#########################
#用Bind架设DNS服务器
#Author: 楚霏
#Date: 2009-3-11
#Env: Centos 5.2 x86_64
#########################
一. 准备工作:
环境:Centos 5.2 x86_64最小安装
所需软件:
BIND 9.6.0-P1
####################################
下载相关软件
cd /usr/local/src wget http://www.openssl.org/source/openssl-0.9.8j.tar.gz wget http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz
####################################
二、安装过程
(1)安装升级gcc等常用工具包
yum -y install wget at ntp sysstat vim-enhanced gcc gcc-c++ flex bison autoconf make automake patch *g77
(2)安装bind
tar xvf bind-9.6.0-??.tar.gz && cd bind-9.6.0-?? ./configure --sysconfdir=/etc --disable-ipv6 make make installl
(3)初步建立主配置文件/etc/named.conf,获取并保存根服务器文件,首先将自己的DNS指向ISP提供了DNS服务器地址,也可指向自己的网关
echo "nameserver 219.150.32.132" > /etc/resolv.conf #测试,也可直接拷贝下边的结果粘贴到/var/named/named.ca dig -t NS #----------------------------引用文字-开始---------------------------- ; <<>> DiG 9.6.0-P1 <<>> -t NS ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52375 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 120355 IN NS k.root-servers.net. . 120355 IN NS i.root-servers.net. . 120355 IN NS j.root-servers.net. . 120355 IN NS c.root-servers.net. . 120355 IN NS g.root-servers.net. . 120355 IN NS e.root-servers.net. . 120355 IN NS d.root-servers.net. . 120355 IN NS l.root-servers.net. . 120355 IN NS m.root-servers.net. . 120355 IN NS b.root-servers.net. . 120355 IN NS f.root-servers.net. . 120355 IN NS a.root-servers.net. . 120355 IN NS h.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 379722 IN A 198.41.0.4 a.root-servers.net. 222921 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 207038 IN A 192.228.79.201 c.root-servers.net. 207083 IN A 192.33.4.12 d.root-servers.net. 207163 IN A 128.8.10.90 e.root-servers.net. 207164 IN A 192.203.230.10 f.root-servers.net. 207014 IN A 192.5.5.241 f.root-servers.net. 235189 IN AAAA 2001:500:2f::f g.root-servers.net. 207049 IN A 192.112.36.4 h.root-servers.net. 207164 IN A 128.63.2.53 h.root-servers.net. 228944 IN AAAA 2001:500:1::803f:235 i.root-servers.net. 207042 IN A 192.36.148.17 j.root-servers.net. 379722 IN A 192.58.128.30 j.root-servers.net. 379722 IN AAAA 2001:503:c27::2:30 ;; Query time: 115 msec ;; SERVER: 219.150.32.132#53(219.150.32.132) ;; WHEN: Thu Mar 19 16:58:47 2009 ;; MSG SIZE rcvd: 500 #----------------------------引用文字-结束---------------------------- dig -t NS > /var/named/named.ca echo "nameserver 127.0.0.1" > /etc/resolv.conf cat <> /etc/named.conf #----------------------------引用文字-开始---------------------------- options { directory "/var/named/"; }; zone "." { type hint; file "named.ca"; }; EOF #----------------------------引用文字-结束----------------------------
(4)生成rndc服务器的配置文件,用以控制DNS服务器
rndc-confgen > /etc/rndc.conf tail -n 10 /etc/rndc.conf >> /etc/named.conf #备份并编辑,去掉最后10行的注释并删除最后一行 cp named.conf named.conf.bak sed -e 's/^#//' -e '$d' named.conf.bak named.conf.bak > named.conf
(5)启动bind
named
#检查是否正常启动,看最后日志是不是running,是不是已经开始监听53端口,报错没
tail -n 40 /var/log/messages #----------------------------引用文字-开始---------------------------- Mar 19 17:09:05 CentOS named[11552]: starting BIND 9.6.0-P1 Mar 19 17:09:05 CentOS named[11552]: built with '--sysconfdir=/etc' '--disable-ipv6' Mar 19 17:09:05 CentOS named[11552]: using up to 4096 sockets Mar 19 17:09:05 CentOS named[11552]: loading configuration from '/etc/named.conf' Mar 19 17:09:05 CentOS named[11552]: /etc/named.conf:17: unknown option 'End' Mar 19 17:09:05 CentOS named[11552]: /etc/named.conf:18: unexpected token near end of file Mar 19 17:09:05 CentOS named[11552]: loading configuration: unexpected token Mar 19 17:09:05 CentOS named[11552]: exiting (due to fatal error) Mar 19 17:09:50 CentOS named[11557]: starting BIND 9.6.0-P1 Mar 19 17:09:50 CentOS named[11557]: built with '--sysconfdir=/etc' '--disable-ipv6' Mar 19 17:09:50 CentOS named[11557]: using up to 4096 sockets Mar 19 17:09:50 CentOS named[11557]: loading configuration from '/etc/named.conf' Mar 19 17:09:50 CentOS named[11557]: using default UDP/IPv4 port range: [1024, 65535] Mar 19 17:09:50 CentOS named[11557]: using default UDP/IPv6 port range: [1024, 65535] Mar 19 17:09:50 CentOS named[11557]: listening on IPv4 interface lo, 127.0.0.1#53 Mar 19 17:09:50 CentOS named[11557]: listening on IPv4 interface eth0, 10.0.0.52#53 Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 0.IN-ADDR.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 127.IN-ADDR.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 254.169.IN-ADDR.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: D.F.IP6.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 8.E.F.IP6.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: 9.E.F.IP6.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: A.E.F.IP6.ARPA Mar 19 17:09:50 CentOS named[11557]: automatic empty zone: B.E.F.IP6.ARPA Mar 19 17:09:50 CentOS named[11557]: command channel listening on 127.0.0.1#953 Mar 19 17:09:50 CentOS named[11557]: running #----------------------------引用文字-结束---------------------------- netstat -tnlp | grep 53 #----------------------------引用文字-开始---------------------------- tcp 0 0 10.0.0.52:53 0.0.0.0:* LISTEN 11557/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 11557/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 11557/named #----------------------------引用文字-结束----------------------------
(6)设置成主DNS服务器
vi /etc/named.conf
#----------------------------引用文字-开始----------------------------
options {
directory "/var/named/";
};
logging {
channel dns_errors
{ file "/var/log/named/err_logs" versions 3 size 10m;
severity error;
print-category yes;
print-severity yes;
print-time yes;
};
channel dns_queries
{ file "/var/log/named/query_logs" versions 3 size 10m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { dns_errors; };
category queries { dns_queries; };
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.IN-addr.arpa" {
type master;
file "named.rev";
};
zone "chengyongxu.com" {
type master;
file "chengyongxu.com.zone";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "10.0.0.zone";
};
key "rndc-key" {
algorithm hmac-md5;
secret "8aWA/ZOI0P1EFRe24vQeFg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
EOF
#----------------------------引用文字-结束----------------------------
cat <> /var/named/named.local
#----------------------------引用文字-开始----------------------------
@ 1D IN SOA localhost. root.localhost. (
20090319
1H
15M
1W
1D )
IN NS @
IN A 127.0.0.1
EOF
#----------------------------引用文字-结束----------------------------
cat <> /var/named/named.rev
#----------------------------引用文字-开始----------------------------
@ 1D IN SOA localhost. root.localhost. (
20090319
1H
15M
1W
1D )
IN NS localhost.
1 IN PTR localhost.
EOF
#----------------------------引用文字-结束----------------------------
#建立域chengyongxu.com的正向解析文件
cat <> /var/named/chengyongxu.com.zone
#----------------------------引用文字-开始----------------------------
$TTL 1D
$ORIGIN chengyongxu.com.
@ 1D IN SOA chengyongxu.com. root.mail.chengyongxu.com. (
20090319
1H
15M
1W
1D )
IN NS ns.chengyongxu.com.
IN MX 10 mail.chengyongxu.com.
chengyongxu.com. IN A 10.0.0.52
ns IN A 10.0.0.52
mail IN A 10.0.0.52
www IN CNAME mail
ftp IN CNAME mail
EOF
#----------------------------引用文字-结束----------------------------
#建立反向解析文件
cat <> /var/named/10.0.0.zone
#----------------------------引用文字-开始----------------------------
$TTL 1D
$ORIGIN chengyongxu.com.
$TTL 1D
N SOA chengyongxu.com. root.mail.chengyongxu.com. (
20090319
1H
15M
1W
1D )
IN NS ns.chengyongxu.com.
7 IN PTR ns.chengyongxu.com.
6 IN PTR mail.chengyongxu.com.
EOF
#----------------------------引用文字-结束----------------------------
mkdir /var/log/named
touch /var/log/named/err_logs
touch /var/log/named/query_logs
(7)重启bind或重新加载配置文件
ps aux | grep named #----------------------------引用文字-开始---------------------------- root 13846 0.1 1.9 10864 4920 ? Ss 19:41 0:00 named root 13854 0.0 0.2 61128 708 pts/0 R+ 19:42 0:00 grep named #----------------------------引用文字-结束---------------------------- kill -9 13846 named
(8)测试
dig -t MX chengyongxu.com #----------------------------引用文字-开始---------------------------- ; <<>> DiG 9.6.0-P1 <<>> -t MX chengyongxu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60491 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;chengyongxu.com. IN MX ;; ANSWER SECTION: chengyongxu.com. 86400 IN MX 10 mail.chengyongxu.com. ;; AUTHORITY SECTION: chengyongxu.com. 86400 IN NS ns.chengyongxu.com. ;; ADDITIONAL SECTION: mail.chengyongxu.com. 86400 IN A 10.0.0.52 ns.chengyongxu.com. 86400 IN A 10.0.0.52 ;; Query time: 6 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Mar 19 19:32:59 2009 ;; MSG SIZE rcvd: 102 #----------------------------引用文字-结束----------------------------
#另外可以通过ping和nslookup再验证一下