测试环境:centos7,ip地址为,192.168.0.6,先打开dns的防火墙
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=953/udp --permanent
firewall-cmd --reload
安装必备组件
yum install -y groupinstall pcre-devel zlib-devel gcc gcc-c++ autoconf automake make pcre-devel zlib-devel openssl-devel openldap-devel unixODBC-devel gcc libtool openssl
安装mysql:https://www.osyum.com/article/show/319/
yum install mysql-community-devel.x86_64 -y
编辑/etc/my.conf,在[mysqld]下加入
wait_timeout = 864000
interactive_timeout = 864000
可有效的防止mysql无查询重连接问题
创建软连
ln -sv /usr/lib64/mysql/libmysqlclient.so.18 /usr/lib/libmysqlclient.so
下载并编译安装bind9
wget http://ftp.isc.org/isc/bind9/9.12.1/bind-9.12.1.tar.gz
tar zxvf bind-9.12.1.tar.gz
cd bind-9.12.1
./configure --prefix=/usr/local/bind --enable-threads --enable-largefile --disable-ipv6 --with-openssl --with-dlz-mysql=/usr
make&&make install
创建bind运行用户组使其运行在用户模式下,增强安全性
useradd -s /sbin/nologin -M named
mkdir /usr/local/bind/log/
chown -R named:named /usr/local/bind/
加入环境变量
echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile
source /etc/profile
生成配置文件
cd /usr/local/bind/etc/
rndc-confgen -r /dev/urandom > rndc.conf
head -5 rndc.conf >named.conf
下载ca文件
wget http://www.internic.net/domain/named.root
编辑named.conf文件,增加以下内容
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel bind_log {
file "/tmp/bind.log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
bind_log;
};
};
options {
listen-on port 53 { any; };
directory "/usr/local/bind";
Pid-file "named.pid";
allow-query-cache { any; };
allow-query { any; };
};
dlz "mysql-dlz" {
database "mysql
{host=127.0.0.1 dbname=bind ssl=false port=3306 user=bind pass=W123456W^&}
{select zone from dns_records where zone = '$zone$' and view = 'any' limit 1}
{select ttl,type,if(mx_priority>0,mx_priority,NULL),case when lower(type)='txt' then concat('"',data,'"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '$zone$' and host = '$record$' and view = 'any'}";
};
#include "/usr/local/bind/etc/default.zones";
注意以上段在concat('"',data,'"')中少了两个反杠,正确应该是特别注意
配置mysql,创建一个bind的用户和数据库密码为W123456W^&
mysql -u root -p
输入mysql的root密码
create database bind;
GRANT ALL PRIVILEGES ON bind.* TO 'bind'@'%' IDENTIFIED BY 'W123456W^&';
进入bind数据库并创建表,注意修改其中的ns.osyum.com和ns1.osyum.com
use bind;
CREATE TABLE IF NOT EXISTS `dns_records` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`zone` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL DEFAULT '@',
`type` enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL') NOT NULL,
`data` varchar(255) DEFAULT NULL,
`ttl` int(11) NOT NULL DEFAULT '3600',
`mx_priority` int(11) DEFAULT NULL,
`view` enum('any', 'Telecom', 'Unicom', 'CMCC', 'ours') NOT NULL DEFAULT "any" ,
`priority` tinyint UNSIGNED NOT NULL DEFAULT '255',
`refresh` int(11) NOT NULL DEFAULT '28800',
`retry` int(11) NOT NULL DEFAULT '14400',
`expire` int(11) NOT NULL DEFAULT '86400',
`minimum` int(11) NOT NULL DEFAULT '86400',
`serial` bigint(20) NOT NULL DEFAULT '2015050917',
`resp_person` varchar(64) NOT NULL DEFAULT 'ns.osyum.com',
`primary_ns` varchar(64) NOT NULL DEFAULT 'ns1.osyum.com.',
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
刷新mysql权限
FLUSH PRIVILEGES;
插入解析数据,插入一个A记录www.adw123.com域及解析
use bind;
insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('adw123.com', 'www', 'A', '1.1.1.1', '600');
插入一个cname记录,如abc.adw123.com域名cname到www.adw123.com
use bind;
insert into bind.dns_records (zone, host, type, data, ttl) VALUES ('adw123.com', 'abc', 'CNAME', 'www', '600');
刷新权限并退出
FLUSH PRIVILEGES;
quit
测试启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named
看有无报错
后台启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named &
接下来测试bind
更新本机(centos7)的dns(如果是外网这一步不用做),为本机的ip,修改文件为/etc/resolv.conf ,把第一个nameserver,后面的ip改为本机ip。
测试
nslookup
> www.adw123.com
Server: 192.168.0.6
Address: 192.168.0.6#53
Name: www.adw123.com
Address: 1.1.1.1
** server can't find www.adw123.com: SERVFAIL
成功.完成。