DNS的服務器的編譯安裝,及緩存名稱服務器配置
###################################廢話不多說直接上貨#############################################
###########這裏我編譯安裝的版本是bind-9.10
實驗前準備:
[root@localhost local]# yum groupinstall "server platform development" [root@localhost ~]# yum groupinstall "development tools" -y [root@localhost local]# groupadd -r -g 53 named [root@localhost local]# useradd -r -g 53 -u 53 named [root@localhost local]# id named uid=53(named) gid=53(named) groups=53(named)
[root@localhost src]# tar -xf bind-9.10.1-P1.tar.gz -C /usr/local/ [root@localhost bind-9.10.1-P1]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-chroot --enable-threads --disable-ipv6 [root@localhost bind-9.10.1-P1]#make && make install [root@localhost init.d]# vim /etc/profile.d/named.sh ############添加環境變量 1 PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH [root@localhost init.d]# . /etc/profile.d/named.sh
注意:到此爲止我們編譯的named全部處理完畢但是,此時的named是沒有配置文件的,根域的解析文件也沒有。
###################################提供man文件##############################################
1,一次性查看man文件的方式 [root@localhost man]# man -M /usr/local/bind9/share/man/ named 2,通過添加man文件的方式 [root@localhost man1]# cp * /usr/share/man/man1/ [root@localhost man3]# cp * /usr/share/man/man3/ [root@localhost man5]# cp * /usr/share/man/man5/ [root@localhost man8]# cp * /usr/share/man/man8/ 3,通過指明man的文件變量的方式 43 MANPATH /usr/man 44 MANPATH /usr/share/man 45 MANPATH /usr/local/man 46 MANPATH /usr/local/share/man 47 MANPATH /usr/X11R6/man 48 MANPATH /usr/local/bind9/share/man ###添加路徑,但是不會立即生效
[root@localhost man1]# mkdir /var/named/ #########創建跟區域解析庫目錄 [root@localhost ~]# dig -t NS . @172.16.0.1 > /var/named/named.ca ###生成根域解析文件 [root@localhost ~]# ls /var/named/ named.ca [root@localhost ~]# cd /var/named/ [root@localhost named]# ls named.ca [root@localhost named]# cat named.ca ; <<>> DiG 9.10.1-P1 <<>> -t NS . @172.16.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49896 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 473316 IN NS i.root-servers.net. . 473316 IN NS h.root-servers.net. . 473316 IN NS j.root-servers.net. . 473316 IN NS l.root-servers.net. . 473316 IN NS m.root-servers.net. . 473316 IN NS e.root-servers.net. . 473316 IN NS b.root-servers.net. . 473316 IN NS k.root-servers.net. . 473316 IN NS a.root-servers.net. . 473316 IN NS g.root-servers.net. . 473316 IN NS d.root-servers.net. . 473316 IN NS f.root-servers.net. . 473316 IN NS c.root-servers.net. ;; Query time: 2 msec ;; SERVER: 172.16.0.1#53(172.16.0.1) ;; WHEN: Wed Feb 11 03:57:36 CST 2015 ;; MSG SIZE rcvd: 239
#########################################生成本地解析文件#######################################
########################################生成緩存名稱服務器######################################
[root@localhost named]# vim /var/named/named.localhost ###正向解析文件 1 $TTL 1D 2 @ IN SOA @ rname.invalid. ( 3 0; 4 1D; 5 1H; 6 1W; 7 3H); 8 NS @ 9 A 127.0.0.1 [root@localhost named]# vim /var/named/named.loopback ###反向解析文件 1 $TTL 1D 2 @ IN SOA @ rname.invalid. ( 3 0; 4 1D; 5 1H; 6 1W; 7 3H); 8 NS localhost. 9 1 PTR localhost.
[root@localhost named]# chmod 640 * ######修改權限 [root@localhost named]# chown .named * ######注意這幾個文件要求其他用戶無權限訪問,數組必須爲named. [root@localhost named]# ll total 12 -rw-r-----. 1 root named 934 Feb 11 03:57 named.ca -rw-r-----. 1 root named 144 Feb 11 04:02 named.localhost -rw-r-----. 1 root named 127 Feb 11 04:52 named.loopback
##############################################生成配置文件###########################################
[root@localhost named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf ##生成配置文件祕鑰
[root@localhost named]# vim named.conf
[root@localhost run]# vim /etc/named/named.conf
1 options {
2 directory "/var/named/"; #########指定工作目錄
3
4 };
5 zone "." IN { #########根域解析
6 type hint;
7 file "named.ca";
8 };
9 zone "localhost" IN {
10 type master;
11 file "name.localhost";
12 allow-update {none;};
13 };
14 zone "0.0.127.in-addr.arpa" IN {
15 type master;
16 file "named.loopback";
17 allow-update {none;};
18 };
19 key "rndc-key" {
20 algorithm hmac-md5;
21 secret "Ex9+5nYWlJ/y9xcAXzTxEg==";
22 };
23
24 controls {
25 inet 127.0.0.1 port 953
26 allow { 127.0.0.1; } keys { "rndc-key"; };
27 };
28 # End of named.conf####################################檢查這兩個區域解析是否正常 #######################################
[root@localhost named]# named-checkzone "localhost" /var/named/named.localhost zone localhost/IN: loaded serial 0 OK [root@localhost man8]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback zone 0.0.127.in-addr.arpa/IN: loaded serial 0 OK
######################################以上就是生成了一個緩存緩存名稱服務器了#########################
[root@localhost named]# man -M /usr/local/bind9/share/man/ named ###一次查看man的方式
[root@localhost man]# named -u named -g ############# 前臺啓動
[root@localhost named]# ss -tnlp | grep 53
LISTEN 0 10 172.16.11.11:53 *:* users:(("named",19931,22))
LISTEN 0 10 127.0.0.1:53 *:* users:(("named",19931,21))
LISTEN 0 5 192.168.122.1:53 *:* users:(("dnsmasq",1444,6))
LISTEN 0 128 127.0.0.1:953 *:* users:(("named",19931,23))########################################提供配置腳本###########################################
[root@localhost init.d]# vim named
[root@localhost run]# vim /etc/init.d/named
1 #!/bin/bash
2 #
3 #description: named daemon
4 pidfile=/usr/local/bind9/var/run/named/named.pid ###定義pid文件位置變量,
5 lockfile=/var/lock/subsys/named ###鎖文件,用於後面判斷,程序是否在運行
6 conffile=/etc/named/named.conf ###指明配置文件位置
7 named=/usr/local/bind9/sbin/named
8 prog=named ######程序名
9
10 [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions #####調用函數
11
12 start() {
13 if [ -e $lockfile ]; then ####判斷服務在不在啓動就是判斷鎖文件在不在
14 echo "$prog is already runnig"
15 warning
16 exit 0
17 fi
18 echo "start $prog:"
19 daemon --pidfile $pidfile $named -u named -c $conffile ####啓動服務
20 retval=$?
21 echo
22 if [ $retval -eq 0 ]; then
23 touch $lockfile
24 return $retval
25 else
26 rm -f $lockfile $pidfile
27 return 1
28 fi
29 }
30 stop() { ####停止服務的函數
31 if [ ! -e $lockfile ];then
32 echo "$prog is stopped"
33 warning
34 echo
35 exit 0
36 fi
37 echo -n "stopping $prog:"
38 killproc $prog ####killproc 停掉進程
39 retval=$?
40 echo
41 if [ $retval -eq 0 ]; then
42 rm -f $lockfile $pidfile
43 return 0
44 else
45 echo "can not stop $prog"
46 return 1
47 fi
48 }
49 restart() { ###重啓的函數
50 stop
51 start
52 }
53 reload() { ###重載的函數
54 echo -n "Reload the $prog:"
55 killproc -HUP $prog
56 echo
57 return $retval
58
59 }
60 status() { ####狀態查看的函數
61 if pidof $prog &> /dev/null; then
62 echo -n "$prog id running"
63 success
64 echo
65 else
66 echo -n "$prog is stopped."
67 success
68 echo
69 fi
70 }
71 usage() { ####幫助頁面的查看
72 echo "Usage:named {start|stop|status|restart|reload}"
73 }
74
75 case $1 in ####case判斷
76 start)
77 start;;
78 stop)
79 stop;;
80 status)
81 status;;
82 restart)
83 restart;;
84 reload)
85 reload;;
86 *)
87 usage
88 exit 1;;
89 esac
[root@localhost init.d]# bash -n named ###########檢查語法
[root@localhost init.d]# chmod a+x named ###########提供執行權限################################################啓動測試##############################################
至此DNS的緩存名稱服務器和編譯安裝配置完畢!!!!!!!!!!!!!!!!!!!