论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-03-31 16:08 |只看该作者 |倒序浏览

配置OpenBSD 上面的BIND服务

作者：viewtide
出处：
hqzxx.nhedu.net
联系：
viewtide@126.com
最近在OpenBSD上配置BIND用做LAN上网的DNS缓存服务器，同时负责解析几个LAN中的域名。因为BIND是OPENBSD默认安装的所以不
用再安装了，但是我配置BIND的过程还是遇到了些问题，在大家的帮助下最终都解决了。网上关于OPENBSD的文档相对其他开源OS比较少。所以就把我
的配置过程放上供大家参考。
1. 建立bind的配置文件：
# vi /var/named/etc/named.conf复制内容到剪贴板代码:acl "trust-lan" { 127.0.0.1/8; 192.168.10.0/23;};
options {
      directory "/";
      version "0.0.0";
      datasize 40M;
      allow-transfer {
      "trust-lan";};
      recursion yes;
      allow-notify {
      "trust-lan";
      };
      listen-on { any; };
      allow-recursion {
      "trust-lan";
      };
      auth-nxdomain no;
      forwarders {
      202.96.128.86;
      202.96.128.166;};
};
logging {
      channel warning
      { file "/log/dns_warnings" versions 3 size 1240k;
      severity warning;
      print-category yes;
      print-severity yes;
      print-time yes;
      };
      channel general_dns
      { file "/log/dns_logs" versions 3 size 1240k;
      severity info;
      print-category yes;
      print-severity yes;
      print-time yes;
      };
      category default { warning; };
      category queries { general_dns; };
};
zone "." {
type hint;
file "standard/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
allow-transfer { localhost; };
};
// 自己定义的一个区
zone "hqzxx.nhedu.net" {
      type master;
      file "master/hqzxx.nhedu.net";
//    masters {
//    192.168.10.2;
//    };
};
zone "10.168.192.in-addr.arpa" {
      type master;
      file "master/10.168.192.in-addr";
//    masters {
//    192.168.10.2;
//    };
};# vi /var/named/master/hqzxx.nhedu.net复制内容到剪贴板代码:$TTL 86400
$ORIGIN hqzxx.nhedu.net.
@    IN    SOA    openbsd.hqzxx.nhedu.net. root.openbsd.hqzxx.nhedu.net (
2001111601 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; default_ttl
)
      IN    NS    openbsd.hqzxx.nhedu.net.
;; -- default address -
@    IN    A    192.168.10.3
;; -- OpenBSD SerVer --
openbsd                      IN    A             192.168.10.3
IN    MX    0    openbsd.hqzxx.nhedu.net.
IN    MX    10    dns.hqzxx.nhedu.net.
IN    HINFO          "bsd 4.0".
IN    TXT          "The internet gateway".
;; --- WIN2K SerVer ---
win2k                      IN    A             192.168.10.13
IN    MX    0    win2k.hqzxx.nhedu.net.
IN    MX    10    windows.hqzxx.nhedu.net.
IN    HINFO          "windows 2000 server".
;; ------ cnames ------
dns    IN    CNAME openbsd
www    IN    CNAME openbsd
mail IN    CNAME openbsd
ftp    IN    CNAME openbsd
windows IN    CNAME win2k
win    IN    CNAME win2k# vi /var/named/master/10.168.192.in-addr复制内容到剪贴板代码:$TTL 86400
@    IN    SOA    openbsd.hqzxx.nhedu.net.    root.openbsd.hqzxx.nhedu.net. (
      2001111601    ; Serial
      28800          ; refresh
      14400          ; retry
      3600000       ; expire
      86400 )       ; minimum
@    IN    NS    openbsd.hqzxx.nhedu.net.
3    IN    PTR    dns.hqzxx.nhedu.net.
3    IN    PTR    www.hqzxx.nhedu.net.
3    IN    PTR    mail.hqzxx.nhedu.net.
3    IN    PTR    ftp.hqzxx.nhedu.net.
13    IN    PTR    win2k.hqzxx.nhedu.net.
13    IN    PTR    windows.hqzxx.nhedu.net.
13    IN    PTR    win.hqzxx.nhedu.net.2. 更新根区文件到最新：
# cd /var/named/standard
# wget
ftp://ftp.internic.org/domain/named.root
3. 创建BIND日志文件：
# cd /var/named
# mkdir log
# touch ./log/dns_warnings
# touch ./log/dns_logs
# chown –R named:named ./log
4. 生成rndc-key：
# rndc-confgen > rndc.conf
把rndc.conf中：
# Use with the following in named.conf, adjusting the allow list as needed:
后面的部分加到/var/named/etc/named.conf中并去掉注释
5. 运行BIND测试：
# /usr/sbin/named -gc /etc/named.conf &
检查BIND是否启动：
# netstat -an
6. 感觉系统自带的开机启动BIND的脚本控制BIND的开关太不方便了就自己建立个BIND启动脚本：
# vi /etc/init.d/named.sh复制内容到剪贴板代码:#!/bin/bash
# made by llzqq
# mail:llzqq@126.com
# 02/08/ 2004
# a network name service startup scripts
case "$1" in
start)
if [ -x /usr/sbin/named ]; then
/usr/sbin/named -u named -c /etc/named.conf && echo . && echo 'BIND9 server started.'
fi
;;
stop)
kill `cat /var/run/named.pid` && echo . && echo 'BIND9 server stopped.'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac# chomd 744 /etc/init.d/named.sh
# chown root:sys /etc/init.d/named.sh
同时注释掉系统的BIND自启动脚本：
# vi /etc/rc
找到BIND的相关行，然后注释掉，如下：复制内容到剪贴板代码:# $named_flags is imported from /etc/rc.conf;
# if $named_flags != NO, named is run.
#if [ "X${named_flags}" != X"NO" ]; then
#    if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
#             echo -n "rndc-confgen: generating new shared secret... "
#             if /usr/sbin/rndc-confgen -a -t /var/named >;/dev/null 2>;&1; then
#                      chmod 0640 /var/named/etc/rndc.key >;/dev/null 2>;&1
#                      echo done.
#             else
#                      echo failed.
#             fi
#    fi
#
#    echo 'starting named';       named $named_flags
#fi7. 设置开机启动BIND：
# vi /etc/rc.local
在文件的最后增加这行：
/etc/init.d/named.sh start

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/64726/showart_512852.html

文库|博客

返回列表

Chinaunix › 论坛 › 操作系统 › BSD › BSD文档中心 › 配置OpenBSD 上面的BIND服务

配置OpenBSD 上面的BIND服务 [复制链接]