1、解析程序包
# wget http://ftp.isc.org/isc/bind9/9.7.3/bind-9.7.3.tar.gz # tar xvf bind-9.7.3.tar.gz # cd bind-9.7.3.tar.gz # ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --enable-threads --enable-epoll --disable-chroot # make # make install #但是安裝完成之後什麼都沒有,可以看一下 # ls /etc/named bind.keys #就只有一個文件 # ls /var/named ...No such file or directory #連目錄都沒有 # ls doc #看看有沒有什麼模板 arm doxygen Makefile Makefile.in misc xsl #沒有模板 # cd /usr/local/bind9 #到安裝目錄看看 # ls bin include lib sbin share var #沒有模板 # cd bin/ # ls dig host isc-config.sh nslookup nsupdate #這些命令都有 # cd ../sbin/ # ls arpaname dnssec-keygen dnssec-verify named named-journalprint ddns-confgen dnssec-revoke genrandom named-checkconf nsec3hash dnssec-dsfromkey dnssec-settime isc-hmac-fixup named-checkzone rndc dnssec-keyfromlabel dnssec-signzone lwresd named-compilezone rndc-confgen # rndc -bash: rndc: command not found #命令也不能用 # vim /etc/profile.d/bind9.conf.sh export PATH=/usr/local/bind9/bin:/usr/loacl/bind9/sbin:$PATH # . /etc/profile.d/bind9.sh # rndc #現在才能使用,但是主配置文件沒有,rndc的key也沒有,所有的都要自己手動寫
2、主配置文件/etc/named/named.conf樣例
# mkdir /var/named
# cd /etc/named/
# vim named.conf
options {
directory "/var/named";
pid-file "/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};3、生成rndc.conf
# rndc-confgen > /etc/named/rndc.conf
# cat rndc.conf
...
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "xqwTfCRuEt4N8zCYJBnN1w==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf #將上面要加入的內容加到named.conf文件中的後面
# vim named.conf #把配置文件後N行復制到named.conf,並移除註釋
key "rndc-key" {
algorithm hmac-md5;
secret "xqwTfCRuEt4N8zCYJBnN1w==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};4、在/var/named建立區域解析庫
# cd /var/named # dig -t NS . @172.19.0.6 > /var/named/named.ca # vim localhost.zone $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 2H 1H 1W 3H ) @ IN NS localhost. localhost. IN A 127.0.0.1 # cp localhost.zone named.local # vim named.local $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 2H 1H 1W 3H ) @ IN NS localhost. 1 IN PTR localhost. # useradd -r named # man -M /usr/local/bind9/share/man/ named # chown root:named ./* # chmod 640 ./* # ll # chown root:named /etc/named/* # chmod 640 /etc/named/* # named -u named -f -g -4
再開一個終端,查看本機地址是否開始監聽
# ss -tunl # rndc status #現在named已經開始工作了
5、建立服務腳本
# vim /etc/rc.d/init.d/named #每次啓動都要指定,太麻煩了,寫個腳本
#!/bin/bash
# chkconfig: 2345 70 50
# description: named
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
PidFile=/var/run/named.pid
LockFile=/var/lock/subsys/named
named=named
start() {
[ -x /usr/local/bind9/sbin/$named ] || exit 4
if [ -f $LockFile ]; then
echo -n "$named is already running..."
failure
echo
exit 5
fi
echo -n "Starting $named: "
daemon --pidfile "$PidFile" /usr/local/bind9/sbin/$named -u named -4
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $LockFile
return 0
else
rm -f $LockFile $PidFile
return 1
fi
}
stop() {
if [ ! -f $LockFile ];then
echo "$named is not started."
failure
fi
echo -n "Stopping $named: "
killproc $named
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LockFile
return 0
}
restart() {
stop
sleep 1
start
}
reload() {
echo -n "Reloading $named: "
killproc $named -HUP
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof $named > /dev/null && [ -f $PidFile ]; then
echo "$named is running..."
else
echo "$named is stopped..."
fi
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
reload)
reload ;;
status)
status ;;
*)
echo "Usage:"
exit 2;;
esac# bash -n /etc/rc.d/init.d/named # chmod +x /etc/rc.d/init.d/named # chkconfig --add named # service named start Starting named: [ OK ] # service named start Starting named: [FAILED] # service named stop Stopping named: [ OK ] # service named restart Starting named: [ OK ] Stopping named: [ OK ] # service named reload Reloading named: [ OK ] # service named status named is stopped... #出錯了這裏應該是named is running # chown -R named:named /usr/local/bind9/var/run/ #改下權限 # vim /etc/named/named.conf pid-file "/usr/local/bind9/var/run/named.pid"; #這個地方改一下 # vim /etc/rc.d/init.d/named PidFile=/usr/local/bind9/var/run/named.pid #這也改 # service named stop Stopping named: [ OK ] # service named stop Stopping named: [FAILED] # service named start Starting named: [ OK ] # service named status named is running... # service named stop Stopping named: [ OK ] # service named status named is stopped...