昨天看見新聞,說Bind 9.10.3版本已經(jīng)正式發(fā)布了,迫不及待安裝試試,,,?

我前面的文章已經(jīng)體驗過 bind 9.10的RC版的個別新功能, 見文?Bind 9.10 源碼安裝 以及 新增redirect 類型 以及$GENERATE指令用法

系統(tǒng)環(huán)境:CentOS 6.6 x86_64

1,下載bind 9.10.3的源碼包. http://isc.org

2,添加用戶,和編譯安裝bind?

#?tar?xf?bind-9.10.3.tar.gz #?cd?bind-9.10.3 #?groupadd?-r?named #?useradd?-s?/sbin/nologin?-M?-r?-g?named?named #?./configure?--prefix=/usr/local/bind9.10.3?--with-dlz-mysql=/usr/local/mysql5.6.26/?--disable-chroot?--enable-ipv6?--enable-threads?--localstatedir=/var/?--with-python?--datarootdir=/usr/ #?make?-j?4?&&?make?install

3, 安裝完成后,查看目錄樹,和檢查能否運行

試運行下named?

#?cd?/usr/local/bind9.10.3/sbin/ #?./named #?./named:?error?while?loading?shared?libraries:?libmysqlclient.so.18:?cannot?open?shared?object?file:?No?such?file?or?directory

恩 ?好像要報錯

#?find?/usr/local/mysql5.6.26/??-iname??libmysqlclient.so.18?????????//查找未找到庫文件是否存在 /usr/local/mysql5.6.26/lib/libmysqlclient.so.18 #?ln?-s?/usr/local/mysql5.6.26/lib/libmysqlclient.so.18?/usr/lib64/??//做個庫文件的軟連接 #?./named

恩,沒報錯了 .?

#?named?-V????????????????//查看bind目錄配置信息和版本號 BIND?9.10.3?<id:2799933> built?by?make?with?'--prefix=/usr/local/bind9.10.3'?'--with-dlz-mysql=/usr/local/mysql5.6.26/'?'--disable-chroot'?'--enable-ipv6'?'--enable-threads'?'--localstatedir=/var/'?'--with-python'?'--datarootdir=/usr/' compiled?by?GCC?4.4.7?20120313?(Red?Hat?4.4.7-16) compiled?with?OpenSSL?version:?OpenSSL?1.0.1e?11?Feb?2013 linked?to?OpenSSL?version:?OpenSSL?1.0.1e-fips?11?Feb?2013 compiled?with?libxml2?version:?2.7.6 linked?to?libxml2?version:?20706

??

4, 配置bind 環(huán)境變量

#?chown?-R?named:named?/usr/local/bind9.10.3/* #?echo?'export?PATH=${PATH}:/usr/local/mysql5.6.26/bin/:/usr/local/bind9.10.3/sbin/'?>>?/etc/profile #?source?/etc/profile????//添加bind可執(zhí)行程序的目錄到環(huán)境變量

5, 配置rndc ?配置named.conf

生成相關(guān)的key (命令需要執(zhí)行幾分鐘)

#?rndc-confgen?>?/usr/local/bind9.10.3/etc/rndc.conf#?cd?/usr/local/bind9.10.3/ #?sed?-n?15,23s/"#?"//p?etc/rndc.conf?>>?etc/named.conf???//添加rndc.conf中的末行到named.conf####?named.conf?###### options?{directory???????"/var/named/";version?????????"****";recursion???????yes;listen-on?port?53???????{any;?};dump-file???????"/var/named/data/cache_dump.db";statistics-file?"/var/named/data/named_stats.txt";allow-query?????{any;?};blackhole???????{none;?}; };key?"rndc-key"?{algorithm?hmac-md5;secret?"NFhQ****BmS**6IXgTw=="; };controls?{inet?127.0.0.1?port?953allow?{?127.0.0.1;?}?keys?{?"rndc-key";?}; };view?"ours_domain"?{match-clients???????????{127.0.0.1;?};allow-query-cache???????????{any;?};allow-recursion??????????{any;?};allow-transfer??????????{none;?};#dlz?"Mysql?zone"?{#????????database????????"mysql#????????{host=localhost?dbname=named?ssl=false?port=3306?user=named?pass=named}#????????{select?zone?from?dns_records?where?zone='$zone$'}#????????{select?ttl,?type,?mx_priority,?case?when?lower(type)='txt'?then?concat('\"',?data,?'\"')?when?lower(type)?=?'soa'?then?concat_ws('?',?data,?resp_person,?serial,?refresh,?retry,?expire,?minimum)?else?data?end?from?dns_records?where?zone?=?'$zone$'?and?hos t?=?'$record$'}";?#};zone?"."??IN?{type?hint;file?"named.ca";};};

系統(tǒng)啟動服務(wù)腳本 v2

#!/bin/bash #?named?a?network?name?service. #?chkconfig:?345?35?75 #?description:?a?name?server[?-r?/etc/rc.d/init.d/functions?]?&&?.?/etc/rc.d/init.d/functionsBuilddir=/usr/local/bind9.10.3 PidFile=/var/run/named/named.pid LockFile=/var/lock/subsys/named Sbindir=${Builddir}/sbin Configfile=${Builddir}/etc/named.conf CheckConf=${Builddir}/sbin/named-checkconf named=namedif?[?!?-f?${Configfile}?] thenecho?"Can't?find?named.conf?"?exit?1? fiif?[?!?-d?/var/run/named/?]?? thenecho?"could?not?open?directory?'/var/run/named/':?Permission?denied?"?exit?1 elif?[?!?-w?/var/run/named/?]thenecho?"could?not?open?directory?'/var/run/named/':?Permission?denied?"exit?1 fiif?[?!?-r?${Configfile}?] thenecho?"Error:?${Configfile}?is?not?readfile!"exit?1 else$CheckConfif?[?$??!=?0?]thenecho?-e?"Please?check?config?file?in?\033[31m${Configfile}?\033[0m!"exit?2fi fistart()?{[?-x?${Builddir}/sbin/$named?]?||???exit?4if?[?-f?$LockFile?];?thenecho?-n?"$named?is?already?running..."echo_failureechoexit?5fiecho?-n?"Starting?$named:?"daemon?--pidfile?"$PidFile"?${Sbindir}/$named?-u?named?-4?-c?${Configfile}RETVAL=$?echoif?[?$RETVAL?-eq?0?];?thentouch?$LockFilereturn?0elserm?-f?$LockFile?$PidFilereturn?1fi }stop()?{if?[?!?-f?$LockFile?];thenecho?"$named?is?not?started."echo_failurefiecho?-n?"Stopping?$named:?"killproc?$namedRETVAL=$?echo[?$RETVAL?-eq?0?]?&&?rm?-f?$LockFilereturn?0 }restart()?{stopsleep?1start }reload()?{echo?-n?"Reloading?$named:?"killproc?$named?-HUPRETVAL=$?echoreturn?$RETVAL }status()?{if?pidof?$named?>?/dev/null?&&?[?-f?$PidFile?];?thenecho?"$named?is?running..."elseecho?"$named?is?stopped..."fi }case?$1?in start)start?;; stop)?stop?;; restart)restart?;; reload)reload?;; status)status?;; *)echo?"Usage:named?{start|stop|status|reload|restart}"exit?2;; esac#?ln?-s?/usr/local/bind9.10.3/bin/*?/usr/bin/ #?wget?-O?/var/named/named.ca??http://www.internic.net/domain/named.root???//根dns列表? #?service?named?restart

簡單的使用dig 查詢一下,看能否通過 . 根遞歸解析到域名.

[root@16?/usr]#dig?www.126.com?@127.0.0.1;?<<>>?DiG?9.10.3?<<>>?www.126.com?@127.0.0.1 ;;?global?options:?+cmd ;;?Got?answer: ;;?->>HEADER<<-?opcode:?QUERY,?status:?NOERROR,?id:?13070 ;;?flags:?qr?rd?ra;?QUERY:?1,?ANSWER:?5,?AUTHORITY:?5,?ADDITIONAL:?6;;?OPT?PSEUDOSECTION: ;?EDNS:?version:?0,?flags:;?udp:?4096 ;;?QUESTION?SECTION: ;www.126.com. IN A;;?ANSWER?SECTION: www.126.com. 18000 IN CNAME mcache.mail.163.com. mcache.mail.163.com. 18000 IN CNAME email.163.com.lxdns.com. email.163.com.lxdns.com.?600 IN CNAME mail163.xdwscache.ourglb0.com. mail163.xdwscache.ourglb0.com.?120?IN A 115.231.82.101 mail163.xdwscache.ourglb0.com.?120?IN A 183.136.217.66;;?AUTHORITY?SECTION: ourglb0.com. 172800 IN NS ns1.ourglb0.com. ourglb0.com. 172800 IN NS ns4.ourglb0.com. ourglb0.com. 172800 IN NS ns3.ourglb0.com. ourglb0.com. 172800 IN NS ns5.ourglb0.com. ourglb0.com. 172800 IN NS ns2.ourglb0.com.;;?ADDITIONAL?SECTION: ns1.ourglb0.com. 172800 IN A 14.215.100.33 ns2.ourglb0.com. 172800 IN A 123.138.61.29 ns3.ourglb0.com. 172800 IN A 219.146.68.110 ns4.ourglb0.com. 172800 IN A 111.202.74.158 ns5.ourglb0.com. 172800 IN A 222.186.132.179;;?Query?time:?342?msec ;;?SERVER:?127.0.0.1#53(127.0.0.1) ;;?WHEN:?Fri?Sep?18?00:08:38?CST?2015 ;;?MSG?SIZE??rcvd:?346

可以查詢 ?ok

6, 配置 dlz 數(shù)據(jù)庫查詢.

6.1, 創(chuàng)建單獨的數(shù)據(jù)庫

#?mysql?-h?localhost?-u?root?-p? >?create?database?named;

6.2, 建表

>?CREATE?TABLE?IF?NOT?EXISTS?`dns_records`?(`id`?int(10)?unsigned?NOT?NULL?AUTO_INCREMENT,`zone`?varchar(255)?NOT?NULL,`host`?varchar(255)?NOT?NULL?DEFAULT?'@',`type`?enum('A','MX','CNAME','NS','SOA','PTR','TXT','AAAA','SVR','URL')?NOT?NULL,`data`?varchar(255)?DEFAULT?NULL,`ttl`?int(11)?NOT?NULL?DEFAULT?'3600',`mx_priority`?int(11)?DEFAULT?NULL,`view`??enum('any',?'Telecom',?'Unicom',?'CMCC',?'ours')?NOT?NULL??DEFAULT?"any"?,`priority`?tinyint?UNSIGNED?NOT?NULL?DEFAULT?'255',`refresh`?int(11)?NOT?NULL?DEFAULT?'28800',`retry`?int(11)?NOT?NULL?DEFAULT?'14400',`expire`?int(11)?NOT?NULL?DEFAULT?'86400',`minimum`?int(11)?NOT?NULL?DEFAULT?'86400',`serial`?bigint(20)?NOT?NULL?DEFAULT?'2015050917',`resp_person`?varchar(64)?NOT?NULL?DEFAULT?'ddns.net',`primary_ns`?varchar(64)?NOT?NULL?DEFAULT?'ns.ddns.net.',PRIMARY?KEY?(`id`),KEY?`type`?(`type`),KEY?`host`?(`host`),KEY?`zone`?(`zone`) )?ENGINE=MyISAM??DEFAULT?CHARSET=utf8?AUTO_INCREMENT=1?;

view:是區(qū)分不同網(wǎng)絡(luò)區(qū)域的字段.

Priority:是區(qū)分不同優(yōu)先級的字段.

6.3, 創(chuàng)建單獨用戶,并授權(quán)

>?grant?all?privileges?on?named.*?to?named_user?identifed?by?"named_passwd"; >?flush?privileges;

6.4, 打開named.conf 中的查詢注釋語句

6.5, 插入數(shù)據(jù)

>?insert?into?named.dns_records?(zone,?host,?type,?data,?ttl)?VALUES?('test.info',?'www',?'A',?'1.1.1.1',?'60'); >?insert?into?named.dns_records?(zone,?host,?type,?data,?ttl)?VALUES?('test.info',?'mail',?'CNAME',?'www',?'60'); >?insert?into?named.dns_records?(zone,?host,?type,?data,?ttl)?VALUES?('test.info',?'@',?'NS',?'ns',?'60'); >?insert?into?named.dns_records?(zone,?host,?type,?data,?ttl)?VALUES?('test.info',?'ns',?'A',?'127.0.0.1',?'60');

6.6, 查詢

#?dig??@127.0.0.1 #?dig?mail.test.info?@127.0.0.1 #?dig?-t?NS?test.info?@127.0.0.1? #?dig?-t?ANY?test.info?@127.0.0.1

數(shù)據(jù)庫查詢是實時的,每一次查詢named都會到數(shù)據(jù)庫查詢一次(不會寫入緩存),如果在查詢過成功 mysql 服務(wù)宕機,那么就將無法返回結(jié)果,

另一方面,數(shù)據(jù)庫中添加相應(yīng)記錄也是實時生效的,所以不需要再rndc reload 或 service named reload

另外:dlz查詢 和 zone文件查詢是可以并行的,如圖,我這里測試的named.conf 配置內(nèi)容.

可以看到,dlz查詢是寫在 v.info 之前.

mysql中并沒有添加v.info 的響應(yīng)記錄.

#dig?www.v.info?@127.0.0.1;?<<>>?DiG?9.10.3?<<>>?www.v.info?@127.0.0.1 ;;?global?options:?+cmd ;;?Got?answer: ;;?->>HEADER<<-?opcode:?QUERY,?status:?NOERROR,?id:?1691 ;;?flags:?qr?aa?rd?ra;?QUERY:?1,?ANSWER:?2,?AUTHORITY:?1,?ADDITIONAL:?1;;?OPT?PSEUDOSECTION: ;?EDNS:?version:?0,?flags:;?udp:?4096 ;;?QUESTION?SECTION: ;www.v.info. IN A;;?ANSWER?SECTION: www.v.info. 3600 IN CNAME ns.v.info. ns.v.info. 3600 IN A 127.0.0.1;;?AUTHORITY?SECTION: v.info. 3600 IN NS ns.v.info.;;?Query?time:?1?msec ;;?SERVER:?127.0.0.1#53(127.0.0.1) ;;?WHEN:?Fri?Sep?18?01:42:36?CST?2015 ;;?MSG?SIZE??rcvd:?86

也是可以查詢的.

衍生實驗:如果我在mysql中添加一條 v.info 域 www主機的記錄呢 ?

>?insert?into?named.dns_records?(zone,?host,?type,?data,?ttl)?VALUES?('v.info',?'www',?'A',?'1.2.3.5',?'60');

數(shù)據(jù)庫條目 ↑

zone文件條目 ↓

named.conf 配置文件中,dlz查詢是在v.info 查詢之前.

我們來查詢下試試看會返回什么有趣的結(jié)果.

#dig?www.v.info?@127.0.0.1;?<<>>?DiG?9.10.3?<<>>?www.v.info?@127.0.0.1 ;;?global?options:?+cmd ;;?Got?answer: ;;?->>HEADER<<-?opcode:?QUERY,?status:?NOERROR,?id:?61180 ;;?flags:?qr?aa?rd?ra;?QUERY:?1,?ANSWER:?2,?AUTHORITY:?1,?ADDITIONAL:?1;;?OPT?PSEUDOSECTION: ;?EDNS:?version:?0,?flags:;?udp:?4096 ;;?QUESTION?SECTION: ;www.v.info. IN A;;?ANSWER?SECTION: www.v.info. 3600 IN CNAME ns.v.info. ns.v.info. 3600 IN A 127.0.0.1;;?AUTHORITY?SECTION: v.info. 3600 IN NS ns.v.info.;;?Query?time:?0?msec ;;?SERVER:?127.0.0.1#53(127.0.0.1) ;;?WHEN:?Fri?Sep?18?01:49:32?CST?2015 ;;?MSG?SIZE??rcvd:?86

可見,返回的依舊是zone文件中記錄的內(nèi)容.

我們來回顧下理論知識

這也不難理解,named程序在啟動的時候,會檢查named.conf 配置文件,根據(jù)配置文件讀取自己為master的zone文件進(jìn)內(nèi)存(對,直接讀到內(nèi)存),dlz查詢是通過mysql得到結(jié)果的,自然不能一開始就把結(jié)果查詢完,然后保存至內(nèi)存,,, ? ?所以zone文件的優(yōu)先級始終高于dlz數(shù)據(jù)查詢.

另一方面,由于每次查詢非zone文件的區(qū)域時,到dlz查詢 都會連接mysql(不管是sockes 還是 通過網(wǎng)絡(luò)),肯定沒有zone文件直接讀取來的快(當(dāng)然也不是非常慢),所以dlz查詢服務(wù)器不適用下端大量查詢,它適用于上端權(quán)威服務(wù)器,具有易于管理,實時生效的優(yōu)點. 下端可以做slave 然后做高速緩存查詢.

當(dāng)然,你可以把dlz配置文件條目注釋掉,雖然編譯named的時候支持dlz ,但是不開啟.就當(dāng)zone文件的named使用,也可以 . ? 這就看自己的取舍了

轉(zhuǎn)載于:https://blog.51cto.com/professor/1695829

總結(jié)

以上是生活随笔為你收集整理的源码安装Bind 9.10 正式版 开启DLZ数据库支持 和 数据库view查询的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。