一.DNS安装:
安装方法:
YUM安装
yum install bind* caching-nameserver
源码安装
tar zxvf bind-9.6.1.tar.gz cd bind-9.6.1 ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6 make && make install
配置环境变量
vim /etc/profile.d/bind.sh
追加以下行
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
帮助文档的查看
man -M share/man/ named vim /etc/man.config
追加以下行
MANPATH /usr/local/bind9/share/man
二. DNS配置:
/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
controls {
inet 127.0.0.1 port 953
allow { localhost; } keys { "rndc-key"; };
};
options {
listen-on port 53 { 10.100.146.49; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
#allow-transfer { slave_servers;};
recursion yes;
#notify yes;
#also-notify { slave_servers;};
#dnssec-enable yes;
#dnssec-validation yes;
#dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
allow-update { none; };
};
zone "ning.com" IN {
type master;
file "ning.com.zone";
allow-transfer { 172.16.0.0/16; 127.0.0.1; };
allow-update { none; };
};
zone "z-bank.inside" IN {
type master;
file "z-bank.inside.zone";
};
/*
zone "146.100.10.in-addr.arpa" IN {
type master;
file "146.100.10.in-addr.arpa.zone";
#allow-transfer { 10.121.124.32;10.120.249.145; };
};
*/
logging
{
channel default-log {
file "/var/log/named_default.log" versions 10 size 200m;
severity info;
print-time yes;
};
channel lamer-log {
file"/var/log/named_lamer.log" versions 3 size 100m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel query-log {
file "/var/log/named_query.log" versions 10 size 1000m;
severity info;
print-time yes;
};
channel security-log {
file"/var/log/named_security.log" versions 3 size 100m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category lame-servers { lamer-log;};
category security{ security-log;};
category queries { query-log;};
category default { default-log;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { localhost; } keys { "rndc-key"; };
};
创建相应的目录并配置权限:
chown root:named named.conf chmod 640 named.conf mkdir -p /var/named/slaves chown root:named /var/named chown named:named /var/named/slaves/ chmod 750 /var/named chmod 770 /var/named/slaves/ /var/named/named.ca ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . " ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: December 01, 2015 ; related version of root zone: 2015120100 ; ; formerly NS.INTERNIC.NET ; . 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 ; End of file 注释: dig -t NS . @a.root-servers.net > named.ca /var/name/localhost.zone $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS localhost IN A 127.0.0.1 /var/name/127.0.0.zone $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS localhost 1 PTR localhost. /var/name/ning.com.zone $TTL 3600 @ IN SOA ns.ning.com. ning.qq.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ning.qq.com. ns IN A 172.16.3.20 www IN A 172.16.3.30
修改库配置文件并赋权限
chown .named 127.0.0.zone localhost.zone named.ca ning.com.zone chmod 640 127.0.0.zone localhost.zone named.ca ning.com.zone
检查配置文件和库文件
named-checkconf /etc/named/named.conf named-checkzone "localhost" /var/named/localhost.zone named-checkzone "0.0.127.in-addr.arpa" /var/named/127.0.0.zone named-checkzone "ning.com" ning.com.zone
启动
named -g -u named -c /etc/named/named.conf
生成rndc文件
rndc-confgen -r /dev/urandom > /etc/named/rndc.conf /etc/named.conf
将rndc.conf文件中对应以下注释掉的内容添加到named.conf中
key "rndc-key"
algorithm hmac-md5;
secret "+8TPqh0+bGqDH7JVk2w3+w==";
};
controls {
inet 127.0.0.1 port 953
};
赋权限
chmod 440 rndc.conf
chown :named rndc.conf
killall -HUP named
rndc reload
rndc stautes
启动脚本:
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then
echo "named is already running..."
exit 0
fi
echo -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockFile
return $RETVAL
else
rm -f $lockFile $pidFile
return 1
fi
}
stop() {
if [ ! -e $lockFile ]; then
echo "named is stopped."
# exit 0
fi
echo -n "Stopping named:"
killproc named
RETVAL=$?
echo
if [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile
return 0
else
echo "Cannot stop named."
failure
return 1
fi
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n "Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof named &> /dev/null; then
echo -n "named is running..."
success
echo
else
echo -n "named is stopped..."
success
echo
fi
}
usage() {
echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status
;;
reload)
reload
;;
*)
usage
exit 4
;;
esac
赋权限
chmod +x /etc/rc.d/init.d/named chkconfig --add named chkconfig --list named- chkconfig named on service named start
参考文档:
http://blog.51cto.com/13525470/2054121
文章来源:宜信技术学院 本文作者:秦伟/计宝满/任宏利