bind配置mysql后台

Posted 2020-09-06 余为国

 

 

参考文档: http://blog.csdn.net/lishangwen_alan/article/details/53332889

              http://www.cnblogs.com/xiongpq/p/3384681.html

 

需求说明:  bind dlz 可以动态加载配置, 方便配置管理, 但是加载速度比较慢, bind file 速度比较快,但是修改文件容易出错,而且需要重启服务,会比较麻烦,

本文采用bind主从模式, master(bind dlz)用来做配置管理, slave(bind file)用来提供服务.

 

requirements:

两台服务器:   10.1.61.123(master)   10.1.61.124(slave)

mysql:  mysql-5.6.35.tar.gz

bind:    bind-9.11.0.tar.gz

 

1. mysql 编译安装:

 安装依赖包
 yum -y install make gcc-c++ cmake bison-devel  ncurses-devel
 
 下载mysql

 wget http://cdn.mysql.com/Downloads/MySQL-5.6/mysql-5.6.35.tar.gz

 tar xvf mysql-5.6.35.tar.gz

 cd mysql-5.6.35

 编译安装:

cmake \\
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \\
-DMYSQL_DATADIR=/usr/local/mysql/data \\
-DSYSCONFDIR=/etc \\
-DWITH_MYISAM_STORAGE_ENGINE=1 \\
-DWITH_INNOBASE_STORAGE_ENGINE=1 \\
-DWITH_MEMORY_STORAGE_ENGINE=1 \\
-DWITH_READLINE=1 \\
-DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock \\
-DMYSQL_TCP_PORT=3306 \\
-DENABLED_LOCAL_INFILE=1 \\
-DWITH_PARTITION_STORAGE_ENGINE=1 \\
-DEXTRA_CHARSETS=all \\
-DDEFAULT_CHARSET=utf8 \\
-DDEFAULT_COLLATION=utf8_general_ci

make && make install

配置mysql
设置权限:
# groupadd mysql
# groupadd -g mysql mysql
# chown -R mysql:mysql /usr/local/mysql

初始化配置:
# cd /usr/local/mysql
# scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql

注意: 将/etc/my.cnf 改成其他名字,以防冲突

启动MySQl

# cp support-files/mysql.server /etc/init.d/mysql
# chkconfig mysql on
# service mysql start  --启动MySQL

配置用户

# PATH=/usr/local/mysql/bin:$PATH

# export PATH

# source /etc/profile

# mysql -uroot
mysql> set password = password(\'123456\')

设置远程访问
mysql> GRANT ALL PRIVILEGES ON *.* TO \'root\'@\'%\' IDENTIFIED BY \'123456\' WITH GRANT OPTION;

mysql 配置完成


2. bind 编译安装(bind-9.11.0.tar.gz):
 # ./configure --prefix=/usr/local/bind/ --with-dlz-mysql=/usr/local/mysql --enable-threads=no --enable-largefile --disable-ipv6 --with-openssl=no 

  //--enable-threads 多线程支持（官网解析是需要关闭）,--enable-largefile 启用大文件支持,--disable-ipv6 关闭ipv6支持,--with-dlz-mysql意思是使用mysql存储域名解析 
 
 # make && make install

3. 配置bind:
# cd /usr/local/bind/etc/ 
# /usr/local/bind/sbin/rndc-confgen > rndc.conf 
# cat rndc.conf >rndc.key 
# tail -10 rndc.conf | head -9 | sed s/#\\ //g > named.conf

4.  named.conf (master)文件

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;};    //寮�鍚睛鍚�53绔彛锛宎ny琛ㄧず鎺ュ彈浠绘剰ip杩炴帴
    directory "/usr/local/bind/var";
    pid-file "named.pid";  //鏂囦欢鍐呭灏辨槸named杩涚▼鐨刬d  
    allow-query{any;};     //鍏佽浠绘剰ip鏌ヨ
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;};   //璁剧疆杞彂鐨勫叕缃慽p
};

acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

dlz "Mysql zone" {
   database "mysql
   {dbname=db_ops port=3306 host=119.90.48.154 user=op_oss pass=JqIrsM1hVvo8 ssl=false}
   {select zone from t_dns_records where zone = \'$zone$\' and status = 1}
   {select ttl, type, mx_priority, case when lower(type)=\'txt\' then concat(\'\\"\', data, \'\\"\')
        when lower(type) = \'soa\' then concat_ws(\' \', data, resp_person, serial, refresh, retry, expire, minimum)
        else data end from t_dns_records where zone = \'$zone$\' and host = \'$record$\' and status = 1}
   {}
   {select ttl, type, host, mx_priority, case when lower(type)=\'txt\' then
        concat(\'\\"\', data, \'\\"\') else data end, resp_person, serial, refresh, retry, expire,
        minimum from t_dns_records where zone = \'$zone$\' and status = 1}
   {select zone from t_dns_xfr_table where zone = \'$zone$\' and client = \'$client$\' and status = 1}";
};

named.conf(slave) 配置文件

key "rndc-key" {
   algorithm hmac-md5;
   secret "mvCUyhyDvNNGywhoVHbSaQ==";
};

controls {
   inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};


options {
    listen-on port 53 {any;};    //开启侦听53端口，any表示接受任意ip连接
    directory "/usr/local/bind/var";
    pid-file "named.pid";  //文件内容就是named进程的id  
    allow-query{any;};     //允许任意ip查询
    allow-transfer { 10.1.61.124; };
    also-notify { 10.1.61.124; };
    forwarders{114.114.114.114;8.8.8.8;};   //设置转发的公网ip
};

acl "dns-ip-list"{
    10.1.61.123;
    10.1.61.124;
};

logging {
    channel error_log {
        file "/usr/local/bind/var/logs/error.log" versions 10 size 32m;
        severity warning;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    channel query_log {
        file "/usr/local/bind/var/logs/query.log" versions 10 size 32m;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { error_log; };

    category queries { query_log; };
};

zone "phpfensi.com." IN {
      type slave;
      file "slaves/phpfensi.com.zone";
      masterfile-format text;
      masters{ 10.1.61.123; };
};

5. mysql 配置:

create table `t_dns_records` (
  `id` bigint(20) not null auto_increment comment \'主健\',
  `zone` varchar(255) not null default \'\' comment \'域名\',
  `host` varchar(255) not null default \'\' comment \'记录名称\',
  `type` varchar(255) not null default \'\' comment \'记录类型\',
  `data` varchar(255) not null default \'\' comment \'记录值\',
  `ttl` int(11) default null comment \'ttl(存活时间)\',
  `mx_priority` int(11) default null comment \'mx优先级\',
  `refresh` int(11) default null comment \'刷新时间间隔\',
  `retry` int(11)  default null comment \'重试时间间隔\',
  `expire` int(11) default null comment \'过期时间\',
  `minimum` int(11) default null comment \'最小时间\',
  `serial` bigint(20) default null comment \'序列号,每次更改配置都会在原来的基础上加1\',
  `resp_person` varchar(64) default null comment \'责任人\',
  `primary_ns` varchar(64) default null comment \'主域名\',
  `status` tinyint(4) default 1 comment \'0:该记录无效, 1:该记录有效\',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT \'创建时间\',
  `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT \'更新时间\',
  primary key (`id`),
  key `ix_zone` (`zone`),
  key `ix_host` (`host`),
  key `ix_data` (`data`),
  key `ix_type` (`type`),
  key `ix_status` (`status`),
  key `ix_created_at` (`created_at`),
  key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment=\'内网DNS记录\';

create table `t_dns_xfr_table` (
  `id` bigint(20) not null auto_increment comment \'主健\',
  `zone` varchar(255) not null default \'\' comment \'域名\',
  `client` varchar(255) not null default \'\' comment \'BIND SLAVE 客户端\',
  `status` tinyint(4) default 1 comment \'0:该记录无效, 1:该记录有效\',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT \'创建时间\',
  `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT \'更新时间\',
  primary key (`id`),
  key `ix_created_at` (`created_at`),
  key `ix_updated_at` (`updated_at`)
) engine=InnoDB default charset=utf8 comment=\'DNS传送信息\';

6. 插入数据

插入正向解析数据

INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES (\'phpfensi.com\', \'www\', \'A\', \'1.1.1.1\', \'60\');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES (\'phpfensi.com\', \'cloud\', \'A\', \'2.2.2.2\', \'60\');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES (\'phpfensi.com\', \'ns\', \'A\', \'10.1.61.123\', \'60\');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES (\'phpfensi.com\', \'blog\', \'CNAME\', \'cloud.phpfensi.com.\', \'60\');
INSERT INTO t_dns_records (zone, host, type, data, ttl) VALUES (\'phpfensi.com\', \'@\', \'NS\', \'ns.phpfensi.com.\', \'60\');
INSERT INTO t_dns_records (zone, host, type,  ttl, data,refresh, retry, expire, minimum, serial, resp_person) VALUES (\'phpfensi.com\', \'@\', \'SOA\', \'60\', \'ns\', \'28800\', \'14400\', \'86400\', \'86400\', \'2012020809\', \'admin\');

插入反向解析数据

insert into t_dns_records (zone,host,type,data,ttl,mx_priority,refresh,retry,expire,minimum,serial,resp_person,primary_ns) values (\'1.168.192in-addr.arpa\',\'@\',\'SOA\',\'node02.example.com\',86400,NULL,3600,15,86400,3600,2008082700,\'node02.example.com\',\'node02.example.com\');   //添加SOA（授权区域定义）记录
insert into t_dns_records (zone,host,type,data)values(\'1.168.192.in-addr.arpa\',\'@\',\'NS\',\'node02.example.com.\');   //添加NS（标记区域的域名服务器以及授权子域）记录
insert into t_dns_records(zone,host,type,data)values(\'1.168.192.in-addr.arpa\',\'250\',\'PTR\',\'node02.example.com.\'),(\'1.168.192.in-addr.arpa\',\'111\',\'PTR\',\'x.example.com.\');     //添加PTR（与A记录相反，将ip转换成主机名，反向解析操作）记录

插入客户端数据

insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.123")

insert into t_dns_xfr_table (zone, client) values("phpfensi.com", "10.1.61.124")

８． debug 模式下运行 bind 服务
# /usr/local/bind/sbin/named -g -d 1

-g -d 1 是debug的参数 可以查看到后台的日志信息

8. 测试结果:

 

9. slave 配置

zone "phpfensi.com." in {
type slave;
file "phpfensi.com";
masterfile-format text;
masters{ 10.1.61.120; };
};

masterfile-format 必须要手动设置， 要不然同步过来的是二进制文件， 无法阅览

 FAQ:

1. salve 为什么无法同步master的数据

1.1 检查 t_dns_xfr_table  是否配置相应的zone 及  client, client是slave的ip， 只有配置，slave才能被授权同步
1.2 检查 SOA 序列号(serial),每次更改配置都会在原来的基础上加1, 保证master比slave大
1.3 检查 refresh 字段， 一般设置300s， 5分钟同步一次

2. 如何立刻同步zone的A记录

1.1 在数据库更新记录后， 在slave节点上执行 rndc refresh xxx.com(你需要同步的zone)