• bind9.8.0的安装和配置


    以下文章转载自http://blog.csdn.net/whhgd6370/article/details/6257445

    Bind版本:目前来说最新版,9.8.0

    1.安装:http://www.isc.org/software/bind/980/download/下载tar安装包,并解压后放在/home/目录下

    命令:tar zxvf bind-9.8.0.tar.gz

    cd bind-9.4.0

    ./configure sysconfdir=/etc //更多安装选项configure --help(本条命令表示把bind的配置文件路径设置为/etc)

    (注:这里一般由于DNSEC功能需要使用SSL协议,所以默认配置会检查openssl的配置,我这里不使用ssl了 加上--without openssl即可,即:./configure sysconfdir=/etc --without openssl)

    make

    make install

    2.配置:

    (1)首先需要建立配置文件,共有两个:./etc/named.conf和./etc/rndc.conf

    命令:rndc-confgen > /etc/rndc.conf

    会自动生成rndc.conf文件中的内容,我生成的rndc.conf文件的内容为:

    # Start of rndc.conf

    key "rndc-key" {

    algorithm hmac-md5;

    secret "7Tp+AIcREtlzhfR4MU9W9Q==";

    };

    options {

    default-key "rndc-key";

    default-server 127.0.0.1;

    default-port 953;

    };

    # End of rndc.conf

    # Use with the following in named.conf, adjusting the allow list as needed:

    # key "rndc-key" {

    # algorithm hmac-md5;

    # secret "7Tp+AIcREtlzhfR4MU9W9Q==";

    # };

    #

    # controls {

    # inet 127.0.0.1 port 953

    # allow { 127.0.0.1; } keys { "rndc-key"; };

    # };

    # End of named.conf

    然后手动建立named.conf文件,其内容为:

    options {

    directory "/var/named";

    // pid-file "/var/run/named/named.pid"; //运行的PID文件路径,用于使用其他用户启动named

    };

    zone "." {

    type hint;

    file "named.ca";

    };

    zone "localhost" {

    type master;

    file "named.local";

    };

    //其实最主要的是上面的三个文件

    zone "example.com"

    { //创建 example.com域

    type master;

    file "example.com.zone";

    };

    zone "0.0.127.in-addr.arpa"

    { //localhost的反解析

    type master;

    file "127.0.0.zone";

    };

    zone "100.168.192.in-addr.arpa"

    { //example.com的反向解析

    type master;

    file "192.168.100.zone";

    };

    #注:这一部分为从生成的/etc/rndc.conf 的尾部拷贝过来并去掉某些注释符号的结果

    # Use with the following in named.conf, adjusting the allow list as needed:

    key "rndc-key" {

    algorithm hmac-md5;

    secret "7Tp+AIcREtlzhfR4MU9W9Q==";

    };

    controls {

    inet 127.0.0.1 port 953

    allow { 127.0.0.1; } keys { "rndc-key"; };

    };

    # End of named.conf

    配置完成保存,在Bind目录下执行named命令,同时可用命令netstat -ntl 看看53号端口有没有开启。
    (2)创建数据文件
    首先创建目录 /var/named:执行命令 mkdir /var/named
    在/var/named 中创建相应的数据文件,由named.conf可知有 named.ca, named.local, example.com.zone, 127.0.0.zone , 192.168.100.zone需要创建:
    在Bind目录下执行命令:dig -t NS . >/var/named/named.ca 可以生成named.ca文件,不过需要打开补充内容,整体文件内容如下:
    ; <<>> DiG 9.8.0 <<>> -t NS .
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5995
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;.IN NS
    ;; ANSWER SECTION:
    .4748 IN NS f.root-servers.net.
    .4748 IN NS a.root-servers.net.
    .4748 IN NS g.root-servers.net.
    .4748 IN NS d.root-servers.net.
    .4748 IN NS c.root-servers.net.
    .4748 IN NS e.root-servers.net.
    .4748 IN NS i.root-servers.net.
    .4748 IN NS l.root-servers.net.
    .4748 IN NS b.root-servers.net.
    .4748 IN NS j.root-servers.net.
    .4748 IN NS h.root-servers.net.
    .4748 IN NS m.root-servers.net.
    .4748 IN NS k.root-servers.net.
    //注:如下是补充的内容
    a.root-servers.net. 603609 IN A 198.41.0.4
    a.root-servers.net. 603609 IN AAAA 2001:503:ba3e::2:30
    b.root-servers.net. 603609 IN A 192.228.79.201
    c.root-servers.net. 603609 IN A 192.33.4.12
    d.root-servers.net. 603609 IN A 128.8.10.90
    e.root-servers.net. 603611 IN A 192.203.230.10
    f.root-servers.net. 603611 IN A 192.5.5.241
    f.root-servers.net. 603611 IN AAAA 2001:500:2f::f
    g.root-servers.net. 603609 IN A 192.112.36.4
    h.root-servers.net. 603611 IN A 128.63.2.53
    h.root-servers.net. 603611 IN AAAA 2001:500:1::803f:235
    i.root-servers.net. 603609 IN A 192.36.148.17
    j.root-servers.net. 603609 IN A 192.58.128.30
    j.root-servers.net. 603609 IN AAAA 2001:503:c27::2:30
    ;; Query time: 197 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Thu Mar 17 21:33:42 2011
    ;; MSG SIZE rcvd: 228
    剩余的其他文件则需要手动新建并填充内容进去,分别如下所示:
    named.local中内容:

    $TTL 1D
    @ IN SOA localhost. root (
    2007042801
    1H
    15M
    1W
    1D )

    IN NS @
    IN A 127.0.0.1

    example.com.zone中内容:

    $TTL 1D
    @ IN SOA example.com. root (
    2007042801
    1H
    15M
    1W
    1D )

    IN NS ns.example.com.
    IN MX 10 mail.example.com.
    IN A 192.168.100.125
    www IN A 192.168.100.125
    db IN A 192.168.100.124
    ns IN A 192.168.100.126
    mail IN A 192.168.100.251
    shop IN A 192.168.100.125
    *.shop IN A 192.168.100.124
    news IN CNAME www

    127.0.0.zone中内容:

    $TTl 1D
    @ IN SOA @ root.localhost. (
    2007042801
    1H
    15M
    1W
    1D
    )
    IN NS localhost.
    1 IN PTR localhost.
    192.168.100.zone中内容:
    $TTL 1D
    @ IN SOA @ root.example.com. (
    2007042801
    1H
    15M
    1W
    1D )
    IN NS example.com.
    125 IN PTR example.com.
    125 IN PTR www.example.com.
    124 IN PTR db.example.com.
    126 IN PTR ns.example.com.
    251 IN PTR mail.example.com.
    好了,至此,即完成了所以的配置工作。
    named服务器的启动:命令:named //以root用户启动 ,再用netstat -ntl 看看是不是有53号端口
    带调试信息的启动:命令named -g
    更改配置后如何重启: rndc reload
    然后即可在另外一台机器上配置DNS服务地址,然后测试是否能正常解析域名了!
  • 相关阅读:
    穷举和迭代
    for循环练习题
    case when then else end 用法
    如何将数据库账号(用户)解锁
    比赛安排
    How to spend you day ?
    异常-问题型
    重载和重写的区别
    new关键字的理解-问题型
    源辰项目-1
  • 原文地址:https://www.cnblogs.com/google4y/p/2196147.html
Copyright © 2020-2023  润新知