一、物料
Ubuntu 22.03
MySQL: 8.0.30
Bind9: Bind 9.16
二、安装过程
1、安装系统软件
apt install mysql-server && apt install gcc && apt install pkg-config && apt install libuv1-dev && apt install libssl-dev && apt install libcap-dev && apt install mysql && apt install mysql-client && apt-get install libmysql++-dev && apt install libdbd-mysql-perl
2、安装并配置MySQL
a、 安装MySQL
apt install mysql-server
b、创建数据库用户和表
create database bind9; create user 'app'@'%' identified by "test123'; grant all privileges on bind9.\* to 'dns';
c、创建数据库文件
CREATE TABLE IF NOT EXISTS `dns_records` (
`id` int unsigned NOT NULL AUTO_INCREMENT,
`zone` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL DEFAULT '@',
`type` enum('MX','CNAME','NS','SOA','A','PTR') NOT NULL,
`data` varchar(255) DEFAULT NULL,
`ttl` int NOT NULL DEFAULT '800',
`view` char(20) DEFAULT 'any',
`mx_priority` int DEFAULT NULL,
`priority` int DEFAULT '255',
`refresh` int NOT NULL DEFAULT '3600',
`retry` int NOT NULL DEFAULT '3600',
`expire` int NOT NULL DEFAULT '86400',
`minimum` int NOT NULL DEFAULT '3600',
`serial` bigint NOT NULL DEFAULT '2008082700',
`resp_person` varchar(64) NOT NULL DEFAULT 'root.domain.com.',
`primary_ns` varchar(64) NOT NULL DEFAULT 'ns1.domain.com.',
`data_count` int NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8mb4;
d、插入测试数据
INSERT INTO `dns_records` (`id`, `zone`, `host`, `type`, `data`, `ttl`, `view`, `mx_priority`, `priority`, `refresh`, `retry`, `expire`, `minimum`, `serial`, `resp_person`, `primary_ns`, `data_count`) VALUES
(1, 'domain.com', '@', 'SOA', 'ns1.domain.com.', 10, 'any', NULL, 255, 3600, 3600, 86400, 10, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(2, 'domain.com', '@', 'NS', 'ns1.domain.com.', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(3, 'domain.com', '@', 'NS', 'ns2.domain.com.', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(4, 'domain.com', 'ns1', 'A', '127.0.0.1', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(5, 'domain.com', 'ns2', 'A', '127.0.0.1', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(6, 'domain.com', 'www', 'A', '210.51.36.116', 3600, 'CNC', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(7, 'domain.com', 'www', 'A', '221.238.249.178', 3600, 'CHINANET', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(8, 'domain.com', 'www', 'A', '211.103.156.230', 3600, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(9, 'domain.com', 'man', 'CNAME', 'www', 800, 'CNC', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(10, 'domain.com', 'man', 'CNAME', 'www', 800, 'CHINANET', NULL, 200, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0),
(11, 'domain.com', 'man', 'CNAME', 'www', 800, 'any', NULL, 255, 3600, 3600, 86400, 3600, 2008082700, 'root.domain.com.', 'ns1.domain.com.', 0);
3、安装并配置Bind9
./configure --prefix=/data/bind9 --with-dlz-mysql=/usr --with-openssl
a、生成rndc文件
cd /data/bind9/ sbin/rndc-confgen -r /dev/random > ./etc/rndc.conf tail -10 ./etc/rndc.conf | head -9 | sed s/#\ //g > ./etc/named.conf
b、配置 bind 主文件
key "rndc-key" {
algorithm hmac-sha256;
secret "dV9J9uHSJK9oyCeRSkNFPL7c1EB7PTzDgxlAP/3aQLw=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/data/bind9/config";
recursion yes;
listen-on port 53 { any; };
listen-on-v6 {none;};
dump-file "/data/bind9/data/cache_dump.db";
statistics-file "/data/bind9/data/named_stats.txt";
managed-keys-directory "/data/bind9/dynamic";
allow-query { any; };
blackhole { none; };
dnssec-validation no;
forwarders {
223.5.5.5;
};
response-policy { zone "black.local";};
};
logging {
channel query_log {
file "/data/bind9/logs/named.log" versions 3 size 100m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category queries {
query_log;
};
category lame-servers {
null;
};
};
include "/data/bind9/config/CNC_acl.conf";
include "/data/bind9/config/CHINANET_acl.conf";
include "/data/bind9/config/CMCC_acl.conf";
include "/data/bind9/config/OTHER_acl.conf";
include "/data/bind9/config/view.conf";
c、配置acl网段文件
vim CNC_acl.conf
acl CNC {
192.168.1.1;
192.168.0.0/16;
127.0.0.1;
};
vim CHINANET_acl.conf
acl CHINANET {
192.168.1.2;
192.168.0.0/16;
};
vim CMCC_acl.conf
acl CMCC {
192.168.1.1;
};
vim OTHER_acl.conf
acl OTHER {
192.168.1.1;
};
d、配置view 文件
vim view.conf
view "CNC_View" {
match-clients { CNC; };
allow-query-cache { any; };
#allow-recursion { none; };
allow-transfer { none; };
recursion yes;
dlz "Mysql zone" {
database "dlopen /usr/lib64/dlz_mysql_dynamic.so
{host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}
{SELECT zone FROM dns_records WHERE zone = '$zone$' limit 1}
{SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CNC' UNION SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'ANY' AND NOT EXISTS (SELECT 1 FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CNC')}
{SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
{SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
{select zone from xfr_table where zone = '$zone$' and client = '$client$'}
{update data_count set count = count + 1 where zone ='$zone$'}";
};
zone "black.local" {
type master;
file "/data/bind9/config/black.local.data";
allow-query { none;};
};
};
view "CHINANET_View" {
match-clients { CHINANET; };
allow-query-cache { any; };
#allow-recursion { none; };
allow-transfer { none; };
recursion yes;
dlz "Mysql zone" {
database "dlopen /usr/lib64/dlz_mysql_dynamic.so
{host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}
{SELECT zone FROM dns_records WHERE zone = '$zone$'}
{SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CHINANET' UNION SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'ANY' AND NOT EXISTS (SELECT 1 FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CHINANET')}
{SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
{SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
{select zone from xfr_table where zone = '$zone$' and client = '$client$'}
{update data_count set count = count + 1 where zone ='$zone$'}";
};
zone "black.local" {
type master;
file "/data/bind9/config/black.local.data";
allow-query { none;};
};
};
view "CMCC_View" {
match-clients { CMCC; };
allow-query-cache { any; };
#allow-recursion { none; };
allow-transfer { none; };
recursion yes;
dlz "Mysql zone" {
database "dlopen /usr/lib64/dlz_mysql_dynamic.so
{host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}
{SELECT zone FROM dns_records WHERE zone = '$zone$'}
{SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CMCC' UNION SELECT ttl, type, mx_priority, CASE WHEN LOWER(type) = 'txt' THEN CONCAT('\"', data, '\"') ELSE data END AS data FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'ANY' AND NOT EXISTS (SELECT 1 FROM dns_records WHERE zone = '$zone$' AND host = '$record$' AND NOT (type = 'SOA' OR type = 'NS') AND view = 'CMCC')}
{SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
{SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
{select zone from xfr_table where zone = '$zone$' and client = '$client$'}
{update data_count set count = count + 1 where zone ='$zone$'}";
};
zone "black.local" {
type master;
file "/data/bind9/config/black.local.data";
allow-query { none;};
};
};
view "ANY_View" {
match-clients { any; };
allow-query-cache { any; };
#allow-recursion { none; };
allow-transfer { none; };
recursion yes;
dlz "Mysql zone" {
database "dlopen /usr/lib64/dlz_mysql_dynamic.so
{host=127.0.0.1 dbname=bind9 ssl=false port=3306 user=app pass=test123}
{SELECT zone FROM dns_records WHERE zone = '$zone$'}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end from dns_records where zone = '$zone$' and host = '$record$' and not (type = 'SOA' or type = 'NS') and view='ANY'}
{SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')}
{SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'}
{select zone from xfr_table where zone = '$zone$' and client = '$client$'}
{update data_count set count = count + 1 where zone ='$zone$'}";
};
zone "black.local" {
type master;
file "/data/bind9/config/black.local.data";
allow-query { none;};
};
};
e、编辑 RPZ Zone
$TTL 600
@ IN SOA localhost. root.localhost. (
1 ; Serial
1H ; Refresh
5M ; Retry
1W ; Expire
1D) ; Negative Cache TTL
@ IN NS localhost.
abbbbb.com CNAME .
启动Bind9
/data/bind9/sbin/named -c /data/bind9/etc/named.conf -g -d 9 -4
+ There are no comments
Add yours