创建用户
[root@bogon ~]# groupadd -g 53 -r named [root@bogon ~]# useradd -g named -r named
编译安装
[root@bogon ~]# tar xf bind-9.9.5.tar.gz [root@bogon ~]# cd bind-9.9.5 [root@bogon ~]#./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot [root@bogon ~]# make && make install
创建主配置文件
[root@bogon ~]# vim /etc/named/named.conf options { directory "/var/named"; recursion yes; pid-file "/usr/local/bind9/var/run/named.pid"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; allow-transfer { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-transfer { none; }; };
创建区域数据文件
[root@bogon ~]# mkdir /var/named named.ca [root@bogon ~]# vim /var/named/named.ca ; <><>> DiG 9.5.0b2 <><>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<><- opcode:="" query,="" status:="" noerror,="" id:="" 34420="" ;;="" flags:="" qr="" aa;="" query:="" 1,="" answer:="" 13,="" authority:="" 0,="" additional:="" 20="" ;;="" opt="" pseudosection:="" ;="" edns:="" version:="" 0,="" flags:;="" udp:="" 4096="" ;;="" question="" section:="" ;.="" in="" ns="" ;;="" answer="" section:="" .="" 518400="" in="" ns="" m.root-servers.net.="" .="" 518400="" in="" ns="" a.root-servers.net.="" .="" 518400="" in="" ns="" b.root-servers.net.="" .="" 518400="" in="" ns="" c.root-servers.net.="" .="" 518400="" in="" ns="" d.root-servers.net.="" .="" 518400="" in="" ns="" e.root-servers.net.="" .="" 518400="" in="" ns="" f.root-servers.net.="" .="" 518400="" in="" ns="" g.root-servers.net.="" .="" 518400="" in="" ns="" h.root-servers.net.="" .="" 518400="" in="" ns="" i.root-servers.net.="" .="" 518400="" in="" ns="" j.root-servers.net.="" .="" 518400="" in="" ns="" k.root-servers.net.="" .="" 518400="" in="" ns="" l.root-servers.net.="" ;;="" additional="" section:="" a.root-servers.net.="" 3600000="" in="" a="" 198.41.0.4="" a.root-servers.net.="" 3600000="" in="" aaaa="" 2001:503:ba3e::2:30="" b.root-servers.net.="" 3600000="" in="" a="" 192.228.79.201="" c.root-servers.net.="" 3600000="" in="" a="" 192.33.4.12="" d.root-servers.net.="" 3600000="" in="" a="" 128.8.10.90="" e.root-servers.net.="" 3600000="" in="" a="" 192.203.230.10="" f.root-servers.net.="" 3600000="" in="" a="" 192.5.5.241="" f.root-servers.net.="" 3600000="" in="" aaaa="" 2001:500:2f::f="" g.root-servers.net.="" 3600000="" in="" a="" 192.112.36.4="" h.root-servers.net.="" 3600000="" in="" a="" 128.63.2.53="" h.root-servers.net.="" 3600000="" in="" aaaa="" 2001:500:1::803f:235="" i.root-servers.net.="" 3600000="" in="" a="" 192.36.148.17="" j.root-servers.net.="" 3600000="" in="" a="" 192.58.128.30="" j.root-servers.net.="" 3600000="" in="" aaaa="" 2001:503:c27::2:30="" k.root-servers.net.="" 3600000="" in="" a="" 193.0.14.129="" k.root-servers.net.="" 3600000="" in="" aaaa="" 2001:7fd::1="" l.root-servers.net.="" 3600000="" in="" a="" 199.7.83.42="" m.root-servers.net.="" 3600000="" in="" a="" 202.12.27.33="" m.root-servers.net.="" 3600000="" in="" aaaa="" 2001:dc3::35="" ;;="" query="" time:="" 147="" msec="" ;;="" server:="" 198.41.0.4#53(198.41.0.4)="" ;;="" when:="" mon="" feb="" 18="" 13:29:18="" 2008="" ;;="" msg="" size="" rcvd:="" 615="" named.localhost="">->
[root@bogon ~]# vim /var/named/named.localhost $TTL 86400 @ IN SOA localhost. *****.localhost. ( 2015101101 2H 10M 7D 1D ) IN NS localhost. localhost. IN A 127.0.0.1 named.loopback
[root@bogon ~]# vim /var/named/named.loopback $TTL 86400 @ IN SOA localhost. *****.localhost. ( 2014031101 2H 10M 7D 1D ) IN NS localhost. 1 IN PTR localhost.
调整权限
[root@bogon ~]# chown root:named /etc/named/* /var/named/* [root@bogon ~]# chmod 640 /etc/named/named.conf /var/named/*
添加PATH
[root@bogon ~]# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh [root@bogon ~]# source /etc/profile.d/named.sh
安装rndc
[root@bogon ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf [root@bogon ~]# chown root:named /etc/named/rndc.conf [root@bogon ~]# chmod 640 /etc/named/rndc.conf 把rndc.conf文件的以下部分复制到named.conf中并按指示启用 key "rndc-key" { algorithm hmac-md5; secret "UQUMw3h55u0BHKP+PgiiSA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };
named用户测试启动
[root@bogon ~]# named -u named [root@bogon ~]# ps aux | grep ^named named 27413 0.1 1.1 143108 11256 ? Ssl 18:16 0:00 named -u named
测试rndc
[root@bogon ~]# rndc status version: 9.9.5 CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 36 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
提供服务脚本
#!/bin/bash # # description: named daemon # chkconfig: - 25 80 # pidFile=/usr/local/bind9/var/run/named.pid lockFile=/var/lock/subsys/named confFile=/etc/named/named.conf [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions start() { if [ -e $lockFile ]; then echo "named is already running..." exit 0 fi echo -n "Starting named:" daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile" RETVAL=$? echo if [ $RETVAL -eq 0 ]; then touch $lockFile return $RETVAL else rm -f $lockFile $pidFile return 1 fi } stop() { if [ ! -e $lockFile ]; then echo "named is stopped." # exit 0 fi echo -n "Stopping named:" killproc named RETVAL=$? echo if [ $RETVAL -eq 0 ];then rm -f $lockFile $pidFile return 0 else echo "Cannot stop named." failure return 1 fi } restart() { stop sleep 2 start } reload() { echo -n "Reloading named: " killproc named -HUP RETVAL=$? echo return $RETVAL } status() { if pidof named &> /dev/null; then echo -n "named is running..." success echo else echo -n "named is stopped..." success echo fi } usage() { echo "Usage: named {start|stop|restart|status|reload}" } case $1 in start) start ;; stop) stop ;; restart) restart ;; status) status ;; reload) reload ;; *) usage exit 4 ;; esac
[root@bogon ~]# chmod a+x /etc/rc.d/init.d/namd [root@bogon ~]# chkconfig --add named [root@bogon ~]# service named start Starting named: [确定]