创建用户
[root@bogon ~]# groupadd -g 53 -r named [root@bogon ~]# useradd -g named -r named
编译安装
[root@bogon ~]# tar xf bind-9.9.5.tar.gz [root@bogon ~]# cd bind-9.9.5 [root@bogon ~]#./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot [root@bogon ~]# make && make install
创建主配置文件
[root@bogon ~]# vim /etc/named/named.conf
options {
directory "/var/named";
recursion yes;
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
创建区域数据文件
[root@bogon ~]# mkdir /var/named named.ca [root@bogon ~]# vim /var/named/named.ca ; < <>> DiG 9.5.0b2 < <>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 34420 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30 B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235 I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30 K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1 L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42 M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35 ;; Query time: 147 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Mon Feb 18 13:29:18 2008 ;; MSG SIZE rcvd: 615 named.localhost
[root@bogon ~]# vim /var/named/named.localhost
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2015101101
2H
10M
7D
1D )
IN NS localhost.
localhost. IN A 127.0.0.1
named.loopback
[root@bogon ~]# vim /var/named/named.loopback
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2014031101
2H
10M
7D
1D )
IN NS localhost.
1 IN PTR localhost.
调整权限
[root@bogon ~]# chown root:named /etc/named/* /var/named/* [root@bogon ~]# chmod 640 /etc/named/named.conf /var/named/*
添加PATH
[root@bogon ~]# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh [root@bogon ~]# source /etc/profile.d/named.sh
安装rndc
[root@bogon ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
[root@bogon ~]# chown root:named /etc/named/rndc.conf
[root@bogon ~]# chmod 640 /etc/named/rndc.conf
把rndc.conf文件的以下部分复制到named.conf中并按指示启用
key "rndc-key" {
algorithm hmac-md5;
secret "UQUMw3h55u0BHKP+PgiiSA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
named用户测试启动
[root@bogon ~]# named -u named [root@bogon ~]# ps aux | grep ^named named 27413 0.1 1.1 143108 11256 ? Ssl 18:16 0:00 named -u named
测试rndc
[root@bogon ~]# rndc status version: 9.9.5 CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 36 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
提供服务脚本
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then
echo "named is already running..."
exit 0
fi
echo -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockFile
return $RETVAL
else
rm -f $lockFile $pidFile
return 1
fi
}
stop() {
if [ ! -e $lockFile ]; then
echo "named is stopped."
# exit 0
fi
echo -n "Stopping named:"
killproc named
RETVAL=$?
echo
if [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile
return 0
else
echo "Cannot stop named."
failure
return 1
fi
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n "Reloading named: "
killproc named -HUP
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof named &> /dev/null; then
echo -n "named is running..."
success
echo
else
echo -n "named is stopped..."
success
echo
fi
}
usage() {
echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit 4
;;
esac
[root@bogon ~]# chmod a+x /etc/rc.d/init.d/namd [root@bogon ~]# chkconfig --add named [root@bogon ~]# service named start Starting named: [确定]
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/pnotes/119274.html