1)创建用户
1 2 |
[root@bogon ~]# groupadd -g 53 -r named [root@bogon ~]# useradd -g named -r named |
2)编译安装
1 2 3 4 |
[root@bogon ~]# tar xf bind-9.9.5.tar.gz [root@bogon ~]# cd bind-9.9.5 [root@bogon ~]#./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot [root@bogon ~]# make && make install |
3)创建主配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[root@bogon ~]# vim /etc/named/named.conf options { directory "/var/named"; recursion yes; pid-file "/usr/local/bind9/var/run/named.pid"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; allow-transfer { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-transfer { none; }; }; |
4)创建区域数据文件
1 |
[root@bogon ~]# mkdir /var/named |
named.ca
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
[root@bogon ~]# vim /var/named/named.ca ; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30 B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235 I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30 K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1 L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42 M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35 ;; Query time: 147 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Mon Feb 18 13:29:18 2008 ;; MSG SIZE rcvd: 615 |
named.localhost
1 2 3 4 5 6 7 8 9 10 |
[root@bogon ~]# vim /var/named/named.localhost $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2015101101 2H 10M 7D 1D ) IN NS localhost. localhost. IN A 127.0.0.1 |
named.loopback
1 2 3 4 5 6 7 8 9 10 11 |
[root@bogon ~]# vim /var/named/named.loopback $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2014031101 2H 10M 7D 1D ) IN NS localhost. 1 IN PTR localhost. |
5)调整权限
1 2 |
[root@bogon ~]# chown root:named /etc/named/* /var/named/* [root@bogon ~]# chmod 640 /etc/named/named.conf /var/named/* |
6)添加PATH
1 2 |
[root@bogon ~]# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh [root@bogon ~]# source /etc/profile.d/named.sh |
7)安装rndc
1 2 3 |
[root@bogon ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf [root@bogon ~]# chown root:named /etc/named/rndc.conf [root@bogon ~]# chmod 640 /etc/named/rndc.conf |
把rndc.conf文件的以下部分复制到named.conf中并按指示启用
1 2 3 4 5 6 7 8 |
key "rndc-key" { algorithm hmac-md5; secret "UQUMw3h55u0BHKP+PgiiSA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; |
8)named用户测试启动
1 2 3 |
[root@bogon ~]# named -u named [root@bogon ~]# ps aux | grep ^named named 27413 0.1 1.1 143108 11256 ? Ssl 18:16 0:00 named -u named |
9)测试rndc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@bogon ~]# rndc status version: 9.9.5 CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 36 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running |
10)提供服务脚本
[root@bogon ~]# vim /etc/rc.d/init.d/named
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
#!/bin/bash # # description: named daemon # chkconfig: - 25 80 # pidFile=/usr/local/bind9/var/run/named.pid lockFile=/var/lock/subsys/named confFile=/etc/named/named.conf [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions start() { if [ -e $lockFile ]; then echo "named is already running..." exit 0 fi echo -n "Starting named:" daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile" RETVAL=$? echo if [ $RETVAL -eq 0 ]; then touch $lockFile return $RETVAL else rm -f $lockFile $pidFile return 1 fi } stop() { if [ ! -e $lockFile ]; then echo "named is stopped." # exit 0 fi echo -n "Stopping named:" killproc named RETVAL=$? echo if [ $RETVAL -eq 0 ];then rm -f $lockFile $pidFile return 0 else echo "Cannot stop named." failure return 1 fi } restart() { stop sleep 2 start } reload() { echo -n "Reloading named: " killproc named -HUP RETVAL=$? echo return $RETVAL } status() { if pidof named &> /dev/null; then echo -n "named is running..." success echo else echo -n "named is stopped..." success echo fi } usage() { echo "Usage: named {start|stop|restart|status|reload}" } case $1 in start) start ;; stop) stop ;; restart) restart ;; status) status ;; reload) reload ;; *) usage exit 4 ;; esac |
1 2 3 4 |
[root@bogon ~]# chmod a+x /etc/rc.d/init.d/namd [root@bogon ~]# chkconfig --add named [root@bogon ~]# service named start Starting named: [确定] |