centos7下编译安装bind9.15.8或bind-9.16.23版本使用mysql电信移动智能解析
测试环境:centos7,ip地址为,192.168.0.6,先打开dns的防火墙
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=953/udp --permanent
firewall-cmd --reload安装yum源
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh epel-release-latest-7.noarch.rpm安装必备组件
yum install -y libuv libuv-devel pcre-devel zlib-devel gcc gcc-c++ autoconf automake make pcre-devel zlib-devel openssl-devel openldap-devel unixODBC-devel gcc libtool openssl安装mysql:https://www.loshub.com/article/show/319/
yum install mysql-community-devel.x86_64 -y编辑/etc/my.conf,在[mysqld]下加入
wait_timeout = 864000
interactive_timeout = 864000可有效的防止mysql无查询重连接问题
创建软连
ln -sv /usr/lib64/mysql/libmysqlclient.so.18 /usr/lib/libmysqlclient.so
ln -s /usr/include/libxml2/libxml /usr/include/libxml下载并编译安装bind9,如果是bind-9.15.18,替换以下载地址为:http://ftp.isc.org/isc/bind9/9.16.23/bind-9.16.23.tar.xz,如果是编译安装的mysql,直接等于编译后的地址
wget http://ftp.isc.org/isc/bind9/9.16.23/bind-9.16.23.tar.xz
tar -Jxvf bind-9.16.23.tar.xz
cd bind-9.16.23
./configure --prefix=/usr/local/bind --enable-threads --enable-largefile --enable-ipv6 --with-openssl --with-dlz-mysql=/usr --without-python --disable-linux-caps
make&&make install创建bind运行用户组使其运行在用户模式下,增强安全性
useradd -s /sbin/nologin -M named
mkdir /usr/local/bind/log/
chown -R named:named /usr/local/bind/加入环境变量
echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile
source /etc/profile生成配置文件
cd /usr/local/bind/sbin/
./rndc-confgen > /usr/local/bind/etc/rndc.conf
cd /usr/local/bind/etc
tail -10 rndc.conf | head -9 | sed -e s/#\ //g > named.conf下载ca文件
wget http://www.internic.net/domain/named.root
编辑named.conf文件,头部增加以下内容
options {
pid-file "named.pid";
directory "/usr/local/bind/etc";
forwarders { 8.8.8.8; };
forward only;
recursion yes;
};在尾部加入如下内容
include "/usr/local/bind/etc/ipalc.conf";
include "/usr/local/bind/etc/view.conf";创建ipalc.conf文件
输入以下IP地址可以去https://ispip.clang.cn/找最新的ip段有ipv6,以下是电信v4和v6为例
v4,语法acl "ctcc" {ip段; #一行一个IP段};
v4例:
acl "ctcc" {
1.0.1.0/24;
};v6语法
acl "ctccv6" {ip段; #一行一个IP段};例:
acl "ctccv6" {
2001:7fa:10::/48;
};你还可以加移动或联通,还可以分香港等地的段等,每一个段一个acl。
创建view.conf文件
定义view以刚刚创建的中国电信的ipv4为例
view "ctcc_view" {
match-clients { ctcc; };
allow-query-cache { ctcc; };
allow-recursion { ctcc; };
allow-transfer { none; };
dlz "Mysql zone" {
database "mysql
{host=127.0.0.1 dbname=bind ssl=false port=3306 user=bind pass=W123456W^& }
{select zone from dns_records where zone = '$zone$' limit 1}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '$zone$' and host = '$record$' and ups='0' and view like (select case when view='ctcc' then 'ctcc' else 'any' end as views from dns_records where zone='$zone$' and host='$record$' order by views desc limit 1)}
{}
{select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$' and ups='0' and view like (select case when view='ctcc' then 'ctcc' else 'any' end as views from dns_records where zone='$zone$' and host='$record$' order by views desc limit 1)}";
};
};有几个alc段就要建几个view,接下来创建默认线路,默认的一般放到最后,这样子会先搜前面的ip段,如果没有才会找到默认段
view "any_view" {
match-clients { any; };
allow-query-cache { any; };
allow-recursion { any; };
allow-transfer { none; };
dlz "Mysql zone" {
database "mysql
{host=127.0.0.1 dbname=bind ssl=false port=3306 user=bind pass=W123456W^& }
{select zone from dns_records where zone = '$zone$' and view='any' limit 1}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '$zone$' and host = '$record$' and view='any' and ups='0'}
{}
{select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$' and view='any' and ups='0'}";
};
};保存退出。
配置mysql,创建一个bind的用户和数据库密码为W123456W^&
mysql -u root -p输入mysql的root密码
create database bind;
grant all on bind.* to bind@"localhost" identified by 'W123456W^&';进入bind数据库并创建表,注意修改其中的ns.loshub.com和ns1.loshub.com
use bind;
CREATE TABLE IF NOT EXISTS `dns_records` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`zone` varchar(255) NOT NULL COMMENT '域名',
`host` varchar(255) NOT NULL DEFAULT '@' COMMENT '主机名',
`type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL COMMENT '记录类型',
`data` varchar(255) DEFAULT NULL COMMENT '记录值,IP或别名等',
`ttl` int(11) NOT NULL DEFAULT '3600' COMMENT 'TTL时间',
`view` varchar(30) NOT NULL DEFAULT 'any' COMMENT '线路',
`mx_priority` int(11) DEFAULT NULL COMMENT 'MX优化值',
`refresh` int(11) NOT NULL DEFAULT '28800' COMMENT '刷新时间',
`retry` int(11) NOT NULL DEFAULT '14400' COMMENT '重新时间',
`expire` int(11) NOT NULL DEFAULT '86400' COMMENT '超时',
`minimum` int(11) NOT NULL DEFAULT '86400' COMMENT '最小时间',
`serial` bigint(20) NOT NULL DEFAULT '2020102400' COMMENT '序列号',
`resp_person` varchar(64) NOT NULL DEFAULT 'ns.loshub.com' COMMENT '主域名',
`primary_ns` varchar(64) NOT NULL DEFAULT 'ns1.loshub.com.' COMMENT '主NS',
`second_ns` varchar(64) NOT NULL DEFAULT 'ns1.loshub.com.' COMMENT '辅NS',
`data_count` int(11) NOT NULL DEFAULT '0',
`ups` tinyint(1) unsigned NOT NULL DEFAULT '0' COMMENT '状态',
`avil` tinyint(1) unsigned NOT NULL DEFAULT '0' COMMENT '使用状态',
`uis` tinyint(1) unsigned NOT NULL DEFAULT '0' COMMENT 'URL转发1/2',
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;刷新权限并退出
FLUSH PRIVILEGES;
quit测试启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named看有无报错
后台启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named &插入SOA数据
mysql -uroot -ploshub123258
use bind;
INSERT INTO `dns_records` VALUES ('8', 'loshub.com', '@', 'SOA', '10.0.0.30', '3600', 'any', null, '28800', '14400', '86400', '86400', '2020102116', 'loshub.com.', 'ns.loshub.com', 'ns1.loshub.com', '0', '0', '0', '0');插入默认线路
INSERT INTO `dns_records` VALUES ('9', 'loshub.com', 'www', 'A', '10.0.0.30', '3600', 'any', null, '28800', '14400', '86400', '86400', '2020102116', 'loshub.com.', 'ns.loshub.com', 'ns1.loshub.com', '0', '0', '0', '0');插入电信线路
INSERT INTO `dns_records` VALUES ('10', 'loshub.com', 'www', 'A', '10.0.0.30', '3600', 'cctc', null, '28800', '14400', '86400', '86400', '2020102116', 'loshub.com.', 'ns.loshub.com', 'ns1.loshub.com', '0', '0', '0', '0');如需主从同步,可以使用mysql同步
停止方法
/usr/local/bind/sbin/rndc stop加入系统启动,创建/lib/systemd/system/named.service文件,输入以下代码
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service
[Service]
Type=forking
ExecStart=/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -u named
ExecReload=/usr/local/bind/sbin/rndc reload
ExecStop=/usr/local/bind/sbin/rndc stop
[Install]
WantedBy=multi-user.target保存退出,创建软连
ln -s /lib/systemd/system/named.service /etc/systemd/system/multi-user.target.wants/named载入启动
systemctl daemon-reload启动named
systemctl start named停止
systemctl stop named加入系统启动
systemctl enable named完成
版权申明
本文系作者 @天边的云 原创发布在Loshub站点。未经许可,禁止转载。
暂无评论数据