yum -y install openssl-devel
wget ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gz
tar xvzf bind-9.9.2-P2.tar.gz
cd bind-9.9.2-P2
./configure --prefix=/usr/local/bind --enable-threads --enable-largefile --disable-openssl-version-check
make
make install
1,首先来查询根服务器的地址
/usr/local/bind/bin/dig -t NS .
[root@localhost etc]# /usr/local/bind/bin/dig -t NS .
; <<>> DiG 9.9.2-P2 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21806
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518187 IN NS e.root-servers.net.
. 518187 IN NS g.root-servers.net.
. 518187 IN NS d.root-servers.net.
. 518187 IN NS j.root-servers.net.
. 518187 IN NS f.root-servers.net.
. 518187 IN NS a.root-servers.net.
. 518187 IN NS l.root-servers.net.
. 518187 IN NS k.root-servers.net.
. 518187 IN NS c.root-servers.net.
. 518187 IN NS h.root-servers.net.
. 518187 IN NS m.root-servers.net.
. 518187 IN NS i.root-servers.net.
. 518187 IN NS b.root-servers.net.
;; Query time: 11 msec
;; SERVER: 192.168.162.2#53(192.168.162.2)
;; WHEN: Thu May 2 01:32:37 2013
;; MSG SIZE rcvd: 239
#这里只返回了互联网上13台根服务器的NS 记录,再来查询根服务器的IP记录
[root@localhost etc]# /usr/local/bind/bin/dig -t A b.root-servers.net.
; <<>> DiG 9.9.2-P2 <<>> -t A b.root-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53604
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;b.root-servers.net. IN A
;; ANSWER SECTION:
b.root-servers.net. 3577736 IN A 192.228.79.201
;; Query time: 11 msec
;; SERVER: 192.168.162.2#53(192.168.162.2)
;; WHEN: Thu May 2 01:34:09 2013
;; MSG SIZE rcvd: 63
##可以看到b.root-servers.net.的IP记录到192.228.79.201
##接下来生成根服务器的IP列表
echo 'nameserver 192.228.79.201' > /etc/resolv.conf
[root@localhost etc]# /usr/local/bind/bin/dig -t NS .
; <<>> DiG 9.9.2-P2 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31261
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 23
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS k.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 199.7.91.13
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 159 msec
;; SERVER: 192.228.79.201#53(192.228.79.201)
;; WHEN: Thu May 2 01:37:41 2013
;; MSG SIZE rcvd: 699
##看到上面的生成的列表就是互联网上的根服务器地址。现在重定向到named.ca
/usr/local/bind/bin/dig -t NS . > /usr/local/bind/var/named.ca
2,生成rndc的配置文件
/usr/local/bind/sbin/rndc-confgen > /usr/local/bind/etc/rndc.key
sed -n '15,23s/#//gp' /usr/local/bind/etc/rndc.key >> /usr/local/bind/etc/named.conf
3,修改named.conf 配置文件
vim /usr/local/bind/etc/named.conf
options {
directory "/usr/local/bind/var";
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "localhost.named";
};
zone "ooooldman.com" {
type master;
file "ooooldman.com.named" ;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.named";
};
zone "162.168.192.in-addr.arpa" {
type master;
file "192.168.162.named";
};
key "rndc-key" {
algorithm hmac-md5;
secret "hrVF+Y/sV2WyBndmDbFy2Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
vim /usr/local/bind/var/localhost.named
$TTL 86400
@ IN SOA localhost. root.localhost. (
2013050101
1800
900
7200
86400 );
IN NS @
IN A 127.0.0.1
vim /usr/local/bind/var/ooooldman.com.named
$TTL 86400
@ IN SOA ooooldman.com. admin.ooooldman.com (
2013050101
1800
900
7200
86400 );
IN NS ooooldman.com.
IN A 192.168.162.128
IN MX 10 mail.ooooldman.com.
mail A 192.168.162.128
www A 192.168.162.128
ftp CNAME www
vim /usr/local/bind/var/127.0.0.named
$TTL 86400
@ IN SOA @ root.localhost. (
2013050101
1800
90
7200
86400 );
IN NS localhost.
1 IN PTR localhost.
vim /usr/local/bind/var/192.168.162.named
$TTL 86400
@ IN SOA @ admin.ooooldman.com. (
2013050101
1800
90
7200
86400 );
IN NS ooooldman.com.
128 IN PTR ooooldman.com.
6,添加一个view 功能以test.com为示例
#如果要启动view功能,所有的zone都必须在view有定义
options {
directory "/usr/local/bind/var";
};
acl "lan1" {
192.168.162.128;
};
acl "lan2" {
192.168.162.129;
};
view "lan1" {
match-clients {"lan1";};
zone "test.com" IN {
type master;
file "lan1/test.com";
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "localhost.named";
};
zone "ooooldman.com" {
type master;
file "ooooldman.com.named" ;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.named";
};
zone "162.168.192.in-addr.arpa" {
type master;
file "192.168.162.named";
};
};
view "lan2" {
match-clients {"lan2";};
zone "test.com" IN {
type master;
file "lan2/test.com";
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "localhost.named";
};
zone "ooooldman.com" {
type master;
file "ooooldman.com.named" ;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.named";
};
zone "162.168.192.in-addr.arpa" {
type master;
file "192.168.162.named";
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "hrVF+Y/sV2WyBndmDbFy2Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
mkdir -p /usr/local/bind/var/lan{1,2}
vim /usr/local/bind/var/lan1/test.com
$TTL 86400
@ IN SOA test.com. admin.test.com. (
2013050101
1800
90
7200
86400 );
IN NS test.com.
IN A 192.168.162.128
www IN A 192.168.162.2
vim /usr/local/bind/var/lan2/test.com
$TTL 86400
@ IN SOA test.com. admin.test.com. (
2013050101
1800
90
7200
86400 );
IN NS test.com.
IN A 192.168.162.128
www IN A 192.168.162.3
#这样就可以实现简单的view功能,
当192.168.162.128 的客户端访问 为192.168.162.2
当192.168.162.129 的客户端访问 为192.168.162.3
#如果acl的地址列表多的话,可以单独写进一个文件,然后在named.conf 用include包含进
阅读(3605) | 评论(0) | 转发(0) |
