zoukankan      html  css  js  c++  java
  • dns bind dlz 主从环境搭建

    参考文档: http://blog.csdn.net/lishangwen_alan/article/details/53332889

                  http://www.cnblogs.com/xiongpq/p/3384681.html

    需求说明:  bind dlz 可以动态加载配置, 方便配置管理, 但是加载速度比较慢, bind file 速度比较快,但是修改文件容易出错,而且需要重启服务,会比较麻烦,

    本文采用bind主从模式, master(bind dlz)用来做配置管理, slave(bind file)用来提供服务.

    requirements:

    两台服务器:   10.1.61.123(master)   10.1.61.124(slave)

    mysql:  mysql-5.6.35.tar.gz

    bind:    bind-9.11.0.tar.gz

    1. mysql 编译安装:

     安装依赖包
    yum -y install make gcc-c++ cmake bison-devel ncurses-devel

    下载mysql

    wget http://cdn.mysql.com/Downloads/MySQL-5.6/mysql-5.6.35.tar.gz
     tar xvf mysql-5.6.35.tar.gz

    cd mysql-5.6.35

    编译安装:
    cmake 
    -DCMAKE_INSTALL_PREFIX=/usr/local/mysql 
    -DMYSQL_DATADIR=/usr/local/mysql/data 
    -DSYSCONFDIR=/etc 
    -DWITH_MYISAM_STORAGE_ENGINE=1 
    -DWITH_INNOBASE_STORAGE_ENGINE=1 
    -DWITH_MEMORY_STORAGE_ENGINE=1 
    -DWITH_READLINE=1 
    -DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock 
    -DMYSQL_TCP_PORT=3306 
    -DENABLED_LOCAL_INFILE=1 
    -DWITH_PARTITION_STORAGE_ENGINE=1 
    -DEXTRA_CHARSETS=all 
    -DDEFAULT_CHARSET=utf8 
    -DDEFAULT_COLLATION=utf8_general_ci
    
    make && make install

    配置mysql
    设置权限:
    # groupadd mysql
    # groupadd -g mysql mysql
    # chown -R mysql:mysql /usr/local/mysql

    初始化配置:
    # cd /usr/local/mysql
    # scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql

    注意: 将/etc/my.cnf 改成其他名字,以防冲突

    启动MySQl
    # cp support-files/mysql.server /etc/init.d/mysql
    # chkconfig mysql on
    # service mysql start  --启动MySQL

    配置用户

    # PATH=/usr/local/mysql/bin:$PATH

    # export PATH

    # source /etc/profile

    # mysql -uroot
    mysql> set password = password('123456')

    设置远程访问
    mysql>
    GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;

    mysql 配置完成


    2. bind 编译安装(bind-9.11.0.tar.gz):
    # ./configure --prefix=/usr/local/bind/ --with-dlz-mysql=/usr/local/mysql --enable-threads=no --enable-largefile --disable-ipv6 --with-openssl=no
      //--enable-threads 多线程支持(官网解析是需要关闭),--enable-largefile 启用大文件支持,--disable-ipv6 关闭ipv6支持,--with-dlz-mysql意思是使用mysql存储域名解析 

    # make && make install

    3. 配置bind:
    # cd /usr/local/bind/etc/ 
    # /usr/local/bind/sbin/rndc-confgen > rndc.conf 
    # cat rndc.conf >rndc.key 
    # tail -10 rndc.conf | head -9 | sed s/# //g > named.conf

    4. named.conf (master)文件
    key "rndc-key" {
    algorithm hmac-md5;
    secret "mvCUyhyDvNNGywhoVHbSaQ==";
    };

    controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
    };


    options {
    listen-on port 53 {any;}; //寮�鍚�睛鍚�53绔�彛锛宎ny琛ㄧず鎺ュ彈浠绘剰ip杩炴帴
    directory "/usr/local/bind/var";
    pid-file "named.pid"; //鏂囦欢鍐呭�灏辨槸named杩涚▼鐨刬d
    allow-query{any;}; //鍏佽�浠绘剰ip鏌ヨ�
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;}; //璁剧疆杞�彂鐨勫叕缃慽p
    };

    acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
    };

    logging {
    channel error_log {
    file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
    };

    channel query_log {
    file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
    severity debug;
    print-time yes;
    print-severity yes;
    print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
    };

    dlz "Mysql zone" {
    database "mysql
    {dbname=db_ops port=3306 host=119.90.48.154 user=op_oss pass=JqIrsM1hVvo8 ssl=false}
    {select zone from t_dns_records where zone = '$zone$' and status = 1}
    {select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data, '"')
    when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
    else data end from t_dns_records where zone = '$zone$' and host = '$record$' and status = 1}
    {}
    {select ttl, type, host, mx_priority, case when lower(type)='txt' then
    concat('"', data, '"') else data end, resp_person, serial, refresh, retry, expire,
    minimum from t_dns_records where zone = '$zone$' and status = 1}
    {select zone from t_dns_xfr_table where zone = '$zone$' and client = '$client$' and status = 1}";
    };

    named.conf(slave) 配置文件
    key "rndc-key" {
    algorithm hmac-md5;
    secret "mvCUyhyDvNNGywhoVHbSaQ==";
    };

    controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
    };


    options {
    listen-on port 53 {any;}; //开启侦听53端口,any表示接受任意ip连接
    directory "/usr/local/bind/var";
    pid-file "named.pid"; //文件内容就是named进程的id
    allow-query{any;}; //允许任意ip查询
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;}; //设置转发的公网ip
    };

    acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
    };

    logging {
    channel error_log {
    file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
    };

    channel query_log {
    file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
    severity debug;
    print-time yes;
    print-severity yes;
    print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
    };

    zone "phpfensi.com." IN {
    type slave;
    file "slaves/phpfensi.com.zone";
    masterfile-format text;
    masters{ 10.1.61.123; };
    };
     

    5. mysql 配置:
    create table `t_dns_records` (
    `id` bigint(20) not null auto_increment comment '主健',
    `zone` varchar(255) not null default '' comment '域名',
    `host` varchar(255) not null default '' comment '记录名称',
    `type` varchar(255) not null default '' comment '记录类型',
    `data` varchar(255) not null default '' comment '记录值',
    `ttl` int(11) default null comment 'ttl(存活时间)',
    `mx_priority` int(11) default null comment 'mx优先级',
    `refresh` int(11) default null comment '刷新时间间隔',
    `retry` int(11) default null comment '重试时间间隔',
    `expire` int(11) default null comment '过期时间',
    `minimum` int(11) default null comment '最小时间',
    `serial` bigint(20) default null comment '序列号,每次更改配置都会在原来的基础上加1',
    `resp_person` varchar(64) default null comment '责任人',
    `primary_ns` varchar(64) default null comment '主域名',
    `status` tinyint(4) default 1 comment '0:该记录无效, 1:该记录有效',
    `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
    `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
    primary key (`id`),
    key `ix_zone` (`zone`),
    key `ix_host` (`host`),
    key `ix_data` (`data`),
    key `ix_type` (`type`),
    key `ix_status` (`status`),
    key `ix_created_at` (`created_at`),
    key `ix_updated_at` (`updated_at`)
    ) engine=InnoDB default charset=utf8 comment='内网DNS记录';

    create table `t_dns_xfr_table` (
    `id` bigint(20) not null auto_increment comment '主健',
    `zone` varchar(255) not null default '' comment '域名',
    `client` varchar(255) not null default '' comment 'BIND SLAVE 客户端',
    `status` tinyint(4) default 1 comment '0:该记录无效, 1:该记录有效',
    `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
    `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
    primary key (`id`),
    key `ix_created_at` (`created_at`),
    key `ix_updated_at` (`updated_at`)
    ) engine=InnoDB default charset=utf8 comment='DNS传送信息';

    6. 插入数据

    插入正向解析数据
    INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'www', 'A', '1.1.1.1', '60');
    INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'cloud', 'A', '2.2.2.2', '60');
    INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'ns', 'A', '10.1.61.123', '60');
    INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'blog', 'CNAME', 'cloud.phpfensi.com.', '60');
    INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', '@', 'NS', 'ns.phpfensi.com.', '60');
    INSERT INTO t_dns_records (zone, host, type, ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES ('phpfensi.com', '@', 'SOA', '60', 'ns', '28800', '14400', '86400', '86400', '2012020809', 'admin');

    插入反向解析数据

    insert into t_dns_records (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com');   //添加SOA(授权区域定义)记录
    insert into t_dns_records (zone,host,type,data)values('1.168.192.in-addr.arpa','@','NS','node02.example.com.'); //添加NS(标记区域的域名服务器以及授权子域)记录
    insert into t_dns_records(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.'); //添加PTR(与A记录相反,将ip转换成主机名,反向解析操作)记录

    插入客户端数据

    insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.123")

    insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.124")

    8. debug 模式下运行 bind 服务
    # /usr/local/bind/sbin/named -g -d 1

    -g -d 1 是debug的参数 可以查看到后台的日志信息

    8. 测试结果:

    9. slave 配置

    zone "phpfensi.com." in {
    type slave;
    file "phpfensi.com";
    masterfile-format text;
    masters{ 10.1.61.120; };
    };

    masterfile-format 必须要手动设置, 要不然同步过来的是二进制文件, 无法阅览

     

     FAQ:

    1. salve 为什么无法同步master的数据

    1.1 检查 t_dns_xfr_table  是否配置相应的zone 及  client, client是slave的ip, 只有配置,slave才能被授权同步
    1.2 检查 SOA 序列号(serial),每次更改配置都会在原来的基础上加1, 保证master比slave大
    1.3 检查 refresh 字段, 一般设置300s, 5分钟同步一次


    2. 如何立刻同步zone的A记录

    1.1 在数据库更新记录后, 在slave节点上执行 rndc refresh xxx.com(你需要同步的zone)
     

     



  • 相关阅读:
    【Nginx+Tomcat】高性能负载均衡的Tomcat集群
    【JS-Excel】使用JS导出表格数据、附带解决科学计数法等问题
    【Util】日期工具类总结
    【SpringMVC】url映射传参
    【Linux+Windows】Linux,Windows打包发布到Tomcat并修改映射的ip地址
    【Spring】解决返回json乱码问题
    【API】高德地图API JS实现获取坐标和回显点标记
    ELK-Python(二)
    ELK-Python(一)
    zookeeper集群
  • 原文地址:https://www.cnblogs.com/weiguoyu/p/6601176.html
Copyright © 2011-2022 走看看