DNS源代码的编译安装、
官方bind下载地址:这里我们编译的是bind-9.9.5.tar.gz版本 1、编译环境 Desktop Platform Development Development tools Server Platform Development 2、展开安装包查看编译命令 首先我们应该先看下服务器时间,[root@hong ~]# tar xf bind-9.9.5.tar.gz -----展开安装包[root@hong ~]# cd bind-9.9.5[root@hong bind-9.9.5]# ls--------------进入解压目录查看文件是否完全acconfig.h config.h.in COPYRIGHT isc-config.sh.1 make versionaclocal.m4 config.h.win32 doc isc-config.sh.docbook Makefile.in win32utilsAtffile config.sub docutil isc-config.sh.html mkinstalldirsbin config.threads.in FAQ isc-config.sh.in READMEbind.keys configure FAQ.xml lib srcidCHANGES configure.in HISTORY libtool.m4 unitconfig.guess contrib install-sh ltmain.sh util [root@hong bind-9.9.5]# ./configure --help--------------查看帮助文件[root@hong bind-9.9.5]# less README---------------bind的说明因为DNS服务不是root用户运行,我们要先创建用户和组[root@hong bind-9.9.5]# groupadd -r -g 53 named[root@hong bind-9.9.5]# useradd -r -g named -u 53 named[root@hong bind-9.9.5]# id nameduid=53(named) gid=53(named) groups=53(named) 3、编译[root@hong bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6 命令解释: --prefix=/usr/local/bind9 -------------指定安装路径 --sysconfdir=/etc/named/---------------存放所有的配置文件 --enable-threads----------启用线程提高DNS运行性能 --disable-chroot --disable-ipv6--------不启用的一些应用根据自己的需要,自己在帮助信息中查找 (1)修改PATH环境变量 编译使用新dig命令 (1) [root@hong bind9]# /usr/local/bind9/bin/dig -v-----------刚编译的dig版本 DiG 9.9.5 [root@hong bind9]# dig -v--------------原系统的dig版本 DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 [root@hong bind9]# vim /etc/profile.d/bind.sh------------在/etc/profile.d/创建bind.sh添加以下内容即可export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
(2) 测试:重新登入下查看 [root@hong ~]# echo $PATH /usr/lib64/qt-3.3/bin:/usr/local/bind9/bin:/usr/local/bind9/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/nginx/sbin:/root/bin [root@hong ~]# dig -v DiG 9.9.5(2) 导出帮助手册
[root@hong bind9]# man -M share/man/ named ------- -M指定路径和要查看的named [root@hong bind9]# man named----------------这样是不能使用 No manual entry for named [root@hong bind9]# vim /etc/man.config -------在/etc/man.config添加找到 MANPATH /usr/man MANPATH /usr/share/man MANPATH /usr/local/man MANPATH /usr/local/share/man MANPATH /usr/X11R6/man MANPATH /usr/local/bind9/share/man----------添加这一条即可:这里的路径是我们刚编译保存的路径 [root@hong bind9]# man named------再次使用就能用了 (3) 库文件和头文件的导出-----编译开放使用,导出库文件 [root@hong bind9]# vim /etc/ld.so.conf.d/bind9.conf2、提供配置文件/etc/named/named.conf
(1)[root@hong ~]# ls /etc/named-----我们查看named目录下什么都没有,需要我们手动创建配置文件 bind.keys [root@hong ~]# vim /etc/named.conf options { directory "/var/named"; recursion yes; };zone "." IN {-----------------必须根解析
type hint; file "named.ca"; };zone "localhost" IN {-------------本地解析
type master; file "localhost.zone"; allow-update { none; }; };zone "0.0.127.in-addr.arpa" IN {---------本地反向解析
type master; file "127.0.0.zone"; allow-update { none; }; }; zone "ning.com" IN {---------------添加自己想创建的域 type master; file "ning.com.zone"; allow-transfer { 172.16.0.0/16; 127.0.0.1; }; allow-update { none; };};
(2)配置文件的权限 [root@hong named]# chown root:named named.conf------主配置文件属主组 [root@hong named]# chmod 640 named.conf--------主配置权限 [root@hong named]# ll total 8 -rw-r--r-- 1 root root 2389 Aug 3 11:57 bind.keys -rw-r----- 1 root named 326 Aug 3 12:25 named.conf (3)创建目录文件 [root@hong named]# mkdir /var/named/slaves -pv-----创建var/named/的目录 mkdir: created directory `/var/named/slaves' [root@hong var]# chown root:named /var/named----------属主组 [root@hong var]# chown named:named /var/named/slaves/----------属主组 [root@hong var]# chmod 750 /var/named------目录权限(为了安全只有root用户有修改权限) [root@hong var]# chmod 770 /var/named/slaves/------目录权限(存放从库配置文件必须给写权限) 3、创建name.ca、创建域库配置文件localhost.zone、127.0.0.zone、ning.com.zone (1)创建name.ca、 [root@hong var]# dig -t NS . @a.root-servers.net > named.ca---找个可以上外网的服务器,生成一个,辅助过来即可 [root@hong named]# ls /var/named-------放到这个目录下即可 named.ca slaves(2)创建域库配置文件localhost.zone [root@hong named]# vim localhost.zone $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2014080701 3H 15M 7D 1D ) IN NS localhost. IN A 127.0.0.1 (3)创建域库配置文件127.0.0.zone [root@hong named]# vim 127.0.0.zone $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2014080701 3H 15M 7D 1D ) IN NS localhost. 1 IN PTR localhost. (4)创建域库配置文件ning.com.zone [root@hong named]# vim ning.com.zone $TTL 3600 @ IN SOA ns.ning.com. ning.qq.com. ( 2014080701 1H 10M 7D 1D ) IN NS ns ns IN A 172.16.3.20 www IN A 172.16.3.30 (5)修改库配置文件的权限及属主属组 [root@hong named]# chown :named 127.0.0.zone localhost.zone named.ca ning.com.zone [root@hong named]# chmod 640 127.0.0.zone localhost.zone named.ca ning.com.zone (6)检查配置文件和库文件 [root@hong named]# named-checkconf /etc/named/named.conf [root@hong named]# named-checkzone "localhost" /var/named/localhost.zone zone localhost/IN: loaded serial 2014080701 OK [root@hong named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/127.0.0.zone zone 0.0.127.in-addr.arpa/IN: loaded serial 2014080701 OK [root@hong named]# named-checkzone "ning.com" ning.com.zone zone ning.com/IN: loaded serial 2014080701 OK 4、尝试启动缓存名称服务器 [root@hong named]# named -u named -c /etc/named/nmaed.conf-------我们可以直接运行配置文件(在后台运行) [root@hong named]# named -g -u named -c /etc/named/named.conf ----- -g是运行在前台。 [root@hong named]# named -u named------直接启动也可以5、提供rndc
(1)生成并启用 [root@hong named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf------生成rndc.conf(-r 指定生成器,是为了避免熵池中没有随机数) [root@hong named]# cat /etc/named/rndc.conf 把生成的文件的下面指定的文件复制到,named.conf中并去掉注释即可。 # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "lkMCAFCZUSJ1k4mM1cmrXg=="; };options {
default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {------------------从这里到下面标记的地方 # algorithm hmac-md5; # algorithm hmac-md5; # secret "+8TPqh0+bGqDH7JVk2w3+w=="; # }; # # controls { # inet 127.0.0.1 port 953 # # };------------------------到这里你懂得,把这中间的内容复制到named.conf并去掉注释启用起来 # End of named.conf (2)修改rndc.conf文件的权限和属主,并重读named测试rndc命令 [root@hong named]#chmod 440 rndc.conf ---------修改权限 [root@hong named]#chown :named rndc.conf -----------修改属主 [root@hong named]# killall -HUP named------------重读配置文件 [root@hong named]# rndc reload-----------测试重新加载配置文件和域库信息 server reload successful [root@hong named]# rndc stautes------------测试查看状态 6、提供一个需要的域 我们上面已经添加了,域名为ning.com,,这个大家应该都懂,,呵呵,我只是在上面就添加了,, 你可以不在上面添加,,测试完缓存域名服务器后,在这里在添加测试就行了。 7、提供启动脚本: [root@hong named]# service named start-----------但是还不能用service正常启动服务 named: unrecognized service 启动脚本: #!/bin/bash # # description: named daemon # chkconfig: - 25 80 # pidFile=/usr/local/bind9/var/run/named.pid lockFile=/var/lock/subsys/named confFile=/etc/named/named.conf[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then echo "named is already running..." exit 0 fiecho -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile" RETVAL=$? echoif [ $RETVAL -eq 0 ]; then
touch $lockFile return $RETVAL else rm -f $lockFile $pidFile return 1 fi }stop() {
if [ ! -e $lockFile ]; then echo "named is stopped." # exit 0 fiecho -n "Stopping named:"
killproc named RETVAL=$? echoif [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile return 0 else echo "Cannot stop named." failure return 1 fi }restart() {
stop sleep 2 start }reload() {
echo -n "Reloading named: " killproc named -HUP #killall -HUP named RETVAL=$? echo return $RETVAL }status() {
if pidof named &> /dev/null; then echo -n "named is running..." success echo else echo -n "named is stopped..." success echo fi }usage() {
echo "Usage: named {start|stop|restart|status|reload}" }case $1 in
start) start ;; stop) stop ;; restart) restart ;; status) status ;; reload) reload ;; *) usage exit 4 ;; esac #chmod +x /etc/rc.d/init.d/named-----给脚本执行权限。 #chkconfig --add named-----添加named到启动守护chkconfig中 #chkconfig --list named-----查看状态 # chkconfig named on------------开机自动启动 #service named start------这里就可以使用了 [root@hong named]# service named restart Stopping named: [ OK ] Starting named: [ OK ]库配置还没有完善,后续会跟上