实现有价值的IT服务
全部博文(709)
分类: LINUX
2005-12-02 19:10:23
bind-9.3.1 + mysql-4.1.9 + web管理详细配置全过程
作者:修理工
本人在AS3.0 RH9.0 下安装没问题
需要的软件包如下:
mysql-4.1.9.tar.gz
bind-9.3.1.tar.gz
mysql-bind-0-1.tgz
httpd-2.0.54.tar.gz
php-4.3.11.tar.gz
1. 安装mysql-4.1.9.tar.gz
cd /root
tar xfz mysql-4.1.9.tar.gz 解压缩
cd mysql-4.1.9
./configure --prefix=/usr/local/mysql --with-charset=gbk 配置安装到/usr/local/mysql支持中文gbk
make 编译时间比较长看你机器的配置高低了,大概12分钟左右。
make install
groupadd mysql 建立mysql组
useradd mysql -g mysql 建立mysql用户并且加入到mysql组中
./scripts/mysql_install_db --user=mysql 初始化表并且规定用mysql用户来访问初始化表以后就开始给mysql和root用户设定访问权
cd /usr/local/mysql
chown -R root . 设定root能访问/usr/local/mysql
chown -R mysql var 设定mysql用户能访问/usr/local/mysql/var ,里面存的是mysql的数据库文件
chown -R mysql var/. 设定mysql用户能访问/usr/local/mysql/var下的所有文件
chown -R mysql var/mysql/. 设定mysql用户能访问/usr/local/mysql/var/mysql下的所有文件
chgrp -R mysql . 设定mysql组能够访问/usr/local/mysql
/usr/local/mysql/bin/mysqld_safe --user=mysql & 运行mysql[1]
12814
以上提示表示mysql运行正常。
/usr/local/mysql/bin/mysqladmin -uroot password ***** 修改mysql密码默认为空密码
----------------------------------------------------------------------------------mysql安装全部完成
2.安装apache
cd /root
tar xfz httpd-2.0.54.tar.gz 解压缩
cd httpd-2.0.54
./configure --prefix=/usr/local/httpd --enable-module=most --enable-shared=max 配置apache
make
make install
/usr/local/httpd/bin/httpd -l 察看编译进apache的模块
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
mod_env.c
mod_setenvif.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
[root@linux httpd-2.0.54]#以上提示表示apache支持dso方式了。这样就可以用dso的方式把php的模块加进来。
--------------------------------------------------------------------------------apache安装完成
3. 安装php
cd /root
tar xfz php-4.3.11.tar.gz
cd php-4.3.11
./configure --with-mysql=/usr/local/mysql --with-apxs2=/usr/local/httpd/bin/apxs 配置指定安装的apache和mysql的路径
make
make install
cp php.ini-dist /usr/local/lib/php.ini 将php.ini-dist复制到/usr/local/lib/,并重命名为php.ini
为了让Apache能够直接解析php,我们还要进行一些配置.
vi /usr/local/httpd/conf/httpd.conf
在httpd.conf文件中,添加
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
应该将以上两句添加在其他AddType之后。
确保文件中有以下一句话,没有就自己添加在所有LoadModule之后。
LoadModule php4_module modules/libphp4.so
好了,在vi中使用":wq"保存httpd.conf文件,退出vi。启动apache server:
/usr/local/httpd/bin/apachectl start
------------------------------------------------------------------------php安装配置完成
4.安装bind
tar xfzv bind-9.3.1.tar.gz
tar xfzv mysql-bind-0-1.tgz
cp mysql-bind-0.1/mysqldb.c bind-9.3.1/bin/named
cp mysql-bind-0.1/mysqldb.h bind-9.3.1/bin/named/include
cd bind-9.3.1
vi bin/named/Makefile.in
将
DBDRIVER_OBJS =
DBDRIVER_SRCS =
DBDRIVER_INCLUDES =
DBDRIVER_LIBS =
如下配置
DBDRIVER_OBJS = @
DBDRIVER_SRCS = mysqldb.c
DBDRIVER_INCLUDES = -I'/usr/local/mysql/include/mysql'
DBDRIVER_LIBS = -L'/usr/local/mysql/lib/mysql' -lmysqlclient -lz -lcrypt -lnsl -lm -lc -lnss_files -lnss_dns -lresolv -lc -lnss_files -lnss_dns -lresolv
修改main.c文件
vi bin/named/main.c
找到/*
* Add calls to register sdb drivers here.
*/
/* xxdb_init(); */
添加 mysqldb_init();
找到
/*
* Add calls to unregister sdb drivers here.
*/
/* xxdb_clear(); */
添加 mysqldb_clear();
./configure --prefix=/usr/local/named --enable-threads #--enable-threads开启多线程处理能力
make
make install
cd /usr/local/named
mkdir etc 建立etc目录
sbin/rndc-confgen >; etc/rndc.conf 生成rndc控制命令的key文件
cd etc
tail -10 rndc.conf | head -9 | sed s/# //g >; named.conf 从rndc.conf文件中提取named.conf用的key
自动在/usr/local/named/etc 生成named,conf文件
建立localhost.zone文件
vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
建立named.local文件
vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
dig命令直接生成named.root文件
dig >; named.root
配置 named.conf
增加如下内容:
controls {
inet 127.0.0.1 port 953
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 9.31 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
24,9
};
//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "mydomain.com" {
type master;
database "mysqldb dnsdb mydomain localhost root passwd"; 配置你的数据库名,表名,MYSQL主机,MYSQL用户,MYSQL密码
};
zone "19.202.220.in-addr.arpa" {
type master;
database "mysqldb dnsdb ptr localhost root passwd"; 配置你的数据库名,表名,MYSQL主机,MYSQL用户,MYSQL密码
};
--------------------------------------------------------------------------------BIND安装完成
5. 我是用MYSQLADMIN来建立数据库的和倒数据的,APACHE下安装MYSQLADMIN我这里就不详细讲了。
到我的站点 下载解压缩到APACHE可访问的目录下就OK了
参照mysql-bind-0-1目录下的README建立数据库dnsdb
正向解析数据库mydomain表结构
CREATE TABLE mydomain (
name varchar(255) default NULL,
ttl int(11) default NULL,
rdtype varchar(255) default NULL,
rdata varchar(255) default NULL
) TYPE=MyISAM;
以下是正向解析示范可以直接倒入
INSERT INTO mydomain VALUES ('mydomain.com', 259200, 'SOA', 'mydomain.com. . 200309181 28800 7200 86400 28800');
INSERT INTO mydomain VALUES ('mydomain.com', 259200, 'NS', 'ns0.mydomain.com.');
INSERT INTO mydomain VALUES ('mydomain.com', 259200, 'NS', 'ns1.mydomain.com.');
INSERT INTO mydomain VALUES ('mydomain.com', 259200, 'MX', '10 mail.mydomain.com.');
INSERT INTO mydomain VALUES ('w0.mydomain.com', 259200, 'A', '192.168.1.1');
INSERT INTO mydomain VALUES ('w1.mydomain.com', 259200, 'A', '192.168.1.2');
INSERT INTO mydomain VALUES ('mydomain.com', 259200, 'Cname', 'w0.mydomain.com.');
INSERT INTO mydomain VALUES ('mail.mydomain.com', 259200, 'Cname', 'w0.mydomain.com.');
INSERT INTO mydomain VALUES ('ns0.mydomain.com', 259200, 'Cname', 'w0.mydomain.com.');
INSERT INTO mydomain VALUES ('ns1.mydomain.com', 259200, 'Cname', 'w1.mydomain.com.');
INSERT INTO mydomain VALUES ('', 259200, 'Cname', 'w0.mydomain.com.');
INSERT INTO mydomain VALUES ('ftp.mydomain.com', 259200, 'Cname', 'w0.mydomain.com.');
反向解析数据库ptr表结构
CREATE TABLE ptr (
name varchar(255) default NULL,
ttl int(11) default NULL,
rdtype varchar(255) default NULL,
rdata varchar(255) default NULL
) TYPE=MyISAM;
以下是反向解析示范可以直接倒入
INSERT INTO `ptr` VALUES ('19.202.220.in-addr.arpa', 17600, 'SOA', 'mydomain.com. . 200309181 28800 7200 86400 28800');
INSERT INTO `ptr` VALUES ('19.202.220.in-addr.arpa', 17600, 'NS', 'ns0.mydomain.com.');
INSERT INTO `ptr` VALUES ('19.202.220.in-addr.arpa', 17600, 'NS', 'ns1.mydomain.com.');
INSERT INTO `ptr` VALUES ('82.19.202.220.in-addr.arpa', 17600, 'PTR', 'mail.mydomain.');
--------------------------------------------------------------------------------数据库建立完成
6. 启动你的BIND 测试BIND是否能正常工作
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf &
然后在你WINDOWS机器上将这个配置了BIND的IP设置为DNS然后运行nslookup测试
如果出现证明反向解析正常
Default Server: mail.mydomain
Address: 220.202.19.2
>;
如果PING w0.mydomain.com
解析地址为192.168.1.1 证明正向工作正常
7.结束语
BIND + MYSQL 在增加A记录 MX记录 PTR记录都不需要从新启动BIND,每增加一个正向的解析域名都必须在named.conf正增加如下内容
zone "youname.com" {
type master;
database "mysqldb dnsdb mydomain localhost root passwd"; 配置你的数据库名,表名,MYSQL主机,MYSQL用户,MYSQL密码
};
bind + mysql 配置就写到这里了,有错误之处请大家指正。余下的时间就是用PHP写WEB脚本。
Bind的安装
1. BIND安装
1.1. 下载
最著名的 DNS(The Internet Domain Name System) 服务器——BIND(The Berkeley Internet Name Domain)。
下载 ISC BIND ...
下载 Bind 9 Administrator Reference Manual ...
1.2. 安装
安装
$ ./configure --prefix=/usr/local/bind
$ make depend
$ make
$ make install
创建链接
$ mkdir -p /usr/local/bind/var/run
$ mkdir -p /usr/local/bind/var/named
$ mkdir -p /usr/local/bind/etc
$ touch /usr/local/bind/etc/named.conf
$ touch /usr/local/bind/etc/rndc.conf
$ ln -sf /usr/local/bind/etc/named.conf /etc/named.conf
$ ln -sf /usr/local/bind/etc/rndc.conf /etc/rndc.conf
$ ln -sf /usr/local/bind/var/named /var/named
$ ln -sf /usr/local/bind/sbin/rndc /usr/sbin/rndc
$ ln -sf /usr/local/bind/sbin/named /usr/sbin/named
1.3. 配置 DNS
1.3.1. BIND 的配置
1. 创建密钥
$
$ sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST worldhello. (Kworldhello.+157+40251)
2.
3. 为 BIND 提供了一种安全机制——TSIG(Transaction SIGnatures ),使用共享密钥进行安全的DNS通知、更新。
4. 生成的密钥文件 K*****.key, K*****.private。其中*.private文件包含的 Key: ******* 即为共享密钥。
5. 创建配置文件:etc/rndc.conf
rndc: 远程域名服务控制器(The remote name daemon control:rndc)。是管理员用来控制域名服务器的应用程序,用于动态加载、停止、配置 DNS服务。它需要的配置文件为 /etc/rndc.conf:
key worldhello. {
algorithm "hmac-md5";
secret "nvNpPbfDZixmFzqSUVJn6w==";
};
options {
default-server localhost;
default-key worldhello. ;
};
server localhost {
key worldhello. ;
};
共享密钥。用于和受控DNS服务器之间完成认证。
管理的DNS主机名称。本例为管理本机。
6. 创建配置文件:etc/named.conf
named.conf 是域名服务器的主配置文件。zone 是配置文件中的最重要的组成部分,描述了一个授权域名下的域名解析信息。一个复杂的配置例子如下:
key worldhello. {
algorithm "hmac-md5";
secret "nvNpPbfDZixmFzqSUVJn6w==";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { worldhello.; };
};
acl bogus-nets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8;};
acl our-inner-nets { 127.0.0.1/32; 10.0.0.0/8; };
acl our-outer-nets { 192.168.0.0/16; };
acl transfer-inner-ips { 10.0.0.2; };
acl transfer-outer-ips { 192.168.0.2; };
options {
version "$Id, worldhello.net";
directory "/var/named";
allow-query { any; };
allow-recursion { our-inner-nets; our-outer-nets; };
blackhole { bogus-nets; };
notify yes;
recursion yes;
forward first;
forwarders{
202.106.0.20;
};
listen-on-v6 { none; };
auth-nxdomain no;
};
view "internal" {
match-clients { our-inner-nets; };
recursion yes;
zone "0.0.127.in-addr.arpa"{
type master;
file "named.local";
notify no;
};
zone "0.0.10.in-addr.arpa"{
type master;
file "named.10.0.0";
notify yes;
allow-transfer{ transfer-inner-ips; };
};
zone "worldhello.net"{
type master;
file "named.inner.worldhello.net";
allow-query { any; };
allow-transfer{ transfer-inner-ips; };
notify yes;
};
};
view "external" {
match-clients { any; };
recursion no;
zone "0.0.127.in-addr.arpa"{
type master;
file "named.local";
notify no;
};
zone "0.0.10.in-addr.arpa"{
type master;
file "named.10.0.0";
notify yes;
allow-transfer{ transfer-inner-ips; };
};
zone "worldhello.net"{
type master;
file "named.outer.worldhello.net";
allow-query { any; };
allow-transfer{ transfer-outer-ips; };
notify yes;
};
};
共享密钥。只有和改共享密钥匹配的主机,方能管理 DNS 服务器。
非法的网络地址。对于非法地址,拒绝提供服务。
内部网络地址范围。
私有的外部网络地址范围。(示例)
内部的辅DNS服务器地址。用于和辅DNS服务器通讯,同步DNS信息。
外部的辅DNS服务器地址。用于和辅DNS服务器通讯,同步DNS信息。
对于内网地址,和私有的外网地址,提供DNS的递归查询服务。
递归查询时,如果本地的 cache 没有命中,则依次对 forwarders 中的主机进行DNS查询。
view 提供了根据来访的地址范围,提供不同的服务。该 internal 视图为本地提供解析服务。
localhost 的反相解析域
10.0.0 网段的反相解析域
worldhello.net 在内部网的域名解析域
outerview 视图为外部提供解析服务。
worldhello.net 在外部网的域名解析域
1.3.2. DNS区域文件的配置
• /var/named/named.local
$TTL 3600
@ IN SOA localhost. root.localhost. (
2001030801 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; default_ttl
)
@ IN NS localhost.
1 IN PTR localhost.
; End of File
• /var/named/named.10.0.0
$TTL 3600
@ IN SOA ns1.worldhello.net. johnson.worldhello.net. (
2001030801 ; serial
600 ; refresh
600 ; retry
3600000 ; expire
3400 ; default_ttl
)
@ IN NS ns1.worldhello.net.
@ IN NS ns2.worldhello.net.
1 IN PTR ns1.worldhello.net.
2 IN PTR ns2.worldhello.net.
10 IN PTR johnson.worldhello.net.
; End of File
• /var/named/named.inner.worldhello.net
$TTL 3600
@ IN SOA ns1.worldhello.net. johnson.worldhello.net. (
2001021802 ; serial
300 ; refresh
300 ; retry
7200000 ; expire
3600 ; default_ttl
)
@ IN NS ns1.worldhello.net.
@ IN NS ns2.worldhello.net.
@ IN MX 5 mail.worldhello.net.
@ IN MX 10 mail2.worldhello.net.
@ IN A 10.0.0.1
localhost IN A 127.0.0.1
ns1 IN A 10.0.0.1
ns2 IN A 10.0.0.2
johnson IN A 10.0.0.10
www IN A 10.0.0.1
mail IN A 10.0.0.2
mail2 IN A 10.0.0.3
* IN CNAME johnson
• /var/named/named.outer.worldhello.net
$TTL 3600
@ IN SOA ns1.worldhello.net. johnson.worldhello.net. (
2001021802 ; serial
300 ; refresh
300 ; retry
7200000 ; expire
3600 ; default_ttl
)
@ IN NS ns1.worldhello.net.
@ IN NS ns2.worldhello.net.
@ IN MX 5 mail.worldhello.net.
@ IN MX 10 mail2.worldhello.net.
@ IN A 192.169.0.100
localhost IN A 127.0.0.1
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.2
www IN A 192.168.0.1
johnson IN A 192.168.0.10
mail IN A 192.168.0.2
mail2 IN A 192.168.0.3
• /var/named/named.192.168.0
$TTL 3600
@ IN SOA ns1.worldhello.net. johnson.worldhello.net. (
2001030801 ; serial
600 ; refresh
600 ; retry
3600000 ; expire
3400 ; default_ttl
)
@ IN NS ns2.worldhello.net.
@ IN NS ns1.worldhello.net.
1 IN PTR ns1.worldhello.net.
2 IN PTR ns2.worldhello.net.
10 IN PTR johnson.worldhello.net.
; End of File
1.4. 启动 DNS
创建启动文件 /etc/rc.d/inet.d/named
#!/bin/sh
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 345 55 45
# description: named (BIND) is a Domain Name Server (DNS)
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/named ] || exit 0
[ -f /etc/named.conf ] || exit 0
# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting named: "
daemon named
echo
touch /var/lock/subsys/named
;;
stop)
# Stop daemons.
echo -n "Shutting down named: "
killproc named
rm -f /var/lock/subsys/named
echo
;;
status)
/usr/sbin/rndc status
exit $?
;;
restart)
/usr/sbin/rndc restart
exit $?
;;
reload)
/usr/sbin/rndc reload
exit $?
;;
probe)
# named knows how to reload intelligently; we don't want linuxconf
# to offer to restart every time
/usr/sbin/rndc reload >/dev/null 2>&1 || echo start
exit 0
;;
*)
echo "Usage: named {start|stop|status|restart}"
exit 1
esac
exit 0
创建 symbollink
$ ln -s /etc/rc.d/init.d/named /etc/rc.d/rc0.d/K45named
$ ln -s /etc/rc.d/init.d/named /etc/rc.d/rc1.d/K45named
$ ln -s /etc/rc.d/init.d/named /etc/rc.d/rc2.d/K45named
$ ln -s /etc/rc.d/init.d/named /etc/rc.d/rc3.d/S55named
$ ln -s /etc/rc.d/init.d/named /etc/rc.d/rc4.d/S55named
$ ln -s /etc/rc.d/init.d/named /etc/rc.d/rc5.d/S55named
$ ln -s /etc/rc.d/init.d/named /etc/rc.d/rc6.d/K45named
启动
$ tail -f /var/log/message &
$ /etc/rc.d/init.d/named start
2. 测试
2.1. 检查
$ sbin/named-checkconf
$ sbin/named-checkzone
2.2. nslookup
$ nslookup - 127.0.0.1
> set all
...
> ns1.worldhello.net.
...
> set query=any
> worldhello.net.
...
> set query=ptr
> 10.0.0.1
...
> set class=CHAOS
> version.bind
...
