DNS源代码的编译安装、
官方bind下载地址:www.isc.org
这里我们编译的是bind-9.9.5.tar.gz版本
1、编译环境
Desktop Platform Development
Development tools
Server Platform Development
2、展开安装包查看编译命令
首先我们应该先看下服务器时间,
[root@hong ~]# tar xf bind-9.9.5.tar.gz -----展开安装包
[root@hong ~]# cd bind-9.9.5
[root@hong bind-9.9.5]# ls--------------进入解压目录查看文件是否完全
acconfig.h config.h.in COPYRIGHT isc-config.sh.1 make version
aclocal.m4 config.h.win32 doc isc-config.sh.docbook Makefile.in win32utils
Atffile config.sub docutil isc-config.sh.html mkinstalldirs
bin config.threads.in FAQ isc-config.sh.in README
bind.keys configure FAQ.xml lib srcid
CHANGES configure.in HISTORY libtool.m4 unit
config.guess contrib install-sh ltmain.sh util
[root@hong bind-9.9.5]# ./configure --help--------------查看帮助文件
[root@hong bind-9.9.5]# less README---------------bind的说明
因为DNS服务不是root用户运行,我们要先创建用户和组
[root@hong bind-9.9.5]# groupadd -r -g 53 named
[root@hong bind-9.9.5]# useradd -r -g named -u 53 named
[root@hong bind-9.9.5]# id named
uid=53(named) gid=53(named) groups=53(named)
3、编译
[root@hong bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6
命令解释:
--prefix=/usr/local/bind9 -------------指定安装路径
--sysconfdir=/etc/named/---------------存放所有的配置文件
--enable-threads----------启用线程提高DNS运行性能
--disable-chroot --disable-ipv6--------不启用的一些应用根据自己的需要,自己在帮助信息中查找
(1)修改PATH环境变量
编译使用新dig命令
(1)
[root@hong bind9]# /usr/local/bind9/bin/dig -v-----------刚编译的dig版本
DiG 9.9.5
[root@hong bind9]# dig -v--------------原系统的dig版本
DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6
[root@hong bind9]# vim /etc/profile.d/bind.sh------------在/etc/profile.d/创建bind.sh添加以下内容即可
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
(2)
测试:重新登入下查看
[root@hong ~]# echo $PATH
/usr/lib64/qt-3.3/bin:/usr/local/bind9/bin:/usr/local/bind9/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/nginx/sbin:/root/bin
[root@hong ~]# dig -v
DiG 9.9.5
(2) 导出帮助手册
[root@hong bind9]# man -M share/man/ named ------- -M指定路径和要查看的named
[root@hong bind9]# man named----------------这样是不能使用
No manual entry for named
[root@hong bind9]# vim /etc/man.config -------在/etc/man.config添加找到
MANPATH /usr/man
MANPATH /usr/share/man
MANPATH /usr/local/man
MANPATH /usr/local/share/man
MANPATH /usr/X11R6/man
MANPATH /usr/local/bind9/share/man----------添加这一条即可:这里的路径是我们刚编译保存的路径
[root@hong bind9]# man named------再次使用就能用了
(3) 库文件和头文件的导出-----编译开放使用,导出库文件
[root@hong bind9]# vim /etc/ld.so.conf.d/bind9.conf
2、提供配置文件/etc/named/named.conf
(1)[root@hong ~]# ls /etc/named-----我们查看named目录下什么都没有,需要我们手动创建配置文件
bind.keys
[root@hong ~]# vim /etc/named.conf
options {
directory "/var/named";
recursion yes;
};
zone "." IN {-----------------必须根解析
type hint;
file "named.ca";
};
zone "localhost" IN {-------------本地解析
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {---------本地反向解析
type master;
file "127.0.0.zone";
allow-update { none; };
};
zone "ning.com" IN {---------------添加自己想创建的域
type master;
file "ning.com.zone";
allow-transfer { 172.16.0.0/16; 127.0.0.1; };
allow-update { none; };
};
(2)配置文件的权限
[root@hong named]# chown root:named named.conf------主配置文件属主组
[root@hong named]# chmod 640 named.conf--------主配置权限
[root@hong named]# ll
total 8
-rw-r--r-- 1 root root 2389 Aug 3 11:57 bind.keys
-rw-r----- 1 root named 326 Aug 3 12:25 named.conf
(3)创建目录文件
[root@hong named]# mkdir /var/named/slaves -pv-----创建var/named/的目录
mkdir: created directory `/var/named/slaves‘
[root@hong var]# chown root:named /var/named----------属主组
[root@hong var]# chown named:named /var/named/slaves/----------属主组
[root@hong var]# chmod 750 /var/named------目录权限(为了安全只有root用户有修改权限)
[root@hong var]# chmod 770 /var/named/slaves/------目录权限(存放从库配置文件必须给写权限)
3、创建name.ca、创建域库配置文件localhost.zone、127.0.0.zone、ning.com.zone
(1)创建name.ca、
[root@hong var]# dig -t NS . @a.root-servers.net > named.ca---找个可以上外网的服务器,生成一个,辅助过来即可
[root@hong named]# ls /var/named-------放到这个目录下即可
named.ca slaves
(2)创建域库配置文件localhost.zone
[root@hong named]# vim localhost.zone
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2014080701
3H
15M
7D
1D )
IN NS localhost.
IN A 127.0.0.1
(3)创建域库配置文件127.0.0.zone
[root@hong named]# vim 127.0.0.zone
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2014080701
3H
15M
7D
1D )
IN NS localhost.
1 IN PTR localhost.
(4)创建域库配置文件ning.com.zone
[root@hong named]# vim ning.com.zone
$TTL 3600
@ IN SOA ns.ning.com. ning.qq.com. (
2014080701
1H
10M
7D
1D )
IN NS ns
ns IN A 172.16.3.20
www IN A 172.16.3.30
(5)修改库配置文件的权限及属主属组
[root@hong named]# chown :named 127.0.0.zone localhost.zone named.ca ning.com.zone
[root@hong named]# chmod 640 127.0.0.zone localhost.zone named.ca ning.com.zone
(6)检查配置文件和库文件
[root@hong named]# named-checkconf /etc/named/named.conf
[root@hong named]# named-checkzone "localhost" /var/named/localhost.zone
zone localhost/IN: loaded serial 2014080701
OK
[root@hong named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/127.0.0.zone
zone 0.0.127.in-addr.arpa/IN: loaded serial 2014080701
OK
[root@hong named]# named-checkzone "ning.com" ning.com.zone
zone ning.com/IN: loaded serial 2014080701
OK
4、尝试启动缓存名称服务器
[root@hong named]# named -u named -c /etc/named/nmaed.conf-------我们可以直接运行配置文件(在后台运行)
[root@hong named]# named -g -u named -c /etc/named/named.conf ----- -g是运行在前台。
[root@hong named]# named -u named------直接启动也可以
5、提供rndc
(1)生成并启用
[root@hong named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf------生成rndc.conf(-r 指定生成器,是为了避免熵池中没有随机数)
[root@hong named]# cat /etc/named/rndc.conf 把生成的文件的下面指定的文件复制到,named.conf中并去掉注释即可。
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "lkMCAFCZUSJ1k4mM1cmrXg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {------------------从这里到下面标记的地方
# algorithm hmac-md5;
# algorithm hmac-md5;
# secret "+8TPqh0+bGqDH7JVk2w3+w==";
# };
#
# controls {
# inet 127.0.0.1 port 953
#
# };------------------------到这里你懂得,把这中间的内容复制到named.conf并去掉注释启用起来
# End of named.conf
(2)修改rndc.conf文件的权限和属主,并重读named测试rndc命令
[root@hong named]#chmod 440 rndc.conf ---------修改权限
[root@hong named]#chown :named rndc.conf -----------修改属主
[root@hong named]# killall -HUP named------------重读配置文件
[root@hong named]# rndc reload-----------测试重新加载配置文件和域库信息
server reload successful
[root@hong named]# rndc stautes------------测试查看状态
6、提供一个需要的域
我们上面已经添加了,域名为ning.com,,这个大家应该都懂,,呵呵,我只是在上面就添加了,,
你可以不在上面添加,,测试完缓存域名服务器后,在这里在添加测试就行了。
7、提供启动脚本:
[root@hong named]# service named start-----------但是还不能用service正常启动服务
named: unrecognized service
启动脚本:
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then
echo "named is already running..."
exit 0
fi
echo -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockFile
return $RETVAL
else
rm -f $lockFile $pidFile
return 1
fi
}
stop() {
if [ ! -e $lockFile ]; then
echo "named is stopped."
# exit 0
fi
echo -n "Stopping named:"
killproc named
RETVAL=$?
echo
if [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile
return 0
else
echo "Cannot stop named."
failure
return 1
fi
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n "Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof named &> /dev/null; then
echo -n "named is running..."
success
echo
else
echo -n "named is stopped..."
success
echo
fi
}
usage() {
echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit 4
;;
esac
#chmod +x /etc/rc.d/init.d/named-----给脚本执行权限。
#chkconfig --add named-----添加named到启动守护chkconfig中
#chkconfig --list named-----查看状态
# chkconfig named on------------开机自动启动
#service named start------这里就可以使用了
[root@hong named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
库配置还没有完善,后续会跟上
本文出自 “奋斗的人” 博客,请务必保留此出处http://wodemeng.blog.51cto.com/1384120/1537227
Linux DNS源代码编译安装(五),布布扣,bubuko.com
原文:http://wodemeng.blog.51cto.com/1384120/1537227