Bind-DLZ with MySQL

DNS management with Bind has traditionally been flat files and slave/master configurations. Bind also has a feature/extension called DLZ — dynamically loaded zones. This feature can be very useful when designing applications that use databases or directories for storage rather than having to design your application to address a filesystem to create resource records or zone files.

In this article, I will explain how to set this up for a configuration where there are thousands of name-based virtual hosts hosted on the same VIP/email infrastructure using the same resource record on a CentOS 5.X system using MySQL to store records. The Bind version is 9.6.0-P1.

The first step is to install any pre-requisites:

yum install openssl-devel mysql-devel openldap-devel unixODBC-devel gcc

Note that you’ll want to uninstall gcc after this process is complete to reduce the likelihood of an attacker compiling an exploit on this box if they were to gain unprivileged access.

Next, download and extract the Bind sources:

pushd /tmp/
curl -C - -L -O 'http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz'
tar xzvf bind-9.6.0-P1.tar.gz
pushd bind-9.6.0-P1

If compiling on a 64 bit system, you might have to setup some variables so that the appropriate mysql libraries are found:

export CPPFLAGS="-I/usr/lib64/mysql $CPPFLAGS"
export LDFLAGS="-L/usr/lib64/mysql $LDFLAGS"
export LD_LIBRARY_PATH="/usr/lib64/mysql"

The next step is to run configure — this example uses mysql only:

./configure  \
  --prefix=/usr/local/bind  \
  --disable-openssl-version-check \
  --with-dlz-mysql=yes 

Once successful with configure, the next step is to install:

make && sudo make install

Be sure to add a user and group, as well as setup some basic directories for data:

groupadd -r -g 25 named
useradd -r -u 25 -s /bin/nologin -d /usr/local/named -g named named
mkdir /var/cache/bind
chown named:named /var/cache/bind

Now that the easy part is finished, the next step is to setup MySQL to store the appropriate DNS records.

In this example, data is populated in MySQL via a stored procedure in SQL Server via a linked server to a MySQL master (ODBC). A python script then creates the necessary entries in the postfix database to allow mail routing to occur. One of the tables populated here is the postfix.domains table. This is simply a list of all domains that are hosted at this site. I take advantage of this to replicate only this table to each of my DNS servers running MySQL and Bind-DLZ locally. This explanation will help the reader understand the next portion where I setup tables and views and populate them with data.

The next step is to create the database which will store the records. I use a database called postfix since my setup is tightly coupled with email routing and replication from the email database. (Login to MySQL to perform the following actions or script as appropriate.)

mysql> create database postfix;

Next, I create a template of resource records that will apply to all zones hosted within MySQL. (Note that this is a site which hosts thousands of domains on the same VIP/email architecture.)

DROP TABLE IF EXISTS dns_values;
CREATE TABLE dns_values (
  host VARCHAR(255) DEFAULT '' NOT NULL,
  type ENUM('SOA','NS','MX','A','CNAME','TXT','HINFO','PTR') NOT NULL DEFAULT 'SOA',
  data VARCHAR(255),
  ttl INT(11) DEFAULT 300 NOT NULL,
  mx_priority VARCHAR(10),
  refresh INT(11) DEFAULT 0 NOT NULL,
  retry INT(11) DEFAULT 0 NOT NULL,
  expire INT(11) DEFAULT 0 NOT NULL,
  minimum INT(11) DEFAULT 0 NOT NULL,
  serial BIGINT(20) DEFAULT 0 NOT NULL,
  resp_person VARCHAR(255),
  primary_ns VARCHAR(255),
  key host_index (host),
  key type_index (type)
) ENGINE=MyISAM;

The next step is to populate the basic set:

mysql> LOCK TABLES `dns_values` WRITE;
/*!40000 ALTER TABLE `dns_values` DISABLE KEYS */;
INSERT INTO `dns_values` VALUES
('@','SOA','root.mail.example.com.',300,NULL,10800,900,604800,600,2009020401,'root.mail.example.com.','ns1.example.com.'),
('@','NS','ns1.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','NS','ns2.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('images','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('mail','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('*','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('imap','CNAME','mail.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('smtp','CNAME','mail.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','TXT','v=spf2.0/pra mx ip4:xxx.xxx.xxx.0/24 -all',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','TXT','v=spf1 mx ip4:xxx.xxx.xxx.0/24 -all',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','MX','mail.example.com.',300,'10',10800,900,604800,600,2009020401,NULL,NULL),
('webmail','CNAME','mail.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL);
/*!40000 ALTER TABLE `dns_values` ENABLE KEYS */;
UNLOCK TABLES;

Create the postfix.domains table:

mysql> CREATE TABLE domains (
  domain varchar(128) NOT NULL default '',
  PRIMARY KEY  (domain)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

Go ahead and populate the domains table with some values. Note that I replicate data from another table but you can just as well enter any values manually.

mysql> insert into domains (domain) values('example.com');

The next step is to create a view that will combine the dns_values table with the domains table to present all records as one table:

mysql>CREATE VIEW dns_records AS
SELECT 
  d.domain        as zone
  ,dv.host        as host
  ,dv.type        as type
  ,dv.data        as data
  ,dv.ttl         as ttl
  ,dv.mx_priority as mx_priority
  ,dv.refresh     as refresh
  ,dv.retry       as retry
  ,dv.expire      as expire
  ,dv.minimum     as minimum
  ,dv.serial      as serial
  ,dv.resp_person as resp_person
  ,dv.primary_ns  as primary_ns
FROM domains d, dns_values dv ;

Next, setup grants on MySQL to allow the user who is accessing MySQL from Bind access:

mysql> GRANT USAGE,SELECT ON postfix.* TO binddlz@localhost identified by 'trickypassword';
FLUSH PRIVILEGES;

I started with a pretty basic named.conf file:

key rndc {
  algorithm hmac-md5 ;
  secret "longsecret";
};

controls {
  inet 127.0.0.1 allow { localhost; } keys { rndc; };
};

include "/usr/local/bind/etc/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
  type hint;
  file "/usr/local/bind/etc/db.root";
};

// setup local zones
zone "localhost" {
  type master;
  file "/usr/local/bind/etc/db.local";
};

zone "127.in-addr.arpa" {
  type master;
  file "/usr/local/bind/etc/db.127";
};

zone "0.in-addr.arpa" {
  type master;
  file "/usr/local/bind/etc/db.0";
};

zone "255.in-addr.arpa" {
  type master;
  file "/usr/local/bind/etc/db.255";
};

include "/usr/local/bind/etc/named.custom.zones";
include "/usr/local/bind/etc/named.dlz.zones";

As far as named.conf.options, it is also pretty basic:

options {
  directory "/var/cache/bind";
  allow-transfer { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; };
  zone-statistics yes;
  statistics-file "/usr/local/bind/var/stats/named-stats.out";
  recursion no; 
};

As you can see, I simply included the following configuration portion as named.dlz.zones.

dlz "mysql zone" {
  database "mysql
  {host=localhost dbname=postfix user=binddlz pass=trickypassword ssl=false}
  {select zone from dns_records where zone = '%zone%'}
  {select ttl, type, mx_priority, case 
      when lower(type)='txt' then concat('\"', data, '\"') 
      when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) 
    else data end from dns_records_view where zone = '%zone%' and host = '%record%'}";
};

Now start Bind with the following command and test:

/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named

Useful tips:
* do not include both ns and contact in SOA record, use only respo_contact in either data or resp_contact fields
* make sure you restart Bind every time you restart MySQL or you will lose your connection(s)
* if you would like to create the dns_records table without a view, simply use the dns_values table and add the zone as the first column


Comments

11 responses to “Bind-DLZ with MySQL”

  1. […] 来源:http://itsecureadmin.com/2010/09/bind-dlz-with-mysql/ […]

  2. stephen Avatar
    stephen

    Thanks for the short tutorial on BIND DLZ.
    Can you please share with me how one can configure for filesystem?

    I am using this http://bind-dlz.sourceforge.net/filesystem_driver.html and getting the error, unsupported DLZ database driver ‘filesystem’. file system zone not loaded so i followed your steps to make changes by creating a named.dlz.zones file and positioning it appropriately. I compiled mine on Ubuntu for a school research. Can you please advice?

  3. Hi Stephen,

    Can you provide some additional detail here?

    – Which version of Bind are you using?
    – Did you compile with the ‘–with-dlz-filesystem’ option?
    – Can you provide your config(s)?

    Thanks,
    Josh

  4. Thanks for responding:
    Below is my error:
    Ubuntu 16 in VirtualBox : This building BIND9 from source with DLZ filesystem support for academic research. Want to extend the filesystem to another datastore by a fellow student;

    stepsei@stepsei-VirtualBox:/etc/bind$ sudo -i named -c /etc/named.conf -g
    04-Oct-2017 00:28:55.138 starting BIND 9.9.5 -c /etc/named.conf -g
    04-Oct-2017 00:28:55.140 built with defaults
    04-Oct-2017 00:28:55.140 —————————————————-
    04-Oct-2017 00:28:55.140 BIND 9 is maintained by Internet Systems Consortium,
    04-Oct-2017 00:28:55.140 Inc. (ISC), a non-profit 501(c)(3) public-benefit
    04-Oct-2017 00:28:55.140 corporation. Support and training for BIND 9 are
    04-Oct-2017 00:28:55.140 available at https://www.isc.org/support
    04-Oct-2017 00:28:55.140 —————————————————-
    04-Oct-2017 00:28:55.140 using 1 UDP listener per interface
    04-Oct-2017 00:28:55.141 using up to 4096 sockets
    04-Oct-2017 00:28:55.156 loading configuration from ‘/etc/named.conf’
    04-Oct-2017 00:28:55.157 reading built-in trusted keys from file ‘/etc/bind.keys’
    04-Oct-2017 00:28:55.159 using default UDP/IPv4 port range: [1024, 65535]
    04-Oct-2017 00:28:55.159 using default UDP/IPv6 port range: [1024, 65535]
    04-Oct-2017 00:28:55.164 listening on IPv4 interface lo, 127.0.0.1#53
    04-Oct-2017 00:28:55.170 listening on IPv4 interface enp0s3, 10.109.132.103#53
    04-Oct-2017 00:28:55.172 generating session key for dynamic DNS
    04-Oct-2017 00:28:55.172 sizing zone task pool based on 8 zones
    04-Oct-2017 00:28:55.174 Loading ‘file system zone’ using driver filesystem
    04-Oct-2017 00:28:55.174 unsupported DLZ database driver ‘filesystem’. file system zone not loaded.
    04-Oct-2017 00:28:55.175 loading configuration: not found
    04-Oct-2017 00:28:55.175 exiting (due to fatal error)

    However, a dig command works fine when not using DLZ;

    ******************
    ========================================================================
    Configuration summary:
    ————————————————————————
    Optional features enabled:
    Multiprocessing support (–enable-threads)
    GSS-API (–with-gssapi)
    Print backtrace on crash (–enable-backtrace)
    Use symbol table for backtrace, named only (–enable-symtable)
    Dynamically loadable zone (DLZ) drivers:
    Filesystem (–with-dlz-filesystem)

    Features disabled or unavailable on this platform:
    Response Rate Limiting (–enable-rrl)
    PKCS#11/Cryptoki support (–with-pkcs11)
    New statistics (–enable-newstats)
    Allow ‘fixed’ rrset-order (–enable-fixed-rrset)
    Automated Testing Framework (–with-atf)
    XML statistics (–with-libxml2)
    ========================================================================

    this was my named.conf.local;
    //
    // Do any local configuration here
    //

    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    //include “/etc/bind/zones.rfc1918”;

    zone “stepsei.edu” {
    type master;
    file “/etc/bind/db.stepsei.edu”;
    };

    zone “xxx.xxx.155.in-addr.arpa” {
    type master;
    notify no;
    file “/etc/bind/db.155”;
    };

    named.conf.options:
    options {
    directory “/var/cache/bind”;

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk. See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0’s placeholder.

    forwarders {
    8.8.8.8; #Google’s public DNS server IP address
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys. See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;
    dnssec-enable yes;
    dnssec-lookaside auto;
    recursion no;
    allow-query { any; };

    auth-nxdomain no; # conform to RFC1035
    # listen-on-v6 { any; };

    };

    named.conf.default-zones;

    // prime the server with knowledge of the root servers
    zone “.” {
    type hint;
    file “/etc/bind/db.root”;
    };

    // be authoritative for the localhost forward and reverse zones, and for
    // broadcast zones as per RFC 1912

    zone “localhost” {
    type master;
    file “/etc/bind/db.local”;
    };

    zone “127.in-addr.arpa” {
    type master;
    file “/etc/bind/db.127”;
    };

    zone “0.in-addr.arpa” {
    type master;
    file “/etc/bind/db.0”;
    };

    zone “255.in-addr.arpa” {
    type master;
    file “/etc/bind/db.255”;
    };

    named.dlz.zones:
    dlz “file system zone” {
    database “filesystem ./etc/bind/ .dns .xfr 0 ~”;
    };

    named.conf:

    // This is the primary configuration file for the BIND DNS server named.
    //
    // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
    // structure of BIND configuration files in Debian, *BEFORE* you customize
    // this configuration file.
    //
    // If you are just adding zones, please do that in /etc/bind/named.conf.local

    include “/etc/bind/named.conf.options”;
    include “/etc/bind/named.conf.local”;
    include “/etc/bind/named.conf.default-zones”;
    include “/etc/bind/named.dlz.zones”;

  5. Hey stepsei, sorry for the delay – on jury duty this month so things are hectic.

    Can you provide the compile flags and any parameters that you used when executing the configure and make commands?

    Thanks,
    Josh

  6. Thanks,

    Below was the config used;
    And the response was positive.

    /configure –prefix=/usr –sysconfdir=/etc/bind –localstatedir=/var \
    –mandir=/usr/share/man –infodir=/usr/share/info \
    –enable-threads –enable-largefile –with-libtool –enable-shared –enable-static \
    –with-openssl=/usr –with-gssapi=/usr –with-gnu-ld \
    –with-dlz-postgres=yes –with-dlz-mysql=yes –with-dlz-bdb=no \
    –with-dlz-filesystem=yes –with-dlz-ldap=yes \
    –with-dlz-stub=yes –with-geoip=/usr –enable-ipv6

    sudo make && make install

    ========================================================================
    Configuration summary:
    ————————————————————————
    Optional features enabled:
    Multiprocessing support (–enable-threads)
    GeoIP access control (–with-geoip)
    GSS-API (–with-gssapi)
    GOST algorithm support (encoding: raw) (–with-gost)
    ECDSA algorithm support (–with-ecdsa)
    Print backtrace on crash (–enable-backtrace)
    Use symbol table for backtrace, named only (–enable-symtable)
    Use GNU libtool (–with-libtool)
    Dynamically loadable zone (DLZ) drivers:
    LDAP (–with-dlz-ldap)
    MySQL (–with-dlz-mysql)
    Postgres (–with-dlz-postgres)
    Filesystem (–with-dlz-filesystem)
    Stub (–with-dlz-stub)

    Features disabled or unavailable on this platform:
    Large-system tuning (–with-tuning)
    Recursive fetch limits for DoS attack mitigation (–enable-fetchlimit)
    Source Identity Token support (–enable-sit)
    Allow ‘fixed’ rrset-order (–enable-fixed-rrset)
    PKCS#11/Cryptoki support (–with-pkcs11)
    Native PKCS#11/Cryptoki support (–enable-native-pkcs11)
    Use libseccomp system call filtering (–enable-seccomp)
    Very verbose query trace logging (–enable-querytrace)
    Automated Testing Framework (–with-atf)
    JSON statistics (–with-libjson)

  7. Hi stepsei,

    I tried this out and it works for me. I would suggest that you be sure that you are using the named binary that you compiled by executing named with the fully qualified path, ie:

    sudo /usr/sbin/named -4 -c /etc/named.conf -g

    I suspect that you are using the binary that is installed with Ubuntu rather than the binary that you have compiled. The main reason is that using the compile flags that you did, you should see those flags as part of the output when you start the named application.

    Please try this and let me know how it turns out.

    I always recommend setting the paths a bit more explicitly when creating a custom install rather than using the generic ‘/usr/’ prefix, something like:

    INSTALL_DIR=/usr/local/bind/bind-9.9.5
    mkdir -p ${INSTALL_DIR}
    ./configure \
      --prefix=${INSTALL_DIR} \
      --sysconfdir=${INSTALL_DIR}/etc \
      --localstatedir=${INSTALL_DIR}/var \
      --mandir=${INSTALL_DIR}/man \
      --infodir=${INSTALL_DIR}/info \
    ...
    make && make install
    

    With this method, you can always be certain that you are using the binary you compiled without interfering with the system installed binaries and/or configuration files.

    Thanks,
    Josh

  8. hello, do you know how to modify dlz-mysql source code?

  9. I have an error “Required token $zone$ not found.” which I have seen several others around the net experiencing.

    after unpacking the tar.gz I ran:
    ./configure –prefix=/usr –sysconfdir=/etc –localstatedir=/var –with-dlz-mysql=yes –enable-threads=no

    Which resulted in:
    ===============================================================================
    Configuration summary:
    ——————————————————————————-
    Optional features enabled:
    GSS-API (–with-gssapi)
    ECDSA algorithm support (–with-ecdsa)
    Print backtrace on crash (–enable-backtrace)
    Use symbol table for backtrace, named only (–enable-symtable)
    Dynamically loadable zone (DLZ) drivers:
    MySQL (–with-dlz-mysql)
    ——————————————————————————-
    Features disabled or unavailable on this platform:
    Multiprocessing support (–enable-threads)
    Large-system tuning (–with-tuning)
    Allow ‘dnstap’ packet logging (–enable-dnstap)
    GeoIP access control (–with-geoip)
    Allow ‘fixed’ rrset-order (–enable-fixed-rrset)
    PKCS#11/Cryptoki support (–with-pkcs11)
    Native PKCS#11/Cryptoki support (–enable-native-pkcs11)
    GOST algorithm support (–with-gost)
    EDDSA algorithm support (–with-eddsa)
    Use libseccomp system call filtering (–enable-seccomp)
    Very verbose query trace logging (–enable-querytrace)
    Use GNU libtool (–with-libtool)
    Automated Testing Framework (–with-atf)
    ——————————————————————————-
    Configured paths:
    prefix: /usr
    sysconfdir: /etc
    localstatedir: /var
    ——————————————————————————-
    For more detail, use –enable-full-report.
    ===============================================================================

  10. named -d 8 -g -n 1 -c /etc/bind/named.conf

    28-Apr-2018 20:32:23.654 starting BIND 9.11.3-1-Debian (Extended Support Version)
    28-Apr-2018 20:32:23.654 running on Linux x86_64 4.15.0-3-amd64 #1 SMP Debian 4.15.17-1 (2018-04-19)
    28-Apr-2018 20:32:23.654 built with ‘–prefix=/usr’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–with-dlz-mysql=yes’
    28-Apr-2018 20:32:23.654 running as: named -d 8 -g -n 1 -c /etc/bind/named.conf
    28-Apr-2018 20:32:23.654 —————————————————-
    28-Apr-2018 20:32:23.654 BIND 9 is maintained by Internet Systems Consortium,
    28-Apr-2018 20:32:23.654 Inc. (ISC), a non-profit 501(c)(3) public-benefit
    28-Apr-2018 20:32:23.654 corporation. Support and training for BIND 9 are
    28-Apr-2018 20:32:23.654 available at https://www.isc.org/support
    28-Apr-2018 20:32:23.654 —————————————————-
    28-Apr-2018 20:32:23.654 found 2 CPUs, using 1 worker thread
    28-Apr-2018 20:32:23.654 using 1 UDP listener per interface
    28-Apr-2018 20:32:23.654 using up to 4096 sockets
    28-Apr-2018 20:32:23.654 Registering DLZ_dlopen driver
    28-Apr-2018 20:32:23.654 Registering SDLZ driver ‘dlopen’
    28-Apr-2018 20:32:23.654 Registering DLZ driver ‘dlopen’
    28-Apr-2018 20:32:23.654 Registering DLZ mysql driver.
    28-Apr-2018 20:32:23.654 Registering SDLZ driver ‘mysql’
    28-Apr-2018 20:32:23.654 Registering DLZ driver ‘mysql’
    28-Apr-2018 20:32:23.658 loading configuration from ‘/etc/bind/named.conf’
    28-Apr-2018 20:32:23.658 reading built-in trust anchors from file ‘/etc/bind.keys’
    28-Apr-2018 20:32:23.658 set maximum stack size to 18446744073709551615: success
    28-Apr-2018 20:32:23.658 set maximum data size to 18446744073709551615: success
    28-Apr-2018 20:32:23.658 set maximum core size to 18446744073709551615: success
    28-Apr-2018 20:32:23.658 set maximum open files to 18446744073709551615: success
    28-Apr-2018 20:32:23.658 using default UDP/IPv4 port range: [32768, 60999]
    28-Apr-2018 20:32:23.658 using default UDP/IPv6 port range: [32768, 60999]
    28-Apr-2018 20:32:23.659 listening on IPv6 interfaces, port 53
    28-Apr-2018 20:32:23.659 clientmgr @0x7fa226782010: create
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: createclients
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: get client
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: create new
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: clientmctx
    28-Apr-2018 20:32:23.663 client @0x7fa218038c50 (no-peer): create
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: createclients
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: get client
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: create new
    28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: clientmctx
    28-Apr-2018 20:32:23.663 client @0x7fa21803e8b0 (no-peer): create
    28-Apr-2018 20:32:23.664 listening on IPv4 interface lo, 127.0.0.1#53
    28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: create
    28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: createclients
    28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: get client
    28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: create new
    28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: clientmctx
    28-Apr-2018 20:32:23.664 client @0x7fa2180422a0 (no-peer): create
    28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: createclients
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa226782458: get client
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa226782458: create new
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa226782458: clientmctx
    28-Apr-2018 20:32:23.665 client @0x7fa2180af230 (no-peer): create
    28-Apr-2018 20:32:23.665 listening on IPv4 interface enp0s3, 192.168.1.103#53
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: create
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: createclients
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: get client
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: create new
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: clientmctx
    28-Apr-2018 20:32:23.665 client @0x7fa2180bdef0 (no-peer): create
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: createclients
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: get client
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: create new
    28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: clientmctx
    28-Apr-2018 20:32:23.665 client @0x7fa2180cc670 (no-peer): create
    28-Apr-2018 20:32:23.666 generating session key for dynamic DNS
    28-Apr-2018 20:32:23.666 sizing zone task pool based on 5 zones
    28-Apr-2018 20:32:23.666 zone_settimer: zone localhost/IN: enter
    28-Apr-2018 20:32:23.666 zone_settimer: zone 127.in-addr.arpa/IN: enter
    28-Apr-2018 20:32:23.666 zone_settimer: zone 0.in-addr.arpa/IN: enter
    28-Apr-2018 20:32:23.666 zone_settimer: zone 255.in-addr.arpa/IN: enter
    28-Apr-2018 20:32:23.666 Loading ‘mysql zone’ using driver mysql
    28-Apr-2018 20:32:23.666 Loading SDLZ driver.
    28-Apr-2018 20:32:23.666 Required token $zone$ not found.
    28-Apr-2018 20:32:23.666 Could not build all nodes query list
    28-Apr-2018 20:32:23.666 mysql driver could not create database instance object.
    28-Apr-2018 20:32:23.666 SDLZ driver failed to load.
    28-Apr-2018 20:32:23.666 DLZ driver failed to load.
    28-Apr-2018 20:32:23.667 load_configuration: failure
    28-Apr-2018 20:32:23.667 loading configuration: failure
    28-Apr-2018 20:32:23.667 exiting (due to fatal error)

    /etc/bind/named.conf.local

    dlz “mysql zone” {
    database “mysql
    {host=localhost dbname=bind_dns ssl=false user=binduser pass=secretPassword}
    {select zone from dns_values where zone = ‘%zone%’}
    {select ttl, type, mx_priority, case when lower(type)=’txt’ then concat(‘\”‘, data, ‘\”‘)
    else data end from dns_values where zone = ‘%zone%’ and host = ‘%record%’
    and not (type = ‘SOA’ or type = ‘NS’)}
    {select ttl, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum
    from dns_values where zone = ‘%zone%’ and (type = ‘SOA’ or type=’NS’)}
    {select ttl, type, host, mx_priority, data, resp_person, serial, refresh, retry, expire,
    minimum from dns_values where zone = ‘%zone%’ and not (type = ‘SOA’ or type = ‘NS’)}
    {select zone from xfr_table where zone = ‘%zone%’ and client = ‘%client%’}
    {update data_count set count = count + 1 where zone =’%zone%’}”;
    };

  11. […] BIND DLZ Home What is DLZ? Configure BIND with database backend and DLZ support CentOS 7系统下bind 9.9.4如何调用MariaDB/mysql中的zone数据? Bind-DLZ with MySQL […]

Leave a Reply

Your email address will not be published. Required fields are marked *