您的位置:首页 > 其它

RHEL5.2 安装bind-9.5.1-P2

2013-07-16 15:59 387 查看
转自:blog.chinaunix.net/uid-7541208-id-2612869.html

1、安装openssl

tar -zxvf openssl-0.9.8d.tar.gz

cd openssl-0.9.8d

./config --prefix=/usr/local/openssl

make;make install

2、安装bind

groupadd -g 25 named

useradd -u 25 -g 25 -d /usr/local/named -s /sbin/nologin named

tar -zxvf bind-9.5.1-P2.tar.gz

cd bind-9.5.1-P2

./configure --prefix=/usr/local/named/ --mandir=/usr/local/share/man/ --enable-threads --with-openssl=/usr/local/openssl/

make;make install

mkdir /usr/local/named/namedb

mkdir /usr/local/named/var

touch /usr/local/named/var/dns_log

touch /usr/local/named/var/dns_warning

chown -R named:named /usr/local/named

chown -R named:named /usr/local/named/.

开始配置bind

创建 rndc.conf文件,用bind自带程序生成

cd /usr/local/named/

sbin/rndc-confgen > etc/rndc.conf

把rndc.conf 中的key信息输出到 named.conf 中

cd /etc/

tail -n 10 rndc.conf | head -n9 | sed -e s/#\ //g > ../named.conf

编辑named.conf

cat named.conf

写入以下内容:

key "rndc-key" {

algorithm hmac-md5;

secret "20GNHJDG8IpyiBpG+qUwqg==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

#允许dns forward的网段用户

acl "trusted-lan" {

127.0.0.1/8;

10.31.255.0/24;

172.17.167.0/24;

10.10.1.0/24;

};

options {

directory "/usr/local/named";

dump-file "/usr/local/named/data/cache_dump.db";

statistics-file "/usr/local/named/data/named_stats.txt";

version "";

datasize 40M;

allow-transfer {

"trusted-lan";

};

recursion yes;

allow-notify {

"trusted-lan";

};

allow-recursion {

"trusted-lan";

};

auth-nxdomain no;

forwarders {

202.96.199.133;

202.96.209.133;

};

};

logging {

channel warning {

file "/usr/local/named/var/dns_warning" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns {

file "/usr/local/named/var/dns_log" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default {

warning;

};

category queries {

general_dns;

};

};

include "cnc_acl.conf";

include "telecom_acl.conf";

view "view_cnc" {

match-clients {

CNC;

};

zone "." {

type hint;

file "named.ca";

};

include "master/cnc.def";

};

view "view_telecom" {

match-clients {

TELECOM;

};

zone "." {

type hint;

file "named.ca";

};

include "master/telecom.def";

};

view "view_any" {

match-clients {

any;

};

zone "." {

type hint;

file "named.ca";

};

include "master/any.def";

};

保存,退出。

3、安装IP地址段查询工具Ripe-dbase-client-v3:

下载软件包:

wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz
tar zxvf ripe-dbase-client-v3.tar.gz

cd whois-3.1

./configure --prefix=/usr

make;make install

4、设置配置文件

mkdir /usr/local/named/data

mkdir /usr/local/named/master

wget ftp://ftp.internic.org/domain/named.root -O /usr/local/named/named.ca

配置ACL文件

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/cnc_acl.conf

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/telecom_acl.conf

增加域名解析配置文件

设置网通解析配置文件:

vi /usr/local/named/master/cnc.def

==========cnc.def begin==========

zone "cnzqf.com"{

type master;

file "master/cnc/cnzqf.com";

#一下几句可不写

# allow-transfer { 192.168.1.100 ; };

# notify yes;

# also-notify { 192.168.1.100 ; };

};

==========cnc.def end===========

设置电信解析配置文件:

vi /usr/local/named/master/telecom.def

==========telecom.def begin==========

zone "king.com"{

zone "cnzqf.com"{

type master;

file "master/telecom/cnzqf.com";

# allow-transfer { 192.168.1.100 ; };

# notify yes;

# also-notify { 192.168.1.100 ; };

};

==========telecom.def end===========

设置网通电信以外解析配置文件:

vi /usr/local/named/master/any.def

==========any.def begin==========

zone "cnzqf.com"{

type master;

file "master/any/cnzqf.com";

# allow-transfer { 192.168.1.100 ; };

# notify yes;

# also-notify { 192.168.1.100 ; };

};

==========any.def end===========

增加域名定义文件

设置网通域名定义文件:

vi /usr/local/named/master/cnc/cnzqf.com

==========cnc/cnzqf.com begin==========

$TTL 3600

$ORIGIN cnzqf.com.

@ IN SOA ns.cnzqf.com. root.cnzqf.com. (

2007011701 ;Serial

3600 ;Refresh ( seconds )

1800 ;Retry ( seconds )

604800 ;Expire ( seconds )

3600 ;Minimum TTL for Zone ( seconds )

)

@ IN NS ns.cnzqf.com.

@ IN A 61.172.197.A

ns IN A 61.172.197.A

ns1 IN A 61.172.197.A

www IN A 202.108.13.B

mial IN A 61.135.173.C

ldap IN A 61.135.173.C

;

;end

==========cnc/cnzqf.com end===========

设置电信域名定义文件:

vi /usr/local/named/master/telecom/cnzqf.com

==========telecom/cnzqf.com begin==========

$TTL 3600

$ORIGIN cnzqf.com.

@ IN SOA ns.cnzqf.com. root.cnzqf.com. (

2007011701 ;Serial

3600 ;Refresh ( seconds )

1800 ;Retry ( seconds )

604800 ;Expire ( seconds )

3600 ;Minimum TTL for Zone ( seconds )

)

@ IN NS ns.cnzqf.com.

@ IN A 61.172.197.A

ns IN A 61.172.197.A

ns1 IN A 61.172.197.A

www IN A 124.74.202.Q

mail IN A 61.172.197.A

ldap IN A 124.74.202.P

sh IN A 61.172.197.A

* IN A 124.74.202.Q

;

;end

==========telecom/cnzqf.com end===========

设置其它区域域名定义文件:

vi /usr/local/named/master/any/cnzqf.com

==========any/cnzqf.com begin==========

$TTL 3600

$ORIGIN cnzqf.com.

@ IN SOA ns.cnzqf.com. root.cnzqf.com. (

2007011701 ;Serial

3600 ;Refresh ( seconds )

1800 ;Retry ( seconds )

60480 ;Expire ( seconds )

3600 ;Minimum TTL for Zone ( seconds )

)

@ IN NS ns.cnzqf.com.

@ IN A 61.172.197.A

ns IN A 61.172.197.A

ns1 IN A 61.172.197.A

www IN A 124.74.202.Q

mail IN A 124.74.202.Q

ldap IN A 124.74.202.Q

;

;end

==========any/cnzqf.com end===========

启动bind

/usr/local/named/sbin/named –gc /usr/local/named/named.conf &

设为开机启动:

echo "/usr/local/named/sbin/named –gc /usr/local/named/named.conf &" >> /etc/rc.local

全部安装结束,就可以开展应用的配置和测试了。

可以使用脚本启动:

[root@localhost var]# cat /etc/init.d/named

#!/bin/bash

#

# named This shell scrīpt takes care of starting and stopping

# named (BIND DNS server).

# add for chkcofnig

# chkconfig: 2345 14 87

# descrīption: named (BIND) is a Domain Name Server (DNS) \

# that is used to resolve host names to IP addresses.

# probe: true

# processname:named

#

if [ `id -u` -ne 0 ]

then

echo "ERROR:For bind to port 53,must run as root."

exit 1

fi

case "$1" in

start)

if [ -x /usr/sbin/named ]

then

/usr/sbin/named -u named -c /etc/named.conf && echo . && echo 'BIND9 server started.'

fi

;;

stop)

# kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

kill `ps -eo cmd,pid| grep /usr/sbin/named | awk '{print $5}'` && echo . && echo 'BIND9 server stopped.'

;;

restart)

echo .

echo "Restart BIND9 server"

$0 stop

sleep 10

$0 start

;;

*)

echo "$0 start | stop | restart"

;;

esac

exit 0

================================================

OVER
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航