参考文档: http://blog.csdn.net/lishangwen_alan/article/details/53332889
http://www.cnblogs.com/xiongpq/p/3384681.html
需求说明: bind dlz 可以动态加载配置, 方便配置管理, 但是加载速度比较慢, bind file 速度比较快,但是修改文件容易出错,而且需要重启服务,会比较麻烦,
本文采用bind主从模式, master(bind dlz)用来做配置管理, slave(bind file)用来提供服务.
requirements:
两台服务器: 10.1.61.123(master) 10.1.61.124(slave)
mysql: mysql-5.6.35.tar.gz
bind: bind-9.11.0.tar.gz
1. mysql 编译安装:
安装依赖包
yum -y install make gcc-c++ cmake bison-devel ncurses-devel
下载mysql
wget http://cdn.mysql.com/Downloads/MySQL-5.6/mysql-5.6.35.tar.gz
tar xvf mysql-5.6.35.tar.gz
cd mysql-5.6.35
编译安装:
cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DSYSCONFDIR=/etc -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock -DMYSQL_TCP_PORT=3306 -DENABLED_LOCAL_INFILE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci make && make install
配置mysql
设置权限:
# groupadd mysql
# groupadd -g mysql mysql
# chown -R mysql:mysql /usr/local/mysql
初始化配置:
# cd /usr/local/mysql
# scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql
注意: 将/etc/my.cnf 改成其他名字,以防冲突
启动MySQl
# cp support-files/mysql.server /etc/init.d/mysql
# chkconfig mysql on
# service mysql start --启动MySQL
配置用户
# PATH=/usr/local/mysql/bin:$PATH
# export PATH
# source /etc/profile
# mysql -uroot
mysql> set password = password('123456')
设置远程访问
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
mysql 配置完成
2. bind 编译安装(bind-9.11.0.tar.gz):
# ./configure --prefix=/usr/local/bind/ --with-dlz-mysql=/usr/local/mysql --enable-threads=no --enable-largefile --disable-ipv6 --with-openssl=no
//--enable-threads 多线程支持(官网解析是需要关闭),--enable-largefile 启用大文件支持,--disable-ipv6 关闭ipv6支持,--with-dlz-mysql意思是使用mysql存储域名解析
# make && make install
3. 配置bind:
# cd /usr/local/bind/etc/
# /usr/local/bind/sbin/rndc-confgen > rndc.conf
# cat rndc.conf >rndc.key
# tail -10 rndc.conf | head -9 | sed s/# //g > named.conf
4. named.conf (master)文件
key "rndc-key" {
algorithm hmac-md5;
secret "mvCUyhyDvNNGywhoVHbSaQ==";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
listen-on port 53 {any;}; //寮�鍚�睛鍚�53绔�彛锛宎ny琛ㄧず鎺ュ彈浠绘剰ip杩炴帴
directory "/usr/local/bind/var";
pid-file "named.pid"; //鏂囦欢鍐呭�灏辨槸named杩涚▼鐨刬d
allow-query{any;}; //鍏佽�浠绘剰ip鏌ヨ�
allow-transfer { 10.1.61.124; };
also-notify { 10.1.61.124; };
forwarders{114.114.114.114;8.8.8.8;}; //璁剧疆杞�彂鐨勫叕缃慽p
};
acl "dns-ip-list"{
10.1.61.123;
10.1.61.124;
};
logging {
channel error_log {
file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { error_log; };
category queries { query_log; };
};
dlz "Mysql zone" {
database "mysql
{dbname=db_ops port=3306 host=119.90.48.154 user=op_oss pass=JqIrsM1hVvo8 ssl=false}
{select zone from t_dns_records where zone = '$zone$' and status = 1}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('"', data, '"')
when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
else data end from t_dns_records where zone = '$zone$' and host = '$record$' and status = 1}
{}
{select ttl, type, host, mx_priority, case when lower(type)='txt' then
concat('"', data, '"') else data end, resp_person, serial, refresh, retry, expire,
minimum from t_dns_records where zone = '$zone$' and status = 1}
{select zone from t_dns_xfr_table where zone = '$zone$' and client = '$client$' and status = 1}";
};
named.conf(slave) 配置文件
key "rndc-key" {
algorithm hmac-md5;
secret "mvCUyhyDvNNGywhoVHbSaQ==";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
listen-on port 53 {any;}; //开启侦听53端口,any表示接受任意ip连接
directory "/usr/local/bind/var";
pid-file "named.pid"; //文件内容就是named进程的id
allow-query{any;}; //允许任意ip查询
allow-transfer { 10.1.61.124; };
also-notify { 10.1.61.124; };
forwarders{114.114.114.114;8.8.8.8;}; //设置转发的公网ip
};
acl "dns-ip-list"{
10.1.61.123;
10.1.61.124;
};
logging {
channel error_log {
file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { error_log; };
category queries { query_log; };
};
zone "phpfensi.com." IN {
type slave;
file "slaves/phpfensi.com.zone";
masterfile-format text;
masters{ 10.1.61.123; };
};
5. mysql 配置:
create table `t_dns_records` (
`id` bigint(20) not null auto_increment comment '主健',
`zone` varchar(255) not null default '' comment '域名',
`host` varchar(255) not null default '' comment '记录名称',
`type` varchar(255) not null default '' comment '记录类型',
`data` varchar(255) not null default '' comment '记录值',
`ttl` int(11) default null comment 'ttl(存活时间)',
`mx_priority` int(11) default null comment 'mx优先级',
`refresh` int(11) default null comment '刷新时间间隔',
`retry` int(11) default null comment '重试时间间隔',
`expire` int(11) default null comment '过期时间',
`minimum` int(11) default null comment '最小时间',
`serial` bigint(20) default null comment '序列号,每次更改配置都会在原来的基础上加1',
`resp_person` varchar(64) default null comment '责任人',
`primary_ns` varchar(64) default null comment '主域名',
`status` tinyint(4) default 1 comment '0:该记录无效, 1:该记录有效',
`created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
primary key (`id`),
key `ix_zone` (`zone`),
key `ix_host` (`host`),
key `ix_data` (`data`),
key `ix_type` (`type`),
key `ix_status` (`status`),
key `ix_created_at` (`created_at`),
key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment='内网DNS记录';
create table `t_dns_xfr_table` (
`id` bigint(20) not null auto_increment comment '主健',
`zone` varchar(255) not null default '' comment '域名',
`client` varchar(255) not null default '' comment 'BIND SLAVE 客户端',
`status` tinyint(4) default 1 comment '0:该记录无效, 1:该记录有效',
`created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
primary key (`id`),
key `ix_created_at` (`created_at`),
key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment='DNS传送信息';
6. 插入数据
插入正向解析数据
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'www', 'A', '1.1.1.1', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'cloud', 'A', '2.2.2.2', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'ns', 'A', '10.1.61.123', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', 'blog', 'CNAME', 'cloud.phpfensi.com.', '60');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES ('phpfensi.com', '@', 'NS', 'ns.phpfensi.com.', '60');
INSERT INTO t_dns_records (zone, host, type, ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES ('phpfensi.com', '@', 'SOA', '60', 'ns', '28800', '14400', '86400', '86400', '2012020809', 'admin');
插入反向解析数据
insert into t_dns_records (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values ('1.168.192in-addr.arpa','@','SOA','node02.example.com',86400,NULL,3600,15,86400,3600,2008082700,'node02.example.com','node02.example.com'); //添加SOA(授权区域定义)记录
insert into t_dns_records (zone,host,type,data)values('1.168.192.in-addr.arpa','@','NS','node02.example.com.'); //添加NS(标记区域的域名服务器以及授权子域)记录
insert into t_dns_records(zone,host,type,data)values('1.168.192.in-addr.arpa','250','PTR','node02.example.com.'),('1.168.192.in-addr.arpa','111','PTR','x.example.com.'); //添加PTR(与A记录相反,将ip转换成主机名,反向解析操作)记录
插入客户端数据
insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.123")
insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.124")
8. debug 模式下运行 bind 服务
# /usr/local/bind/sbin/named -g -d 1
-g -d 1 是debug的参数 可以查看到后台的日志信息
8. 测试结果:
9. slave 配置
zone "phpfensi.com." in {
type slave;
file "phpfensi.com";
masterfile-format text;
masters{ 10.1.61.120; };
};
masterfile-format 必须要手动设置, 要不然同步过来的是二进制文件, 无法阅览
FAQ:
1. salve 为什么无法同步master的数据
1.1 检查 t_dns_xfr_table 是否配置相应的zone 及 client, client是slave的ip, 只有配置,slave才能被授权同步
1.2 检查 SOA 序列号(serial),每次更改配置都会在原来的基础上加1, 保证master比slave大
1.3 检查 refresh 字段, 一般设置300s, 5分钟同步一次
2. 如何立刻同步zone的A记录
1.1 在数据库更新记录后, 在slave节点上执行 rndc refresh xxx.com(你需要同步的zone)