT NULL,

`mx_priority` int(11) default NULL,

`refresh` int(11) NOT NULL default '3600',

`retry` int(11) NOT NULL default '3600',

`expire` int(11) NOT NULL default '86400',

`minimum` int(11) NOT NULL default '3600',

`serial` bigint(20) NOT NULL default '2008082700',

`resp_person` varchar(64) NOT NULL default 'root.jerome.com.',

`primary_ns` varchar(64) NOT NULL default 'ns1.jerome.com.',

`data_count` int(11) NOT NULL default '0',

PRIMARY KEY (`id`),

KEY `type` (`type`),

KEY `host` (`host`),

KEY `zone` (`zone`)

) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=gbk;

 

 

五． 关于DLZ 主从同步

 

1.按照该文档的第一二部分进行安装mysql和bind配置文件部分则可以直接从master上拷过来

#scp named.conf  named.root  cnc_acl.conf  telecom_acl.conf  view.conf localhost.zone

 

2.查看view.conf 文件中user=root pass=1q2w3e　　该权限能否在本地查询

如果数据库帐户密码错误会导致　namd无法启动　提示msql connection failed

 

04-Nov-2010 07:29:04.463 mysql driver failed to create database connection after 4 attempts

 

3.如需做cache服务器，则按照以下注释方式进行修改即可．

 

view "telecom_view" {

match-clients { TELECOM; };

#allow-query-cache { none; };

#allow-recursion { none; };

#allow-transfer { none; };

recursion yes;

 

 

 

 

cnc表的建立结构和内容cnc-table-all.sql

可直接将此数据库脚本导入数据中　就可完成cnc表结构的建立　立会插入一些相关的Ａy记录测试

 

DLZ相关数据库表结构建立.txt　　此表同上　．　内容包含有三个view的表结构建立

 

TELECOM.sql

cnc.sql

any.sql

插入数据

 

插入PTR记录

 

insert into cnc (zone,host,type,data) values ("202.166.168.192.in-addr.arpa ","@","PTR","ns1.jerome-1.com.")

评论

1 楼 wtgame 2010-12-28  

插入正向

insert into cnc (zone,host,type,data) values ('jerome-1.com','status','A','192.168.166.203');