Aim:
Using ISC Bind9 with a MySQL backend that will support Dynamic DNS updates from the ISC DHCP server.
Synopsis:
Bind 9 comes with the ability to use a dynamically loadable MySQL driver to store the DNS records in a database. The stock MySQL DLZ driver that comes with Bind doesn't support dynamic DNS updates however.
Solution tested on:
- OS - Solaris 11.1 (x86)
- Bind 9.9.5
- MySQL 5.5.15
- ISC DHCP 4.2.6
Re-building Bind:
Bind 9.9.5 has an issue in the DLZ 'dlopen' code when it comes to dynamic DNS updates, where it's method of managing transactions isn't fully implemented. The issue is further described here.
To get around this, you need to patch the 9.9.5 sources and then rebuild bind. Patches are available in the bind-mysql-dlz-driver code we have published.
Unpack the download and then copy the 'bind-9.9.5.patch' file to the top of the Bind source tree.
Run the command
# patch -p0 < bind-9.9.5.patch
Recompile & install the Bind 'named' binary.
Building the MysqlDLZ driver:
Build the MysqlDLZ.so object:
# cc -o MysqlDLZ.so -KPIC -DPIC -G -h MysqlDLZ.so \
-I/opt/mysql5/include -L/opt/mysql5/lib -R/opt/mysql5/lib \
MysqlDLZ.c -lmysqlclient_r -lrt
Create a directory for the new driver and then copy the driver to it.
# mkdir -p /opt/bind/lib/dlz
# cp MysqlDLZ.so /opt/bind/lib/dlz/MysqlDLZ.so
Database Config:
The top of the 'MysqlDLZ.c' file has the appropriate table definitions f
or the database.
They can exist in a shared database or in their own; your choice. Just m
ake sure you have set up a user account (and optionally, a password) that can access that database. If you want to do dynamic updates, then that user will also need edit privileges on the database tables.
Getting it to work:
The bind 'named.conf' file needs to be set up to load the DLZ module:
dlz "mysql" {
database "dlopen /opt/bind/lib/dlz/MysqlDLZ.so db host user pw";
};
You will also need a key that can be shared between the DNS server and the DHCP server to enable Dynamic DNS updates.
# cd /tmp
# dnssec-keygen -a hmac-md5 -b 128 -n USER dhcpupdate
# more Kdhcpupdate.*.key
dhcpupdate. IN KEY 0 3 157 6pI/WBHuGjIgEIj8EcntXA==
Take the last field of the resulting file and that's your key. In the named.conf file you create a section like:
key dhcpupdate {
algorithm hmac-md5;
secret "6pI/WBHuGjIgEIj8EcntXA==";
};
On the DHCP server (dhcpd.conf), it would look like:
key dhcpupdate {
algorithm hmac-md5
secret 6pI/WBHuGjIgEIj8EcntXA==;
}
zone home {
primary ip.of.dns.server;
key dhcpupdate;
}
** NOTE: the dhcpd.conf file doesn't have "s around the key **