|
|
昨天看见新闻,说Bind 9.10.3版本已经正式发布了,迫不及待安装试试,,,
我前面的文章已经体验过 bind 9.10的RC版的个别新功能, 见文 Bind 9.10 源码安装 以及 新增redirect 类型 以及$GENERATE指令用法
系统环境:CentOS 6.6 x86_64
1,下载bind 9.10.3的源码包. http://isc.org
2,添加用户,和编译安装bind
1
2
3
4
5
6
| # tar xf bind-9.10.3.tar.gz
# cd bind-9.10.3
# groupadd -r named
# useradd -s /sbin/nologin -M -r -g named named
# ./configure --prefix=/usr/local/bind9.10.3 --with-dlz-mysql=/usr/local/mysql5.6.26/ --disable-chroot --enable-ipv6 --enable-threads --localstatedir=/var/ --with-python --datarootdir=/usr/
# make -j 4 && make install
|
3, 安装完成后,查看目录树,和检查能否运行
试运行下named
1
2
3
| # cd /usr/local/bind9.10.3/sbin/
# ./named
# ./named: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object file: No such file or directory
|
恩 好像要报错
1
2
3
4
| # find /usr/local/mysql5.6.26/ -iname libmysqlclient.so.18 //查找未找到库文件是否存在
/usr/local/mysql5.6.26/lib/libmysqlclient.so.18
# ln -s /usr/local/mysql5.6.26/lib/libmysqlclient.so.18 /usr/lib64/ //做个库文件的软连接
# ./named
|
恩,没报错了 .
1
2
3
4
5
6
7
8
| # named -V //查看bind目录配置信息和版本号
BIND 9.10.3 <id:2799933>
built by make with '--prefix=/usr/local/bind9.10.3' '--with-dlz-mysql=/usr/local/mysql5.6.26/' '--disable-chroot' '--enable-ipv6' '--enable-threads' '--localstatedir=/var/' '--with-python' '--datarootdir=/usr/'
compiled by GCC 4.4.7 20120313 (Red Hat 4.4.7-16)
compiled with OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
linked to OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
compiled with libxml2 version: 2.7.6
linked to libxml2 version: 20706
|
4, 配置bind 环境变量
1
2
3
| # chown -R named:named /usr/local/bind9.10.3/*
# echo 'export PATH=${PATH}:/usr/local/mysql5.6.26/bin/:/usr/local/bind9.10.3/sbin/' >> /etc/profile
# source /etc/profile //添加bind可执行程序的目录到环境变量
|
5, 配置rndc 配置named.conf
生成相关的key (命令需要执行几分钟)
1
| # rndc-confgen > /usr/local/bind9.10.3/etc/rndc.conf
|
1
2
| # cd /usr/local/bind9.10.3/
# sed -n 15,23s/"# "//p etc/rndc.conf >> etc/named.conf //添加rndc.conf中的末行到named.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| #### named.conf ######
options {
directory "/var/named/";
version "****";
recursion yes;
listen-on port 53 {any; };
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-query {any; };
blackhole {none; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "NFhQ****BmS**6IXgTw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
view "ours_domain" {
match-clients {127.0.0.1; };
allow-query-cache {any; };
allow-recursion {any; };
allow-transfer {none; };
#dlz "Mysql zone" {
# database "mysql
# {host=localhost dbname=named ssl=false port=3306 user=named pass=named}
# {select zone from dns_records where zone='$zone$'}
# {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and hos
t = '$record$'}";
#};
zone "." IN {
type hint;
file "named.ca";
};
};
|
系统启动服务脚本 v2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
| ####### /etc/init.d/named ########
#!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
Builddir=/usr/local/bind9.10.3
PidFile=/var/run/named/named.pid
LockFile=/var/lock/subsys/named
Sbindir=${Builddir}/sbin
Configfile=${Builddir}/etc/named.conf
CheckConf=${Builddir}/sbin/named-checkconf
named=named
[ -f ${Configfile} ] || echo "Can't find named.conf "exit 1
if [ ! -r ${Configfile} ]
then
echo "Error: ${Configfile} can't read!"
exit 1
else
${CheckConf}
if [ $? != 0 ]
then
echo -e "Please check config file in \033[31m${Configfile} \033[0m!"
exit 2
fi
fi
start() {
[ -x ${Builddir}/sbin/$named ] || exit 4
if [ -f $LockFile ]; then
echo -n "$named is already running..."
echo_failure
echo
exit 5
fi
echo -n "Starting $named: "
daemon --pidfile "$PidFile" ${Sbindir}/$named -u named -4 -c ${Configfile}
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $LockFile
return 0
else
rm -f $LockFile $PidFile
return 1
fi
}
stop() {
if [ ! -f $LockFile ];then
echo "$named is not started."
echo_failure
fi
echo -n "Stopping $named: "
killproc $named
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LockFile
return 0
}
restart() {
stop
sleep 1
start
}
reload() {
echo -n "Reloading $named: "
killproc $named -HUP
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof $named > /dev/null && [ -f $PidFile ]; then
echo "$named is running..."
else
echo "$named is stopped..."
fi
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
reload)
reload ;;
status)
status ;;
*)
echo "Usage:named {start|stop|status|reload|restart}"
exit 2;;
esac
|
1
2
3
| # ln -s /usr/local/bind9.10.3/bin/* /usr/bin/
# wget -O /var/named/named.ca //根dns列表
# service named restart
|
简单的使用dig 查询一下,看能否通过 . 根递归解析到域名.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
| [iyunv@16 /usr]#dig www.126.com @127.0.0.1
; <<>> DiG 9.10.3 <<>> www.126.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13070
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.126.com. IN A
;; ANSWER SECTION:
www.126.com. 18000 IN CNAME mcache.mail.163.com.
mcache.mail.163.com. 18000 IN CNAME email.163.com.lxdns.com.
email.163.com.lxdns.com. 600 IN CNAME mail163.xdwscache.ourglb0.com.
mail163.xdwscache.ourglb0.com. 120 IN A 115.231.82.101
mail163.xdwscache.ourglb0.com. 120 IN A 183.136.217.66
;; AUTHORITY SECTION:
ourglb0.com. 172800 IN NS ns1.ourglb0.com.
ourglb0.com. 172800 IN NS ns4.ourglb0.com.
ourglb0.com. 172800 IN NS ns3.ourglb0.com.
ourglb0.com. 172800 IN NS ns5.ourglb0.com.
ourglb0.com. 172800 IN NS ns2.ourglb0.com.
;; ADDITIONAL SECTION:
ns1.ourglb0.com. 172800 IN A 14.215.100.33
ns2.ourglb0.com. 172800 IN A 123.138.61.29
ns3.ourglb0.com. 172800 IN A 219.146.68.110
ns4.ourglb0.com. 172800 IN A 111.202.74.158
ns5.ourglb0.com. 172800 IN A 222.186.132.179
;; Query time: 342 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 18 00:08:38 CST 2015
;; MSG SIZE rcvd: 346
|
可以查询 ok
6, 配置 dlz 数据库查询.
6.1, 创建单独的数据库
1
2
| # mysql -h localhost -u root -p
> create database named;
|
6.2, 建表
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| > CREATE TABLE IF NOT EXISTS `dns_records` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`zone` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL DEFAULT '@',
`type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL,
`data` varchar(255) DEFAULT NULL,
`ttl` int(11) NOT NULL DEFAULT '3600',
`mx_priority` int(11) DEFAULT NULL,
`refresh` int(11) NOT NULL DEFAULT '28800',
`retry` int(11) NOT NULL DEFAULT '14400',
`expire` int(11) NOT NULL DEFAULT '86400',
`minimum` int(11) NOT NULL DEFAULT '86400',
`serial` bigint(20) NOT NULL DEFAULT '2015050917',
`resp_person` varchar(64) NOT NULL DEFAULT 'ddns.net',
`primary_ns` varchar(64) NOT NULL DEFAULT 'ns.ddns.net.',
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
|
6.3, 创建单独用户,并授权
1
2
| > grant all privileges on named.* to named_user identifed by "named_passwd";
> flush privileges;
|
6.4, 打开named.conf 中的查询注释语句
6.5, 插入数据
1
2
3
4
| > insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'www', 'A', '1.1.1.1', '60');
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'mail', 'CNAME', 'www', '60');
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', '@', 'NS', 'ns', '60');
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'ns', 'A', '127.0.0.1', '60');
|
6.6, 查询
1
2
3
4
| # dig @127.0.0.1
# dig mail.test.info @127.0.0.1
# dig -t NS test.info @127.0.0.1
# dig -t ANY test.info @127.0.0.1
|
数据库查询是实时的,每一次查询named都会到数据库查询一次(不会写入缓存),如果在查询过成功 mysql 服务宕机,那么就将无法返回结果,
另一方面,数据库中添加相应记录也是实时生效的,所以不需要再rndc reload 或 service named reload
另外:dlz查询 和 zone文件查询是可以并行的,如图,我这里测试的named.conf 配置内容.
可以看到,dlz查询是写在 v.info 之前.
mysql中并没有添加v.info 的响应记录.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| #dig www.v.info @127.0.0.1
; <<>> DiG 9.10.3 <<>> www.v.info @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1691
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.v.info. IN A
;; ANSWER SECTION:
www.v.info. 3600 IN CNAME ns.v.info.
ns.v.info. 3600 IN A 127.0.0.1
;; AUTHORITY SECTION:
v.info. 3600 IN NS ns.v.info.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 18 01:42:36 CST 2015
;; MSG SIZE rcvd: 86
|
也是可以查询的.
衍生实验:如果我在mysql中添加一条 v.info 域 www主机的记录呢 ?
1
| > insert into named.dns_records (zone, host, type, data, ttl) VALUES ('v.info', 'www', 'A', '1.2.3.5', '60');
|
数据库条目 ↑
zone文件条目 ↓
named.conf 配置文件中,dlz查询是在v.info 查询之前.
我们来查询下试试看会返回什么有趣的结果.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| #dig www.v.info @127.0.0.1
; <<>> DiG 9.10.3 <<>> www.v.info @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61180
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.v.info. IN A
;; ANSWER SECTION:
www.v.info. 3600 IN CNAME ns.v.info.
ns.v.info. 3600 IN A 127.0.0.1
;; AUTHORITY SECTION:
v.info. 3600 IN NS ns.v.info.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 18 01:49:32 CST 2015
;; MSG SIZE rcvd: 86
|
可见,返回的依旧是zone文件中记录的内容.
我们来回顾下理论知识
这也不难理解,named程序在启动的时候,会检查named.conf 配置文件,根据配置文件读取自己为master的zone文件进内存(对,直接读到内存),dlz查询是通过mysql得到结果的,自然不能一开始就把结果查询完,然后保存至内存,,, 所以zone文件的优先级始终高于dlz数据查询.
另一方面,由于每次查询非zone文件的区域时,到dlz查询 都会连接mysql(不管是sockes 还是 通过网络),肯定没有zone文件直接读取来的快(当然也不是非常慢),所以dlz查询服务器不适用下端大量查询,它适用于上端权威服务器,具有易于管理,实时生效的优点. 下端可以做slave 然后做高速缓存查询.
当然,你可以把dlz配置文件条目注释掉,虽然编译named的时候支持dlz ,但是不开启.就当zone文件的named使用,也可以 . 这就看自己的取舍了
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-9-18 11:35:13
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡