Bind 9.5安装入门指南
安装环境:CentOs5.6 64位 bind-9.5
[root@yznvm1 bind-9.5.2-P4]# uname -a
Linux yznvm1 2.6.18-238.el5 #1 SMP Thu Jan 13 15:51:15 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
卸载原来系统自带的bind服务
[root@yznvm1 ~]# rpm -qa|grep bind
bind-utils-9.3.6-16.P1.el5
bind-libs-9.3.6-16.P1.el5
ypbind-1.19-12.el5
[root@yznvm1 ~]# rpm -e --nodeps bind*
error: package bind* is not installed
一、安装BIND
1、准备工作
下载稳定的BIND服务器进行安装,下载地址:http://www.isc.org/
[root@yznvm1 yzn]# wget http://ftp.isc.org/isc/bind9/9.5.2-P4/bind-9.5.2-P4.tar.gz
2 、编译安装BIND
[root@yznvm1 yzn]# tar xzvf bind-9.5.2-P4.tar.gz
[root@yznvm1 yzn]# cd bind-9.5.2-P4
[root@yznvm1 bind-9.5.2-P4]# ./configure --prefix=/usr/local/bind9 --disable-openssl-version-check
[root@yznvm1 bind-9.5.2-P4]# make;make install
[root@yznvm1 bind-9.5.2-P4]# /usr/local/bind9/sbin/named
[root@yznvm1 bind-9.5.2-P4]# ps aux |grep named | grep -v grep
没有输出
请确认syslog 启动
[root@yznvm1 bind-9.5.2-P4]# yum search syslog
[root@yznvm1 bind-9.5.2-P4]# yum install syslog
[root@yznvm1 bind-9.5.2-P4]# service syslog restart
[root@yznvm1 bind-9.5.2-P4]# tail -f /var/log/messages
Dec 28 12:19:23 yznvm1 named[10381]: none:0: open: /usr/local/bind9/etc/named.conf: file not found
配置BIND
二、配置根服务器
1、修改配置文件
[root@yznvm1 bind-9.5.2-P4]# vi /usr/local/bind9/etc/named.conf
options {
directory "/data/bind9";
};
zone "." {
type hint;
file "root.zone";
};
2、建立工作目录
[root@yznvm1 etc]# mkdir /data/bind9
3、查询根DNS服务器
[root@yznvm1 etc]# dig -t NS .
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41418
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 5 IN NS e.root-servers.net.
. 5 IN NS l.root-servers.net.
. 5 IN NS j.root-servers.net.
. 5 IN NS h.root-servers.net.
. 5 IN NS g.root-servers.net.
. 5 IN NS m.root-servers.net.
. 5 IN NS c.root-servers.net.
. 5 IN NS f.root-servers.net.
. 5 IN NS i.root-servers.net.
. 5 IN NS k.root-servers.net.
. 5 IN NS b.root-servers.net.
. 5 IN NS d.root-servers.net.
. 5 IN NS a.root-servers.net.
;; ADDITIONAL SECTION:
e.root-servers.net. 5 IN A 192.203.230.10
;; Query time: 26 msec
;; SERVER: 192.168.32.2#53(192.168.32.2)
;; WHEN: Wed Dec 28 12:36:42 2011
;; MSG SIZE rcvd: 257
4、将根服务器记录加入到/etc/resolv.conf文件中
[root@yznvm1 etc]#echo "nameserver 192.203.230.10" >/etc/resolv.conf
5、将根服务器的信息导入到/data/bind9/root.zone文件中
[root@yznvm1 etc]# dig -t NS . >/data/bind9/root.zone
[root@yznvm1 etc]# cat /data/bind9/root.zone
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1781
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 5 IN NS l.root-servers.net.
. 5 IN NS j.root-servers.net.
. 5 IN NS h.root-servers.net.
. 5 IN NS g.root-servers.net.
. 5 IN NS m.root-servers.net.
. 5 IN NS c.root-servers.net.
. 5 IN NS f.root-servers.net.
. 5 IN NS i.root-servers.net.
. 5 IN NS k.root-servers.net.
. 5 IN NS b.root-servers.net.
. 5 IN NS d.root-servers.net.
. 5 IN NS a.root-servers.net.
. 5 IN NS e.root-servers.net.
;; ADDITIONAL SECTION:
l.root-servers.net. 5 IN A 199.7.83.42
e.root-servers.net. 5 IN A 192.203.230.10
;; Query time: 8 msec
;; SERVER: 192.168.32.2#53(192.168.32.2)
;; WHEN: Wed Dec 28 12:40:53 2011
;; MSG SIZE rcvd: 273
6、配置rndc
添加rndf串
[root@yznvm1 bind-9.5.2-P4]# /usr/local/bind9/sbin/rndc-confgen >/usr/local/bind9/etc/rndc.conf
[root@yznvm1 bind-9.5.2-P4]# cat /usr/local/bind9/etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "s4c1gghNiBxa9aeSZ7RlrQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "s4c1gghNiBxa9aeSZ7RlrQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
7、将rndc中的部分记录导入到/usr/local/bind9/etc/named.conf文件中,并修改/usr/local/bind9/etc/named.conf,将导入的配置前面的注释去掉。
[root@yznvm1 bind-9.5.2-P4]# cd /usr/local/bind9/etc
[root@yznvm1 etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g >> named.conf
8、检查并重新启动named服务,查看日志文件并检查rndc访问状态
[root@yznvm1 etc]# killall named
[root@yznvm1 etc]# /usr/local/bind9/sbin/rndc status
rndc: connect failed: 127.0.0.1#953: connection refused
[root@yznvm1 etc]# /usr/local/bind9/sbin/named
[root@yznvm1 etc]# /usr/local/bind9/sbin/rndc status
version: 9.5.2-P4
number of zones: 12
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
9、修改/etc/resolv.conf,并使用host命令测试
[root@yznvm1 etc]# echo "nameserver 127.0.0.1" > /etc/resolv.conf
[root@yznvm1 etc]# host http://www.lvping.com/
http://www.lvping.com/ is an alias for http://www.lvping.ccgslb.com.cn/.
http://www.lvping.ccgslb.com.cn/ is an alias for http://www.lvping.tel.ccgslb.com.cn/.
http://www.lvping.tel.ccgslb.com.cn/ has address 114.80.124.122
三、配置localhost区域
(一)、配置localhost的正向区域
1、修改/usr/local/bind9/etc/named.conf,插入如下内容
[root@yznvm1 etc]# vi named.conf
zone "localhost" {
type master;
file "localhost.zone";
};
2、配置/data/bind9/localhost.zone
[root@yznvm1 etc]# vi /data/bind9/localhost.zone
$ORIGIN localhost.
@ IN SOA localhost. root.localhost. (
2011122600 ; Serial (YYMMDDSN)
1800 ; Refresh
300 ; Retry
3600 ; Expiry
300 ) ; Minimum
@ IN NS localhost.
@ IN A 127.0.0.1
3、检查配置文件
[root@yznvm1 etc]# /usr/local/bind9/sbin/named-checkconf/usr/local/bind9/sbin/named-checkconf
[root@yznvm1 etc]# /usr/local/bind9/sbin/named-checkzone -q localhost /data/bind9/localhost.zone
4、测试
[root@yznvm1 etc]# /usr/local/bind9/sbin/rndc reload
[root@yznvm1 etc]# tail -f /var/log/messages
[root@yznvm1 etc]# host localhost
localhost has address 127.0.0.1
[root@yznvm1 etc]# dig localhost
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40173
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 86400 IN NS localhost.
;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 28 13:53:13 2011
;; MSG SIZE rcvd: 57
[root@yznvm1 etc]# dig -t NS localhost
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -t NS localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38630
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;localhost. IN NS
;; ANSWER SECTION:
localhost. 86400 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 28 13:54:52 2011
;; MSG SIZE rcvd: 57
[root@yznvm1 etc]# dig -t A localhost
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -t A localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29725
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 86400 IN NS localhost.
;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 28 13:55:31 2011
;; MSG SIZE rcvd: 57
如果受防火墙影响可能rndc无法使用,可以调整防火墙设置,或者调试的时候关闭防火墙。
service iptables statu
service iptables stop
(二)、配置127.0.0的反向区域
1、修改/usr/local/bind9/etc/named.conf,添加如下内容
zone "0.0.127.in-addr.arpa" {
type master;
file "localhost.rzone";
};
2、创建/data/bind9/127.0.0.zone,添加如下内容
[root@yznvm1 etc]# vi /data/bind9/localhost.rzone
$TTL 86400
@ IN SOA localhost. root.localhost. (
2011122800 ; Serial (YYMMDDSN)
30M ; Refresh
5M ; Retry
1H ; Expire
5M ) ; Minimum
@ IN NS localhost.
1 IN PTR localhost.
3、重新启动rndc访问,并测试
[root@yznvm1 etc]# /usr/local/bind9/sbin/rndc reload
[root@yznvm1 etc]# tail /var/log/messages
[root@yznvm1 etc]# host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost.
[root@yznvm1 etc]# dig -x 127.0.0.1
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -x 127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23750
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 86400 IN PTR localhost.
;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 86400 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 28 14:08:41 2011
;; MSG SIZE rcvd: 93
四、配置yanzn.com区域
(一)、配置yanzn.com区域
1、配置/usr/local/bind9/etc/named.conf文件,加入如下内容
zone "yanzn.com" IN {
type master;
file "yanzn.com.zone";
allow-update { none; };
};
2、配置/data/bind9/yanzn.com.zone
@ IN SOA yanzn.com. webmaster.yanzn.com. (
2011122800 ; Serial (YYMMDDSN)
1800 ; Refresh
300 ; Retry
3600 ; Expiry
300 ) ; Minimum
@ IN NS ns1.yanzn.com.
@ IN A 192.168.32.128
ns1 IN A 192.168.32.128
www IN A 192.168.32.128
web IN CNAME www
3、重新启动rndc服务进行测试
[root@yznvm1 etc]# /usr/local/bind9/sbin/rndc reload
[root@yznvm1 etc]# host -t A yanzn.com
yanzn.com has address 192.168.32.128
[root@yznvm1 etc]# host -t NS yanzn.com
yanzn.com name server ns1.yanzn.com.
(二)、增加的反向区域
1、修改/usr/local/bind9/etc/named.conf,添加如下内容
zone "32.168.192.in-addr.arpa" IN {
type master;
file "yanzn.com.rzone";
allow-update { none; };
};
2、创建/data/bind9/yanzn.com.rzone,添加如下内容
[root@yznvm1 etc]# cat /data/bind9/yanzn.com.rzone
$TTL 600
@ IN SOA yanzn.com. webmaster.yanzn.com. (
2006083100 ; Serial (YYMMDDSN)
1800 ; Refresh
300 ; Retry
3600 ; Expire
300 ) ; Minimum
@ IN NS ns1.yanzn.com.
128 IN PTR http://www.yanzn.com/.
3、重新启动rndc访问,并测试
[root@yznvm1 etc]# /usr/local/bind9/sbin/rndc reload
[root@yznvm1 etc]# host 192.168.32.128
128.32.168.192.in-addr.arpa domain name pointer http://www.yanzn.com/.
[root@yznvm1 etc]# dig -x 192.168.32.128
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -x 192.168.32.128
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44864
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;128.32.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
128.32.168.192.in-addr.arpa. 600 IN PTR http://www.yanzn.com/.
;; AUTHORITY SECTION:
32.168.192.in-addr.arpa. 600 IN NS ns1.yanzn.com.
;; ADDITIONAL SECTION:
ns1.yanzn.com. 600 IN A 192.168.32.128
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 28 14:50:30 2011
;; MSG SIZE rcvd: 106
至此初步的yanzn.com也配置完毕。