Chinaunix首页 | 论坛 | 博客
  • 博客访问: 420994
  • 博文数量: 77
  • 博客积分: 2303
  • 博客等级: 大尉
  • 技术积分: 808
  • 用 户 组: 普通用户
  • 注册时间: 2004-11-30 09:15
文章存档

2015年(1)

2013年(3)

2012年(2)

2011年(46)

2009年(4)

2008年(2)

2005年(12)

2004年(7)

我的朋友

分类: 系统运维

2011-02-25 14:58:59

1.下载
https://www.isc.org/download/software/current

2.编译安装(cc)
  1. gzcat bind-9.7.2-p3.tar.gz | tar -xvf -
  2. CC=cc;export CC
  3. ./configure --enable-threads
  4. make
  5. make install
#保留原有版本的文件
  1. cd /usr/sbin
  2. mv named named.orig
  3. mv named-checkconf named-checkconf.orig
  4. mv named-checkzone named-checkzone.orig
  5. mv rndc-confgen rndc-confgen.orig
  6. mv rndc rndc.orig
  7. mv dnssec-dsfromkey dnssec-dsfromkey.orig
  8. mv dnssec-keyfromlabel dnssec-keyfromlabel.orig
  9. mv dnssec-keygen dnssec-keygen.orig
  10. mv dnssec-signzone dnssec-signzone.orig
  11. mv dig dig.orig
#链接为新版本文件
  1. ln -s /usr/local/sbin/named named
  2. ln -s /usr/local/sbin/named-checkconf named-checkconf
  3. ln -s /usr/local/sbin/named-checkzone named-checkzone
  4. ln -s /usr/local/sbin/rndc-confgen rndc-confgen
  5. ln -s /usr/local/sbin/rndc rndc
  6. ln -s /usr/local/sbin/dnssec-dsfromkey dnssec-dsfromkey
  7. ln -s /usr/local/sbin/dnssec-keyfromlabel dnssec-keyfromlabel
  8. ln -s /usr/local/sbin/dnssec-keygen dnssec-keygen
  9. ln -s /usr/local/sbin/dnssec-revoke dnssec-revoke
  10. ln -s /usr/local/sbin/dnssec-settime dnssec-settime
  11. ln -s /usr/local/sbin/dnssec-signzone dnssec-signzone

  12. cd /usr/bin
  13. ln -s /usr/local/bin/dig dig
3.配制
  1. rndc-confgen > /etc/rndc.conf
#更新rndc.key文件 9.7.2新增,当没有rndc.conf时使用的key,详见man rndc
  1. sed -n -e '2,5p' rndc.conf > rndc.key
#从含named.conf的行一直输出到文件尾
  1. sed -n -e '$d' -e '/named.conf/,$p' rndc.conf|sed '2,$s/#\ //' > /etc/named.conf
#检查配制是否正确
  1. named -g
  2. rndc status
#主配置文件/etc/named.conf,屏蔽了360网站
cat /etc/named.conf
  1. # Use with the following in named.conf, adjusting the allow list as needed:
  2. key "rndc-key" {
  3. algorithm hmac-md5;
  4. secret "r8zCDsNz1puXz/aCYhbQwQ==";
  5. };

  6. controls {
  7. inet 127.0.0.1 port 953
  8. allow { 127.0.0.1; } keys { "rndc-key"; };
  9. };

  10. options {
  11. directory "/var/named";
  12. blackhole { 192.168.195.230; };
  13. allow-query { any ;};
  14. };

  15. logging {
  16. channel default_syslog { syslog local2; severity error; };
  17. channel audit_log {
  18. file "/var/log/named.log" versions 3 size 20m;
  19. severity info;
  20. print-time yes;
  21. print-category yes;
  22. };
  23. category default { audit_log; };
  24. category general { audit_log; };
  25. category security { audit_log; default_syslog; };
  26. category config { default_syslog; };
  27. category resolver { audit_log; };
  28. category xfer-in { audit_log; };
  29. category xfer-out { audit_log; };
  30. category notify { audit_log; };
  31. category client { audit_log; };
  32. category network { audit_log; };
  33. category update { audit_log; };
  34. category queries { audit_log; };
  35. category lame-servers { null; };
  36. };

  37. zone "." in {
  38. type hint;
  39. file "named.root";
  40. };

  41. zone "localhost" in {
  42. type master;
  43. file "localhost.zone";
  44. };

  45. zone "0.0.127.in-addr.arpa" in {
  46. type master;
  47. file "named.local";
  48. };

  49. zone "mdcwx.org" in {
  50. type master;
  51. file "mdcwx.zone";
  52. };

  53. zone "195.168.192.in-addr.arpa" in {
  54. type master;
  55. file "named.192.168.195";
  56. };

  57. zone "69.228.132.in-addr.arpa" in {
  58. type master;
  59. file "named.132.228.69";
  60. };

  61. zone "176.228.132.in-addr.arpa" in {
  62. type master;
  63. file "named.132.228.176";
  64. };

  65. zone "3.92.222.in-addr.arpa" in {
  66. type master;
  67. file "named.222.92.3";
  68. };

  69. zone "tongda2000.com" in {
  70. type master;
  71. file "tongda2000com.zone";
  72. };

  73. zone "tongda2000.net" in {
  74. type master;
  75. file "tongda2000net.zone";
  76. };

  77. zone "jsbss.net" in {
  78. type master;
  79. file "jsbss.zone";
  80. };

  81. zone "jskms.net" in {
  82. type master;
  83. file "jskms.zone";
  84. };

  85. zone "360.cn" in {
  86. type master;
  87. file "360cn.zone";
  88. };

  89. zone "360safe.com" in {
  90. type master;
  91. file "360safecom.zone";
  92. };
#数据文件
  1. mkdir /var/named
  2. cd /var/named

#named.root
ftp FTP.RS.INTERNIC.NET 下载
也可用dig直接生成named.root

-------------localhost.zone--------
  1. $TTL 86400
  2. $ORIGIN localhost.
  3. @ IN SOA @ root (
  4. 42 ; serial (d. adams)
  5. 3H ; refresh
  6. 15M ; retry
  7. 1W ; expiry
  8. 1D ) ; minimum

  9. IN NS localhost.
  10. IN A 127.0.0.1
----------------named.local-------
  1. $TTL 86400
  2. @ IN SOA localhost. root.localhost. (
  3. 2009072822 ;Serial
  4. 28800 ;Refresh
  5. 14400 ;Retry
  6. 3600000 ;Expire
  7. 86400 ;Minimum
  8. )
  9. IN NS localhost.
  10. 1 IN PTR localhost.
------------------mdcwx.zone------------
  1. $TTL 86400
  2. $ORIGIN mdcwx.org.
  3. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  4. 2009072323 ; Serial
  5. 28800 ; Refresh
  6. 14400 ; Retry
  7. 3600000 ; Expire
  8. 86400 ) ; Minimum
  9. IN NS ns.mdcwx.org.
  10. IN MX 10 ns.mdcwx.org.

  11. ;; -- default address
  12. @ IN A 192.168.195.61
  13. localhost IN A 127.0.0.1


  14. ;; -- unix servers --
  15. mdc-solsvr IN A 192.168.195.61
  16. ns IN A 192.168.195.61
  17. mdc-sz IN A 222.92.3.203
  18. ;; IN MX 0 rh71.siyongc.domain.
  19. ;; IN MX 10 lp64.dmz.domain.
  20. IN HINFO "Petium4 2.4G""solaris10"
  21. IN TXT "The dns server."

  22. ;;mdk IN A 192.168.100.24
  23. ;; IN MX 0 mdk.siyongc.domain.
  24. ;; IN MX 10 rh71.siyongc.domain.
  25. ;; IN HINFO "Petium II 266 dell""Mandrak 8.0"

  26. ;; -- Windows server
  27. mdc-svr51 IN A 192.168.195.51
  28. IN HINFO "Petium4 2.4G""Windows 2k"

  29. ;; -- cnames --
  30. www IN CNAME mdc-solsvr
  31. ftp IN CNAME mdc-solsvr
  32. mail IN CNAME mdc-solsvr
  33. virus IN CNAME mdc-svr51
  34. ws IN CNAME mdc-svr51
  35. oa IN CNAME mdc-svr51
  36. rtx IN CNAME mdc-svr51
  37. erp IN CNAME mdc-sz
-----------------named.192.168.195 ---------------
  1. $TTL 86400
  2. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  3. 2009072323 ; Serial
  4. 28800 ; Refresh
  5. 14400 ; Retry
  6. 3600000 ; Expire
  7. 86400 ) ; Minimum
  8. @ IN NS ns.mdcwx.org.
  9. @ IN NS tongda2000.com.
  10. @ IN NS tongda2000.net.

  11. 61 IN PTR
  12. 61 IN PTR ftp.mdcwx.org.
  13. 61 IN PTR mail.mdcwx.org.
  14. 51 IN PTR tongda2000.com.
  15. 51 IN PTR virus.mdcwx.org.
  16. 51 IN PTR rtx.mdcwx.org.
  17. 51 IN PTR tongda2000.com.
----------------jsbss.zone--------------------------
  1. $TTL 86400
  2. $ORIGIN jsbss.net.
  3. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  4. 2009072323 ; Serial
  5. 28800 ; Refresh
  6. 14400 ; Retry
  7. 3600000 ; Expire
  8. 86400 ) ; Minimum
  9. IN NS ns.mdcwx.org.

  10. ;; -- default address
  11. @ IN A 132.228.176.21
  12. bill IN A 132.228.176.30
  13. localhost IN A 127.0.0.1

  14. ;; -- cnames --
  15. www IN CNAME @
  16. wx.sys IN CNAME @
  17. wx.so IN CNAME @
  18. wx.rsc IN CNAME @
  19. wx.od IN CNAME @
  20. wx.crm IN CNAME @
  21. wx.sawork IN CNAME @
  22. wx.billing IN CNAME bill
-------------named.132.228.176------------------
  1. $TTL 86400
  2. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  3. 2009072323 ; Serial
  4. 28800 ; Refresh
  5. 14400 ; Retry
  6. 3600000 ; Expire
  7. 86400 ) ; Minimum
  8. @ IN NS jsbss.net.

  9. 21 IN PTR wx.sys.jsbss.net.
  10. 21 IN PTR wx.so.jsbss.net.
  11. 21 IN PTR wx.rsc.jsbss.net.
  12. 21 IN PTR wx.od.jsbss.net.
  13. 21 IN PTR wx.crm.jsbss.net.
  14. 21 IN PTR wx.sawork.jsbss.net.
  15. 30 IN PTR wx.billing.jsbss.net.
-------------named.222.92.3------------------
  1. $TTL 86400
  2. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  3. 2009072323 ; Serial
  4. 28800 ; Refresh
  5. 14400 ; Retry
  6. 3600000 ; Expire
  7. 86400 ) ; Minimum
  8. @ IN NS ns.mdcwx.org.
  9. @ IN NS tongda2000.com.
  10. @ IN NS tongda2000.net.

  11. 203 IN PTR erp.mdcwx.org
-------------named.132.228.69------------------
  1. $TTL 86400
  2. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  3. 2009072323 ; Serial
  4. 28800 ; Refresh
  5. 14400 ; Retry
  6. 3600000 ; Expire
  7. 86400 ) ; Minimum
  8. @ IN NS jskms.net.

  9. 192 IN PTR
----------------jskms.zone----------------------
  1. $TTL 86400
  2. $ORIGIN jskms.net.
  3. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  4. 2009072323 ; Serial
  5. 28800 ; Refresh
  6. 14400 ; Retry
  7. 3600000 ; Expire
  8. 86400 ) ; Minimum
  9. IN NS ns.mdcwx.org.

  10. ;; -- default address
  11. @ IN A 132.228.69.192
  12. localhost IN A 127.0.0.1

  13. ;; -- cnames --
  14. www IN CNAME @
----------------tongda2000com.zone--------------
  1. $TTL 86400
  2. $ORIGIN tongda2000.com.
  3. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  4. 2009072323 ; Serial
  5. 28800 ; Refresh
  6. 14400 ; Retry
  7. 3600000 ; Expire
  8. 86400 ) ; Minimum
  9. IN NS ns.mdcwx.org.

  10. ;; -- default address
  11. @ IN A 192.168.195.51
  12. localhost IN A 127.0.0.1

  13. ;; -- cnames --
  14. www IN CNAME @
---------------tongda2000net.zone--------------
  1. $TTL 86400
  2. $ORIGIN tongda2000.net.
  3. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  4. 2009072323 ; Serial
  5. 28800 ; Refresh
  6. 14400 ; Retry
  7. 3600000 ; Expire
  8. 86400 ) ; Minimum
  9. IN NS ns.mdcwx.org.

  10. ;; -- default address
  11. @ IN A 192.168.195.51
  12. localhost IN A 127.0.0.1

  13. ;; -- cnames --
  14. www IN CNAME @
#封360
---------------360cn.zone--------------
  1. $TTL 86400
  2. $ORIGIN 360.cn.
  3. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  4. 2009072323 ; Serial
  5. 28800 ; Refresh
  6. 14400 ; Retry
  7. 3600000 ; Expire
  8. 86400 ) ; Minimum
  9. IN NS ns.mdcwx.org.

  10. ;; -- default address
  11. @ IN A 192.168.195.51
  12. localhost IN A 127.0.0.1

  13. ;; -- cnames --
  14. agt.p IN CNAME @
  15. conf.f IN CNAME @
  16. conf2.f IN CNAME @
  17. d.conf.f IN CNAME @
  18. h.conf.f IN CNAME @
  19. h.conf2.f IN CNAME @
  20. h.qup.f IN CNAME @
  21. hao IN CNAME @
  22. pstat.p IN CNAME @
  23. q.leak IN CNAME @
  24. q.soft IN CNAME @
  25. qd.code IN CNAME @
  26. qsys.f IN CNAME @
  27. qup.f IN CNAME @
  28. qurl.f IN CNAME @
  29. s.qup.f IN CNAME @
  30. sd.p IN CNAME @
  31. sdup IN CNAME @
  32. se IN CNAME @
  33. st.p IN CNAME @
  34. stat.sd IN CNAME @
  35. tr.p IN CNAME @
  36. u.qurl.f IN CNAME @
  37. up.f IN CNAME @
  38. update.leak IN CNAME @
  39. update2.leak IN CNAME @
  40. warn.se IN CNAME @
  41. www IN CNAME @
---------------360safecom.zone--------------
  1. $TTL 86400
  2. $ORIGIN 360safe.com.
  3. @ IN SOA ns.mdcwx.org. root.mdcwx.org. (
  4. 2009072323 ; Serial
  5. 28800 ; Refresh
  6. 14400 ; Retry
  7. 3600000 ; Expire
  8. 86400 ) ; Minimum
  9. IN NS ns.mdcwx.org.

  10. ;; -- default address
  11. @ IN A 192.168.195.51
  12. localhost IN A 127.0.0.1

  13. ;; -- cnames --
  14. www IN CNAME @
  15. dl IN CNAME @
  16. boxinst IN CNAME @
  17. boxupdate IN CNAME @
  18. inst IN CNAME @
  19. seupdate IN CNAME @
  20. softm IN CNAME @
  21. softm.update IN CNAME @
  22. update IN CNAME @
  23. updatem IN CNAME @
  24. stat IN CNAME @
  25. netmon.stat IN CNAME @
  26. seapp.stat IN CNAME @

4.启动
  1. svcs -a|grep dns
  2. svcadm enable dns/server
日志/var/log/named.log

当修改named.conf和zone文件后可使用如下命令让bind重读所有配制
  1. rndc reload
如果是9.4或者9.5以后版本的bind可使用如下命令重读新zone(Reload configuration file and new zones only)
  1. rndc reconfig


阅读(2608) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~