dns bind dlz 主从环境搭建

参考文档: http://blog.csdn.net/lishangwen_alan/article/details/53332889

              http://www.cnblogs.com/xiongpq/p/3384681.html

需求说明:  bind dlz 可以动态加载配置, 方便配置管理, 但是加载速度比较慢, bind file 速度比较快,但是修改文件容易出错,而且需要重启服务,会比较麻烦,

本文采用bind主从模式, master(bind dlz)用来做配置管理, slave(bind file)用来提供服务.

requirements:

两台服务器:   10.1.61.123(master)   10.1.61.124(slave)

mysql:  mysql-5.6.35.tar.gz

bind:    bind-9.11.0.tar.gz

1. mysql 编译安装:

 安装依赖包
 yum -y install make gcc-c++ cmake bison-devel  ncurses-devel
 
 下载mysql

 wget http://cdn.mysql.com/Downloads/MySQL-5.6/mysql-5.6.35.tar.gz

 tar xvf mysql-5.6.35.tar.gz

 cd mysql-5.6.35

 编译安装:

cmake 
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql 
-DMYSQL_DATADIR=/usr/local/mysql/data 
-DSYSCONFDIR=/etc 
-DWITH_MYISAM_STORAGE_ENGINE=1 
-DWITH_INNOBASE_STORAGE_ENGINE=1 
-DWITH_MEMORY_STORAGE_ENGINE=1 
-DWITH_READLINE=1 
-DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock 
-DMYSQL_TCP_PORT=3306 
-DENABLED_LOCAL_INFILE=1 
-DWITH_PARTITION_STORAGE_ENGINE=1 
-DEXTRA_CHARSETS=all 
-DDEFAULT_CHARSET=utf8 
-DDEFAULT_COLLATION=utf8_general_ci

make && make install

配置mysql
设置权限:
# groupadd mysql
# groupadd -g mysql mysql
# chown -R mysql:mysql /usr/local/mysql

初始化配置:
# cd /usr/local/mysql
# scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql

注意: 将/etc/my.cnf 改成其他名字,以防冲突

启动MySQl

# cp support-files/mysql.server /etc/init.d/mysql
# chkconfig mysql on
# service mysql start  --启动MySQL

配置用户

# PATH=/usr/local/mysql/bin:$PATH

# export PATH

# source /etc/profile

# mysql -uroot
mysql> set password = password('123456')

设置远程访问
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;

mysql 配置完成


2. bind 编译安装(bind-9.11.0.tar.gz):
 # ./configure --prefix=/usr/local/bind/ --with-dlz-mysql=/usr/local/mysql --enable-threads=no --enable-largefile --disable-ipv6 --with-openssl=no 

  //--enable-threads 多线程支持（官网解析是需要关闭）,--enable-largefile 启用大文件支持,--disable-ipv6 关闭ipv6支持,--with-dlz-mysql意思是使用mysql存储域名解析 
 
 # make && make install

3. 配置bind:
# cd /usr/local/bind/etc/ 
# /usr/local/bind/sbin/rndc-confgen > rndc.conf 
# cat rndc.conf >rndc.key 
# tail -10 rndc.conf | head -9 | sed s/# //g > named.conf

4.  named.conf (master)文件

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;};    //寮�鍚�睛鍚�53绔�彛锛宎ny琛ㄧず鎺ュ彈浠绘剰ip杩炴帴
    directory "/usr/local/bind/var";
    pid-file "named.pid";  //鏂囦欢鍐呭�灏辨槸named杩涚▼鐨刬d  
    allow-query{any;};     //鍏佽�浠绘剰ip鏌ヨ�
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;};   //璁剧疆杞�彂鐨勫叕缃慽p
};

acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

dlz "Mysql zone" {
   database "mysql
   {dbname=db_ops port=3306 host=119.90.48.154 user=op_oss pass=JqIrsM1hVvo8 ssl=false}
   {select zone from t_dns_records where zone = '$zone$' and status = 1}
   {select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data, '"')
        when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
        else data end from t_dns_records where zone = '$zone$' and host = '$record$' and status = 1}
   {}
   {select ttl, type, host, mx_priority, case when lower(type)='txt' then
        concat('"', data, '"') else data end, resp_person, serial, refresh, retry, expire,
        minimum from t_dns_records where zone = '$zone$' and status = 1}
   {select zone from t_dns_xfr_table where zone = '$zone$' and client = '$client$' and status = 1}";
};

named.conf(slave) 配置文件

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;};    //开启侦听53端口，any表示接受任意ip连接
    directory "/usr/local/bind/var";
    pid-file "named.pid";  //文件内容就是named进程的id  
    allow-query{any;};     //允许任意ip查询
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;};   //设置转发的公网ip
};

acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

zone "phpfensi.com." IN {
      type slave;
      file "slaves/phpfensi.com.zone";
      masterfile-format text;
      masters{ 10.1.61.123; };
};

5. mysql 配置:

create table `t_dns_records` (
  `id` bigint(20) not null auto_increment comment '主健',
  `zone` varchar(255) not null default '' comment '域名',
  `host` varchar(255) not null default '' comment '记录名称',
  `type` varchar(255) not null default '' comment '记录类型',
  `data` varchar(255) not null default '' comment '记录值',
  `ttl` int(11) default null comment 'ttl(存活时间)',
  `mx_priority` int(11) default null comment 'mx优先级',
  `refresh` int(11) default null comment '刷新时间间隔',
  `retry` int(11)  default null comment '重试时间间隔',
  `expire` int(11) default null comment '过期时间',
  `minimum` int(11) default null comment '最小时间',
  `serial` bigint(20) default null comment '序列号,每次更改配置都会在原来的基础上加1',
  `resp_person` varchar(64) default null comment '责任人',
  `primary_ns` varchar(64) default null comment '主域名',
  `status` tinyint(4) default 1 comment '0:该记录无效, 1:该记录有效',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
  `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
  primary key (`id`),
  key `ix_zone` (`zone`),
  key `ix_host` (`host`),
  key `ix_data` (`data`),
  key `ix_type` (`type`),
  key `ix_status` (`status`),
  key `ix_created_at` (`created_at`),
  key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment='内网DNS记录';

create table `t_dns_xfr_table` (
  `id` bigint(20) not null auto_increment comment '主健',
  `zone` varchar(255) not null default '' comment '域名',
  `client` varchar(255) not null default '' comment 'BIND SLAVE 客户端',
  `status` tinyint(4) default 1 comment '0:该记录无效, 1:该记录有效',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
  `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
  primary key (`id`),
  key `ix_created_at` (`created_at`),
  key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment='DNS传送信息';

6. 插入数据

插入正向解析数据

INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'www', 'A', '1.1.1.1', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'cloud', 'A', '2.2.2.2', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'ns', 'A', '10.1.61.123', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'blog', 'CNAME', 'cloud.phpfensi.com.', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', '@', 'NS', 'ns.phpfensi.com.', '60');
INSERT INTO t_dns_records (zone, host, type,  ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES ('phpfensi.com', '@', 'SOA', '60', 'ns', '28800', '14400', '86400', '86400', '2012020809', 'admin');

插入反向解析数据

insert into t_dns_records (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com');   //添加SOA（授权区域定义）记录
insert into t_dns_records (zone,host,type,data)values('1.168.192.in-addr.arpa','@','NS','node02.example.com.');   //添加NS（标记区域的域名服务器以及授权子域）记录
insert into t_dns_records(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.');     //添加PTR（与A记录相反，将ip转换成主机名，反向解析操作）记录

插入客户端数据

insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.123")

insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.124")

８． debug 模式下运行 bind 服务
# /usr/local/bind/sbin/named -g -d 1

-g -d 1 是debug的参数 可以查看到后台的日志信息

8. 测试结果:

9. slave 配置

zone "phpfensi.com." in {
type slave;
file "phpfensi.com";
masterfile-format text;
masters{ 10.1.61.120; };
};

masterfile-format 必须要手动设置， 要不然同步过来的是二进制文件， 无法阅览

 FAQ:

1. salve 为什么无法同步master的数据

1.1 检查 t_dns_xfr_table  是否配置相应的zone 及  client, client是slave的ip， 只有配置，slave才能被授权同步
1.2 检查 SOA 序列号(serial),每次更改配置都会在原来的基础上加1, 保证master比slave大
1.3 检查 refresh 字段， 一般设置300s， 5分钟同步一次

2. 如何立刻同步zone的A记录

1.1 在数据库更新记录后， 在slave节点上执行 rndc refresh xxx.com(你需要同步的zone)