wantin6
高级工程师
帖子
1209
精华
7
无忧币 16024
积分 13314
阅读权限 70
|
发表于:2006-8-5 23:48
标题:BIND 9快速安装实例
<上一帖 |
下一帖>
这是一个服务器安装的一部分;
由于论坛吃空格,准备了txt文件在这里:
http://www.hackerbay.com/doc/bind9.txt
CODE:
[Copy to clipboard]
######################## BIND 9 ###############
# 简单的bind 9 安装
# 配置为 转发 + master ###
阿土 Aborigen Yin
http://www.hackerbay.com
2003.06.27
###################### modules bind 9 #############33
7.安装bind 9.2.2
7.1.获得源码并安装
mkdir -p /usr/local/src/distfiles
cd /usr/local/src/distfiles
#wget ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz
wget ftp://172.16.100.245/pub/distfiles/bind-9.2.2.tar.gz
tar xfz bind-9.2.2.tar.gz -C ..
cd ../bind-9.2.2/
./configure --prefix=/usr/local/modules/named --disable-ipv6
make && make install
7.2.add user and group for named
pw groupadd named
mkdir -p /usr/local/modules/named/etc
mkdir -p /usr/local/modules/named/var/log
mkdir -p /usr/local/modules/named/var/run
pw useradd named -g named -d /usr/local/modules/named -s /sbin/nologin
chown -R named:named /usr/local/modules/named
chmod 700 /usr/local/modules/named
chmod 777 /usr/local/modules/named/var/run
7.3.配置DNS服务器
cd /usr/local/modules/named/etc
#vi named.conf
//begin of named.conf
acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16; 172.16.0.0/16; };
options {
directory "/usr/local/modules/named/etc";
datasize 80M;
allow-transfer {
"trust-lan";
};
forward first;
forwarders {
202.96.134.133;
202.96.128.110;
};
//recursion no;
recursion yes;
allow-notify {
"trust-lan";
};
allow-recursion {
"trust-lan";
};
//auth-nxdomain yes;
auth-nxdomain no;
#不报告自己的版本号
version "[secured]";
};
// How to log
logging {
channel warning
{
file "/usr/local/modules/named/var/log/dns_warnings" versions 3 size 10240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{
file "/usr/local/modules/named/var/log/dns_logs" versions 3 size 10240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; } ;
category queries { general_dns; } ;
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "oss4e.org"{
type master;
file "zone.oss4e.org";
notify yes;
};
zone "100.16.172.in-addr.arpa" {
type master;
file "zone.100.16.172.in-addr.arpa";
};
//end of named.conf
touch /usr/local/modules/named/var/log/dns_warnings
touch /usr/local/modules/named/var/log/dns_logs
#获得根提示文件
wget ftp://ftp.internic.org/domain/named.root
#vi named.root
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . ;"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
;
; last update: Nov 5, 2002
; related version of root zone: 2002110501
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by IANA
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
;vi zone.oss4e.org
;begin of zone.oss4e.org
$TTL 3600
@ IN SOA dns1.oss4e.org. webmaster.oss4e.org. (
12061702 ; Serial (date, 2 digits version of day)
86400 ; refresh (1 day)
7200 ; retry (2 hours)
864000 ; expire (10 days)
86400 ) ; minimum (1 day)
IN NS dns1.oss4e.org.
IN NS dns2.oss4e.org.
IN NS dns.oss4e.org.
IN MX 10 mail.oss4e.org.
oss4e.org. IN A 172.16.100.243
dns IN A 172.16.100.243
dns1 IN A 172.16.100.243
dns2 IN A 172.16.100.243
mail IN A 172.16.100.243
smtp IN CNAME mail.oss4e.org.
;泛域名解析
* IN A 172.16.100.243
;end of zone.oss4e.org
;vi localhost.rev
;begin of localhost.rev
$TTL 3600
@ IN SOA dns1.oss4e.org. webmaster.oss4e.org. (
12061702 ; Serial (date, 2 digits version of day)
86400 ; refresh (1 day)
7200 ; retry (2 hours)
864000 ; expire (10 days)
86400 ) ; minimum (1 day)
IN NS dns1.oss4e.org.
IN NS dns2.oss4e.org.
IN NS dns.oss4e.org.
IN MX 10 mail.oss4e.org.
1 IN PTR localhost.oss4e.org.
;end of localhost.rev
;vi zone.100.16.172.in-addr.arpa
;zone.100.16.172.in-addr.arpa
$TTL 3600
@ IN SOA dns1.oss4e.org. webmaster.oss4e.org. (
12061702 ; Serial (date, 2 digits version of day)
86400 ; refresh (1 day)
7200 ; retry (2 hours)
864000 ; expire (10 days)
86400 ) ; minimum (1 day)
IN NS dns1.oss4e.org.
IN NS dns2.oss4e.org.
IN NS dns.oss4e.org.
IN MX 10 mail.oss4e.org.
243 IN PTR mail.oss4e.org.
;end of zone.100.16.172.in-addr.arpa
7.4.配置环境
#vi /etc/resolv.conf
domain oss4e.org
nameserver 127.0.0.1
nameserver 202.96.134.133
nameserver 202.96.128.110
7.5.#配置日志:
#vi /etc/syslog.conf
#添加local.none到messages的末尾,阻止named发送日志到messages;
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local.none /var/log/messages
#添加如下,其中!named表示named这个进程发来的日志;
!named
*.* /usr/local/modules/named/var/log/named.log
#这个是syslog.conf中要求的;
touch /usr/local/modules/named/var/log/named.log
chown named:named /usr/local/modules/named/var/log/named.log
chmod 766 /usr/local/modules/named/var/log/named.log
killall -HUP syslogd
7.6.配置启动文件
#vi /usr/local/modules/named/bin/named-mgr.sh
#!/bin/sh
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/modules/named/sbin/named ]; then
/usr/local/modules/named/sbin/named -u named && echo . && echo 'BIND9 server started.'
fi
;;
stop)
kill `cat /usr/local/modules/named/var/run/named.pid` && echo . && echo 'BIND9 server stopped.'
;;
restart)
echo .
echo "Restart BIND9 server ......"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac
#end of named-mgr.sh
chmod 755 /usr/local/modules/named/bin/named-mgr.sh
ln -s /usr/local/modules/named/bin/named-mgr.sh /usr/local/sbin
ln -s /usr/local/modules/named/bin/named-mgr.sh /usr/local/etc/rc.d
7.7.配置权限
rm -rf /usr/local/modules/named/.*
chown -R named:named /usr/local/modules/named/*
chmod -R 700 /usr/local/modules/named/*
#end of bind9 |
|
| 诚征版主 | 版主堂 | 意见建议 | 大史记 | 论坛地图