BIND 9.4.0rc2安裝筆記(一步步學習建立簡易DNS)
註:本次安裝實驗的系統平台是RedHat Linux 9.0。其中還有許多不完善的地方,希望各位路過者批評指正,謝謝!
1.安裝
#tar zxvf bind-9.4.0rc2.tar.gz
#cd bind-9.4.0rc2
#./configure --sysconfdir=/etc --disable-ipv6
#make
#make install
2.初步建立主配置文件/etc/named.conf,並獲得根伺服器文件
首先讓自己的DNS伺服器指向上游ISP提供了DNS伺服器地址(我的直接指向了自己的ADSL網關192.168.1.1)
#echo "nameserver 192.168.1.1" > /etc/resolv.conf
然後執行以下命令並查看查詢結果
#dig -t NS .
如果顯示為以下結果,則表示根伺服器文件成功獲得,一共是13台。若少於13,可將顯示出的任一台的IP地址設置為本機DNS服務指向地址后,再一次查詢,此時一般可以獲得類同以下的顯示結果。如果你沒有連接Internet,可將以下內容複製粘貼為你的/var/named/named.ca。
; <<>> DiG 9.4.0rc2 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55623
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 116859 IN NS d.root-servers.net.
. 116859 IN NS e.root-servers.net.
. 116859 IN NS f.root-servers.net.
. 116859 IN NS g.root-servers.net.
. 116859 IN NS h.root-servers.net.
. 116859 IN NS i.root-servers.net.
. 116859 IN NS j.root-servers.net.
. 116859 IN NS k.root-servers.net.
. 116859 IN NS l.root-servers.net.
. 116859 IN NS m.root-servers.net.
. 116859 IN NS a.root-servers.net.
. 116859 IN NS b.root-servers.net.
. 116859 IN NS c.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 203261 IN A 198.41.0.4
b.root-servers.net. 287561 IN A 192.228.79.201
c.root-servers.net. 252409 IN A 192.33.4.12
d.root-servers.net. 233131 IN A 128.8.10.90
e.root-servers.net. 274635 IN A 192.203.230.10
f.root-servers.net. 252410 IN A 192.5.5.241
g.root-servers.net. 208201 IN A 192.112.36.4
h.root-servers.net. 208201 IN A 128.63.2.53
i.root-servers.net. 208201 IN A 192.36.148.17
j.root-servers.net. 203259 IN A 192.58.128.30
k.root-servers.net. 208201 IN A 193.0.14.129
l.root-servers.net. 274617 IN A 198.32.64.12
m.root-servers.net. 211197 IN A 202.12.27.33
;; Query time: 97 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Mar 1 01:18:20 2007
;; MSG SIZE rcvd: 436
執行以下命令,保存根伺服器文件
#mkdir /var/named
#dig -t NS . > /var/named/named.ca
而後把DNS伺服器指向自己
#echo "nameserver 127.0.0.1" > /etc/resolv.conf
3.初步建立/etc/named.conf文件:
#vi /etc/named.conf
輸入以下內容:
options {
directory "/var/named/";
};
zone "." {
type hint;
file "named.ca";
};
4.生成rndc伺服器的配置文件,用以控制DNS伺服器。
#rndc-confgen > /etc/rndc.conf
將其最後10行追加到/etc/named.conf文件尾部:
#tail -10 /etc/rndc.conf >> /etc/named.conf
去掉/etc/named.conf中如下行的註釋:
#key "rndc-key" {
# algorithm hmac-md5;
# secret "bmxC8qpJESWR+kAzADRCzg==";
#};
#
#controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
#};
接著執行named命令啟動DNS服務
#named
來看看運行結果
#tail -20 /var/log/messages
可能類同顯示為以下結果,看到最後的running字樣,表示DNS已啟動成功。
Mar 1 01:20:07 Client named: starting BIND 9.4.0rc2
Mar 1 01:20:07 Client named: loading configuration from '/etc/named.conf'
Mar 1 01:20:07 Client named: listening on IPv4 interface lo, 127.0.0.1#53
Mar 1 01:20:07 Client named: listening on IPv4 interface eth0, 192.168.1.7#53
Mar 1 01:20:07 Client named: automatic empty zone: 127.IN-ADDR.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: 254.169.IN-ADDR.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Mar 1 01:20:07 Client named: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 1 01:20:07 Client named: automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: D.F.IP6.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: 8.E.F.IP6.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: 9.E.F.IP6.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: A.E.F.IP6.ARPA
Mar 1 01:20:07 Client named: automatic empty zone: B.E.F.IP6.ARPA
Mar 1 01:20:07 Client named: command channel listening on 127.0.0.1#953
Mar 1 01:20:07 Client named: running
查看開啟的進程:
#ps -aux |grep named
root 29341 0.0 3.9 7576 4956 ? S 01:20 0:00 named
查看監聽的tcp埠:
#netstat -tnlp |grep 53
tcp 0 0 192.168.1.7:53 0.0.0.0:* LISTEN 29341/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29341/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 29341/named
好了,至此,一個簡單的DNS已經運行起來了,當然,中間還有著諸多不完善之處,這並不影響下面的測試。我們做個簡單查詢來驗正一下結果
:
#host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com is an alias for www-china.l.google.com.
www-china.l.google.com has address 66.249.89.99
#dig -t A www.google.com
; <<>> DiG 9.4.0rc2 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2620
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 604800 IN CNAME www.l.google.com.
www.l.google.com. 600 IN CNAME www-china.l.google.com.
www-china.l.google.com. 180 IN A 66.249.89.99
;; AUTHORITY SECTION:
l.google.com. 86400 IN NS c.l.google.com.
l.google.com. 86400 IN NS f.l.google.com.
l.google.com. 86400 IN NS a.l.google.com.
l.google.com. 86400 IN NS b.l.google.com.
l.google.com. 86400 IN NS g.l.google.com.
l.google.com. 86400 IN NS e.l.google.com.
l.google.com. 86400 IN NS d.l.google.com.
;; Query time: 2809 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 1 01:25:26 2007
;; MSG SIZE rcvd: 204
下面的過程用以完善服務,使之成為一台可以獨立運行的主DNS伺服器:
前提:本機的IP為192.168.1.7,ADSL網關為192.168.1.1,設置實驗域名為mydomain.org,其下有www,mail等主機。
1.完善/etc/named.conf文件,具體如下:
options {
directory "/var/named/";
version "unkown";
allow-transfer { 192.168.1.6; };
};
logging {
channel dns_errors
{ file "/var/log/named/err_logs" versions 3 size 10m;
severity error;
print-category yes;
print-severity yes;
print-time yes;
};
channel dns_queries
{ file "/var/log/named/query_logs" versions 3 size 10m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { dns_errors; };
category queries { dns_queries; };
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.IN-addr.arpa" {
type master;
file "named.rev";
};
zone "mydomain.org" {
type master;
file "mydomain.org.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};
注:logging欄位為開啟named獨立的日誌功能,如果你不打算記錄日誌,可將logging代碼塊兒去掉。請注意代碼中的花括弧「{}」前後的空格及每行尾的分號;"file "/var/log/named/err_logs" versions 3 size 10m"一句中version是指定允許同時存在多少個版本的該文件,比如指定3個版本(version 3),bind9會保存query.log、query.log0、query.log1和query.log2。Size是指定文件大小的上限,如果只設定了size而沒有設定version的話,當文件達到指定的文件大小上限時,伺服器停止寫入該文件。如果設定了version的話,伺服器會lotate,比如把query.log變成query.log1,query.log1變成query.log2等,然後建立一個新的query.log進行寫入。"allow-transfer { 192.168.1.6; };"一句中的IP為接下來做輔助DNS伺服器192.168.1.6作準備。
2.建立/var/named/named.local
@ 1D IN SOA localhost. root.localhost. (
20070301
1H
15M
1W
1D )
IN NS @
IN A 127.0.0.1
3.建立/var/named/named.rev
@ 1D IN SOA localhost. root.localhost. (
20070301
1H
15M
1W
1D )
IN NS localhost.
1 IN PTR localhost.
4.建立域mydomain.org的正向解析文件/var/named/mydomain.org.zone
$TTL 1D
$ORIGIN mydomain.org.
@ 1D IN SOA mydomain.org. root.mail.mydomain.org. (
20070301
1H
15M
1W
1D )
IN NS ns.mydomain.org.
IN MX 10 mail.mydomain.org.
mydomain.org. IN A 192.168.1.7
ns IN A 192.168.1.7
mail IN A 192.168.1.6
www IN CNAME mail
ftp IN CNAME mail
5.建立反向解析文件/var/named/192.168.1.zone
$TTL 1D
@ 1D IN SOA mydomain.org. root.mail.mydomain.org. (
20070301
1H
15M
1W
1D )
IN NS ns.mydomain.org.
7 IN PTR ns.mydomain.org.
6 IN PTR mail.mydomain.org.
註:以上文件中的A、NS、MX、SOA、CNAME、PTR表資源記錄類型;文件中@字元表示這是當前原點或域。原點由 named.boot文件中相應的primary行上列出的域定義給出。此後是代碼IN和SOA,它告訴named這個資源記錄使用Internet(TCP/IP)編址並且是授予控制權記錄。這行接下來的兩項是這個域的主域名伺服器的規範名字,和用點代替@的電子郵件聯繫人的地址。
6.創建日誌所在的文件夾及文件:
#mkdir /var/log/named
#touch /var/log/named/err_logs
#touch /var/log/named/query_logs
7.啟動服務
#named
8.測試:
#host www.mydomain.org
www.mydomain.org is an alias for mail.mydomain.org.
mail.mydomain.org has address 192.168.1.6
# dig -t MX mydomain.org
; <<>> DiG 9.4.0rc2 <<>> -t MX mydomain.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35260
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;mydomain.org. IN MX
;; ANSWER SECTION:
mydomain.org. 86400 IN MX 10 mail.mydomain.org.
;; AUTHORITY SECTION:
mydomain.org. 86400 IN NS ns.mydomain.org.
;; ADDITIONAL SECTION:
mail.mydomain.org. 86400 IN A 192.168.1.6
ns.mydomain.org. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 1 01:52:00 2007
;; MSG SIZE rcvd: 100
# nslookup
> mail.mydomain.org
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mail.mydomain.org
Address: 192.168.1.6
> set type=NS
> mydomain.org
Server: 127.0.0.1
Address: 127.0.0.1#53
mydomain.org nameserver = ns.mydomain.org.
>
9.查看日誌記錄
# tail /var/log/named/dns_queries
01-Mar-2007 01:50:51.235 queries: info: client 127.0.0.1#1027: query: www.mydomain.org IN A +
01-Mar-2007 01:50:51.237 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN AAAA +
01-Mar-2007 01:50:51.237 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN MX +
01-Mar-2007 01:52:00.360 queries: info: client 127.0.0.1#1027: query: mydomain.org IN MX +
01-Mar-2007 01:52:52.529 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN A +
01-Mar-2007 01:53:20.466 queries: info: client 127.0.0.1#1027: query: mail.mydomain.org IN A +
01-Mar-2007 01:53:34.911 queries: info: client 127.0.0.1#1027: query: mydomain.org IN NS +
[ 本帖最後由 marion 於 2007-3-5 13:33 編輯 ]
《解決方案》
按照樓上的,已經成功!