一.DNS安装:
安装方法:
YUM安装
yum install bind* caching-nameserver
源码安装
tar zxvf bind-9.6.1.tar.gz cd bind-9.6.1 ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6 make && make install
配置环境变量
vim /etc/profile.d/bind.sh
追加以下行
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
帮助文档的查看
man -M share/man/ named vim /etc/man.config
追加以下行
MANPATH /usr/local/bind9/share/man
二. DNS配置:
/etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // controls { inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; }; }; options { listen-on port 53 { 10.100.146.49; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; #allow-transfer { slave_servers;}; recursion yes; #notify yes; #also-notify { slave_servers;}; #dnssec-enable yes; #dnssec-validation yes; #dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "127.0.0.zone"; allow-update { none; }; }; zone "ning.com" IN { type master; file "ning.com.zone"; allow-transfer { 172.16.0.0/16; 127.0.0.1; }; allow-update { none; }; }; zone "z-bank.inside" IN { type master; file "z-bank.inside.zone"; }; /* zone "146.100.10.in-addr.arpa" IN { type master; file "146.100.10.in-addr.arpa.zone"; #allow-transfer { 10.121.124.32;10.120.249.145; }; }; */ logging { channel default-log { file "/var/log/named_default.log" versions 10 size 200m; severity info; print-time yes; }; channel lamer-log { file"/var/log/named_lamer.log" versions 3 size 100m; severity info; print-severity yes; print-time yes; print-category yes; }; channel query-log { file "/var/log/named_query.log" versions 10 size 1000m; severity info; print-time yes; }; channel security-log { file"/var/log/named_security.log" versions 3 size 100m; severity info; print-severity yes; print-time yes; print-category yes; }; category lame-servers { lamer-log;}; category security{ security-log;}; category queries { query-log;}; category default { default-log;}; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/rndc.key"; controls { inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; }; };
创建相应的目录并配置权限:
chown root:named named.conf chmod 640 named.conf mkdir -p /var/named/slaves chown root:named /var/named chown named:named /var/named/slaves/ chmod 750 /var/named chmod 770 /var/named/slaves/ /var/named/named.ca ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . " ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: December 01, 2015 ; related version of root zone: 2015120100 ; ; formerly NS.INTERNIC.NET ; . 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 ; End of file 注释: dig -t NS . @a.root-servers.net > named.ca /var/name/localhost.zone $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS localhost IN A 127.0.0.1 /var/name/127.0.0.zone $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS localhost 1 PTR localhost. /var/name/ning.com.zone $TTL 3600 @ IN SOA ns.ning.com. ning.qq.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ning.qq.com. ns IN A 172.16.3.20 www IN A 172.16.3.30
修改库配置文件并赋权限
chown .named 127.0.0.zone localhost.zone named.ca ning.com.zone chmod 640 127.0.0.zone localhost.zone named.ca ning.com.zone
检查配置文件和库文件
named-checkconf /etc/named/named.conf named-checkzone "localhost" /var/named/localhost.zone named-checkzone "0.0.127.in-addr.arpa" /var/named/127.0.0.zone named-checkzone "ning.com" ning.com.zone
启动
named -g -u named -c /etc/named/named.conf
生成rndc文件
rndc-confgen -r /dev/urandom > /etc/named/rndc.conf /etc/named.conf
将rndc.conf文件中对应以下注释掉的内容添加到named.conf中
key "rndc-key" algorithm hmac-md5; secret "+8TPqh0+bGqDH7JVk2w3+w=="; }; controls { inet 127.0.0.1 port 953 }; 赋权限 chmod 440 rndc.conf chown :named rndc.conf killall -HUP named rndc reload rndc stautes
启动脚本:
#!/bin/bash # # description: named daemon # chkconfig: - 25 80 # pidFile=/usr/local/bind9/var/run/named.pid lockFile=/var/lock/subsys/named confFile=/etc/named/named.conf [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions start() { if [ -e $lockFile ]; then echo "named is already running..." exit 0 fi echo -n "Starting named:" daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile" RETVAL=$? echo if [ $RETVAL -eq 0 ]; then touch $lockFile return $RETVAL else rm -f $lockFile $pidFile return 1 fi } stop() { if [ ! -e $lockFile ]; then echo "named is stopped." # exit 0 fi echo -n "Stopping named:" killproc named RETVAL=$? echo if [ $RETVAL -eq 0 ];then rm -f $lockFile $pidFile return 0 else echo "Cannot stop named." failure return 1 fi } restart() { stop sleep 2 start } reload() { echo -n "Reloading named: " killproc named -HUP #killall -HUP named RETVAL=$? echo return $RETVAL } status() { if pidof named &> /dev/null; then echo -n "named is running..." success echo else echo -n "named is stopped..." success echo fi } usage() { echo "Usage: named {start|stop|restart|status|reload}" } case $1 in start) start ;; stop) stop ;; restart) restart ;; status) status ;; reload) reload ;; *) usage exit 4 ;; esac
赋权限
chmod +x /etc/rc.d/init.d/named chkconfig --add named chkconfig --list named- chkconfig named on service named start
参考文档:
http://blog.51cto.com/13525470/2054121
文章来源:宜信技术学院 本文作者:秦伟/计宝满/任宏利