Instrument: BIND

　　

BIND 9 Documentation (isc.org)

Downloads - ISC

 https://downloads.isc.org/isc/bind9/9.16.28/BIND9.16.28.x64.zip

 

 named:

1. 查看构建信息
   

   named -V

    

2. 

    

    

named.conf

 

acl internal { 192.168.8.0/24; 127.0.0.0/8; };

options {
  directory "c:/named/etc/zones";
  allow-transfer { none; };
  recursion no;
};

view internal {
  match-clients { internal; };
  allow-recursion { internal; };

  zone "aegean.com" IN {
    type master;
    file "internal/aegean.com.zone";
    allow-transfer { none; };
  };
};

view external {
  match-clients { any; };
  
  zone "aegean.com" IN {
    type master;
    file "external/aegean.com.zone";
    allow-transfer { none; };
  };
};

key "rndc-key" {
  algorithm hmac-sha256;
  secret "K8fn06OR4vei2AJRUkfUyhwTWVbSZShp+hTNj/CrinY=";
};

controls {
  inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndc-key"; };
};

 

 

 

 

Windows:

https://clientarea.mochahost.com/knowledgebase/558?_m=knowledgebase&_a=viewarticle&kbarticleid=558

 

 

 

Compile:

 

# prerequisites

yum install centos-release-scl\*

yum install scl-utils\*

yum install devtoolset-10

scl enable devtoolset-10 bash

yum install -y libuv-devel libnghttp2-devel openssl-devel libcap-devel

# add user

groupadd --system --gid 53 named

useradd --system --no-create-home --shell /sbin/nologin --home-dir /usr/local/bind --uid 53 --gid named named

# compile

./configure --prefix=/usr/local/bind --sysconfdir=/etc/named --disable-chroot

make -j8 && make install

# post compile

cat > /etc/profile.d/named.sh <<EOF

export PATH=/usr/local/bind/sbin:/usr/local/bind/bin:$PATH

EOF

source /etc/profile.d/named.sh

mkdir /var/named/logs -pv

chown -R .named /var/named

chmod g+s /var/named

rndc-confgen > /etc/named/rndc.conf

tail -10 /etc/named/rndc.conf | head -9 | sed 's@#\ @@g' > /etc/named/named.conf

cat >> /etc/named/named.conf <<EOF

options {

  // Working directory & files

  directory "/var/named";

  dump-file "logs/cache_dump.log";

  statistics-file "logs/statistics.log";

  memstatistics-file "logs/memstatistics.log";

  recursing-file "logs/recursing.log";

 

  // listen-on port 53 { 192.168.8.1; 127.0.0.1; }; listen-on-v6 { any; };

  listen-on port 53 { any; };

  // Do not allow access to cache

  // allow-query-cache { none; };

  pid-file "/run/named.pid";

  // forwarders { 8.8.8.8; 8.8.4.4; };

  recursion yes;

  allow-recursion { any; };

  // allow-query { 127.0.0.1/32; 192.168.0.0/16; };

  allow-query { any; };

  allow-transfer { none; };

  notify yes;

  version "alimentation amalgamation";

  // max-cache-size 15m;

  recursive-clients 200;

  tcp-clients 200;

  auth-nxdomain no;  # yes, 则以权威性(authority)返回NXDOMAIN(域不存在), no, 不做权威性回答

  // dnssec

  // dnssec-validation yes | no | auto;

  // forward

  // forwarders { 8.8.8.8; 8.8.4.4; };

  // forward first | only;

};

EOF

/usr/local/bind/sbin/named -u named -c /etc/named /named.conf

echo /usr/local/bind/lib > /etc/ld.so.conf.d/named.conf

ldconfig -v

ln -svnf /usr/local/bind/include /usr/include/named