Install Bind with MySQL support on an AWS instance

From JMK Wiki
Jump to navigation Jump to search

Prerequisites

Required packages

root@localhost ~ # yum install bind-sdb mariadb-server

MySQL

Enable MySQL at boot

root@localhost ~ # systemctl enable mariadb.service

Check if it is enabled.

root@localhost ~ # systemctl list-unit-files

Start MySQL

root@localhost ~ # systemctl start mariadb.service

Set up root user for mysql

root@localhost ~ # mysqladmin -u root -h localhost password <password>

Secure the MySQL installation

Rename the root user

root@localhost ~ # mysql -u root -p
RENAME USER 'root'@'localhost' TO 'user'@'localhost';
flush privileges;
exit

Remove unnecessary users

root@localhost ~ # mysql -u user -p
DELETE FROM mysql.user WHERE User != 'user';
flush privileges;
exit;

Remove unnecessary databases

root@localhost ~ # mysql -u user -p
SHOW DATABASES;
DROP DATABASE test;
SHOW DATABASES;

Create user for Bind

root@localhost ~ # mysql -u user -p
CREATE DATABASE bind;
GRANT ALL on bind.* to 'bind'@'localhost' IDENTIFIED BY 'S3cr3t';

Create the dns_records table

CREATE TABLE bind.dns_records (
	record_uid INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
	view TEXT,
	zone TEXT,
	ttl INT,
	type TEXT,
	host TEXT,
	mx_priority text,
	data TEXT,
	primary_ns TEXT,
	resp_contact TEXT,
	serial INT,
	refresh INT,
	retry INT,
	expire INT,
	minimum INT
) ENGINE = MyISAM;

Bind

Create directories

root@localhost ~ # mkdir -p /etc/named /var/log/named
root@localhost ~ # chown named:named /var/log/named

Create configuration

root@localhost ~ # nano -w /etc/named/named.conf
include "/etc/named/named.log.conf";

acl "localnet" {
        127.0.0.1/32;
        10.0.0.0/24;
};

acl "trusted" {
        localhost;
};

acl "xfer" {
        none;
};

options {
        directory "/var/named";
        pid-file "/run/named/named.pid";

        zone-statistics yes;
        statistics-file "/var/named/named.stats";
        #statistics-interval 1;

        listen-on { any; };
        listen-on-v6 { any; };
        interface-interval 1;

        dnssec-enable yes;
        dnssec-validation yes;

        allow-query { any; };
        allow-query-cache { any; };
        allow-recursion { localnet; };
        allow-notify { none; };
        allow-transfer { none; };
        allow-update { none; };

        bindkeys-file "/etc/bind.keys";
        session-keyfile "/var/named/session.key";
        managed-keys-directory "/var/named/dynamic";
};

include "/etc/named/named.dlz.conf";
root@localhost ~ # nano -w /etc/named/named.dlz.conf
view "external" {
    match-clients { any; };

    dlz "mysql zone" {
        database "mysql
            {host=127.0.0.1 port=3306 dbname=bind user=bind pass=S3cr3t}
            {SELECT zone FROM dns_records WHERE view = 'external' AND zone = '$zone$';}
            {SELECT ttl, type, mx_priority,
                CASE
                    WHEN UPPER(type) = 'TXT' THEN CONCAT('\"', data, '\"')
                    ELSE data
                    END AS data
                FROM dns_records WHERE view = 'external' AND zone = '$zone$' AND host = '$record$' AND NOT (UPPER(type) = 'SOA' or UPPER(type) = 'NS');}
            {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM dns_records WHERE view = 'external' AND zone = '$zone$' AND (UPPER(type) = 'SOA' or UPPER(type) = 'NS');}
            {SELECT ttl, type, host, mx_priority,
                CASE
                    WHEN UPPER(type) = 'TXT' THEN CONCAT('\"', data, '\"')
                    ELSE data
                    END AS data, resp_contact, serial, refresh, retry, expire, minimum
                FROM dns_records WHERE view = 'external' AND zone = '$zone$' AND not (UPPER(type) = 'SOA' or UPPER(type) = 'NS');}
            {SELECT zone FROM xfr_table WHERE view = 'external' AND zone = '$zone$' AND client = '$client$';}
        ";
    };
};
root@localhost ~ # nano -w /etc/named/named.log.conf
logging {
	channel client_file { file "/var/log/named/client.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel config_file { file "/var/log/named/config.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel database_file { file "/var/log/named/database.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel default_file { file "/var/log/named/default.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel delegation-only_file { file "/var/log/named/delegation-only.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel general_file { file "/var/log/named/general.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel network_file { file "/var/log/named/network.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel notify_file { file "/var/log/named/notify.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel queries_file { file "/var/log/named/queries.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel security_file { file "/var/log/named/security.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel update_file { file "/var/log/named/update.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel update-security_file { file "/var/log/named/update-security.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };
	channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5M; severity info; print-time yes; print-severity yes; print-category yes; };

	category client { client_file; };
	category config { config_file; };
	category database { database_file; };
	category default { default_file; };
	category delegation-only { delegation-only_file; };
	category dispatch { dispatch_file; };
	category dnssec { dnssec_file; };
	category general { general_file; };
	category lame-servers { lame-servers_file; };
	category network { network_file; };
	category notify { notify_file; };
	category queries { queries_file; };
	category resolver { resolver_file; };
	category security { security_file; };
	category unmatched { unmatched_file; };
	category update { update_file; };
	category update-security { update-security_file; };
	category xfer-in { xfer-in_file; };
	category xfer-out { xfer-out_file; };
};

Update config path in systemd init script

root@localhost ~ # nano -w /usr/lib/systemd/system/named-sdb.service
Environment=NAMEDCONF=/etc/named/named.conf

Start named

Enable bind at boot

root@localhost ~ # systemctl enable named-sdb.service

Check if bind is enabled

root@localhost ~ # systemctl list-unit-files

Start bind

root@localhost ~ # systemctl start named-sdb.service
Retrieved from "https://wiki.jmk.hu/w/index.php?title=Install_Bind_with_MySQL_support_on_an_AWS_instance&oldid=1701"