1、解析程序包
# wget http://ftp.isc.org/isc/bind9/9.7.3/bind-9.7.3.tar.gz # tar xvf bind-9.7.3.tar.gz # cd bind-9.7.3.tar.gz # ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --enable-threads --enable-epoll --disable-chroot # make # make install #但是安装完成之后什么都没有,可以看一下 # ls /etc/named bind.keys #就只有一个文件 # ls /var/named ...No such file or directory #连目录都没有 # ls doc #看看有没有什么模板 arm doxygen Makefile Makefile.in misc xsl #没有模板 # cd /usr/local/bind9 #到安装目录看看 # ls bin include lib sbin share var #没有模板 # cd bin/ # ls dig host isc-config.sh nslookup nsupdate #这些命令都有 # cd ../sbin/ # ls arpaname dnssec-keygen dnssec-verify named named-journalprint ddns-confgen dnssec-revoke genrandom named-checkconf nsec3hash dnssec-dsfromkey dnssec-settime isc-hmac-fixup named-checkzone rndc dnssec-keyfromlabel dnssec-signzone lwresd named-compilezone rndc-confgen # rndc -bash: rndc: command not found #命令也不能用 # vim /etc/profile.d/bind9.conf.sh export PATH=/usr/local/bind9/bin:/usr/loacl/bind9/sbin:$PATH # . /etc/profile.d/bind9.sh # rndc #现在才能使用,但是主配置文件没有,rndc的key也没有,所有的都要自己手动写
2、主配置文件/etc/named/named.conf样例
# mkdir /var/named
# cd /etc/named/
# vim named.conf
options {
directory "/var/named";
pid-file "/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};3、生成rndc.conf
# rndc-confgen > /etc/named/rndc.conf
# cat rndc.conf
...
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "xqwTfCRuEt4N8zCYJBnN1w==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf #将上面要加入的内容加到named.conf文件中的后面
# vim named.conf #把配置文件后N行复制到named.conf,并移除注释
key "rndc-key" {
algorithm hmac-md5;
secret "xqwTfCRuEt4N8zCYJBnN1w==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};4、在/var/named建立区域解析库
# cd /var/named # dig -t NS . @172.19.0.6 > /var/named/named.ca # vim localhost.zone $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 2H 1H 1W 3H ) @ IN NS localhost. localhost. IN A 127.0.0.1 # cp localhost.zone named.local # vim named.local $TTL 1D @ IN SOA localhost. admin.localhost. ( 0 2H 1H 1W 3H ) @ IN NS localhost. 1 IN PTR localhost. # useradd -r named # man -M /usr/local/bind9/share/man/ named # chown root:named ./* # chmod 640 ./* # ll # chown root:named /etc/named/* # chmod 640 /etc/named/* # named -u named -f -g -4
再开一个终端,查看本机地址是否开始监听
# ss -tunl # rndc status #现在named已经开始工作了
5、建立服务脚本
# vim /etc/rc.d/init.d/named #每次启动都要指定,太麻烦了,写个脚本
#!/bin/bash
# chkconfig: 2345 70 50
# description: named
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
PidFile=/var/run/named.pid
LockFile=/var/lock/subsys/named
named=named
start() {
[ -x /usr/local/bind9/sbin/$named ] || exit 4
if [ -f $LockFile ]; then
echo -n "$named is already running..."
failure
echo
exit 5
fi
echo -n "Starting $named: "
daemon --pidfile "$PidFile" /usr/local/bind9/sbin/$named -u named -4
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $LockFile
return 0
else
rm -f $LockFile $PidFile
return 1
fi
}
stop() {
if [ ! -f $LockFile ];then
echo "$named is not started."
failure
fi
echo -n "Stopping $named: "
killproc $named
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LockFile
return 0
}
restart() {
stop
sleep 1
start
}
reload() {
echo -n "Reloading $named: "
killproc $named -HUP
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof $named > /dev/null && [ -f $PidFile ]; then
echo "$named is running..."
else
echo "$named is stopped..."
fi
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
reload)
reload ;;
status)
status ;;
*)
echo "Usage:"
exit 2;;
esac# bash -n /etc/rc.d/init.d/named # chmod +x /etc/rc.d/init.d/named # chkconfig --add named # service named start Starting named: [ OK ] # service named start Starting named: [FAILED] # service named stop Stopping named: [ OK ] # service named restart Starting named: [ OK ] Stopping named: [ OK ] # service named reload Reloading named: [ OK ] # service named status named is stopped... #出错了这里应该是named is running # chown -R named:named /usr/local/bind9/var/run/ #改下权限 # vim /etc/named/named.conf pid-file "/usr/local/bind9/var/run/named.pid"; #这个地方改一下 # vim /etc/rc.d/init.d/named PidFile=/usr/local/bind9/var/run/named.pid #这也改 # service named stop Stopping named: [ OK ] # service named stop Stopping named: [FAILED] # service named start Starting named: [ OK ] # service named status named is running... # service named stop Stopping named: [ OK ] # service named status named is stopped...
本文出自 “三哥” 博客,请务必保留此出处http://523958392.blog.51cto.com/9871195/1625849
原文:http://523958392.blog.51cto.com/9871195/1625849