- 论坛徽章:
- 0
|
BIND9安装配置
一,安装BIND
1.下载BIND
http://www.isc.org
2.编译安装
# tar zxvf bind-9.4.0.tar.gz
# cd bind-9.4.0
# ./configure sysconfdir=/etc //更多安装选项 ./configure --help
# make
# make install
二,配置BIND
A.创建需要文件
1)./etc/named.conf
# vi /etc/named.conf 推出保存即可 或 touch /etc/named.conf
2 用rndc-confgen -a 生成/etc/rndc.key后,
./etc/rndc.conf
# rndc-confgen > /etc/rndc.conf
B.创建目录 /var/named
# mkdir /var/named
C.编辑/etc/named.conf 内容如下
options {
directory "/var/named"; //表示默认的数据库文件在/var/named中 若没有需手动创建
// pid-file "/var/run/named/named.pid"; //运行的PID文件路径,用于使用其他用户启动named
};
zone "." { //创建root域
type hint;
file "named.ca";
};
zone "localhost" { //创建 localhost域
type master;
file "named.local";
};
zone "example.com" { //创建 example.com域
type master;
file "example.com.zone";
};
zone "0.0.127.in-addr.arpa"{ //localhost的反解析
type master;
file "127.0.0.zone";
};
zone "100.168.192.in-addr.arpa" { //example.com的反向解析
type master;
file "192.168.100.zone";
};
//这段文件在/etc/rndc.conf 的尾部需拷贝才能使用
# tail +13 /etc/rndc.conf >>/etc/named.conf
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "HWM3L+e7LWDZJJ/dJEzQEw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
D.在/var/named 中创建相应的数据文件 文件名由named.conf 中的file 参数制定
由named.conf可知有 named.ca, named.local, example.com.zone, 127.0.0.zone , 192.168.100.zone
1. named.ca
# dig -t NS . >/var/named/named.ca
2. named.local
#vi /var/named/named.local 加入以下内容
$TTL 1D
@ IN SOA localhost. root (
2007042801
1H
15M
1W
1D )
IN NS @
IN A 127.0.0.1
3. example.com.zone
$TTL 1D
@ IN SOA example.com. root (
2007042801
1H
15M
1W
1D )
IN NS ns.example.com.
IN MX 10 mail.example.com.
IN A 192.168.100.125
www IN A 192.168.100.125
db IN A 192.168.100.124
ns IN A 192.168.100.126
mail IN A 192.168.100.251
shop IN A 192.168.100.125
*.shop IN A 192.168.100.124
news IN CNAME www
3. 127.0.0.zone
$TTl 1D
@ IN SOA @ root.localhost. (
2007042801
1H
15M
1W
1D
)
IN NS localhost.
1 IN PTR localhost.
4. 192.168.100.zone
$TTL 1D
@ IN SOA @ root.example.com. (
2007042801
1H
15M
1W
1D )
IN NS example.com.
125 IN PTR example.com.
125 IN PTR
www.example.com
.
124 IN PTR db.example.com.
126 IN PTR ns.example.com.
251 IN PTR mail.example.com.
补充说明
a. named服务器的启动问题
1. 启动 #named //以root用户启动
#named -u named //以named用户启动,必须有这个用户而且,named.pid的属主是 named
2. 更改配置后如何重启
# rndc reload
3.测试配置是否成功,可用 host, dig ,nslookup 判断
我在执行rndc reload 的时候显示
[root@HY-DNS conf]# rndc reload
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
好像是跟 key 有关。但是我从新生成了key 也不行。
name.conf rndc.conf rndc.key 三个文件中的 secret 是不是一样呢?
rndc.key生成的,和那两个secret必须保持一到。就OK了·
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/51067/showart_1327195.html |
|