bindview+dlz(mysql)

系统准备

配置iptables

iptables -F

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -P INPUT DROP

iptables -A INPUT -p tcp --dport 53 -j ACCEPT

iptables -A INPUT -p udp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT

iptables -A INPUT -i lo -p all -j ACCEPT

service iptables save

service iptables restart

关闭selinux

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/sysconfig/selinux

setenforce 0

安装配置mysql

二进制安装

yum -y install lrzsz

cd /usr/local/src

rz

tar zxvf mysql* -C /usr/local

cd /usr/local

ln -sv mysql* mysql

cd mysql

mkdir -pv /data/mysql

useradd -r -U -s /sbin/nologin -d /data/mysql mysql

chown mysql:mysql /data/mysql -R

chown mysql:mysql /usr/local/mysql -R

scripts/mysql_install_db --user=mysql --datadir=/data/mysql

chown -R root .

cp support-files/my-large.cnf  /etc/my.cnf

core=`cat /proc/cpuinfo |grep "processor" |wc -l`

sed -i "s/thread_concurrency = 8/thread_concurrency = `expr 2 * $core`/g" /etc/my.cnf

sed -i -e '/[mysqld]/a datadir = /data/mysql' /etc/my.cnf

cp support-files/mysql.server  /etc/rc.d/init.d/mysqld

chmod +x /etc/rc.d/init.d/mysqld

chkconfig mysqld on

ln -sv /usr/local/mysql/include /usr/include/mysql

echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf

ldconfig

echo -e 'PATH=/usr/local/mysql/bin:$PATH' >> /etc/profile

source /etc/profile

mysql建立表

service mysqld start

mysql_secure_ installation

mysql>create database dns_view;

mysql>use dns_view;

CREATE TABLE `dnstb` (

`id` int(10) unsigned NOT NULL auto_increment,

`zone` varchar(255) NOT NULL,

`host` varchar(255) NOT NULL default '@',

`type` enum('MX','CNAME','NS','SOA','A','PTR') NOT NULL,

`data` varchar(255) default NULL,

`ttl` int(11) NOT NULL default '600',

`view` char(20) default 'OP',

`mx_priority` int(11) default NULL,

`refresh` int(11) NOT NULL default '600',

`retry` int(11) NOT NULL default '3600',

`expire` int(11) NOT NULL default '86400',

`minimum` int(11) NOT NULL default '3600',

`serial` bigint(20) NOT NULL default '2011061200',

`resp_person` varchar(64) NOT NULL default 'root.foo.com.',

`primary_ns` varchar(64) NOT NULL default 'ns1.foo.com.',

`data_count` int(11) NOT NULL default '0',

PRIMARY KEY (`id`),

KEY `type` (`type`),

KEY `host` (`host`),

KEY `zone` (`zone`)

) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=gbk;

mysql授权：

grant all privileges on dns_view.* to root@'172.16.1.104' identified by '123456';

安装配置bind9.11

编译安装bind9.11

yum -y install gcc zlib-devel perl

cd /usr/local/src

tar zxvf bind-9.11.0-P3.tar.gz

cd bind-9.11.0-P3

./configure --prefix=/usr/local/bind --with-dlz-mysql=/usr/local/mysql --enable-treads=no --enable-largefile --disable-ipv6 --with-openssl=no

make && make install

echo -e 'PATH=/usr/local/bind/bin:/usr/local/bind/sbin:$PATH' >> /etc/profile

source /etc/profile

配置rndc

cd /usr/local/bind/etc/

echo -e "ajksdfhiwurhi23y789asd8fh23bjkfasdf2iu3jkweafsdfl" >  random

rndc-confgen -r random > rndc.conf

tail -n10 rndc.conf | head -n9 |sed -e s/#//g  >  named.conf

配置bind

logging {

        channel query_log {

        file "/var/log/named.log" versions 3 size 20m;

        severity info;

        print-time yes;

        print-category yes;

        print-severity yes;

        };

category queries {

                query_log;

                };

category lame-servers {

                null;

                };

};

options {

        directory "/usr/local/bind/etc";

        forwarders {119.29.29.29;8.8.8.8;};

        forward only ;

        pid-file "named.pid";

        allow-query {any;};

        allow-query-cache { any; };

        allow-recursion { any; };

#       recursion yes;

        dnssec-enable no;

        dnssec-validation no;

listen-on port 53 {

                192.168.1.5;

                };

#listen-on-v6 port 53 { any;};

};

include "/usr/local/bind/etc/ip/dev.txt";

include "/usr/local/bind/etc/ip/prod.txt";

include "/usr/local/bind/etc/view.conf";

配置acl和view

mkdir ip

vi ip/dev.txt

acl dev{

10.1.1.0/24;

172.16.1.0/24;

192.168.36.0/24;

};

vi ip/prod.txt

acl prod{

172.16.2.0/24;

};

vi view.conf

view "dev" {

match-clients {dev;};

dlz "Mysql zone" {

database "mysql

{host=127.0.0.1 dbname=dns_view ssl=false port=3306 user=root pass=123456 }

{select zone from dnstb where zone = '$zone$' and view = 'dev' limit 1 }

{select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data,

'"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial,

refresh, retry, expire, minimum) else data end as mydata from dnstb where zone

= '$zone$' and host = '$record$' and (view = 'dev' or view = 'OP')}

{}

{select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('"',

data, '"') else data end as mydata, resp_person, serial, refresh, retry, expire,

minimum from dnstb where zone = '$zone$' and view='dev'}

{select zone from xfr_table where zone = '$zone$' and client = '$client$' and

view='dev' limit 1}

{update data_count set count = count + 1 where zone ='$zone$' and view='dev'}";

};

};

view "prod" {

match-clients { prod; };

dlz "Mysql zone" {

database "mysql

{host=127.0.0.1 dbname=dns_view ssl=false port=3306 user=root pass=123456 }

{select zone from dnstb where zone = '$zone$' and view = 'prod' limit 1 }

{select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data,

'"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial,

refresh, retry, expire, minimum) else data end as mydata from dnstb where zone

= '$zone$' and host = '$record$' and (view = 'prod' or view = 'OP')}

{}

{select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('"',

data, '"') else data end as mydata, resp_person, serial, refresh, retry, expire,

minimum from dnstb where zone = '$zone$' and view='prod'}

{select zone from xfr_table where zone = '$zone$' and client = '$client$' and

view='prod' limit 1}

{update data_count set count = count + 1 where zone ='$zone$' and view='prod'}";

};

};

view "any" {

match-clients { any;};

dlz "Mysql zone" {

database "mysql

{host=127.0.0.1 dbname=dns_view ssl=false port=3306 user=root pass=123456 }

{select zone from dnstb where zone = '$zone$' and view = 'any' limit 1 }

{select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data,

'"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial,

refresh, retry, expire, minimum) else data end as mydata from dnstb where zone

= '$zone$' and host = '$record$' and (view = 'any' or view='OP')}

{}

{select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('"',

data, '"') else data end as mydata, resp_person, serial, refresh, retry, expire,

minimum from dnstb  where zone = '$zone$' and view='any'}

{select zone from xfr_table where zone = '$zone$' and client = '$client$' and

view='any' limit 1}

{update data_count set count = count + 1 where zone ='$zone$' and view='any'}";

};

};

服务使用

启动和重载配置文件

named -4 -uroot -c /usr/local/bind/etc/named.conf -d 9

rndc reload

添加dns记录

windows上安装navicat for mysql 添加DNS记录如图：

备用DNS：

步骤

安装bind和Mysql

配置rndc

配置BIND+VIEW，配置和主DNS一样，除了listen-on port 53里面的IP

配置mysql主从复制，备用DNS上的mysql为从库，设置同步的数据库为dns_view。