# Bind-DLZ + Django + Mysql DNS管理平臺 * * * * * **背景：由于受網絡帶寬的影響，通常我們的許多服務都都使用內網通信，如mysql服務程序中填寫mysql服務的內網ip地址即可，如果內部做一個dns解析平臺，程序中調用域名，假如我們搭建的mysql服務的主機ip改變了，我們只需要去更改dns解析即可，這樣很方便，也不容易出錯。 在githup上看到一個開源基于django寫的web 管理bind9.9.5的項目，于是便想搭建一個試下 ** * * * * * 服務器：centos7 按裝軟件：mysql5.7 ，bind9.9.5 Python2.7.5， Django版本1.11.+ * * * * * ### 一.首先安裝mysql5.7 下載好對應的mysql5.7的二進制包，這里的mysql只能編譯安裝或者二進制包安裝，我選擇的是二進制包安裝： 下載地址：https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz 2.創建用戶和組 ``` groupadd mysql useradd -g mysql -s /sbin/nologin mysql ``` 3.解壓到指定目錄 ``` tar -zxvf mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz -C /usr/local cd /usr/local/ ln -s mysql-5.7.17-linux-glibc2.5-x86_64 mysql 或者 mv mysql-5.7.17-linux-glibc2.5-x86_64 mysql ``` 4.配置PATH ``` echo "export PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile source /etc/profile ``` 5.數據庫目錄規劃 * 文件類型 實例3306 軟鏈 * 數據datadir /usr/local/mysql/data /data/mysql/data * 參數文件my.cnf /usr/local/mysql/etc/my.cnf * 錯誤日志log-error /usr/local/mysql/log/mysql_error.log * 二進制日志log-bin /usr/local/mysql/binlogs/mysql-bin /data/mysql/binlogs/mysql-bin * 慢查詢日志 slow_query_log_file /usr/local/mysql/log/mysql_slow_query.log * 套接字socket文件 /usr/local/mysql/run/mysql.sock * pid文件 /usr/local/mysql/run/mysql.pid ``` mkdir -p /data/mysql/{data,binlogs,log,etc,run} ln -s /data/mysql/data /usr/local/mysql/data ln -s /data/mysql/binlogs /usr/local/mysql/binlogs ln -s /data/mysql/log /usr/local/mysql/log ln -s /data/mysql/etc /usr/local/mysql/etc ln -s /data/mysql/run /usr/local/mysql/run chown -R mysql.mysql /data/mysql/ chown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run} mkdir -p /usr/local/mysql/{log,etc,run} mkdir -p /data/mysql/{data,binlogs} ln -s /data/mysql/data /usr/local/mysql/data ln -s /data/mysql/binlogs /usr/local/mysql/binlogs chown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run} chown -R mysql.mysql /data/mysql ``` 6.配置my.cnf參數文件 刪除系統自帶的my.cnf ``` rm -f /etc/my.cnf 在/usr/local/mysql/etc/下創建my.cnf文件，加入如下參數，其他參數根據需要配置 [client] port = 3306 socket = /usr/local/mysql/run/mysql.sock [mysqld] port = 3306 socket = /usr/local/mysql/run/mysql.sock pid_file = /usr/local/mysql/run/mysql.pid datadir = /usr/local/mysql/data default_storage_engine = InnoDB max_allowed_packet = 512M max_connections = 2048 open_files_limit = 65535 skip-name-resolve lower_case_table_names=1 character-set-server = utf8mb4 collation-server = utf8mb4_unicode_ci init_connect='SET NAMES utf8mb4' innodb_buffer_pool_size = 1024M innodb_log_file_size = 2048M innodb_file_per_table = 1 innodb_flush_log_at_trx_commit = 0 key_buffer_size = 64M log-error = /usr/local/mysql/log/mysql_error.log log-bin = /usr/local/mysql/binlogs/mysql-bin slow_query_log = 1 slow_query_log_file = /usr/local/mysql/log/mysql_slow_query.log long_query_time = 5 tmp_table_size = 32M max_heap_table_size = 32M query_cache_type = 0 query_cache_size = 0 server-id=1 ``` 7.初始化數據庫 ``` mysqld --initialize --user=mysql --basedir=/usr/local/mysql —datadir=/usr/local/mysql/data 在日志文件里會提示一個臨時密碼，記錄這個密碼 grep 'temporary password' /usr/local/mysql/log/mysql_error.log 2018-08-31T13:26:30.619610Z 1 [Note] A temporary password is generated for root@localhost: b#uhQy*=d7yH ``` 9.設置啟動項 ``` cd /usr/lib/systemd/system touch mysqld.service cat mysqld.service [Unit] Description=MySQL Server Documentation=man:mysqld(8) Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html After=network.target After=syslog.target [Install] WantedBy=multi-user.target [Service] User=mysql Group=mysql Type=forking PIDFile=/usr/local/mysql/run/mysqld.pid # Disable service start and stop timeout logic of systemd for mysqld service. TimeoutSec=0 # Execute pre and post scripts as root PermissionsStartOnly=true # Needed to create system tables #ExecStartPre=/usr/bin/mysqld_pre_systemd # Start main service ExecStart=/usr/local/mysql/bin/mysqld --daemonize --pid-file=/usr/local/mysql/run/mysqld.pid $MYSQLD_OPTS # Use this to switch malloc implementation EnvironmentFile=-/etc/sysconfig/mysql # Sets open_files_limit LimitNOFILE = 65535 Restart=on-failure RestartPreventExitStatus=1 PrivateTmp=false ``` 加載 ``` systemctl daemon-reload systemctl enable mysqld.service systemctl is-enabled mysqld ``` 10. 啟動mysql ``` systemctl start mysqld.service ``` ### 二.編譯安裝bind 1.下載bind9.9.5的源碼包，這里一定要用源碼包安裝，編譯dlz支持mysql，否則yum安裝，不能支持mysql 下載地址：https://www.isc.org/downloads/bind/ 2.安裝 編譯工具下載： ``` yum -y install make gcc-c++ cmake bison-devel ncurses-devel zlib-devel openssl openssl-devel openssl* tar -xf bind-9.9.5.tar.gz cd bind-9.9.5 cd bind-9.9.5 ./configure --prefix=/usr/local/bind/ \ --enable-threads=no \ --enable-newstats \ --with-dlz-mysql \ --disable-openssl-version-check #官網說明強調編譯關閉多線程，即—enable-threads=no Make Make install #源碼編譯安裝完成 ``` 3.環境變量配置 ``` cat >> /etc/profile <<EOF PATH=$PATH:/usr/local/bind/bin:/usr/local/bind/sbin export PATH EOF source /etc/profile #重新加載一下環境變量 named -v #如下圖，說明環境變量正常 ``` 可能會出現如下情況， while loading shared libraries: libmysqlclient.so.20: cannot open shared object file: No such 遇到這種情況： 請先查找本地有無這個庫文件 ``` find / -name *mysqlclient.so* 由于centos7的目錄結構和centos6的目錄結構不同，請添加軟連接 ln -s /usr/local/mysql/lib/libmysqlclient.so.20 /usr/lib/ ln -s /usr/local/mysql/lib/libmysqlclient.so.20 /usr/lib64/ ``` 添加了軟連接就可以了 4.使用rndc生成加密的key文件 rndc是BIND安裝包提供的一種控制域名服務運行的工具，它可以運行在其他計算機上，通過網絡與DNS服務器進行連接，然后根據管理員的指令對named進程進行遠程控制，此時，管理員不需要DNS服務器的根用戶權限。 使用rndc可以在不停止DNS服務器工作的情況進行數據的更新，使修改后的配置文件生效。在實際情況下，DNS服務器是非常繁忙的，任何短時間的停頓都會給用戶的使用帶來影響。因此，使用rndc工具可以使DNS服務器更好地為用戶提供服務。 rndc與DNS服務器實行連接時，需要通過數字證書進行認證，而不是傳統的用戶名/密碼方式。在當前版本下，rndc和named都只支持HMAC-MD5認證算法，在通信兩端使用共享密鑰。rndc在連接通道中發送命令時，必須使用經過服務器認可的密鑰加密。為了生成雙方都認可的密鑰，可以使用rndc-confgen命令產生密鑰和相應的配置，再把這些配置分別放入named.conf和rndc的配置文件rndc.conf中 1.執行rndc-confgen命令，得到密鑰和相應的配置 ``` #rndc-confgen # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "Ats9ygxMNv9aVOXXwMgojQ=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "Ats9ygxMNv9aVOXXwMgojQ=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf ``` 2.在/etc目錄下創建rndc.conf文件，根據提示輸入上述輸出中不帶注釋的內容。 ``` #Cat /etc/rndc.conf key "rndc-key" { algorithm hmac-md5; secret "Ats9ygxMNv9aVOXXwMgojQ=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; 3.根據提示，把下列內容放入/etc/named.conf文件后面。 key "rndc-key" { algorithm hmac-md5; secret "Ats9ygxMNv9aVOXXwMgojQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; ``` 4.創建用戶和添加授權目錄 ``` useradd -s /sbin/nologin named chown -R named:named /usr/local/bind/ ``` 4.配置Bind 注意： bind 的數據庫即是 管理平臺使用的數據庫，這里配置的庫名和，后面管理平臺的數據庫名一樣 ``` vi /usr/local/bind/etc/named.conf options { directory "/usr/local/bind/"; version "bind-9.9.9"; listen-on port 53 { any; }; allow-query-cache { any; }; listen-on-v6 port 53 { ::1; }; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; }; key "rndc-key" { algorithm hmac-md5; secret "C4Fg6OGjJipHKfgUWcAh+g=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; view "ours_domain" { match-clients {any; }; allow-query-cache {any; }; allow-recursion {any; }; allow-transfer {any; }; dlz "Mysql zone" { database "mysql {host=127.0.0.1 dbname=devops1 ssl=false port=3306 user=root pass=123456} {select zone from dns_records where zone='$zone$'} {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}"; }; zone "." IN { type hint; file "/usr/local/bind/etc/named.ca"; }; }; ``` 6.上面文件中/usr/local/bind/etc/named.ca 這個證書是需要我們自己生成的 cd /usr/local/bind/etc/ dig -t NS . >named.ca 三.配置Bind-Web 管理平臺 ``` yum install git git clone https://github.com/1032231418/Bind-Web.git #git 克隆下來 cd Bind-Web 2.安裝Django框架 yum -y install epel-release yum -y install python-pip pip install -r requirement.txt 注意這里會報錯，安裝MySQL-python會提示找不到python.h文件 解決方法：pip install --upgrade pip yum -y install mysql-devel yum install python-devel pip install MySQL-python 這樣就安裝好了 ``` 3.數據庫配置: ``` 5.) CREATE DATABASE devops1 CHARACTER SET utf8 COLLATE utf8_general_ci; ``` #創建數據庫 2.)配置文件devops/settings 里連接數據庫 DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME':'devops1', 'USER': 'root', 'PASSWORD': '123456', 'HOST': '127.0.0.1', 'PORT':'3306', } } 3.python manage.py makemigrations python manage.py migrate 創建管理用戶 python manage.py createsuperuser 創建用戶，密碼長度要大于8，郵箱 運行 nohup python manage.py runserver 0.0.0.0:8001 & http://ip/8001 訪問WEB 界面 登錄賬戶就是創建的管理用戶 四．啟動服務，并檢查是否正常 ``` /usr/local/bind/sbin/named Ps -ef |grep named Cp /mnt/Bind-Web/Bind開機啟動腳本/bind /etc/init.d/ /etc/init.d/bind start chmod 755 /etc/init.d/bind 在web界面添加如下的域名 測試bind連接數據庫是否正常: ```