分类: 系统运维
2011-06-17 15:46:50
AIX 5.3上安装bind-9.7.3
2、开始安装 Bind-9.7.3:
tar zxvf bind-9.7.3.tar.gz
cd bind-9.7.3
./configure –prefix=/opt/bind-9.7.3 \
–sysconfdir=/etc \
–enable-threads \
–enable-epoll \
–with-openssl=/usr/local/openssl
make && make install
3、配置 Bind-9.7.3:
1)添加一个 named 用户:
useradd named
2)添加MANPATH路径:
vi /etc/man.config #加入如下一行
MANPATH /opt/bind/share/man
3)建立日志目录:
cd /var/named/var
mkdir log
chown named:named /var/named/var/ -R
4)生成 rndc.key:
cd /var/named/sbin
./rndc-confgen > /etc/rndc.conf
head -5 /etc/rndc.conf > /etc/rndc.key
cat /etc/rndc.key
rndc.key 即类似如下内容:
# Start of rndc.conf
key “rndc-key” {
algorithm hmac-md5;
secret “nHGcoH13qm8TpXTLwvs+eg==”;
};
5)生成 named.conf:
复制rndc.conf 中没被注释的内容到 named.conf:
tail -10 /etc/rndc.conf | head -9 |sed ’s/^# //g’ > /etc/named.conf
cat /etc/named.conf
named.conf 目前的内容类似如下:
key “rndc-key” {
algorithm hmac-md5;
secret “nHGcoH13qm8TpXTLwvs+eg==”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
};
6)建立你的 hosts 文件存放的目录,这里我们就放在/var/named/var/目录下。下载named.root:
mkdir /var/named/var/dbname/
chown named. /var/named/var/dbname
chown named. /etc/named.conf
su – named -c “cd /var/named/var/dbname; wget ftp://ftp.internic.net/domain/named.root“
7)完善 named.conf 配置文件:
配置 named.conf ,增加如下内容:
options {
directory “/var/named/var/dbname”;
datasize 512M;
statistics-file “named.stats”;
allow-transfer { 127.0.0.1; };
dump-file “named_dump.db”;
interface-interval 0;
//query-source address * port 53;
recursion yes;
allow-query-cache {none;};
//允许递归,即可做为缓存服务器
allow-recursion { localhost; localnets; 10.0.0.0/8; };//*其实设置此项即可,上面recursion yes与allow-query-cache可以不要,如果是外网服务器,建议关闭递归查询!即设置为allow-recursion{none;};//
zone-statistics yes;
version “Sun OS bind”;
listen-on-v6 { none; };
};
logging {
channel warning
{ file “/opt/bind/var/log/named.log” versions 3 size 2048k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel query
{ file “/opt/bind/var/log/query.log” versions 10 size 20480k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { query; };
};
zone “.” {
type hint;
file “/var/named/var/named.root”;
};
zone "localhost" IN
{
type master;
file "localhost.zone";
allow-update { none; };
# allow-transfer {zero-transfer;};
};
zone "0.0.127.in-addr.arpa" IN
{
type master;
file "named.local";
allow-update { none; };
# allow-transfer {zero-transfer;};
};
zone "*" IN
{
type master;
file "*";
check-names fail;
# allow-transfer {zero-transfer;};
};
zone "*" IN
{
type master;
file "*";
check-names fail;
# allow-transfer {zero-transfer;};
};
zone "*" IN
{
type master;
file "*";
check-names fail;
# allow-transfer {zero-transfer;};
};
zone "131.142.61.in-addr.arpa" IN
{
type master;
file "db.rev";
check-names fail;
# allow-transfer {zero-transfer;};
};
zone "*" IN
{
type master;
file "*";
check-names fail;
# allow-transfer {zero-transfer;};
};
zone "*" IN
{
type master;
file "*";
check-names fail;
# allow-transfer {zero-transfer;};
};
#######内网配置区域############################################
#zone "*" IN {
# type master;
# file "*";
# allow-update { none; };
# check-names fail;
# allow-transfer {zero-transfer;};
#};
#zone "200.19.in-addr.arpa" IN {
# type master;
# file "named.rev";
# allow-update { none; };
# check-names fail;
# allow-transfer {zero-transfer;};
#};
#zone "*" IN {
# type master;
# file "*";
# allow-update { none; };
# check-names fail;
# allow-transfer {zero-transfer;};
#};
key "rndc-key" {
algorithm hmac-md5;
secret "vKDv5YVLZN8w9YWWXAKnIQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
4、运行Bind
1)测试运行(-g 运行信息会打到屏幕上):
/var/named/sbin/named -u named -g
测试一下能否解析:
dig @localhost mydomain.local ns
dig @localhost
dig @localhost
2)没问题后,就可以真正启动Bind了:
/opt/bind/sbin/named -u named –c /etc/named.conf
