centos7下编译安装bind9.12版本并结合mysql
测试环境:centos7,ip地址为,192.168.0.6,先打开dns的防火墙
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=953/udp --permanent
firewall-cmd --reload
安装必备组件
yum install -y groupinstall pcre-devel zlib-devel gcc gcc-c++ autoconf automake make pcre-devel zlib-devel openssl-devel openldap-devel unixODBC-devel gcc libtool openssl
安装mysql
yum install mysql-community-devel.x86_64 -y
编辑/etc/my.conf,在[mysqld]下加入
wait_timeout = 864000
interactive_timeout = 864000
可有效的防止mysql无查询重连接问题
创建软连
ln -sv /usr/lib64/mysql/libmysqlclient.so.18 /usr/lib/libmysqlclient.so
下载并编译安装bind9
wget http://ftp.isc.org/isc/bind9/9.12.4/bind-9.12.4.tar.gz
tar zxvf bind-9.12.4.tar.gz
cd bind-9.12.4
./configure --prefix=/usr/local/bind --enable-threads --enable-largefile --disable-ipv6 --with-openssl --with-dlz-mysql=/usr
make&&make install
创建bind运行用户组使其运行在用户模式下,增强安全性
useradd -s /sbin/nologin -M named
mkdir /usr/local/bind/log/
chown -R named:named /usr/local/bind/
加入环境变量
echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile
source /etc/profile
生成配置文件
cd /usr/local/bind/etc/
rndc-confgen -r /dev/urandom > rndc.conf
head -5 rndc.conf >named.conf
下载ca文件
wget http://www.internic.net/domain/named.root
编辑named.conf文件,增加以下内容
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel bind_log {
file "/tmp/bind.log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
bind_log;
};
};
options {
listen-on port 53 { any; };
directory "/usr/local/bind";
Pid-file "named.pid";
allow-query-cache { any; };
allow-query { any; };
};
dlz "mysql-dlz" {
database "mysql
{host=127.0.0.1 dbname=bind ssl=false port=3306 user=bind pass=W123456W^&}
{select zone from dns_records where zone = '$zone$' and view = 'any' limit 1}
{select ttl,type,if(mx_priority>0,mx_priority,NULL),case when lower(type)='txt' then concat('\"',data,'\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '$zone$' and host = '$record$' and view = 'any'}";
};
#include "/usr/local/bind/etc/default.zones";
配置mysql,创建一个bind的用户和数据库密码为W123456W^&
mysql -u root -p
输入mysql的root密码
create database bind;
GRANT ALL PRIVILEGES ON bind.* TO 'bind'@'%' IDENTIFIED BY 'W123456W^&';
进入bind数据库并创建表,注意修改其中的ns.loshub.com和ns1.loshub.com
use bind;
CREATE TABLE IF NOT EXISTS dns_records
(
id
int(10) unsigned NOT NULL AUTO_INCREMENT,
zone
varchar(255) NOT NULL,
host
varchar(255) NOT NULL DEFAULT '@',
type
enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL,
data
varchar(255) DEFAULT NULL,
ttl
int(11) NOT NULL DEFAULT '3600',
mx_priority
int(11) DEFAULT NULL,
view
enum('any', 'Telecom', 'Unicom', 'CMCC', 'ours') NOT NULL DEFAULT "any" ,
priority
tinyint UNSIGNED NOT NULL DEFAULT '255',
refresh
int(11) NOT NULL DEFAULT '28800',
retry
int(11) NOT NULL DEFAULT '14400',
expire
int(11) NOT NULL DEFAULT '86400',
minimum
int(11) NOT NULL DEFAULT '86400',
serial
bigint(20) NOT NULL DEFAULT '2015050917',
resp_person
varchar(64) NOT NULL DEFAULT 'ns.loshub.com',
primary_ns
varchar(64) NOT NULL DEFAULT 'ns1.loshub.com.',
PRIMARY KEY (id
),
KEY type
(type
),
KEY host
(host
),
KEY zone
(zone
)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
刷新mysql权限
FLUSH PRIVILEGES;
插入解析数据,插入一个A记录www.adw123.com域及解析
use bind;
insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('adw123.com', 'www', 'A', '1.1.1.1', '600');
插入一个cname记录,如abc.adw123.com域名cname到www.adw123.com
use bind;
insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('adw123.com', 'abc', 'CNAME', 'www', '600');
insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('adw123.com', '@', 'MX', '1.1.1.1.', '600');
刷新权限并退出
FLUSH PRIVILEGES;
quit
测试启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named
看有无报错
后台启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named &
接下来测试bind
更新本机(centos7)的dns(如果是外网这一步不用做),为本机的ip,修改文件为/etc/resolv.conf ,把第一个nameserver,后面的ip改为本机ip。
测试
nslookup
www.adw123.com
Server: 192.168.0.6
Address: 192.168.0.6#53
Name: www.adw123.com
Address: 1.1.1.1
** server can't find www.adw123.com: SERVFAIL
成功.完成。
本文系作者 @天边的云 原创发布在Loshub站点。未经许可,禁止转载。
暂无评论数据