693
bind+dlz+mysql
安裝bind
shell>tar zxvf bind-9.5.0-p2.tar.gz
shell>cd bind-9.5.0-p2
shell>./configure –prefix=/usr/local/bind –with-dlz-mysql=/usr/local/mysql –enable-threads=no –disable-openssl-version-check
–with-dlz-mysql=/usr/local/mysql 要求bind安裝中支持DLZ
–enabl-threads=no 關閉多線程
–disable-openssl-version-check 這項是禁止openssl版本的檢查
shell>make
shell>make install
3、創建數據庫、表
mysql>create database mydata;
mysql>use mydata;
mysql>create table other_dns_records (
>zone varchar (255),
>host varchar (255),
>type varchar (255),
>data varchar (255),
>ttl int(11),
>mx_priority varchar (255),
>refresh int(11),
>retry int(11),
>expire int(11),
>minimum int(11),
>serial bigint(20),
>resp_person varchar (255),
>primary_ns varchar (255)
>);
mysql>create table cnc_dns_records (
>zone varchar (255),
>host varchar (255),
>type varchar (255),
>data varchar (255),
>ttl int(11),
>mx_priority varchar (255),
>refresh int(11),
>retry int(11),
>expire int(11),
>minimum int(11),
>serial bigint(20),
>resp_person varchar (255),
>primary_ns varchar (255)
>);
>//向表中添加一條記錄
>insert into other_dns_records (zone,host,type,data,ttl,retry) values (’aaa.com’,'www’,'A’,'192.168.199.2′,’86400′,’15′);
>insert into cnc_dns_records (zone,host,type,data,ttl,retry) values (’bbb.com’,'www’,'A’,'192.199.22.22′,’86400′,’13′);
4、編輯/usr/local/bind9/etc/named.conf
>cd /usr/local/bind9/etc
>../sbin/rndc-config -a
>../sbin/rndc-config > named.conf
>vi !$
//刪除# Use with the following in named.conf, adjusting the allow list as needed: 以前的行
將# Use with the following in named.conf, adjusting the allow list as needed: 和 # End of named.conf 之間的行前#號
最終的etc/named.conf文件如下:
# Use with the following in named.conf, adjusting the allow list as needed:
key “rndc-key” {
algorithm hmac-md5;
secret “2rkqGUle0VlsawCL2+IKsA==”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
};
# End of named.conf
options {
directory “/usr/local/binid/etc/”;
pid-file “/usr/local/binid/var/run/named.pid”;
allow-query { any; };
recursion no;
version “gaint-d1″;
};
include “/usr/local/binid/etc/cnc.cl”;
include “/usr/local/binid/etc/other.cl”;
view “cnc-user” {
match-clients { cnc; };
dlz “Mysql zone” {
database “mysql
{host=localhost dbname=mydb ssl=false port=3306 user=root pass=abc123!}
{select zone from cnc_dns_records where zone=’%zone%’}
{select ttl, type, mx_priority, case when lower(type)=’txt’ then concat(’\”‘, data, ‘\”‘)
when lower(type)=’soa’ then concat_ws(’ ‘,data,resp_person,serial,refresh,retry,expire,minimum) else data end as mydata from cnc_dns_records where zone=’%zone%’ and host=’%record%’}”;
};
};
view “other-user” {
match-clients { other; };
dlz “Mysql zone” {
database “mysql
{host=localhost dbname=mydb ssl=false port=3306 user=root pass=abc123!}
{select zone from other_dns_records where zone=’%zone%’}
{select ttl, type, mx_priority, case when lower(type)=’txt’ then concat(’\”‘, data, ‘\”‘)
when lower(type)=’soa’ then concat_ws(’ ‘,data,resp_person,serial,refresh,retry,expire,minimum) else data end as mydata from other_dns_records where zone=’%zone%’ and host=’%record%’}”;
};
};
etc/cnc.cl如下:
acl “cnc” {
192.168.9.0/24;
};
etc/other.cl如下:
acl “other” {
127.0.0.0/18;
};
5、測試
打開named測試/usr/local/bind9/sbin/named -g -d 1 -c /usr/local/bind9/etc/named.conf
注:如果不想寫全路徑來啟動bind和mysql的話,可以編輯:
>vi /root/.bash_profile
加入如下兩行:
PATH=$PATH:/usr/local/bind9/sbin
PATH=$PATH:/usr/local/mysql/bin/
保存退出
> . /root/.bash_profile (或者:. !$)
這次的實驗隻是做了一部分,可能也會用到區域傳送。這些查詢可以參照
BIND-DLZ
【zonshy】
未完待續……
最後更新:2017-01-04 22:34:34