1、编译前环境准备
[[email protected] ~]# yum groupinstall "Development Tools" "Server Platform Development"
2、至isc.org bind官网下载bind源码,并展开
[[email protected] ~]# tar xf bind-9.9.9-P2.tar.gz [[email protected] ~]# cd bind-9.9.9-P2
3、创建named用户
[[email protected] bind-9.9.9-P2]# group -r -g 53 named [[email protected] bind-9.9.9-P2]# useradd -u 53 -g named named -r #使用53端口作为named组和named用户的ID号
4、编译安装
[[email protected] bind-9.9.9-P2]# ./configure --prefix=/usr/local/bind9.9 --sysconfdir=/etc/named/ --disable-chroot --enable-threads #指明安装位置,配置文件位置,关闭chroot,开启线程 [[email protected] bind-9.9.9-P2]# make [[email protected] bind-9.9.9-P2]# make install
至此,安装完成,但自行编译bind源码包会产生如下问题
(1)没有配置文件
(2)没有区域解析文件(包括13个根服务器的解析文件)
(3)没有rndc的相关配置文件
解决上述问题
#1、将bind下配置文件加入PATH中 [[email protected] bind9.9]# vim /etc/profile.d/named.sh export PATH=/usr/local/bind9.9/bin:/usr/local/bind9.9/sbin:$PATH [[email protected] bind9.9]# . /etc/profile.d/named.sh #2、导出库文件搜索路径 [[email protected] bind9.9]# vim /etc/ld.so.conf.d/named.conf /usr/local/bind9.9/lib [[email protected] bind9.9]# ldconfig -v #3、导出头文件搜索路径 [[email protected] bind9.9]# ln -sv /usr/local/bind9.9/include /usr/include/named "/usr/include/named" -> "/usr/local/bind9.9/include" #4、导出帮助文档搜索路径 [[email protected] bind9.9]# vim /etc/man.config MANPATH /usr/local/bind9.9/share/man
然后编辑配置文件
[[email protected] bind9.9]# cd /etc/named [[email protected] named]# vim named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "locaihost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; [[email protected] named]# mkdir /var/named [[email protected] named]# named-checkconf #然后创建各区域的配置文件 [[email protected] named]# cd /var/named #在联网的情况下直接将查询根的结果导入根区域配置文件 [[email protected] named]# dig -t NS . > /var/named/named.ca #配置正向解析区域 [[email protected] named]# vim localhost.zone $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2016091301 1H 5M 7D 1D ) IN NS localhost. localhost. IN A 127.0.0.1 #配置反向解析区域 [[email protected] named]# vim named.local $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2016091301 1H 5M 7D 1D ) IN NS localhost. 1 IN PTR localhost.
接下来,更改配置文件的属组和权限
[[email protected] named]# chown :named localhost.zone named.local named.ca [[email protected] named]# chmod 640 localhost.zone named.local named.ca [[email protected] named]# chmod 640 /etc/named/named.conf [[email protected] named]# chown :named /etc/named/named.conf
之后,生成rndc配置文件
[[email protected] ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf #使用随机数生成rndc.conf文件 [[email protected] ~]# rndc-confgen -r /dev/urandom # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "3FMQn6XQIuzAXNhl+19EvA=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf #----------------将本段内容复制到named.conf文件中-------------------------------------- # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "3FMQn6XQIuzAXNhl+19EvA=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf #----------------------------------结束------------------------------------------------
将文中标识的内容复制到named.conf中,并取消注释
到此,准备工作结束,
[[email protected] named]# named -u named -f -g -d 3 #-u 为指定named用户执行 #-f 为运行在前台 #-g 把标准错误显示出来 #-d 指明调试等级 [[email protected] ~]# ss -tunl | grep 53 udp UNCONN 0 0 192.168.0.196:53 *:* udp UNCONN 0 0 127.0.0.1:53 *:* tcp LISTEN 0 10 192.168.0.196:53 *:* tcp LISTEN 0 10 127.0.0.1:53 *:* #现在53端口已经处于监听状态了
时间: 2024-10-18 16:00:42