# Bind-DLZ + Django + Mysql DNS管理平台 * * * * * **背景：由于受网络带宽的影响，通常我们的许多服务都都使用内网通信，如mysql服务程序中填写mysql服务的内网ip地址即可，如果内部做一个dns解析平台，程序中调用域名，假如我们搭建的mysql服务的主机ip改变了，我们只需要去更改dns解析即可，这样很方便，也不容易出错。 在githup上看到一个开源基于django写的web 管理bind9.9.5的项目，于是便想搭建一个试下 ** * * * * * 服务器：centos7 按装软件：mysql5.7 ，bind9.9.5 Python2.7.5， Django版本1.11.+ * * * * * ### 一.首先安装mysql5.7 下载好对应的mysql5.7的二进制包，这里的mysql只能编译安装或者二进制包安装，我选择的是二进制包安装： 下载地址：https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz 2.创建用户和组 ``` groupadd mysql useradd -g mysql -s /sbin/nologin mysql ``` 3.解压到指定目录 ``` tar -zxvf mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz -C /usr/local cd /usr/local/ ln -s mysql-5.7.17-linux-glibc2.5-x86_64 mysql 或者 mv mysql-5.7.17-linux-glibc2.5-x86_64 mysql ``` 4.配置PATH ``` echo "export PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile source /etc/profile ``` 5.数据库目录规划 * 文件类型 实例3306 软链 * 数据datadir /usr/local/mysql/data /data/mysql/data * 参数文件my.cnf /usr/local/mysql/etc/my.cnf * 错误日志log-error /usr/local/mysql/log/mysql_error.log * 二进制日志log-bin /usr/local/mysql/binlogs/mysql-bin /data/mysql/binlogs/mysql-bin * 慢查询日志 slow_query_log_file /usr/local/mysql/log/mysql_slow_query.log * 套接字socket文件 /usr/local/mysql/run/mysql.sock * pid文件 /usr/local/mysql/run/mysql.pid ``` mkdir -p /data/mysql/{data,binlogs,log,etc,run} ln -s /data/mysql/data /usr/local/mysql/data ln -s /data/mysql/binlogs /usr/local/mysql/binlogs ln -s /data/mysql/log /usr/local/mysql/log ln -s /data/mysql/etc /usr/local/mysql/etc ln -s /data/mysql/run /usr/local/mysql/run chown -R mysql.mysql /data/mysql/ chown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run} mkdir -p /usr/local/mysql/{log,etc,run} mkdir -p /data/mysql/{data,binlogs} ln -s /data/mysql/data /usr/local/mysql/data ln -s /data/mysql/binlogs /usr/local/mysql/binlogs chown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run} chown -R mysql.mysql /data/mysql ``` 6.配置my.cnf参数文件 删除系统自带的my.cnf ``` rm -f /etc/my.cnf 在/usr/local/mysql/etc/下创建my.cnf文件，加入如下参数，其他参数根据需要配置 [client] port = 3306 socket = /usr/local/mysql/run/mysql.sock [mysqld] port = 3306 socket = /usr/local/mysql/run/mysql.sock pid_file = /usr/local/mysql/run/mysql.pid datadir = /usr/local/mysql/data default_storage_engine = InnoDB max_allowed_packet = 512M max_connections = 2048 open_files_limit = 65535 skip-name-resolve lower_case_table_names=1 character-set-server = utf8mb4 collation-server = utf8mb4_unicode_ci init_connect='SET NAMES utf8mb4' innodb_buffer_pool_size = 1024M innodb_log_file_size = 2048M innodb_file_per_table = 1 innodb_flush_log_at_trx_commit = 0 key_buffer_size = 64M log-error = /usr/local/mysql/log/mysql_error.log log-bin = /usr/local/mysql/binlogs/mysql-bin slow_query_log = 1 slow_query_log_file = /usr/local/mysql/log/mysql_slow_query.log long_query_time = 5 tmp_table_size = 32M max_heap_table_size = 32M query_cache_type = 0 query_cache_size = 0 server-id=1 ``` 7.初始化数据库 ``` mysqld --initialize --user=mysql --basedir=/usr/local/mysql —datadir=/usr/local/mysql/data 在日志文件里会提示一个临时密码，记录这个密码 grep 'temporary password' /usr/local/mysql/log/mysql_error.log 2018-08-31T13:26:30.619610Z 1 [Note] A temporary password is generated for root@localhost: b#uhQy*=d7yH ``` 9.设置启动项 ``` cd /usr/lib/systemd/system touch mysqld.service cat mysqld.service [Unit] Description=MySQL Server Documentation=man:mysqld(8) Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html After=network.target After=syslog.target [Install] WantedBy=multi-user.target [Service] User=mysql Group=mysql Type=forking PIDFile=/usr/local/mysql/run/mysqld.pid # Disable service start and stop timeout logic of systemd for mysqld service. TimeoutSec=0 # Execute pre and post scripts as root PermissionsStartOnly=true # Needed to create system tables #ExecStartPre=/usr/bin/mysqld_pre_systemd # Start main service ExecStart=/usr/local/mysql/bin/mysqld --daemonize --pid-file=/usr/local/mysql/run/mysqld.pid $MYSQLD_OPTS # Use this to switch malloc implementation EnvironmentFile=-/etc/sysconfig/mysql # Sets open_files_limit LimitNOFILE = 65535 Restart=on-failure RestartPreventExitStatus=1 PrivateTmp=false ``` 加载 ``` systemctl daemon-reload systemctl enable mysqld.service systemctl is-enabled mysqld ``` 10. 启动mysql ``` systemctl start mysqld.service ``` ### 二.编译安装bind 1.下载bind9.9.5的源码包，这里一定要用源码包安装，编译dlz支持mysql，否则yum安装，不能支持mysql 下载地址：https://www.isc.org/downloads/bind/ 2.安装 编译工具下载： ``` yum -y install make gcc-c++ cmake bison-devel ncurses-devel zlib-devel openssl openssl-devel openssl* tar -xf bind-9.9.5.tar.gz cd bind-9.9.5 cd bind-9.9.5 ./configure --prefix=/usr/local/bind/ \ --enable-threads=no \ --enable-newstats \ --with-dlz-mysql \ --disable-openssl-version-check #官网说明强调编译关闭多线程，即—enable-threads=no Make Make install #源码编译安装完成 ``` 3.环境变量配置 ``` cat >> /etc/profile <<EOF PATH=$PATH:/usr/local/bind/bin:/usr/local/bind/sbin export PATH EOF source /etc/profile #重新加载一下环境变量 named -v #如下图，说明环境变量正常 ``` 可能会出现如下情况， while loading shared libraries: libmysqlclient.so.20: cannot open shared object file: No such 遇到这种情况： 请先查找本地有无这个库文件 ``` find / -name *mysqlclient.so* 由于centos7的目录结构和centos6的目录结构不同，请添加软连接 ln -s /usr/local/mysql/lib/libmysqlclient.so.20 /usr/lib/ ln -s /usr/local/mysql/lib/libmysqlclient.so.20 /usr/lib64/ ``` 添加了软连接就可以了 4.使用rndc生成加密的key文件 rndc是BIND安装包提供的一种控制域名服务运行的工具，它可以运行在其他计算机上，通过网络与DNS服务器进行连接，然后根据管理员的指令对named进程进行远程控制，此时，管理员不需要DNS服务器的根用户权限。 使用rndc可以在不停止DNS服务器工作的情况进行数据的更新，使修改后的配置文件生效。在实际情况下，DNS服务器是非常繁忙的，任何短时间的停顿都会给用户的使用带来影响。因此，使用rndc工具可以使DNS服务器更好地为用户提供服务。 rndc与DNS服务器实行连接时，需要通过数字证书进行认证，而不是传统的用户名/密码方式。在当前版本下，rndc和named都只支持HMAC-MD5认证算法，在通信两端使用共享密钥。rndc在连接通道中发送命令时，必须使用经过服务器认可的密钥加密。为了生成双方都认可的密钥，可以使用rndc-confgen命令产生密钥和相应的配置，再把这些配置分别放入named.conf和rndc的配置文件rndc.conf中 1.执行rndc-confgen命令，得到密钥和相应的配置 ``` #rndc-confgen # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "Ats9ygxMNv9aVOXXwMgojQ=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "Ats9ygxMNv9aVOXXwMgojQ=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf ``` 2.在/etc目录下创建rndc.conf文件，根据提示输入上述输出中不带注释的内容。 ``` #Cat /etc/rndc.conf key "rndc-key" { algorithm hmac-md5; secret "Ats9ygxMNv9aVOXXwMgojQ=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; 3.根据提示，把下列内容放入/etc/named.conf文件后面。 key "rndc-key" { algorithm hmac-md5; secret "Ats9ygxMNv9aVOXXwMgojQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; ``` 4.创建用户和添加授权目录 ``` useradd -s /sbin/nologin named chown -R named:named /usr/local/bind/ ``` 4.配置Bind 注意： bind 的数据库即是 管理平台使用的数据库，这里配置的库名和，后面管理平台的数据库名一样 ``` vi /usr/local/bind/etc/named.conf options { directory "/usr/local/bind/"; version "bind-9.9.9"; listen-on port 53 { any; }; allow-query-cache { any; }; listen-on-v6 port 53 { ::1; }; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; }; key "rndc-key" { algorithm hmac-md5; secret "C4Fg6OGjJipHKfgUWcAh+g=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; view "ours_domain" { match-clients {any; }; allow-query-cache {any; }; allow-recursion {any; }; allow-transfer {any; }; dlz "Mysql zone" { database "mysql {host=127.0.0.1 dbname=devops1 ssl=false port=3306 user=root pass=123456} {select zone from dns_records where zone='$zone$'} {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}"; }; zone "." IN { type hint; file "/usr/local/bind/etc/named.ca"; }; }; ``` 6.上面文件中/usr/local/bind/etc/named.ca 这个证书是需要我们自己生成的 cd /usr/local/bind/etc/ dig -t NS . >named.ca 三.配置Bind-Web 管理平台 ``` yum install git git clone https://github.com/1032231418/Bind-Web.git #git 克隆下来 cd Bind-Web 2.安装Django框架 yum -y install epel-release yum -y install python-pip pip install -r requirement.txt 注意这里会报错，安装MySQL-python会提示找不到python.h文件 解决方法：pip install --upgrade pip yum -y install mysql-devel yum install python-devel pip install MySQL-python 这样就安装好了 ``` 3.数据库配置: ``` 5.) CREATE DATABASE devops1 CHARACTER SET utf8 COLLATE utf8_general_ci; ``` #创建数据库 2.)配置文件devops/settings 里连接数据库 DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME':'devops1', 'USER': 'root', 'PASSWORD': '123456', 'HOST': '127.0.0.1', 'PORT':'3306', } } 3.python manage.py makemigrations python manage.py migrate 创建管理用户 python manage.py createsuperuser 创建用户，密码长度要大于8，邮箱 运行 nohup python manage.py runserver 0.0.0.0:8001 & http://ip/8001 访问WEB 界面 登录账户就是创建的管理用户 四．启动服务，并检查是否正常 ``` /usr/local/bind/sbin/named Ps -ef |grep named Cp /mnt/Bind-Web/Bind开机启动脚本/bind /etc/init.d/ /etc/init.d/bind start chmod 755 /etc/init.d/bind 在web界面添加如下的域名 测试bind连接数据库是否正常: ```