安装 bind-dlz

BIND DLZ 配置

mysql：   172.17.0.2
BIND主：  172.17.0.3

BIND从： 172.17.0.4

mysql  5.7   BIND 9.16

BIND 安装：

yum -y install libcap*   libuv  libuv-devel

wget https://downloads.isc.org/isc/bind9/9.16.0/bind-9.16.0.tar.xz

tar -xf bind-9.16.0.tar.xz

useradd -s /sbin/nologin -M named

./configure --with-dlz-mysql=/usr/local/mysql/ -enable-largefile --enable-threads=no --prefix=/usr/local/bind --with-openssl

#--enable-threads 多线程支持（官网解析是需要关闭）,--enable-largefile 启用大文件支持,--disable-ipv6 关闭ipv6支持,--with-dlz-mysql意思是使用mysql存储域名解析 

make

make install

查看依赖

[root@slave1 etc]# ldd /usr/local/bind/sbin/named
    linux-vdso.so.1 =>  (0x00007ffcf6933000)
    libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00002b8973ab1000)
    libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00002b8973cfe000)
    libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00002b8973fe7000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002b897421a000)
    libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00002b897441e000)
    libz.so.1 => /lib64/libz.so.1 (0x00002b8974881000)
    libmysqlclient.so.20 => /usr/local/mysql/lib/libmysqlclient.so.20 (0x00002b8974a97000)
    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002b89752d9000)
    libm.so.6 => /lib64/libm.so.6 (0x00002b8975510000)
    libcap.so.2 => /lib64/libcap.so.2 (0x00002b8975812000)
    libuv.so.1 => /lib64/libuv.so.1 (0x00002b8975a17000)
    librt.so.1 => /lib64/librt.so.1 (0x00002b8975c46000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b8975e4e000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x00002b897606a000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00002b8976284000)
    libc.so.6 => /lib64/libc.so.6 (0x00002b8976488000)
    /lib64/ld-linux-x86-64.so.2 (0x00002b897388d000)
    libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00002b8976856000)
    libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002b8976a66000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x00002b8976c6a000)
    libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00002b8976e83000)
    libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00002b897718a000)
    libfreebl3.so => /lib64/libfreebl3.so (0x00002b89773a0000)
    libattr.so.1 => /lib64/libattr.so.1 (0x00002b89775a3000)
    libselinux.so.1 => /lib64/libselinux.so.1 (0x00002b89777a8000)
    libpcre.so.1 => /lib64/libpcre.so.1 (0x00002b89779cf000)

如果依赖mysql

vim  /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib/
ldconfig

BIND 配置

cd /usr/local/bind/etc/ 
/usr/local/bind/sbin/rndc-confgen > rndc.conf 
cat rndc.conf >rndc.key 
tail -10 rndc.conf | head -9 | sed s/# //g > named.conf

bind 配置文件修改

bind主 配置文件

vi named.conf 

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 0.0.0.0  port 953 allow { 0.0.0.0; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;}; 
    directory "/usr/local/bind/var";
    pid-file "named.pid"; 
    allow-query{any;}; 
    allow-transfer { 172.17.0.4; };
    also-notify { 172.17.0.4; };
    forwarders{114.114.114.114;8.8.8.8;}; 
};

acl "dns-ip-list"{
    172.17.0.3;
    172.17.0.4;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

dlz "Mysql zone" {
   database "mysql
   {dbname=db_ops port=3306 host=172.17.0.2 user=fengjian pass=123456 ssl=false}
   {select zone from t_dns_records where zone = '$zone$' and status = 1}
   {select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data, '"')
        when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
        else data end from t_dns_records where zone = '$zone$' and host = '$record$' and status = 1}
   {}
   {select ttl, type, host, mx_priority, case when lower(type)='txt' then
        concat('"', data, '"') else data end, resp_person, serial, refresh, retry, expire,
        minimum from t_dns_records where zone = '$zone$' and status = 1}
   {select zone from t_dns_xfr_table where zone = '$zone$' and client = '$client$' and status = 1}";
};


bind 从配置文件修改
vim named.conf(slave)

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 0.0.0.0 port 953  allow { 0.0.0.0; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;};    //开启侦听53端口，any表示接受任意ip连接
    directory "/usr/local/bind/var";
    pid-file "named.pid";  //文件内容就是named进程的id  
    allow-query{any;};     //允许任意ip查询
    allow-transfer { 172.17.0.4; };
    also-notify { 172.17.0.4; };
    forwarders{114.114.114.114;8.8.8.8;};   //设置转发的公网ip
};

acl "dns-ip-list"{
    172.17.0.3;
    172.17.0.4;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

zone "fengjian.com." IN {
      type slave;
      file "slaves/fengjian.com.zone";
      masterfile-format text;
      masters{ 172.17.0.3; };
};
 
masterfile-format 必须要手动设置， 要不然同步过来的是二进制文件， 无法阅览

mysql 插入数据

create database db_ops；

grant all on *.* to 'fengjian'@'172.17.0.%' identified by '123456';

INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'www', 'A', '1.1.1.1', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'cloud', 'A', '2.2.2.2', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'ns', 'A', '172.17.0.3', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', 'blog', 'CNAME', 'cloud.fengjian.com.', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('fengjian.com', '@', 'NS', 'ns.fengjian.com.', '60');
INSERT INTO t_dns_records (zone, host, type,  ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES ('fengjian.com', '@', 'SOA', '60', 'ns', '28800', '14400', '86400', '86400', '2012020809', 'admin');


insert into t_dns_records (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com');
insert into t_dns_records (zone,host,type,data)values('1.168.192.in-addr.arpa','@','NS','node02.example.com.'); 
insert into t_dns_records(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.');

insert into t_dns_xfr_table (zone, client) values("fengjian.com", "172.17.0.3")
insert into t_dns_xfr_table (zone, client) values("fengjian.com", "172.17.0.4")

8. debug 模式下运行 bind服务

 /usr/local/bind/sbin/named -g -d 1

9. 测试 

FAQ:

1. salve 为什么无法同步master的数据

1.1 检查 t_dns_xfr_table  是否配置相应的zone 及  client, client是slave的ip， 只有配置，slave才能被授权同步
1.2 检查 SOA 序列号(serial),每次更改配置都会在原来的基础上加1, 保证master比slave大
1.3 检查 refresh 字段， 一般设置300s， 5分钟同步一次

摘自：

https://www.cnblogs.com/weiguoyu/p/6601176.html