1.安装
#tar zxvf bind-9.4.0rc2.tar.gz
#cd bind-9.4.0rc2
#./configure --sysconfdir=/etc --disable-ipv6
#make
#make install
2.初步建立主配置文件/etc/named.conf,并获得根服务器文件
首先让自己的DNS服务器指向上游ISP提供了DNS服务器地址(我的直接指向了自己的ADSL网关192.168.1.1)
#echo "nameserver 192.168.1.1" > /etc/resolv.conf
然后执行以下命令并查看查询结果
#dig -t NS .
如果显示为以下结果,则表示根服务器文件成功获得,一共是13台。若少于13,可将显示出的任一台的IP地址设置为本机DNS服务指向地址后,再一次查询,此时一般可以获得类同以下的显示结果。如果你没有连接Internet,可将以下内容复制粘贴为你的/var/named/named.ca。
; <<>> DiG 9.4.0rc2 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55623
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 116859 IN NS d.root-servers.net.
. 116859 IN NS e.root-servers.net.
. 116859 IN NS f.root-servers.net.
. 116859 IN NS g.root-servers.net.
. 116859 IN NS h.root-servers.net.
. 116859 IN NS i.root-servers.net.
. 116859 IN NS j.root-servers.net.
. 116859 IN NS k.root-servers.net.
. 116859 IN NS l.root-servers.net.
. 116859 IN NS m.root-servers.net.
. 116859 IN NS a.root-servers.net.
. 116859 IN NS b.root-servers.net.
. 116859 IN NS c.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 203261 IN A 198.41.0.4
b.root-servers.net. 287561 IN A 192.228.79.201
c.root-servers.net. 252409 IN A 192.33.4.12
d.root-servers.net. 233131 IN A 128.8.10.90
e.root-servers.net. 274635 IN A 192.203.230.10
f.root-servers.net. 252410 IN A 192.5.5.241
g.root-servers.net. 208201 IN A 192.112.36.4
h.root-servers.net. 208201 IN A 128.63.2.53
i.root-servers.net. 208201 IN A 192.36.148.17
j.root-servers.net. 203259 IN A 192.58.128.30
k.root-servers.net. 208201 IN A 193.0.14.129
l.root-servers.net. 274617 IN A 198.32.64.12
m.root-servers.net. 211197 IN A 202.12.27.33
;; Query time: 97 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Mar 1 01:18:20 2007
;; MSG SIZE rcvd: 436
执行以下命令,保存根服务器文件
#mkdir /var/named
#dig -t NS . > /var/named/named.ca
而后把DNS服务器指向自己
#echo "nameserver 127.0.0.1" > /etc/resolv.conf
3.初步建立/etc/named.conf文件:
#vi /etc/named.conf
输入以下内容:
options {
directory "/var/named/";
};
zone "." {
type hint;
file "named.ca";
};
4.生成rndc服务器的配置文件,用以控制DNS服务器。
#rndc-confgen > /etc/rndc.conf
将其最后10行追加到/etc/named.conf文件尾部:
#tail -10 /etc/rndc.conf >> /etc/named.conf
去掉/etc/named.conf中如下行的注释:
#key "rndc-key" {
# algorithm hmac-md5;
# secret "bmxC8qpJESWR+kAzADRCzg==";
#};
#
#controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
#};
接着执行named命令启动DNS服务
#named
来看看运行结果
#tail -20 /var/log/messages
可能类同显示为以下结果,看到最后的running字样,表示DNS已启动成功。
Mar 1 01:20:07 Client named[29341]: starting BIND 9.4.0rc2
Mar 1 01:20:07 Client named[29341]: loading configuration from '/etc/named.conf'
Mar 1 01:20:07 Client named[29341]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 1 01:20:07 Client named[29341]: listening on IPv4 interface eth0, 192.168.1.7#53
Mar 1 01:20:07 Client named[29341]: automatic empty zone: 127.IN-ADDR.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: 254.169.IN-ADDR.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: D.F.IP6.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: A.E.F.IP6.ARPA
Mar 1 01:20:07 Client named[29341]: automatic empty zone: B.E.F.IP6.ARPA
Mar 1 01:20:07 Client named[29341]: command channel listening on 127.0.0.1#953
Mar 1 01:20:07 Client named[29341]: running
查看开启的进程:
#ps -aux |grep named
root 29341 0.0 3.9 7576 4956 ? S 01:20 0:00 named
查看监听的tcp端口:
#netstat -tnlp |grep 53
tcp 0 0 192.168.1.7:53 0.0.0.0:* LISTEN 29341/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29341/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 29341/named
好了,至此,一个简单的DNS已经运行起来了,当然,中间还有着诸多不完善之处,这并不影响下面的测试。我们做个简单查询来验正一下结果
:
#host
is an alias for
is an alias for www-china.l.google.com.
www-china.l.google.com has address 66.249.89.99
#dig -t A
; <<>> DiG 9.4.0rc2 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2620
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 0
;; QUESTION SECTION:
; IN A
;; ANSWER SECTION:
604800 IN CNAME
600 IN CNAME www-china.l.google.com.
www-china.l.google.com. 180 IN A 66.249.89.99
;; AUTHORITY SECTION:
l.google.com. 86400 IN NS c.l.google.com.
l.google.com. 86400 IN NS f.l.google.com.
l.google.com. 86400 IN NS a.l.google.com.
l.google.com. 86400 IN NS b.l.google.com.
l.google.com. 86400 IN NS g.l.google.com.
l.google.com. 86400 IN NS e.l.google.com.
l.google.com. 86400 IN NS d.l.google.com.
;; Query time: 2809 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 1 01:25:26 2007
;; MSG SIZE rcvd: 204
下面的过程用以完善服务,使之成为一台可以独立运行的主DNS服务器:
前提:本机的IP为192.168.1.7,ADSL网关为192.168.1.1,设置实验域名为mydomain.org,其下有www,mail等主机。
1.完善/etc/named.conf文件,具体如下:
options {
directory "/var/named/";
version "unkown";
allow-transfer { 192.168.1.6; };
};
logging {
channel dns_errors
{ file "/var/log/named/err_logs" versions 3 size 10m;
severity error;
print-category yes;
print-severity yes;
print-time yes;
};
channel dns_queries
{ file "/var/log/named/query_logs" versions 3 size 10m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { dns_errors; };
category queries { dns_queries; };
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.IN-addr.arpa" {
type master;
file "named.rev";
};
zone "mydomain.org" {
type master;
file "mydomain.org.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};
注:logging字段为开启named独立的日志功能,如果你不打算记录日志,可将logging代码块儿去掉。请注意代码中的花括号“{}”前后的空格及每行尾的分号;"file "/var/log/named/err_logs" versions 3 size 10m"一句中version是指定允许同时存在多少个版本的该文件,比如指定3个版本(version 3),bind9会保存query.log、query.log0、query.log1和query.log2。Size是指定文件大小的上限,如果只设定了size而没有设定version的话,当文件达到指定的文件大小上限时,服务器停止写入该文件。如果设定了version的话,服务器会lotate,比如把query.log变成query.log1,query.log1变成query.log2等,然后建立一个新的query.log进行写入。"allow-transfer { 192.168.1.6; };"一句中的IP为接下来做辅助DNS服务器192.168.1.6作准备。
2.建立/var/named/named.local
@ 1D IN SOA localhost. root.localhost. (
20070301
1H
15M
1W
1D )
IN NS @
IN A 127.0.0.1
3.建立/var/named/named.rev
@ 1D IN SOA localhost. root.localhost. (
20070301
1H
15M
1W
1D )
IN NS localhost.
1 IN PTR localhost.
4.建立域mydomain.org的正向解析文件/var/named/mydomain.org.zone
$TTL 1D
$ORIGIN mydomain.org.
@ 1D IN SOA mydomain.org. root.mail.mydomain.org. (
20070301
1H
15M
1W
1D )
IN NS ns.mydomain.org.
IN MX 10 mail.mydomain.org.
mydomain.org. IN A 192.168.1.7
ns IN A 192.168.1.7
mail IN A 192.168.1.6
www IN CNAME mail
ftp IN CNAME mail
5.建立反向解析文件/var/named/192.168.1.zone
$TTL 1D
@ 1D IN SOA mydomain.org. root.mail.mydomain.org. (
20070301
1H
15M
1W
1D )
IN NS ns.mydomain.org.
7 IN PTR ns.mydomain.org.
6 IN PTR mail.mydomain.org.
注:以上文件中的A、NS、MX、SOA、CNAME、PTR表资源记录类型;文件中@字符表示这是当前原点或域。原点由 named.boot文件中相应的primary行上列出的域定义给出。此后是代码IN和SOA,它告诉named这个资源记录使用Internet(TCP/IP)编址并且是授予控制权记录。这行接下来的两项是这个域的主域名服务器的规范名字,和用点代替@的电子邮件联系人的地址。
6.创建日志所在的文件夹及文件:
#mkdir /var/log/named
#touch /var/log/named/err_logs
#touch /var/log/named/query_logs
7.启动服务
#named
8.测试:
#host
is an alias for mail.mydomain.org.
mail.mydomain.org has address 192.168.1.6
# dig -t MX mydomain.org
; <<>> DiG 9.4.0rc2 <<>> -t MX mydomain.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35260
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;mydomain.org. IN MX
;; ANSWER SECTION:
mydomain.org. 86400 IN MX 10 mail.mydomain.org.
;; AUTHORITY SECTION:
mydomain.org. 86400 IN NS ns.mydomain.org.
;; ADDITIONAL SECTION:
mail.mydomain.org. 86400 IN A 192.168.1.6
ns.mydomain.org. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 1 01:52:00 2007
;; MSG SIZE rcvd: 100
# nslookup
> mail.mydomain.org
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mail.mydomain.org
Address: 192.168.1.6
> set type=NS
> mydomain.org
Server: 127.0.0.1
Address: 127.0.0.1#53
mydomain.org nameserver = ns.mydomain.org.
>
9.查看日志记录
# tail /var/log/named/dns_queries
01-Mar-2007 01:50:51.235 queries: info: client 127.0.0.1#1027: query: IN A +
01-Mar-2007 01:50:51.237 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN AAAA +
01-Mar-2007 01:50:51.237 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN MX +
01-Mar-2007 01:52:00.360 queries: info: client 127.0.0.1#1027: query: mydomain.org IN MX +
01-Mar-2007 01:52:52.529 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN A +
01-Mar-2007 01:53:20.466 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN A +
01-Mar-2007 01:53:34.911 queries: info: client 127.0.0.1#1027: query: mydomain.org IN NS +
来自
阅读(1149) | 评论(0) | 转发(0) |