Bind 9.16 DLZ for MySQL 配置

一、物料

Ubuntu 22.03
MySQL: 8.0.30

Bind9: Bind 9.16

二、安装过程

1、安装系统软件

apt install mysql-server && apt install gcc && apt install pkg-config && apt install libuv1-dev && apt install libssl-dev && apt install libcap-dev && apt install mysql && apt install mysql-client && apt-get install libmysql++-dev && apt install libdbd-mysql-perl

2、安装并配置MySQL

a、 安装MySQL
apt install mysql-server

b、创建数据库用户和表

create database bind9;
create user 'app'@'%' identified by "test123';
grant all privileges on bind9.\* to 'dns';

c、创建数据库文件

CREATE TABLE IF NOT EXISTS `dns_records` (
`id` int unsigned NOT NULL AUTO_INCREMENT,
`zone` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL DEFAULT '@',
`type` enum('MX','CNAME','NS','SOA','A','PTR') NOT NULL,
`data` varchar(255) DEFAULT NULL,
`ttl` int NOT NULL DEFAULT '800',
`view` char(20) DEFAULT 'any',
`mx_priority` int DEFAULT NULL,
`priority` int DEFAULT '255',
`refresh` int NOT NULL DEFAULT '3600',
`retry` int NOT NULL DEFAULT '3600',
`expire` int NOT NULL DEFAULT '86400',
`minimum` int NOT NULL DEFAULT '3600',
`serial` bigint NOT NULL DEFAULT '2008082700',
`resp_person` varchar(64) NOT NULL DEFAULT 'root.domain.com.',
`primary_ns` varchar(64) NOT NULL DEFAULT 'ns1.domain.com.',
`data_count` int NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8mb4;
d、插入测试数据
INSERT INTO `dns_records` (`id`, `zone`, `host`, `type`, `data`, `ttl`, `view`, `mx_priority`, `priority`, `refresh`, `retry`, `expire`, `minimum`, `serial`, `resp_person`, `primary_ns`, `data_count`) VALUES
    (1, 'domain.com', '@', 'SOA', 'ns1.domain.com.', 10, 'any', NULL, 255, 3600, 3600, 86400, 10, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (2, 'domain.com', '@', 'NS', 'ns1.domain.com.', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (3, 'domain.com', '@', 'NS', 'ns2.domain.com.', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (4, 'domain.com', 'ns1', 'A', '127.0.0.1', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (5, 'domain.com', 'ns2', 'A', '127.0.0.1', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (6, 'domain.com', 'www', 'A', '210.51.36.116', 3600, 'CNC', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (7, 'domain.com', 'www', 'A', '221.238.249.178', 3600, 'CHINANET', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (8, 'domain.com', 'www', 'A', '211.103.156.230', 3600, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (9, 'domain.com', 'man', 'CNAME', 'www', 800, 'CNC', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (10, 'domain.com', 'man', 'CNAME', 'www', 800, 'CHINANET', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
    (11, 'domain.com', 'man', 'CNAME', 'www', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0);

3、安装并配置Bind9

./configure --prefix=/data/bind9 --with-dlz-mysql=/usr --with-openssl
a、生成rndc文件
cd /data/bind9/
sbin/rndc-confgen -r /dev/random > ./etc/rndc.conf
tail -10 ./etc/rndc.conf | head -9 | sed s/#\ //g > ./etc/named.conf
b、配置 bind 主文件
key "rndc-key" {
        algorithm hmac-sha256;
        secret "dV9J9uHSJK9oyCeRSkNFPL7c1EB7PTzDgxlAP/3aQLw=";
};
controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
        directory "/data/bind9/config";
        recursion yes;
        listen-on port 53 { any; };
        listen-on-v6 {none;};
        dump-file "/data/bind9/data/cache_dump.db";
        statistics-file "/data/bind9/data/named_stats.txt";
        managed-keys-directory "/data/bind9/dynamic";
        allow-query { any; };
        blackhole { none; };
        dnssec-validation no;
        forwarders {
                223.5.5.5;
        };
        response-policy { zone "black.local";};
};
logging {  
        channel query_log {
                file "/data/bind9/logs/named.log" versions 3 size 100m;
                severity info;
                print-time yes;
                print-category yes;
                print-severity yes;
        };
        category queries {
                query_log;
        };
        category lame-servers {
                null;
       };
};
include "/data/bind9/config/CNC_acl.conf";
include "/data/bind9/config/CHINANET_acl.conf";
include "/data/bind9/config/CMCC_acl.conf";
include "/data/bind9/config/OTHER_acl.conf";
include "/data/bind9/config/view.conf";
c、配置acl网段文件
vim CNC_acl.conf
acl CNC {
   192.168.1.1;
   192.168.0.0/16;
   127.0.0.1;
};
vim CHINANET_acl.conf
acl  CHINANET {
        192.168.1.2;
        192.168.0.0/16;
};
vim CMCC_acl.conf
acl CMCC {
        192.168.1.1;
};
vim OTHER_acl.conf
acl OTHER {
   192.168.1.1;
};
d、配置view 文件
vim view.conf
view "CNC_View" {
        match-clients { CNC; };
        allow-query-cache { any; };
        #allow-recursion { none; };
        allow-transfer { none; };
        recursion yes;
        dlz "Mysql zone" {
        database "dlopen /usr/lib64/dlz_mysql_dynamic.so
           {host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}    
           {SELECT zone FROM dns_records WHERE zone = '$zone$' limit 1}

           {SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CNC' UNION SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'ANY' AND NOT EXISTS (SELECT 1 FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CNC')}

           {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
           {SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
           {select zone from xfr_table where zone = '$zone$' and client = '$client$'}
           {update data_count set count = count + 1 where zone ='$zone$'}";

        };
        zone "black.local" {
                type master;
                file "/data/bind9/config/black.local.data";
                allow-query { none;};
        };
};
view "CHINANET_View" {
        match-clients { CHINANET; };
        allow-query-cache { any; };
        #allow-recursion { none; };
        allow-transfer { none; };
        recursion yes;
        dlz "Mysql zone" {
        database "dlopen /usr/lib64/dlz_mysql_dynamic.so
           {host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}    
           {SELECT zone FROM dns_records WHERE zone = '$zone$'}
           {SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CHINANET' UNION SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'ANY' AND NOT EXISTS (SELECT 1 FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CHINANET')}
           {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
           {SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
           {select zone from xfr_table where zone = '$zone$' and client = '$client$'}
           {update data_count set count = count + 1 where zone ='$zone$'}";

        };
        zone "black.local" {
                type master;
                file "/data/bind9/config/black.local.data";
                allow-query { none;};
        };
};
view "CMCC_View" {
        match-clients { CMCC; };
        allow-query-cache { any; };
        #allow-recursion { none; };
        allow-transfer { none; };
        recursion yes;
        dlz "Mysql zone" {
        database "dlopen /usr/lib64/dlz_mysql_dynamic.so
          {host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}    
           {SELECT zone FROM dns_records WHERE zone = '$zone$'}
           {SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CMCC' UNION SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'ANY' AND NOT EXISTS (SELECT 1 FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CMCC')}
           {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
           {SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
           {select zone from xfr_table where zone = '$zone$' and client = '$client$'}
           {update data_count set count = count + 1 where zone ='$zone$'}";

        };
        zone "black.local" {
                type master;
                file "/data/bind9/config/black.local.data";
                allow-query { none;};
        };
};
view "ANY_View" {
        match-clients { any; };
        allow-query-cache { any; };
        #allow-recursion { none; };
        allow-transfer { none; };
        recursion yes;
        dlz "Mysql zone" {
        database "dlopen /usr/lib64/dlz_mysql_dynamic.so
          {host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}    
          {SELECT zone FROM dns_records WHERE zone = '$zone$'}
          {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end from dns_records where zone = '$zone$' and host = '$record$' and not (type = 'SOA' or type = 'NS') and view='ANY'}
          {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
          {SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
          {select zone from xfr_table where zone = '$zone$' and client = '$client$'}
          {update data_count set count = count + 1 where zone ='$zone$'}";
        };
        zone "black.local" {
                type master;
                file "/data/bind9/config/black.local.data";
                allow-query { none;};
        };
};
e、编辑 RPZ Zone
$TTL 600
@       IN      SOA     localhost. root.localhost. (

                        1       ; Serial
                        1H      ; Refresh
                        5M      ; Retry
                        1W      ; Expire
                        1D)     ; Negative Cache TTL


@       IN      NS      localhost.

abbbbb.com       CNAME   .

启动Bind9

/data/bind9/sbin/named -c /data/bind9/etc/named.conf -g -d 9 -4

后记:目前还没测试如何把 rpz zone放到数据内,好像不太直接

You May Also Like

More From Author

+ There are no comments

Add yours