bind-9.8.0的安装和配置

以下文章转载自http://blog.csdn.net/whhgd6370/article/details/6257445

Bind版本:目前来说最新版,9.8.0

1.安装:http://www.isc.org/software/bind/980/download/下载tar安装包,并解压后放在/home/目录下

命令:tar zxvf bind-9.8.0.tar.gz

cd bind-9.4.0

./configure sysconfdir=/etc //更多安装选项configure --help(本条命令表示把bind的配置文件路径设置为/etc)

(注:这里一般由于DNSEC功能需要使用SSL协议,所以默认配置会检查openssl的配置,我这里不使用ssl了 加上--without openssl即可,即:./configure sysconfdir=/etc --without openssl)

make

make install

2.配置:

(1)首先需要建立配置文件,共有两个:./etc/named.conf和./etc/rndc.conf

命令:rndc-confgen > /etc/rndc.conf

会自动生成rndc.conf文件中的内容,我生成的rndc.conf文件的内容为:

# Start of rndc.conf

key "rndc-key" {

algorithm hmac-md5;

secret "7Tp+AIcREtlzhfR4MU9W9Q==";

};

options {

default-key "rndc-key";

default-server 127.0.0.1;

default-port 953;

};

# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

# algorithm hmac-md5;

# secret "7Tp+AIcREtlzhfR4MU9W9Q==";

# };

#

# controls {

# inet 127.0.0.1 port 953

# allow { 127.0.0.1; } keys { "rndc-key"; };

# };

# End of named.conf

然后手动建立named.conf文件,其内容为:

options {

directory "/var/named";

// pid-file "/var/run/named/named.pid"; //运行的PID文件路径,用于使用其他用户启动named

};

zone "." {

type hint;

file "named.ca";

};

zone "localhost" {

type master;

file "named.local";

};

//其实最主要的是上面的三个文件

zone "example.com"

{ //创建 example.com域

type master;

file "example.com.zone";

};

zone "0.0.127.in-addr.arpa"

{ //localhost的反解析

type master;

file "127.0.0.zone";

};

zone "100.168.192.in-addr.arpa"

{ //example.com的反向解析

type master;

file "192.168.100.zone";

};

#注:这一部分为从生成的/etc/rndc.conf 的尾部拷贝过来并去掉某些注释符号的结果

# Use with the following in named.conf, adjusting the allow list as needed:

key "rndc-key" {

algorithm hmac-md5;

secret "7Tp+AIcREtlzhfR4MU9W9Q==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

# End of named.conf

配置完成保存,在Bind目录下执行named命令,同时可用命令netstat -ntl 看看53号端口有没有开启。
(2)创建数据文件
首先创建目录 /var/named:执行命令 mkdir /var/named
在/var/named 中创建相应的数据文件,由named.conf可知有 named.ca, named.local, example.com.zone, 127.0.0.zone , 192.168.100.zone需要创建:
在Bind目录下执行命令:dig -t NS . >/var/named/named.ca 可以生成named.ca文件,不过需要打开补充内容,整体文件内容如下:
; <<>> DiG 9.8.0 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5995
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;.IN NS
;; ANSWER SECTION:
.4748 IN NS f.root-servers.net.
.4748 IN NS a.root-servers.net.
.4748 IN NS g.root-servers.net.
.4748 IN NS d.root-servers.net.
.4748 IN NS c.root-servers.net.
.4748 IN NS e.root-servers.net.
.4748 IN NS i.root-servers.net.
.4748 IN NS l.root-servers.net.
.4748 IN NS b.root-servers.net.
.4748 IN NS j.root-servers.net.
.4748 IN NS h.root-servers.net.
.4748 IN NS m.root-servers.net.
.4748 IN NS k.root-servers.net.
//注:如下是补充的内容
a.root-servers.net. 603609 IN A 198.41.0.4
a.root-servers.net. 603609 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 603609 IN A 192.228.79.201
c.root-servers.net. 603609 IN A 192.33.4.12
d.root-servers.net. 603609 IN A 128.8.10.90
e.root-servers.net. 603611 IN A 192.203.230.10
f.root-servers.net. 603611 IN A 192.5.5.241
f.root-servers.net. 603611 IN AAAA 2001:500:2f::f
g.root-servers.net. 603609 IN A 192.112.36.4
h.root-servers.net. 603611 IN A 128.63.2.53
h.root-servers.net. 603611 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 603609 IN A 192.36.148.17
j.root-servers.net. 603609 IN A 192.58.128.30
j.root-servers.net. 603609 IN AAAA 2001:503:c27::2:30
;; Query time: 197 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Mar 17 21:33:42 2011
;; MSG SIZE rcvd: 228
剩余的其他文件则需要手动新建并填充内容进去,分别如下所示:
named.local中内容:

$TTL 1D
@ IN SOA localhost. root (
2007042801
1H
15M
1W
1D )

IN NS @
IN A 127.0.0.1

example.com.zone中内容:

$TTL 1D
@ IN SOA example.com. root (
2007042801
1H
15M
1W
1D )

IN NS ns.example.com.
IN MX 10 mail.example.com.
IN A 192.168.100.125
www IN A 192.168.100.125
db IN A 192.168.100.124
ns IN A 192.168.100.126
mail IN A 192.168.100.251
shop IN A 192.168.100.125
*.shop IN A 192.168.100.124
news IN CNAME www

127.0.0.zone中内容:

$TTl 1D
@ IN SOA @ root.localhost. (
2007042801
1H
15M
1W
1D
)
IN NS localhost.
1 IN PTR localhost.
192.168.100.zone中内容:
$TTL 1D
@ IN SOA @ root.example.com. (
2007042801
1H
15M
1W
1D )
IN NS example.com.
125 IN PTR example.com.
125 IN PTR www.example.com.
124 IN PTR db.example.com.
126 IN PTR ns.example.com.
251 IN PTR mail.example.com.
好了,至此,即完成了所以的配置工作。
named服务器的启动:命令:named //以root用户启动 ,再用netstat -ntl 看看是不是有53号端口
带调试信息的启动:命令named -g
更改配置后如何重启: rndc reload
然后即可在另外一台机器上配置DNS服务地址,然后测试是否能正常解析域名了!
posted @ 2011-09-30 09:51  google4y  阅读(779)  评论(0编辑  收藏  举报
不在家,就在公司,不在公司,就在去公司的路上,無家無根,如風如萍,只有漂