DNS的服務器的編譯安裝,及緩存名稱服務器配置
###################################廢話不多說直接上貨#############################################
###########這裏我編譯安裝的版本是bind-9.10
實驗前準備:
[root@localhost local]# yum groupinstall "server platform development" [root@localhost ~]# yum groupinstall "development tools" -y [root@localhost local]# groupadd -r -g 53 named [root@localhost local]# useradd -r -g 53 -u 53 named [root@localhost local]# id named uid=53(named) gid=53(named) groups=53(named)
[root@localhost src]# tar -xf bind-9.10.1-P1.tar.gz -C /usr/local/ [root@localhost bind-9.10.1-P1]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-chroot --enable-threads --disable-ipv6 [root@localhost bind-9.10.1-P1]#make && make install [root@localhost init.d]# vim /etc/profile.d/named.sh ############添加環境變量 1 PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH [root@localhost init.d]# . /etc/profile.d/named.sh
注意:到此爲止我們編譯的named全部處理完畢但是,此時的named是沒有配置文件的,根域的解析文件也沒有。
###################################提供man文件##############################################
1,一次性查看man文件的方式 [root@localhost man]# man -M /usr/local/bind9/share/man/ named 2,通過添加man文件的方式 [root@localhost man1]# cp * /usr/share/man/man1/ [root@localhost man3]# cp * /usr/share/man/man3/ [root@localhost man5]# cp * /usr/share/man/man5/ [root@localhost man8]# cp * /usr/share/man/man8/ 3,通過指明man的文件變量的方式 43 MANPATH /usr/man 44 MANPATH /usr/share/man 45 MANPATH /usr/local/man 46 MANPATH /usr/local/share/man 47 MANPATH /usr/X11R6/man 48 MANPATH /usr/local/bind9/share/man ###添加路徑,但是不會立即生效
[root@localhost man1]# mkdir /var/named/ #########創建跟區域解析庫目錄 [root@localhost ~]# dig -t NS . @172.16.0.1 > /var/named/named.ca ###生成根域解析文件 [root@localhost ~]# ls /var/named/ named.ca [root@localhost ~]# cd /var/named/ [root@localhost named]# ls named.ca [root@localhost named]# cat named.ca ; <<>> DiG 9.10.1-P1 <<>> -t NS . @172.16.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49896 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 473316 IN NS i.root-servers.net. . 473316 IN NS h.root-servers.net. . 473316 IN NS j.root-servers.net. . 473316 IN NS l.root-servers.net. . 473316 IN NS m.root-servers.net. . 473316 IN NS e.root-servers.net. . 473316 IN NS b.root-servers.net. . 473316 IN NS k.root-servers.net. . 473316 IN NS a.root-servers.net. . 473316 IN NS g.root-servers.net. . 473316 IN NS d.root-servers.net. . 473316 IN NS f.root-servers.net. . 473316 IN NS c.root-servers.net. ;; Query time: 2 msec ;; SERVER: 172.16.0.1#53(172.16.0.1) ;; WHEN: Wed Feb 11 03:57:36 CST 2015 ;; MSG SIZE rcvd: 239
#########################################生成本地解析文件#######################################
########################################生成緩存名稱服務器######################################
[root@localhost named]# vim /var/named/named.localhost ###正向解析文件 1 $TTL 1D 2 @ IN SOA @ rname.invalid. ( 3 0; 4 1D; 5 1H; 6 1W; 7 3H); 8 NS @ 9 A 127.0.0.1 [root@localhost named]# vim /var/named/named.loopback ###反向解析文件 1 $TTL 1D 2 @ IN SOA @ rname.invalid. ( 3 0; 4 1D; 5 1H; 6 1W; 7 3H); 8 NS localhost. 9 1 PTR localhost.
[root@localhost named]# chmod 640 * ######修改權限 [root@localhost named]# chown .named * ######注意這幾個文件要求其他用戶無權限訪問,數組必須爲named. [root@localhost named]# ll total 12 -rw-r-----. 1 root named 934 Feb 11 03:57 named.ca -rw-r-----. 1 root named 144 Feb 11 04:02 named.localhost -rw-r-----. 1 root named 127 Feb 11 04:52 named.loopback
##############################################生成配置文件###########################################
[root@localhost named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf ##生成配置文件祕鑰 [root@localhost named]# vim named.conf [root@localhost run]# vim /etc/named/named.conf 1 options { 2 directory "/var/named/"; #########指定工作目錄 3 4 }; 5 zone "." IN { #########根域解析 6 type hint; 7 file "named.ca"; 8 }; 9 zone "localhost" IN { 10 type master; 11 file "name.localhost"; 12 allow-update {none;}; 13 }; 14 zone "0.0.127.in-addr.arpa" IN { 15 type master; 16 file "named.loopback"; 17 allow-update {none;}; 18 }; 19 key "rndc-key" { 20 algorithm hmac-md5; 21 secret "Ex9+5nYWlJ/y9xcAXzTxEg=="; 22 }; 23 24 controls { 25 inet 127.0.0.1 port 953 26 allow { 127.0.0.1; } keys { "rndc-key"; }; 27 }; 28 # End of named.conf
####################################檢查這兩個區域解析是否正常 #######################################
[root@localhost named]# named-checkzone "localhost" /var/named/named.localhost zone localhost/IN: loaded serial 0 OK [root@localhost man8]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback zone 0.0.127.in-addr.arpa/IN: loaded serial 0 OK
######################################以上就是生成了一個緩存緩存名稱服務器了#########################
[root@localhost named]# man -M /usr/local/bind9/share/man/ named ###一次查看man的方式 [root@localhost man]# named -u named -g ############# 前臺啓動 [root@localhost named]# ss -tnlp | grep 53 LISTEN 0 10 172.16.11.11:53 *:* users:(("named",19931,22)) LISTEN 0 10 127.0.0.1:53 *:* users:(("named",19931,21)) LISTEN 0 5 192.168.122.1:53 *:* users:(("dnsmasq",1444,6)) LISTEN 0 128 127.0.0.1:953 *:* users:(("named",19931,23))
########################################提供配置腳本###########################################
[root@localhost init.d]# vim named [root@localhost run]# vim /etc/init.d/named 1 #!/bin/bash 2 # 3 #description: named daemon 4 pidfile=/usr/local/bind9/var/run/named/named.pid ###定義pid文件位置變量, 5 lockfile=/var/lock/subsys/named ###鎖文件,用於後面判斷,程序是否在運行 6 conffile=/etc/named/named.conf ###指明配置文件位置 7 named=/usr/local/bind9/sbin/named 8 prog=named ######程序名 9 10 [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions #####調用函數 11 12 start() { 13 if [ -e $lockfile ]; then ####判斷服務在不在啓動就是判斷鎖文件在不在 14 echo "$prog is already runnig" 15 warning 16 exit 0 17 fi 18 echo "start $prog:" 19 daemon --pidfile $pidfile $named -u named -c $conffile ####啓動服務 20 retval=$? 21 echo 22 if [ $retval -eq 0 ]; then 23 touch $lockfile 24 return $retval 25 else 26 rm -f $lockfile $pidfile 27 return 1 28 fi 29 } 30 stop() { ####停止服務的函數 31 if [ ! -e $lockfile ];then 32 echo "$prog is stopped" 33 warning 34 echo 35 exit 0 36 fi 37 echo -n "stopping $prog:" 38 killproc $prog ####killproc 停掉進程 39 retval=$? 40 echo 41 if [ $retval -eq 0 ]; then 42 rm -f $lockfile $pidfile 43 return 0 44 else 45 echo "can not stop $prog" 46 return 1 47 fi 48 } 49 restart() { ###重啓的函數 50 stop 51 start 52 } 53 reload() { ###重載的函數 54 echo -n "Reload the $prog:" 55 killproc -HUP $prog 56 echo 57 return $retval 58 59 } 60 status() { ####狀態查看的函數 61 if pidof $prog &> /dev/null; then 62 echo -n "$prog id running" 63 success 64 echo 65 else 66 echo -n "$prog is stopped." 67 success 68 echo 69 fi 70 } 71 usage() { ####幫助頁面的查看 72 echo "Usage:named {start|stop|status|restart|reload}" 73 } 74 75 case $1 in ####case判斷 76 start) 77 start;; 78 stop) 79 stop;; 80 status) 81 status;; 82 restart) 83 restart;; 84 reload) 85 reload;; 86 *) 87 usage 88 exit 1;; 89 esac [root@localhost init.d]# bash -n named ###########檢查語法 [root@localhost init.d]# chmod a+x named ###########提供執行權限
################################################啓動測試##############################################
至此DNS的緩存名稱服務器和編譯安裝配置完畢!!!!!!!!!!!!!!!!!!!