1、安装openssl
tar -zxvf openssl-0.9.8d.tar.gz
cd openssl-0.9.8d
./config --prefix=/usr/local/openssl
make;make install

2、安装bind
groupadd -g 25 named
useradd -u 25 -g 25 -d /usr/local/named -s /sbin/nologin named
tar -zxvf bind-9.5.1-P2.tar.gz
cd bind-9.5.1-P2
./configure --prefix=/usr/local/named/ --mandir=/usr/local/share/man/ --enable-threads --with-openssl=/usr/local/openssl/
make;make install
mkdir /usr/local/named/namedb
mkdir /usr/local/named/var
touch /usr/local/named/var/dns_log
touch /usr/local/named/var/dns_warning
chown -R named:named /usr/local/named
chown -R named:named /usr/local/named/.
开始配置bind
创建 rndc.conf文件，用bind自带程序生成
cd /usr/local/named/
sbin/rndc-confgen > etc/rndc.conf
把rndc.conf 中的key信息输出到 named.conf 中
cd /etc/
tail -n 10 rndc.conf | head -n9 | sed -e s/#\ //g > ../named.conf
编辑named.conf
cat named.conf
写入以下内容：
key "rndc-key" {
       algorithm hmac-md5;
       secret "20GNHJDG8IpyiBpG+qUwqg==";
 };
 
 controls {
       inet 127.0.0.1 port 953
       allow { 127.0.0.1; } keys { "rndc-key"; };
 };
#允许dns forward的网段用户
acl "trusted-lan" {
   127.0.0.1/8;
   10.31.255.0/24;
   172.17.167.0/24;
   10.10.1.0/24;
};
options {
   directory "/usr/local/named";
   dump-file "/usr/local/named/data/cache_dump.db";
   statistics-file "/usr/local/named/data/named_stats.txt";
   version "";
   datasize 40M;
   allow-transfer {
    "trusted-lan";
   };
   recursion yes;
   allow-notify {
       "trusted-lan";
   };
   allow-recursion {
       "trusted-lan";
   };
   auth-nxdomain no;
   forwarders {
       202.96.199.133;
       202.96.209.133;
   };
};
logging {
   channel warning {
    file "/usr/local/named/var/dns_warning" versions 3 size 1240k;
    severity warning;
    print-category yes;
    print-severity yes;
    print-time yes;
   };
   channel general_dns {
       file "/usr/local/named/var/dns_log" versions 3 size 1240k;
       severity info;
       print-category yes;
       print-severity yes;
       print-time yes;
   };
   category default {
       warning;
   };
   category queries {
       general_dns;
   };
};
include "cnc_acl.conf";
include "telecom_acl.conf";
view "view_cnc" {
   match-clients {
         CNC;
   };
   zone "." {
         type hint;
         file "named.ca";
   };
   include "master/cnc.def";
};
view "view_telecom" {
   match-clients {
         TELECOM;
   };
   zone "." {
         type hint;
         file "named.ca";
   };
   include "master/telecom.def";
};
view "view_any" {
   match-clients {
         any;
   };
   zone "." {
         type hint;
         file "named.ca";
   };
   include "master/any.def";
};

保存,退出。
3、安装IP地址段查询工具Ripe-dbase-client-v3：
下载软件包：
wget
tar zxvf ripe-dbase-client-v3.tar.gz
cd whois-3.1
./configure --prefix=/usr
make;make install

4、设置配置文件
mkdir /usr/local/named/data
mkdir /usr/local/named/master
wget -O /usr/local/named/named.ca
配置ACL文件
/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/cnc_acl.conf

/usr/bin/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /usr/local/named/telecom_acl.conf

增加域名解析配置文件
设置网通解析配置文件：
vi /usr/local/named/master/cnc.def
==========cnc.def begin==========
zone "cnzqf.com"{
    type master;
    file "master/cnc/cnzqf.com";
#一下几句可不写
#    allow-transfer { 192.168.1.100 ; };
#    notify yes;
#    also-notify { 192.168.1.100 ; };
};
==========cnc.def end===========   

设置电信解析配置文件：
vi /usr/local/named/master/telecom.def

==========telecom.def begin==========
zone "king.com"{
zone "cnzqf.com"{
    type master;
    file "master/telecom/cnzqf.com";
#   allow-transfer { 192.168.1.100 ; };
#   notify yes;
#   also-notify { 192.168.1.100 ; };
};
==========telecom.def end===========
设置网通电信以外解析配置文件：
vi /usr/local/named/master/any.def
==========any.def begin==========
zone "cnzqf.com"{
    type master;
    file "master/any/cnzqf.com";
#   allow-transfer { 192.168.1.100 ; };
#   notify yes;
#   also-notify { 192.168.1.100 ; };
};
==========any.def end===========

增加域名定义文件

设置网通域名定义文件：
vi /usr/local/named/master/cnc/cnzqf.com

==========cnc/cnzqf.com begin==========
$TTL 3600
$ORIGIN cnzqf.com.
@ IN SOA ns.cnzqf.com. root.cnzqf.com. (
                      2007011701  ;Serial
                      3600    ;Refresh ( seconds )
                      1800    ;Retry ( seconds )
                      604800       ;Expire ( seconds )
                      3600          ;Minimum TTL for Zone ( seconds )
                      )
@       IN      NS     ns.cnzqf.com.
@       IN      A      61.172.197.A
ns      IN      A      61.172.197.A
ns1     IN      A       61.172.197.A
www     IN      A      202.108.13.B
mial    IN      A      61.135.173.C
ldap    IN      A       61.135.173.C
;
;end
==========cnc/cnzqf.com end===========

设置电信域名定义文件：
vi /usr/local/named/master/telecom/cnzqf.com

==========telecom/cnzqf.com begin==========
$TTL 3600
$ORIGIN cnzqf.com.
@ IN SOA ns.cnzqf.com. root.cnzqf.com. (
                       2007011701  ;Serial
                       3600   ;Refresh ( seconds )
                       1800   ;Retry ( seconds )
                       604800   ;Expire ( seconds )
                       3600   ;Minimum TTL for Zone ( seconds )
                       )
@      IN       NS      ns.cnzqf.com.
@      IN       A       61.172.197.A
ns     IN       A       61.172.197.A
ns1     IN      A       61.172.197.A
www    IN       A       124.74.202.Q
mail   IN       A       61.172.197.A
ldap    IN      A       124.74.202.P
sh      IN      A       61.172.197.A
*       IN      A       124.74.202.Q
;
;end
==========telecom/cnzqf.com end===========
设置其它区域域名定义文件：
vi /usr/local/named/master/any/cnzqf.com
==========any/cnzqf.com begin==========
$TTL 3600
$ORIGIN cnzqf.com.
@ IN SOA ns.cnzqf.com. root.cnzqf.com. (
                       2007011701  ;Serial
                       3600   ;Refresh ( seconds )
                       1800   ;Retry ( seconds )
                       60480   ;Expire ( seconds )
                       3600   ;Minimum TTL for Zone ( seconds )
                       )
@      IN       NS      ns.cnzqf.com.
@      IN       A       61.172.197.A
ns     IN       A        61.172.197.A
ns1     IN      A       61.172.197.A
www    IN       A       124.74.202.Q
mail    IN      A       124.74.202.Q
ldap    IN      A       124.74.202.Q
;
;end
==========any/cnzqf.com end===========

启动bind
/usr/local/named/sbin/named –gc /usr/local/named/named.conf &
设为开机启动：
echo "/usr/local/named/sbin/named –gc /usr/local/named/named.conf &" >> /etc/rc.local
全部安装结束，就可以开展应用的配置和测试了。

可以使用脚本启动：
[root@localhost var]# cat /etc/init.d/named
#!/bin/bash
#
# named           This shell scrīpt takes care of starting and stopping
#                 named (BIND DNS server).
# add for chkcofnig
# chkconfig: 2345 14 87
# descrīption: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
# processname:named
#
if [ `id -u` -ne 0 ]
  then
  echo "ERROR:For bind to port 53,must run as root."
  exit 1
fi
case "$1" in
  start)
        if [ -x /usr/sbin/named ]
     then
           /usr/sbin/named -u named -c /etc/named.conf && echo . && echo 'BIND9 server started.'
        fi
        ;;
  stop)
#        kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'
        kill `ps -eo cmd,pid| grep /usr/sbin/named | awk '{print $5}'` && echo . && echo 'BIND9 server stopped.'
        ;;
  restart)
        echo .
        echo "Restart BIND9 server"
        $0 stop
        sleep 10
        $0 start
        ;;
  *)
        echo "$0 start | stop | restart"
        ;;
esac
exit 0
================================================
OVER