Bind-DLZ with MySQL
By : Josh -
DNS management with Bind has traditionally been flat files and slave/master configurations. Bind also has a feature/extension called DLZ — dynamically loaded zones. This feature can be very useful when designing applications that use databases or directories for storage rather than having to design your application to address a filesystem to create resource records or zone files.
In this article, I will explain how to set this up for a configuration where there are thousands of name-based virtual hosts hosted on the same VIP/email infrastructure using the same resource record on a CentOS 5.X system using MySQL to store records. The Bind version is 9.6.0-P1.
The first step is to install any pre-requisites:
yum install openssl-devel mysql-devel openldap-devel unixODBC-devel gcc
Note that you’ll want to uninstall gcc
after this process is complete to reduce the likelihood of an attacker compiling an exploit on this box if they were to gain unprivileged access.
Next, download and extract the Bind sources:
pushd /tmp/ curl -C - -L -O 'http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz' tar xzvf bind-9.6.0-P1.tar.gz pushd bind-9.6.0-P1
If compiling on a 64 bit system, you might have to setup some variables so that the appropriate mysql libraries are found:
export CPPFLAGS="-I/usr/lib64/mysql $CPPFLAGS"
export LDFLAGS="-L/usr/lib64/mysql $LDFLAGS"
export LD_LIBRARY_PATH="/usr/lib64/mysql"
The next step is to run configure — this example uses mysql only:
./configure \ --prefix=/usr/local/bind \ --disable-openssl-version-check \ --with-dlz-mysql=yes
Once successful with configure, the next step is to install:
make && sudo make install
Be sure to add a user and group, as well as setup some basic directories for data:
groupadd -r -g 25 named
useradd -r -u 25 -s /bin/nologin -d /usr/local/named -g named named
mkdir /var/cache/bind
chown named:named /var/cache/bind
Now that the easy part is finished, the next step is to setup MySQL to store the appropriate DNS records.
In this example, data is populated in MySQL via a stored procedure in SQL Server via a linked server to a MySQL master (ODBC). A python script then creates the necessary entries in the postfix database to allow mail routing to occur. One of the tables populated here is the postfix.domains table. This is simply a list of all domains that are hosted at this site. I take advantage of this to replicate only this table to each of my DNS servers running MySQL and Bind-DLZ locally. This explanation will help the reader understand the next portion where I setup tables and views and populate them with data.
The next step is to create the database which will store the records. I use a database called postfix since my setup is tightly coupled with email routing and replication from the email database. (Login to MySQL to perform the following actions or script as appropriate.)
mysql> create database postfix;
Next, I create a template of resource records that will apply to all zones hosted within MySQL. (Note that this is a site which hosts thousands of domains on the same VIP/email architecture.)
DROP TABLE IF EXISTS dns_values; CREATE TABLE dns_values ( host VARCHAR(255) DEFAULT '' NOT NULL, type ENUM('SOA','NS','MX','A','CNAME','TXT','HINFO','PTR') NOT NULL DEFAULT 'SOA', data VARCHAR(255), ttl INT(11) DEFAULT 300 NOT NULL, mx_priority VARCHAR(10), refresh INT(11) DEFAULT 0 NOT NULL, retry INT(11) DEFAULT 0 NOT NULL, expire INT(11) DEFAULT 0 NOT NULL, minimum INT(11) DEFAULT 0 NOT NULL, serial BIGINT(20) DEFAULT 0 NOT NULL, resp_person VARCHAR(255), primary_ns VARCHAR(255), key host_index (host), key type_index (type) ) ENGINE=MyISAM;
The next step is to populate the basic set:
mysql> LOCK TABLES `dns_values` WRITE;
/*!40000 ALTER TABLE `dns_values` DISABLE KEYS */;
INSERT INTO `dns_values` VALUES
('@','SOA','root.mail.example.com.',300,NULL,10800,900,604800,600,2009020401,'root.mail.example.com.','ns1.example.com.'),
('@','NS','ns1.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','NS','ns2.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('images','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('mail','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('*','A','xxx.xxx.xxx.xxx',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('imap','CNAME','mail.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('smtp','CNAME','mail.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','TXT','v=spf2.0/pra mx ip4:xxx.xxx.xxx.0/24 -all',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','TXT','v=spf1 mx ip4:xxx.xxx.xxx.0/24 -all',300,NULL,10800,900,604800,600,2009020401,NULL,NULL),
('@','MX','mail.example.com.',300,'10',10800,900,604800,600,2009020401,NULL,NULL),
('webmail','CNAME','mail.example.com.',300,NULL,10800,900,604800,600,2009020401,NULL,NULL);
/*!40000 ALTER TABLE `dns_values` ENABLE KEYS */;
UNLOCK TABLES;
Create the postfix.domains table:
mysql> CREATE TABLE domains ( domain varchar(128) NOT NULL default '', PRIMARY KEY (domain) ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
Go ahead and populate the domains table with some values. Note that I replicate data from another table but you can just as well enter any values manually.
mysql> insert into domains (domain) values('example.com');
The next step is to create a view that will combine the dns_values table with the domains table to present all records as one table:
mysql>CREATE VIEW dns_records AS SELECT d.domain as zone ,dv.host as host ,dv.type as type ,dv.data as data ,dv.ttl as ttl ,dv.mx_priority as mx_priority ,dv.refresh as refresh ,dv.retry as retry ,dv.expire as expire ,dv.minimum as minimum ,dv.serial as serial ,dv.resp_person as resp_person ,dv.primary_ns as primary_ns FROM domains d, dns_values dv ;
Next, setup grants on MySQL to allow the user who is accessing MySQL from Bind access:
mysql> GRANT USAGE,SELECT ON postfix.* TO binddlz@localhost identified by 'trickypassword';
FLUSH PRIVILEGES;
I started with a pretty basic named.conf file:
key rndc { algorithm hmac-md5 ; secret "longsecret"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndc; }; }; include "/usr/local/bind/etc/named.conf.options"; // prime the server with knowledge of the root servers zone "." { type hint; file "/usr/local/bind/etc/db.root"; }; // setup local zones zone "localhost" { type master; file "/usr/local/bind/etc/db.local"; }; zone "127.in-addr.arpa" { type master; file "/usr/local/bind/etc/db.127"; }; zone "0.in-addr.arpa" { type master; file "/usr/local/bind/etc/db.0"; }; zone "255.in-addr.arpa" { type master; file "/usr/local/bind/etc/db.255"; }; include "/usr/local/bind/etc/named.custom.zones"; include "/usr/local/bind/etc/named.dlz.zones";
As far as named.conf.options
, it is also pretty basic:
options { directory "/var/cache/bind"; allow-transfer { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; }; zone-statistics yes; statistics-file "/usr/local/bind/var/stats/named-stats.out"; recursion no; };
As you can see, I simply included the following configuration portion as named.dlz.zones
.
dlz "mysql zone" { database "mysql {host=localhost dbname=postfix user=binddlz pass=trickypassword ssl=false} {select zone from dns_records where zone = '%zone%'} {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records_view where zone = '%zone%' and host = '%record%'}"; };
Now start Bind with the following command and test:
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named
Useful tips:
* do not include both ns and contact in SOA record, use only respo_contact in either data or resp_contact fields
* make sure you restart Bind every time you restart MySQL or you will lose your connection(s)
* if you would like to create the dns_records table without a view, simply use the dns_values table and add the zone as the first column
Thanks for the short tutorial on BIND DLZ.
Can you please share with me how one can configure for filesystem?
I am using this http://bind-dlz.sourceforge.net/filesystem_driver.html and getting the error, unsupported DLZ database driver ‘filesystem’. file system zone not loaded so i followed your steps to make changes by creating a named.dlz.zones file and positioning it appropriately. I compiled mine on Ubuntu for a school research. Can you please advice?
Hi Stephen,
Can you provide some additional detail here?
– Which version of Bind are you using?
– Did you compile with the ‘–with-dlz-filesystem’ option?
– Can you provide your config(s)?
Thanks,
Josh
Thanks for responding:
Below is my error:
Ubuntu 16 in VirtualBox : This building BIND9 from source with DLZ filesystem support for academic research. Want to extend the filesystem to another datastore by a fellow student;
stepsei@stepsei-VirtualBox:/etc/bind$ sudo -i named -c /etc/named.conf -g
04-Oct-2017 00:28:55.138 starting BIND 9.9.5 -c /etc/named.conf -g
04-Oct-2017 00:28:55.140 built with defaults
04-Oct-2017 00:28:55.140 —————————————————-
04-Oct-2017 00:28:55.140 BIND 9 is maintained by Internet Systems Consortium,
04-Oct-2017 00:28:55.140 Inc. (ISC), a non-profit 501(c)(3) public-benefit
04-Oct-2017 00:28:55.140 corporation. Support and training for BIND 9 are
04-Oct-2017 00:28:55.140 available at https://www.isc.org/support
04-Oct-2017 00:28:55.140 —————————————————-
04-Oct-2017 00:28:55.140 using 1 UDP listener per interface
04-Oct-2017 00:28:55.141 using up to 4096 sockets
04-Oct-2017 00:28:55.156 loading configuration from ‘/etc/named.conf’
04-Oct-2017 00:28:55.157 reading built-in trusted keys from file ‘/etc/bind.keys’
04-Oct-2017 00:28:55.159 using default UDP/IPv4 port range: [1024, 65535]
04-Oct-2017 00:28:55.159 using default UDP/IPv6 port range: [1024, 65535]
04-Oct-2017 00:28:55.164 listening on IPv4 interface lo, 127.0.0.1#53
04-Oct-2017 00:28:55.170 listening on IPv4 interface enp0s3, 10.109.132.103#53
04-Oct-2017 00:28:55.172 generating session key for dynamic DNS
04-Oct-2017 00:28:55.172 sizing zone task pool based on 8 zones
04-Oct-2017 00:28:55.174 Loading ‘file system zone’ using driver filesystem
04-Oct-2017 00:28:55.174 unsupported DLZ database driver ‘filesystem’. file system zone not loaded.
04-Oct-2017 00:28:55.175 loading configuration: not found
04-Oct-2017 00:28:55.175 exiting (due to fatal error)
However, a dig command works fine when not using DLZ;
******************
========================================================================
Configuration summary:
————————————————————————
Optional features enabled:
Multiprocessing support (–enable-threads)
GSS-API (–with-gssapi)
Print backtrace on crash (–enable-backtrace)
Use symbol table for backtrace, named only (–enable-symtable)
Dynamically loadable zone (DLZ) drivers:
Filesystem (–with-dlz-filesystem)
Features disabled or unavailable on this platform:
Response Rate Limiting (–enable-rrl)
PKCS#11/Cryptoki support (–with-pkcs11)
New statistics (–enable-newstats)
Allow ‘fixed’ rrset-order (–enable-fixed-rrset)
Automated Testing Framework (–with-atf)
XML statistics (–with-libxml2)
========================================================================
this was my named.conf.local;
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include “/etc/bind/zones.rfc1918”;
zone “stepsei.edu” {
type master;
file “/etc/bind/db.stepsei.edu”;
};
zone “xxx.xxx.155.in-addr.arpa” {
type master;
notify no;
file “/etc/bind/db.155”;
};
named.conf.options:
options {
directory “/var/cache/bind”;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0’s placeholder.
forwarders {
8.8.8.8; #Google’s public DNS server IP address
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
dnssec-enable yes;
dnssec-lookaside auto;
recursion no;
allow-query { any; };
auth-nxdomain no; # conform to RFC1035
# listen-on-v6 { any; };
};
named.conf.default-zones;
// prime the server with knowledge of the root servers
zone “.” {
type hint;
file “/etc/bind/db.root”;
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone “localhost” {
type master;
file “/etc/bind/db.local”;
};
zone “127.in-addr.arpa” {
type master;
file “/etc/bind/db.127”;
};
zone “0.in-addr.arpa” {
type master;
file “/etc/bind/db.0”;
};
zone “255.in-addr.arpa” {
type master;
file “/etc/bind/db.255”;
};
named.dlz.zones:
dlz “file system zone” {
database “filesystem ./etc/bind/ .dns .xfr 0 ~”;
};
named.conf:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include “/etc/bind/named.conf.options”;
include “/etc/bind/named.conf.local”;
include “/etc/bind/named.conf.default-zones”;
include “/etc/bind/named.dlz.zones”;
Hey stepsei, sorry for the delay – on jury duty this month so things are hectic.
Can you provide the compile flags and any parameters that you used when executing the configure and make commands?
Thanks,
Josh
Thanks,
Below was the config used;
And the response was positive.
/configure –prefix=/usr –sysconfdir=/etc/bind –localstatedir=/var \
–mandir=/usr/share/man –infodir=/usr/share/info \
–enable-threads –enable-largefile –with-libtool –enable-shared –enable-static \
–with-openssl=/usr –with-gssapi=/usr –with-gnu-ld \
–with-dlz-postgres=yes –with-dlz-mysql=yes –with-dlz-bdb=no \
–with-dlz-filesystem=yes –with-dlz-ldap=yes \
–with-dlz-stub=yes –with-geoip=/usr –enable-ipv6
sudo make && make install
========================================================================
Configuration summary:
————————————————————————
Optional features enabled:
Multiprocessing support (–enable-threads)
GeoIP access control (–with-geoip)
GSS-API (–with-gssapi)
GOST algorithm support (encoding: raw) (–with-gost)
ECDSA algorithm support (–with-ecdsa)
Print backtrace on crash (–enable-backtrace)
Use symbol table for backtrace, named only (–enable-symtable)
Use GNU libtool (–with-libtool)
Dynamically loadable zone (DLZ) drivers:
LDAP (–with-dlz-ldap)
MySQL (–with-dlz-mysql)
Postgres (–with-dlz-postgres)
Filesystem (–with-dlz-filesystem)
Stub (–with-dlz-stub)
Features disabled or unavailable on this platform:
Large-system tuning (–with-tuning)
Recursive fetch limits for DoS attack mitigation (–enable-fetchlimit)
Source Identity Token support (–enable-sit)
Allow ‘fixed’ rrset-order (–enable-fixed-rrset)
PKCS#11/Cryptoki support (–with-pkcs11)
Native PKCS#11/Cryptoki support (–enable-native-pkcs11)
Use libseccomp system call filtering (–enable-seccomp)
Very verbose query trace logging (–enable-querytrace)
Automated Testing Framework (–with-atf)
JSON statistics (–with-libjson)
Hi stepsei,
I tried this out and it works for me. I would suggest that you be sure that you are using the named binary that you compiled by executing named with the fully qualified path, ie:
I suspect that you are using the binary that is installed with Ubuntu rather than the binary that you have compiled. The main reason is that using the compile flags that you did, you should see those flags as part of the output when you start the named application.
Please try this and let me know how it turns out.
I always recommend setting the paths a bit more explicitly when creating a custom install rather than using the generic ‘/usr/’ prefix, something like:
With this method, you can always be certain that you are using the binary you compiled without interfering with the system installed binaries and/or configuration files.
Thanks,
Josh
hello, do you know how to modify dlz-mysql source code?
I have an error “Required token $zone$ not found.” which I have seen several others around the net experiencing.
after unpacking the tar.gz I ran:
./configure –prefix=/usr –sysconfdir=/etc –localstatedir=/var –with-dlz-mysql=yes –enable-threads=no
Which resulted in:
===============================================================================
Configuration summary:
——————————————————————————-
Optional features enabled:
GSS-API (–with-gssapi)
ECDSA algorithm support (–with-ecdsa)
Print backtrace on crash (–enable-backtrace)
Use symbol table for backtrace, named only (–enable-symtable)
Dynamically loadable zone (DLZ) drivers:
MySQL (–with-dlz-mysql)
——————————————————————————-
Features disabled or unavailable on this platform:
Multiprocessing support (–enable-threads)
Large-system tuning (–with-tuning)
Allow ‘dnstap’ packet logging (–enable-dnstap)
GeoIP access control (–with-geoip)
Allow ‘fixed’ rrset-order (–enable-fixed-rrset)
PKCS#11/Cryptoki support (–with-pkcs11)
Native PKCS#11/Cryptoki support (–enable-native-pkcs11)
GOST algorithm support (–with-gost)
EDDSA algorithm support (–with-eddsa)
Use libseccomp system call filtering (–enable-seccomp)
Very verbose query trace logging (–enable-querytrace)
Use GNU libtool (–with-libtool)
Automated Testing Framework (–with-atf)
——————————————————————————-
Configured paths:
prefix: /usr
sysconfdir: /etc
localstatedir: /var
——————————————————————————-
For more detail, use –enable-full-report.
===============================================================================
named -d 8 -g -n 1 -c /etc/bind/named.conf
28-Apr-2018 20:32:23.654 starting BIND 9.11.3-1-Debian (Extended Support Version)
28-Apr-2018 20:32:23.654 running on Linux x86_64 4.15.0-3-amd64 #1 SMP Debian 4.15.17-1 (2018-04-19)
28-Apr-2018 20:32:23.654 built with ‘–prefix=/usr’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–with-dlz-mysql=yes’
28-Apr-2018 20:32:23.654 running as: named -d 8 -g -n 1 -c /etc/bind/named.conf
28-Apr-2018 20:32:23.654 —————————————————-
28-Apr-2018 20:32:23.654 BIND 9 is maintained by Internet Systems Consortium,
28-Apr-2018 20:32:23.654 Inc. (ISC), a non-profit 501(c)(3) public-benefit
28-Apr-2018 20:32:23.654 corporation. Support and training for BIND 9 are
28-Apr-2018 20:32:23.654 available at https://www.isc.org/support
28-Apr-2018 20:32:23.654 —————————————————-
28-Apr-2018 20:32:23.654 found 2 CPUs, using 1 worker thread
28-Apr-2018 20:32:23.654 using 1 UDP listener per interface
28-Apr-2018 20:32:23.654 using up to 4096 sockets
28-Apr-2018 20:32:23.654 Registering DLZ_dlopen driver
28-Apr-2018 20:32:23.654 Registering SDLZ driver ‘dlopen’
28-Apr-2018 20:32:23.654 Registering DLZ driver ‘dlopen’
28-Apr-2018 20:32:23.654 Registering DLZ mysql driver.
28-Apr-2018 20:32:23.654 Registering SDLZ driver ‘mysql’
28-Apr-2018 20:32:23.654 Registering DLZ driver ‘mysql’
28-Apr-2018 20:32:23.658 loading configuration from ‘/etc/bind/named.conf’
28-Apr-2018 20:32:23.658 reading built-in trust anchors from file ‘/etc/bind.keys’
28-Apr-2018 20:32:23.658 set maximum stack size to 18446744073709551615: success
28-Apr-2018 20:32:23.658 set maximum data size to 18446744073709551615: success
28-Apr-2018 20:32:23.658 set maximum core size to 18446744073709551615: success
28-Apr-2018 20:32:23.658 set maximum open files to 18446744073709551615: success
28-Apr-2018 20:32:23.658 using default UDP/IPv4 port range: [32768, 60999]
28-Apr-2018 20:32:23.658 using default UDP/IPv6 port range: [32768, 60999]
28-Apr-2018 20:32:23.659 listening on IPv6 interfaces, port 53
28-Apr-2018 20:32:23.659 clientmgr @0x7fa226782010: create
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: createclients
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: get client
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: create new
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: clientmctx
28-Apr-2018 20:32:23.663 client @0x7fa218038c50 (no-peer): create
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: createclients
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: get client
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: create new
28-Apr-2018 20:32:23.663 clientmgr @0x7fa226782010: clientmctx
28-Apr-2018 20:32:23.663 client @0x7fa21803e8b0 (no-peer): create
28-Apr-2018 20:32:23.664 listening on IPv4 interface lo, 127.0.0.1#53
28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: create
28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: createclients
28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: get client
28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: create new
28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: clientmctx
28-Apr-2018 20:32:23.664 client @0x7fa2180422a0 (no-peer): create
28-Apr-2018 20:32:23.664 clientmgr @0x7fa226782458: createclients
28-Apr-2018 20:32:23.665 clientmgr @0x7fa226782458: get client
28-Apr-2018 20:32:23.665 clientmgr @0x7fa226782458: create new
28-Apr-2018 20:32:23.665 clientmgr @0x7fa226782458: clientmctx
28-Apr-2018 20:32:23.665 client @0x7fa2180af230 (no-peer): create
28-Apr-2018 20:32:23.665 listening on IPv4 interface enp0s3, 192.168.1.103#53
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: create
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: createclients
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: get client
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: create new
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: clientmctx
28-Apr-2018 20:32:23.665 client @0x7fa2180bdef0 (no-peer): create
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: createclients
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: get client
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: create new
28-Apr-2018 20:32:23.665 clientmgr @0x7fa2267828a0: clientmctx
28-Apr-2018 20:32:23.665 client @0x7fa2180cc670 (no-peer): create
28-Apr-2018 20:32:23.666 generating session key for dynamic DNS
28-Apr-2018 20:32:23.666 sizing zone task pool based on 5 zones
28-Apr-2018 20:32:23.666 zone_settimer: zone localhost/IN: enter
28-Apr-2018 20:32:23.666 zone_settimer: zone 127.in-addr.arpa/IN: enter
28-Apr-2018 20:32:23.666 zone_settimer: zone 0.in-addr.arpa/IN: enter
28-Apr-2018 20:32:23.666 zone_settimer: zone 255.in-addr.arpa/IN: enter
28-Apr-2018 20:32:23.666 Loading ‘mysql zone’ using driver mysql
28-Apr-2018 20:32:23.666 Loading SDLZ driver.
28-Apr-2018 20:32:23.666 Required token $zone$ not found.
28-Apr-2018 20:32:23.666 Could not build all nodes query list
28-Apr-2018 20:32:23.666 mysql driver could not create database instance object.
28-Apr-2018 20:32:23.666 SDLZ driver failed to load.
28-Apr-2018 20:32:23.666 DLZ driver failed to load.
28-Apr-2018 20:32:23.667 load_configuration: failure
28-Apr-2018 20:32:23.667 loading configuration: failure
28-Apr-2018 20:32:23.667 exiting (due to fatal error)
/etc/bind/named.conf.local
dlz “mysql zone” {
database “mysql
{host=localhost dbname=bind_dns ssl=false user=binduser pass=secretPassword}
{select zone from dns_values where zone = ‘%zone%’}
{select ttl, type, mx_priority, case when lower(type)=’txt’ then concat(‘\”‘, data, ‘\”‘)
else data end from dns_values where zone = ‘%zone%’ and host = ‘%record%’
and not (type = ‘SOA’ or type = ‘NS’)}
{select ttl, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum
from dns_values where zone = ‘%zone%’ and (type = ‘SOA’ or type=’NS’)}
{select ttl, type, host, mx_priority, data, resp_person, serial, refresh, retry, expire,
minimum from dns_values where zone = ‘%zone%’ and not (type = ‘SOA’ or type = ‘NS’)}
{select zone from xfr_table where zone = ‘%zone%’ and client = ‘%client%’}
{update data_count set count = count + 1 where zone =’%zone%’}”;
};