this is obsolete doc -- see http://doc.nethence.com/ instead
Configuring BIND9 with DLZ MySQL on NetBSD version 6
Requirements
Install the mysql daemon, the version 5.5.28 as binary will be just fine,
echo $PKG_PATH
pkg_add mysql-server
cd /etc/rc.d/
cp /usr/pkg/share/examples/rc.d/mysqld .
cd ../
grep mysql passwd
grep mysql group
cat >> rc.conf <<EOF9
mysqld=yes
EOF9
rc.d/mysqld start
export PATH=$PATH:/usr/pkg/bin:/usr/pkg/sbin
#mysqladmin -u root -p password 'new-password'
#mysqladmin -h `hostname` -u root -p password 'new-password'
mysql_secure_installation
Install the latest bind package from pkgsrc (bind-9.9.2pl2 here). Compiling it from source is required to enable dlz-mysql,
cd /etc/
vi mk.conf
like,
.ifdef BSD_PKG_MK
PKG_OPTIONS.bind99=mysql
.endif
and proceed,
cd /usr/pkgsrc/net/bind99/
unset PKG_PATH
make install
cd /etc/rc.d/
cp /usr/pkg/share/examples/rc.d/named9 .
#cp /usr/pkg/share/examples/rc.d/lwresd .
Hide the system named binaries from your environment,
cd /usr/sbin/
mv named named.dist
mv named-checkzone named-checkzone.dist
mv named-journalprint named-journalprint.dist
mv named-checkconf named-checkconf.dist
mv named-compilezone named-compilezone.dist
Now check that you've got dlz-mysql enabled,
which named
named -V
Preparing the database
Create a database and a user to access it,
mysql -p
create database named;
grant all on named.* to named identified by 'PASSWORD_HERE';
check,
show databases;
select user,host from mysql.db where db = "named";
^D
Connect to the 'named' database with the 'named' user and create the 'records' table for use by the name daemon,
mysql -unamed -p
use named;
create table records (
id int(10) unsigned not null auto_increment,
zone varchar(255) not null,
ttl int(11) not null default '86400',
type varchar(255) not null,
host varchar(255) not null default '@',
mx_priority int(11) default null,
data text,
primary_ns varchar(255) default null,
resp_contact varchar(255) default null,
serial bigint(20) default null,
refresh int(11) default null,
retry int(11) default null,
expire int(11) default null,
minimum int(11) default null,
primary key (id),
key type (type),
key host (host),
key zone (zone)
);
check that the tables have been created,
show tables;
Configure your zone, here e.g. 'example.local',
insert into records values (100, 'example.local', 86400, 'SOA', '@', NULL, NULL, 'named.example.local.', 'hostmaster.example.local.', 1365882768, 10800, 7200, 604800, 86400);
insert into records values (101, 'example.local', 86400, 'NS', '@', NULL, 'named.example.local.', NULL, NULL, NULL, NULL, NULL, NULL, NULL);
insert into records values (103, 'example.local', 86400, 'MX', '@', 5, 'mx.example.local.', NULL, NULL, NULL, NULL, NULL, NULL, NULL);
insert into records values (104, 'example.local', 86400, 'A', '@', NULL, 'IP_ADDRESS', NULL, NULL, NULL, NULL, NULL, NULL, NULL);
insert into records values (105, 'example.local', 86400, 'A', 'SOME_SHORT_HOSTNAME', NULL, 'IP_ADDRESS', NULL, NULL, NULL, NULL, NULL, NULL, NULL);
check that the records have been insered,
select * from records;
Note. Change the serial number accordingly, here 1365882768 (date +%s).
Note. Change the domain, the mx and named hosts, the example short hostname (not fqdn on A records) and IP addresses accordingly.
Preparing the name daemon
See if the init scripts already created some RNDC key,
ls -l /etc/rndc.key
ls -l /var/chroot/named/etc/rndc.key
create the key file using the automatic feature (no chroot here, no -t),
rndc-confgen -a
ls -l /etc/rndc.key
Note. The file has 600 permissions.
Configure the name daemon for caching and a local zone,
cd /var/chroot/named/etc/
mv -i /etc/named.conf .
cd /etc/
ln -s ../var/chroot/named/etc/named.conf
cp named.conf named.conf.dist
vi named.conf
change options and zone "." paragraphs,
options {
directory "/etc/namedb";
version "get lost";
};
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
zone "." IN {
type forward;
forwarders {
212.27.40.240;
212.27.40.241;
};
};
Note. Change your prefered world wide DNS servers accordingly (for caching).
add the e.g. 'example.local' zone,
dlz "example.local" {
database "mysql
{host=localhost dbname=dns user=dns pass=PASSWORD_HERE}
{select zone from records where zone = '$zone$'}
{select ttl, type, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data from records where zone = '$zone$' and host = '$record$' and type <> 'SOA' and type <> 'NS'}
{select ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum from records where zone = '$zone$' and (type = 'SOA' OR type='NS')}
{select ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum from records where zone = '$zone$' and type <> 'SOA' and type <> 'NS'}";
};
Ready to go
Enable and start all the freaking daemons,
cd /etc/
grep named passwd
grep named group
cat >> rc.conf <<EOF9
#lwresd=yes
named9=yes
#named_chrootdir=/var/chroot/named
EOF9
cd /etc/
#rc.d/lwresd restart
rc.d/named9 restart
watch the logs (I am assuming everything goes to this file, check your syslog.conf and fix perms),
tail -F /var/log/messages
References
Bind with DLZ, MySQL and replication -- http://en.gentoo-wiki.com/wiki/Bind_with_DLZ,_MySQL_and_replication
Configuration basique du BIND fourni dans NetBSD -- http://wiki.orgrim.net/netbsd/named
Running BIND9 in a chroot cage using NetBSD 1.6.2 -- http://othyro.freeshell.org/bind.html