1、安装环境介绍:
安装的服务器是基于debian8.6.0环境使用源码进行安装的,安装的bind版本为bind9.10.6。安装步骤如下:
(1)下载bind9.10.6源码包,下载地址如下:
代码语言:javascript复制 https://ftp.isc.org/isc/bind9/9.12.2-P1/bind-9.12.2-P1.tar.gz(2)我的环境中,存放位置为:/home/ball,下载完毕后请使用winscp进行拖入到相关目录。
(3)安装openssl运行库。在使用源码进行编译安装bind中,需要openssl运行库的支持,否则会出现以下报错:
代码语言:javascript复制 checking for OpenSSL library... configure: error: OpenSSL was not found in any of /usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw; use --with-openssl=/path If you don't want OpenSSL, use --without-openssl如遇到上述报错请先安装openssl运行库,命令如下:
apt install libssl-dev(Debian) yum install openssl-devel (CentOS)
(4)解压bind安装包,进行编译安装。命令如下:
cd /home/ball/
代码语言:javascript复制 tar xvzf bind-9.12.2-P1.tar.gz
cd bind-9.10.6/
./configure --prefix=/usr/local/named --enable-threads
make&make install命令行--prefix=/usr/local/named表明了我的bind安装位置,--enable-threads为开启多线程处理。
(5)安装好以后查看其版本:
- # /usr/local/named/sbin/named -v BIND 9.12.2-P1 <id:8914b83>
(6)创建用户named用户,使用named用户运行dns
代码语言:javascript复制 groupadd named
useradd -g named -s /sbin/nologin named(7)创建配置文件目录
代码语言:javascript复制 mkdir /usr/local/named/zones #保存dns zone配置文件的目录
mkdir /usr/local/named/log #保存日志就新建这个目录
touch /usr/local/named/etc/named.conf #保存DNS配置文件(8)配置主配置文件
代码语言:javascript复制 cd /usr/local/named/etc/
/usr/local/named/sbin/rndc-confgen > rndc.conf
cat rndc.conf > rndc.key
chmod 777 /usr/local/named/zones/
tail -10 rndc.conf | head -9 | sed s/# //g > named.conf(9)配置dns named文件
代码语言:javascript复制 nano /usr/local/named/etc/named.conf
options {
directory "/usr/local/named/zones"; //域名文件存放的绝对路径
pid-file "named.pid"; //如果bind启动,自动会在/usr/local/named/zones目录生成一个named.pid文件,打开文件就是named进程的ID
};
zone "." IN {
type hint; //根域名服务器
file "named.root"; //存放在/usr/local/named/zones目录,文件名为named.root
};(10) 配置named.root根服务器
代码语言:javascript复制 #服务器IP地址需要能够上网)
dig -t NS .
#产生named.ca文件
dig -t NS . >/usr/local/named/zones/named.root(11)运行DNS服务
代码语言:javascript复制 /usr/local/named/sbin/named
#检查DNS服务器运行状态
/usr/local/named/sbin/rndc status
WARNING: key file (/usr/local/named/etc/rndc.key) exists, but using default configuration file (/usr/local/named/etc/rndc.conf)
version: BIND 9.12.2-P1 <id:8914b83>
running on dnsball: Linux x86_64 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1 deb8u1 (2016-09-03)
boot time: Thu, 23 Aug 2018 10:34:24 GMT
last configured: Thu, 23 Aug 2018 10:34:25 GMT
configuration file: /usr/local/named/etc/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 100 (99 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 0/150
server is up and running(12)配置named.conf解析
代码语言:javascript复制 ln -s /usr/local/named/etc/named.conf /etc/named.conf
cat /usr/local/named/etc/named.conf
#rndc控制密钥
key "rndc-key" {
algorithm hmac-sha256;
secret "c6iamWqbzArFvUn7BUt27c8MNUU G9TkVz8ADbnXNRI=";
};
#服务监听端口
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#配置zone配置文件目录
options {
directory "/usr/local/named/zones";
pid-file "named.pid";
};
#配置根DNS服务器配置文件
zone "." {
type hint;
file "/usr/local/named/etc/named.root";
};
#配置log日志服务
logging
{
channel dnsquery.log
{
file "/usr/local/named/log/dnsquery.log" versions 3 size 10M;
severity info;
print-time yes;
};
category queries { dnsquery.log; };
};
view "internal"
{
zone "dnsball.com" in
{
type master;
file"dnsball.com.internal";
};
zone "1.168.192.in-addr.arpa" in
{
type master;
file"1.168.192.in-addr.arpa.internal";
};
};
