源码安装Bind 9.10 正式版 开启DLZ数据库支持 和 数据库view查询
生活随笔
收集整理的这篇文章主要介绍了
源码安装Bind 9.10 正式版 开启DLZ数据库支持 和 数据库view查询
小编觉得挺不错的,现在分享给大家,帮大家做个参考.
昨天看见新闻,说Bind 9.10.3版本已经正式发布了,迫不及待安装试试,,,
我前面的文章已经体验过 bind 9.10的RC版的个别新功能, 见文 Bind 9.10 源码安装 以及 新增redirect 类型 以及$GENERATE指令用法
系统环境:CentOS 6.6 x86_64
1,下载bind 9.10.3的源码包. http://isc.org
2,添加用户,和编译安装bind
# tar xf bind-9.10.3.tar.gz # cd bind-9.10.3 # groupadd -r named # useradd -s /sbin/nologin -M -r -g named named # ./configure --prefix=/usr/local/bind9.10.3 --with-dlz-mysql=/usr/local/mysql5.6.26/ --disable-chroot --enable-ipv6 --enable-threads --localstatedir=/var/ --with-python --datarootdir=/usr/ # make -j 4 && make install3, 安装完成后,查看目录树,和检查能否运行
试运行下named
# cd /usr/local/bind9.10.3/sbin/ # ./named # ./named: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object file: No such file or directory恩 好像要报错
# find /usr/local/mysql5.6.26/ -iname libmysqlclient.so.18 //查找未找到库文件是否存在 /usr/local/mysql5.6.26/lib/libmysqlclient.so.18 # ln -s /usr/local/mysql5.6.26/lib/libmysqlclient.so.18 /usr/lib64/ //做个库文件的软连接 # ./named恩,没报错了 .
# named -V //查看bind目录配置信息和版本号 BIND 9.10.3 <id:2799933> built by make with '--prefix=/usr/local/bind9.10.3' '--with-dlz-mysql=/usr/local/mysql5.6.26/' '--disable-chroot' '--enable-ipv6' '--enable-threads' '--localstatedir=/var/' '--with-python' '--datarootdir=/usr/' compiled by GCC 4.4.7 20120313 (Red Hat 4.4.7-16) compiled with OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013 linked to OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 compiled with libxml2 version: 2.7.6 linked to libxml2 version: 20706
4, 配置bind 环境变量
# chown -R named:named /usr/local/bind9.10.3/* # echo 'export PATH=${PATH}:/usr/local/mysql5.6.26/bin/:/usr/local/bind9.10.3/sbin/' >> /etc/profile # source /etc/profile //添加bind可执行程序的目录到环境变量5, 配置rndc 配置named.conf
生成相关的key (命令需要执行几分钟)
系统启动服务脚本 v2
#!/bin/bash # named a network name service. # chkconfig: 345 35 75 # description: a name server[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functionsBuilddir=/usr/local/bind9.10.3 PidFile=/var/run/named/named.pid LockFile=/var/lock/subsys/named Sbindir=${Builddir}/sbin Configfile=${Builddir}/etc/named.conf CheckConf=${Builddir}/sbin/named-checkconf named=namedif [ ! -f ${Configfile} ] thenecho "Can't find named.conf " exit 1 fiif [ ! -d /var/run/named/ ] thenecho "could not open directory '/var/run/named/': Permission denied " exit 1 elif [ ! -w /var/run/named/ ]thenecho "could not open directory '/var/run/named/': Permission denied "exit 1 fiif [ ! -r ${Configfile} ] thenecho "Error: ${Configfile} is not readfile!"exit 1 else$CheckConfif [ $? != 0 ]thenecho -e "Please check config file in \033[31m${Configfile} \033[0m!"exit 2fi fistart() {[ -x ${Builddir}/sbin/$named ] || exit 4if [ -f $LockFile ]; thenecho -n "$named is already running..."echo_failureechoexit 5fiecho -n "Starting $named: "daemon --pidfile "$PidFile" ${Sbindir}/$named -u named -4 -c ${Configfile}RETVAL=$?echoif [ $RETVAL -eq 0 ]; thentouch $LockFilereturn 0elserm -f $LockFile $PidFilereturn 1fi }stop() {if [ ! -f $LockFile ];thenecho "$named is not started."echo_failurefiecho -n "Stopping $named: "killproc $namedRETVAL=$?echo[ $RETVAL -eq 0 ] && rm -f $LockFilereturn 0 }restart() {stopsleep 1start }reload() {echo -n "Reloading $named: "killproc $named -HUPRETVAL=$?echoreturn $RETVAL }status() {if pidof $named > /dev/null && [ -f $PidFile ]; thenecho "$named is running..."elseecho "$named is stopped..."fi }case $1 in start)start ;; stop) stop ;; restart)restart ;; reload)reload ;; status)status ;; *)echo "Usage:named {start|stop|status|reload|restart}"exit 2;; esac# ln -s /usr/local/bind9.10.3/bin/* /usr/bin/ # wget -O /var/named/named.ca http://www.internic.net/domain/named.root //根dns列表 # service named restart简单的使用dig 查询一下,看能否通过 . 根递归解析到域名.
[root@16 /usr]#dig www.126.com @127.0.0.1; <<>> DiG 9.10.3 <<>> www.126.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13070 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 5, ADDITIONAL: 6;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.126.com. IN A;; ANSWER SECTION: www.126.com. 18000 IN CNAME mcache.mail.163.com. mcache.mail.163.com. 18000 IN CNAME email.163.com.lxdns.com. email.163.com.lxdns.com. 600 IN CNAME mail163.xdwscache.ourglb0.com. mail163.xdwscache.ourglb0.com. 120 IN A 115.231.82.101 mail163.xdwscache.ourglb0.com. 120 IN A 183.136.217.66;; AUTHORITY SECTION: ourglb0.com. 172800 IN NS ns1.ourglb0.com. ourglb0.com. 172800 IN NS ns4.ourglb0.com. ourglb0.com. 172800 IN NS ns3.ourglb0.com. ourglb0.com. 172800 IN NS ns5.ourglb0.com. ourglb0.com. 172800 IN NS ns2.ourglb0.com.;; ADDITIONAL SECTION: ns1.ourglb0.com. 172800 IN A 14.215.100.33 ns2.ourglb0.com. 172800 IN A 123.138.61.29 ns3.ourglb0.com. 172800 IN A 219.146.68.110 ns4.ourglb0.com. 172800 IN A 111.202.74.158 ns5.ourglb0.com. 172800 IN A 222.186.132.179;; Query time: 342 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Sep 18 00:08:38 CST 2015 ;; MSG SIZE rcvd: 346可以查询 ok
6, 配置 dlz 数据库查询.
6.1, 创建单独的数据库
# mysql -h localhost -u root -p > create database named;6.2, 建表
> CREATE TABLE IF NOT EXISTS `dns_records` (`id` int(10) unsigned NOT NULL AUTO_INCREMENT,`zone` varchar(255) NOT NULL,`host` varchar(255) NOT NULL DEFAULT '@',`type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL,`data` varchar(255) DEFAULT NULL,`ttl` int(11) NOT NULL DEFAULT '3600',`mx_priority` int(11) DEFAULT NULL,`view` enum('any', 'Telecom', 'Unicom', 'CMCC', 'ours') NOT NULL DEFAULT "any" ,`priority` tinyint UNSIGNED NOT NULL DEFAULT '255',`refresh` int(11) NOT NULL DEFAULT '28800',`retry` int(11) NOT NULL DEFAULT '14400',`expire` int(11) NOT NULL DEFAULT '86400',`minimum` int(11) NOT NULL DEFAULT '86400',`serial` bigint(20) NOT NULL DEFAULT '2015050917',`resp_person` varchar(64) NOT NULL DEFAULT 'ddns.net',`primary_ns` varchar(64) NOT NULL DEFAULT 'ns.ddns.net.',PRIMARY KEY (`id`),KEY `type` (`type`),KEY `host` (`host`),KEY `zone` (`zone`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;view:是区分不同网络区域的字段.
Priority:是区分不同优先级的字段.
6.3, 创建单独用户,并授权
> grant all privileges on named.* to named_user identifed by "named_passwd"; > flush privileges;6.4, 打开named.conf 中的查询注释语句
6.5, 插入数据
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'www', 'A', '1.1.1.1', '60'); > insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'mail', 'CNAME', 'www', '60'); > insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', '@', 'NS', 'ns', '60'); > insert into named.dns_records (zone, host, type, data, ttl) VALUES ('test.info', 'ns', 'A', '127.0.0.1', '60');6.6, 查询
# dig @127.0.0.1 # dig mail.test.info @127.0.0.1 # dig -t NS test.info @127.0.0.1 # dig -t ANY test.info @127.0.0.1数据库查询是实时的,每一次查询named都会到数据库查询一次(不会写入缓存),如果在查询过成功 mysql 服务宕机,那么就将无法返回结果,
另一方面,数据库中添加相应记录也是实时生效的,所以不需要再rndc reload 或 service named reload
另外:dlz查询 和 zone文件查询是可以并行的,如图,我这里测试的named.conf 配置内容.
可以看到,dlz查询是写在 v.info 之前.
mysql中并没有添加v.info 的响应记录.
#dig www.v.info @127.0.0.1; <<>> DiG 9.10.3 <<>> www.v.info @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1691 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.v.info. IN A;; ANSWER SECTION: www.v.info. 3600 IN CNAME ns.v.info. ns.v.info. 3600 IN A 127.0.0.1;; AUTHORITY SECTION: v.info. 3600 IN NS ns.v.info.;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Sep 18 01:42:36 CST 2015 ;; MSG SIZE rcvd: 86也是可以查询的.
衍生实验:如果我在mysql中添加一条 v.info 域 www主机的记录呢 ?
> insert into named.dns_records (zone, host, type, data, ttl) VALUES ('v.info', 'www', 'A', '1.2.3.5', '60');数据库条目 ↑
zone文件条目 ↓
named.conf 配置文件中,dlz查询是在v.info 查询之前.
我们来查询下试试看会返回什么有趣的结果.
#dig www.v.info @127.0.0.1; <<>> DiG 9.10.3 <<>> www.v.info @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61180 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.v.info. IN A;; ANSWER SECTION: www.v.info. 3600 IN CNAME ns.v.info. ns.v.info. 3600 IN A 127.0.0.1;; AUTHORITY SECTION: v.info. 3600 IN NS ns.v.info.;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Sep 18 01:49:32 CST 2015 ;; MSG SIZE rcvd: 86可见,返回的依旧是zone文件中记录的内容.
我们来回顾下理论知识
这也不难理解,named程序在启动的时候,会检查named.conf 配置文件,根据配置文件读取自己为master的zone文件进内存(对,直接读到内存),dlz查询是通过mysql得到结果的,自然不能一开始就把结果查询完,然后保存至内存,,, 所以zone文件的优先级始终高于dlz数据查询.
另一方面,由于每次查询非zone文件的区域时,到dlz查询 都会连接mysql(不管是sockes 还是 通过网络),肯定没有zone文件直接读取来的快(当然也不是非常慢),所以dlz查询服务器不适用下端大量查询,它适用于上端权威服务器,具有易于管理,实时生效的优点. 下端可以做slave 然后做高速缓存查询.
当然,你可以把dlz配置文件条目注释掉,虽然编译named的时候支持dlz ,但是不开启.就当zone文件的named使用,也可以 . 这就看自己的取舍了
转载于:https://blog.51cto.com/professor/1695829
总结
以上是生活随笔为你收集整理的源码安装Bind 9.10 正式版 开启DLZ数据库支持 和 数据库view查询的全部内容,希望文章能够帮你解决所遇到的问题。
- 上一篇: nc 结合htc hts 反弹shell
- 下一篇: windows下搭建Apache+Mys