昨天下午看了一篇教程,是在debin下装bind,我在RHEL AS4下测试的.
因安装后,出了点问题,就找了点资料,看了这篇不错.......
===========================
网址:http://www.bind9.net/BIND-FAQ (帮助网站)
===========================
这是我在Linux环境下bind9.2.3域名服务器的安装过程
参考了CU上一些贴子
主要测试通过的环境有RH8,RH9,RH as3,RH as3up3,Suse
1.从http://www.isc.org/products/BIND/bind9.html下载bind9的源文件。目前版本为9 .23,源文件为bind-9.2.3.tar.gz。
2.将源文件bind-9.2.3.tar.gz置于/usr/local/src目录下。
3.解压缩源文件bind-9.2.3.tar.gz
# tar -xzvf bind-9.2.3.tar.gz -C /usr/local/src
4.进入安装目录
# cd bind-9.2.3
5.配置、编译
# ./configure
# make
6.安装
# make install
7.生成的可执行文件位于/usr/local/sbin目录下。最重要的可执行文件为named和rndc。
8.创建链接
# ln -s /usr/local/sbin/rndc /usr/sbin/rndc
# ln -s /usr/local/sbin/named /usr/sbin/named
9.创建rndc.conf配置文件。
# /usr/local/sbin/rndc-confgen > /etc/rndc.conf
# cat /etc/rndc.conf
输出为:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "y9xvvfQjdWv9f/Fo7wquBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "y9xvvfQjdWv9f/Fo7wquBg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
10.创建rndc.key文件。将rndc.conf文件中注释部分拷贝生成如下文件:
# vi /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "y9xvvfQjdWv9f/Fo7wquBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
检查rndc是否正常工作:
#/usr/local/sbin/named -g
Jan 11 11:56:45.075 starting BIND 9.2.3 -g
Jan 11 11:56:45.076 using 1 CPU
Jan 11 11:56:45.079 loading configuration from '/etc/named.conf'
......
#/usr/local/sbin/rndc status
11.创建named.conf配置文件。
# vi /etc/named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "domain1.net" IN { //新加domain1.net的域
type master;
file "domain1.net.zone";
allow-update { none; };
};
zone "252.177.61.in-addr.arpa" IN { //新加域的反向解析
type master;
file "named.61.177.252";
allow-update { none; };
};
include "/etc/rndc.key";
12.创建/var/named目录
# mkdir /var/named
# cd /var/named
13.匿名登录到ftp站点FTP.RS.INTERNIC.NET,获取/domain目录下的named.root文件和named.ca文件,将该文件置于/var/named目录下。
14.创建localhost.zone文件
# vi /var/named/localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
15.创建named.local文件
# vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
16.创建domain1.net.zone文件
# vi ycmail.net.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
mail IN A 61.177.252.34
www IN CNAME mail
17.创建named.61.177.252文件
# vi named.61.177.252
$TTL 86400
@ IN SOA localhost. root.localhost. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
34 IN PTR mail.domain1.net.
18.创建启动脚本
# vi /etc/rc.d/init.d/named
#!/bin/sh
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 345 55 45
# description: named (BIND) is a Domain Name Server (DNS)
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $ = "no" ] && exit 0
[ -f /usr/sbin/named ] || exit 0
[ -f /etc/named.conf ] || exit 0
# See how we were called.
case "" in
start)
# Start daemons.
echo -n "Starting named: "
daemon named
echo
touch /var/lock/subsys/named
;;
stop)
# Stop daemons.
echo -n "Shutting down named: "
killproc named
rm -f /var/lock/subsys/named
echo
;;
status)
/usr/sbin/rndc status
exit $?
;;
restart)
stop
start
exit $?
;;
reload)
/usr/sbin/rndc reload
exit $?
;;
probe)
# named knows how to reload intelligently; we don't want linuxconf
# to offer to restart every time
/usr/sbin/rndc reload >/dev/null 2>&1 || echo start
exit 0
;;
*)
echo "Usage: named "
exit 1
esac
exit 0
19.将/etc/rc.d/init.d/named变成可执行文件。
# chmod 755 /etc/rc.d/init.d/named
20.创建启动脚本symbollink
# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc0.d/K45named
# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc1.d/K45named
# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc2.d/K45named
# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc3.d/S55named
# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc4.d/S55named
# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc5.d/S55named
# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc6.d/K45named
21.启动bind9
# /etc/rc.d/init.d/named start
停止bind9
# /etc/rc.d/init.d/named stop
查看状态
# /etc/rc.d/init.d/named status
22.检查配置文件及域文件
# /usr/local/sbin/named-checkconf
# /usr/local/sbin/named-checkzone domain1.net /var/named/domain1.net.zone
