安装bind9.12
1、下载最新bind软件,此次使用bind-9.12.1.tar.gz
官方网站https://www.isc.org/downloads/
2、解压至/root下
tar -zxvf bind-9.10.1-P1.tar.gz
3、进入解压后的文件夹
cd bind-9.10.1-P1
4、安装必备的openssl等插件
yum install gcc gcc-c++ openssl openssl-dev*
5、设置安装路径等参数、编译、安装
下面命令参数为:指定路径 多线程功能 大文件支持 DNSSEC支持
设置安装路径为/usr/local/named,多线程,大文件支持,DNSSEC支持
#./configure --prefix=/usr/local/named --enable-threads --enable-largefile --with-tuning=large --with-openssl创建服务专用账户named,禁止本地登陆
#useradd -d /usr/local/named -s /sbin/nologin named编译
#make安装
#make install进入安装后的配置文件夹
#cd /usr/local/named/etc生成rndc.conf文件
#/usr/local/named/sbin/rndc-confgen > rndc.conf将rndc.conf内容导入named.conf
#tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf编辑主配置文件
#vim named.conf
options {
listen-on port 53 { 127.0.0.1; };
directory "/usr/local/named/var"; //域名文件存放的绝对路径
pid-file "named.pid";
recursion yes;
allow-query { any; };
recursive-clients 30000;
query-source ...; //如果查不到要解析地址,将会查询其它域名服务器
notify-source ...; //使用本地的源地址和可选的UDP端口,用于发送NOTIFY消息
};
logging {
channel query_log { //查询日志
file "/var/log/named/query.log" versions 20 size 300m;
severity info;
print-time yes;
print-category yes;
};
channel error_log { //报错日志
file "/var/log/named/error.log" versions 3 size 10m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { query_log; };
category default { error_log; };
};
zone "." IN {
type hint;
file "named.root"; //存放在//usr/local/named/var目录
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};生成根服务器文件
#cd /usr/local/named/var
#dig @a.root-servers.net . ns > named.root创建本地域文件
#vim localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
#vim named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.创建服务起停脚本
#vi /etc/rc.d/init.d/named //服务启停脚本
#!/bin/bashnamed a network name service. # chkconfig: 345 35 75 # description: a name server if [ `id -u` -ne 0 ] then echo -e "\e[31mERROR:For bind to port 53,must run as root.\e[0m" exit 1 fi case "$1" in start) if [ -x /usr/local/named/sbin/named ]; then /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u named && echo . && echo -e 'BIND9 server \e[32mstarted\e[0m' fi ;; stop) kill `cat /usr/local/named/var/named.pid` && echo . && echo -e 'BIND9 server \e[33mstopped\e[0m' ;; restart) echo . echo "Restart BIND9 server" $0 stop sleep 1 echo -n "." && sleep 2 && echo -n "." && sleep 2 && echo -n "." && sleep 2 $0 start ;; reload) /usr/local/named/sbin/rndc reload ;; status) /usr/local/named/sbin/rndc status ;; *) echo "$0 start | stop | restart |reload |status" ;; esac更改脚本文件权限
#chmod 755 /etc/rc.d/init.d/named添加至服务控制
#chkconfig --add named为named赋权限
#chown -R named.named /usr/local/named/创建软连接
#ln -s /usr/local/named/sbin/named /sbin创建日志文件夹
#mkdir /var/log/named/日志文件夹权限修改
#chown -R named.named /var/log/named/调试模式测试是否正常启动
#named -g //调试模式启动设置开机服务自启动
#chkconfig named on && service named start
排错,参考index_404.html -g
tail -n 30 /var/log/messages
了解更多网络知识关注:http://www.vecloud.com/
