DNS的服务器的编译安装,及缓存名称服务器配置
###################################废话不多说直接上货#############################################
###########这里我编译安装的版本是bind-9.10
实验前准备:
[root@localhost local]# yum groupinstall "server platform development"[root@localhost ~]# yum groupinstall "development tools" -y[root@localhost local]# groupadd -r -g 53 named[root@localhost local]# useradd -r -g 53 -u 53 named[root@localhost local]# id nameduid=53(named) gid=53(named) groups=53(named)
[root@localhost src]# tar -xf bind-9.10.1-P1.tar.gz -C /usr/local/[root@localhost bind-9.10.1-P1]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-chroot --enable-threads --disable-ipv6[root@localhost bind-9.10.1-P1]#make && make install[root@localhost init.d]# vim /etc/profile.d/named.sh ############添加环境变量 1 PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH[root@localhost init.d]# . /etc/profile.d/named.sh
注意:到此为止我们编译的named全部处理完毕但是,此时的named是没有配置文件的,根域的解析文件也没有。
###################################提供man文件##############################################
1,一次性查看man文件的方式[root@localhost man]# man -M /usr/local/bind9/share/man/ named2,通过添加man文件的方式[root@localhost man1]# cp * /usr/share/man/man1/[root@localhost man3]# cp * /usr/share/man/man3/[root@localhost man5]# cp * /usr/share/man/man5/[root@localhost man8]# cp * /usr/share/man/man8/3,通过指明man的文件变量的方式43 MANPATH /usr/man 44 MANPATH /usr/share/man 45 MANPATH /usr/local/man 46 MANPATH /usr/local/share/man 47 MANPATH /usr/X11R6/man 48 MANPATH /usr/local/bind9/share/man ###添加路径,但是不会立即生效
[root@localhost man1]# mkdir /var/named/ #########创建跟区域解析库目录[root@localhost ~]# dig -t NS . @172.16.0.1 > /var/named/named.ca ###生成根域解析文件[root@localhost ~]# ls /var/named/named.ca[root@localhost ~]# cd /var/named/[root@localhost named]# lsnamed.ca[root@localhost named]# cat named.ca ; <<>> DiG 9.10.1-P1 <<>> -t NS . @172.16.0.1;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49896;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;. IN NS;; ANSWER SECTION:. 473316 IN NS i.root-servers.net.. 473316 IN NS h.root-servers.net.. 473316 IN NS j.root-servers.net.. 473316 IN NS l.root-servers.net.. 473316 IN NS m.root-servers.net.. 473316 IN NS e.root-servers.net.. 473316 IN NS b.root-servers.net.. 473316 IN NS k.root-servers.net.. 473316 IN NS a.root-servers.net.. 473316 IN NS g.root-servers.net.. 473316 IN NS d.root-servers.net.. 473316 IN NS f.root-servers.net.. 473316 IN NS c.root-servers.net. ;; Query time: 2 msec;; SERVER: 172.16.0.1#53(172.16.0.1);; WHEN: Wed Feb 11 03:57:36 CST 2015;; MSG SIZE rcvd: 239
#########################################生成本地解析文件#######################################
########################################生成缓存名称服务器######################################
[root@localhost named]# vim /var/named/named.localhost ###正向解析文件 1 $TTL 1D 2 @ IN SOA @ rname.invalid. ( 3 0; 4 1D; 5 1H; 6 1W; 7 3H); 8 NS @ 9 A 127.0.0.1 [root@localhost named]# vim /var/named/named.loopback ###反向解析文件 1 $TTL 1D 2 @ IN SOA @ rname.invalid. ( 3 0; 4 1D; 5 1H; 6 1W; 7 3H); 8 NS localhost. 9 1 PTR localhost.
[root@localhost named]# chmod 640 * ######修改权限 [root@localhost named]# chown .named * ######注意这几个文件要求其他用户无权限访问,数组必须为named. [root@localhost named]# lltotal 12-rw-r-----. 1 root named 934 Feb 11 03:57 named.ca-rw-r-----. 1 root named 144 Feb 11 04:02 named.localhost-rw-r-----. 1 root named 127 Feb 11 04:52 named.loopback
##############################################生成配置文件###########################################
[root@localhost named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf ##生成配置文件秘钥[root@localhost named]# vim named.conf[root@localhost run]# vim /etc/named/named.conf 1 options { 2 directory "/var/named/"; #########指定工作目录 3 4 }; 5 zone "." IN { #########根域解析 6 type hint; 7 file "named.ca"; 8 }; 9 zone "localhost" IN { 10 type master; 11 file "name.localhost"; 12 allow-update {none;}; 13 }; 14 zone "0.0.127.in-addr.arpa" IN { 15 type master; 16 file "named.loopback"; 17 allow-update {none;}; 18 }; 19 key "rndc-key" { 20 algorithm hmac-md5; 21 secret "Ex9+5nYWlJ/y9xcAXzTxEg=="; 22 }; 23 24 controls { 25 inet 127.0.0.1 port 953 26 allow { 127.0.0.1; } keys { "rndc-key"; }; 27 }; 28 # End of named.conf ####################################检查这两个区域解析是否正常 #######################################
[root@localhost named]# named-checkzone "localhost" /var/named/named.localhostzone localhost/IN: loaded serial 0OK[root@localhost man8]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopbackzone 0.0.127.in-addr.arpa/IN: loaded serial 0OK
######################################以上就是生成了一个缓存缓存名称服务器了#########################
[root@localhost named]# man -M /usr/local/bind9/share/man/ named ###一次查看man的方式[root@localhost man]# named -u named -g ############# 前台启动[root@localhost named]# ss -tnlp | grep 53LISTEN 0 10 172.16.11.11:53 *:* users:(("named",19931,22))LISTEN 0 10 127.0.0.1:53 *:* users:(("named",19931,21))LISTEN 0 5 192.168.122.1:53 *:* users:(("dnsmasq",1444,6))LISTEN 0 128 127.0.0.1:953 *:* users:(("named",19931,23)) ########################################提供配置脚本###########################################
[root@localhost init.d]# vim named[root@localhost run]# vim /etc/init.d/named 1 #!/bin/bash 2 # 3 #description: named daemon 4 pidfile=/usr/local/bind9/var/run/named/named.pid ###定义pid文件位置变量, 5 lockfile=/var/lock/subsys/named ###锁文件,用于后面判断,程序是否在运行 6 conffile=/etc/named/named.conf ###指明配置文件位置 7 named=/usr/local/bind9/sbin/named 8 prog=named ######程序名 9 10 [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions #####调用函数 11 12 start() { 13 if [ -e $lockfile ]; then ####判断服务在不在启动就是判断锁文件在不在 14 echo "$prog is already runnig" 15 warning 16 exit 0 17 fi 18 echo "start $prog:" 19 daemon --pidfile $pidfile $named -u named -c $conffile ####启动服务 20 retval=$? 21 echo 22 if [ $retval -eq 0 ]; then 23 touch $lockfile 24 return $retval 25 else 26 rm -f $lockfile $pidfile 27 return 1 28 fi 29 } 30 stop() { ####停止服务的函数 31 if [ ! -e $lockfile ];then 32 echo "$prog is stopped" 33 warning 34 echo 35 exit 0 36 fi 37 echo -n "stopping $prog:" 38 killproc $prog ####killproc 停掉进程 39 retval=$? 40 echo 41 if [ $retval -eq 0 ]; then 42 rm -f $lockfile $pidfile 43 return 0 44 else 45 echo "can not stop $prog" 46 return 1 47 fi 48 } 49 restart() { ###重启的函数 50 stop 51 start 52 } 53 reload() { ###重载的函数 54 echo -n "Reload the $prog:" 55 killproc -HUP $prog 56 echo 57 return $retval 58 59 } 60 status() { ####状态查看的函数 61 if pidof $prog &> /dev/null; then 62 echo -n "$prog id running" 63 success 64 echo 65 else 66 echo -n "$prog is stopped." 67 success 68 echo 69 fi 70 } 71 usage() { ####帮助页面的查看 72 echo "Usage:named {start|stop|status|restart|reload}" 73 } 74 75 case $1 in ####case判断 76 start) 77 start;; 78 stop) 79 stop;; 80 status) 81 status;; 82 restart) 83 restart;; 84 reload) 85 reload;; 86 *) 87 usage 88 exit 1;; 89 esac[root@localhost init.d]# bash -n named ###########检查语法[root@localhost init.d]# chmod a+x named ###########提供执行权限 ################################################启动测试##############################################
至此DNS的缓存名称服务器和编译安装配置完毕!!!!!!!!!!!!!!!!!!!