(一)安装bind-9.3.2
1.下载bind-9.3.2.tar.gz源码,放到/home/soft目录下面
2.解压
tar xzvf bind-9.3.2.tar.gz
3.解压后自动生成一个叫bind-9.3.2的目录,进入此目录。
cd bind-9.3.2
4.设定配置文件存放目录为/etc
./configure --sysconfdir=/etc
5.编译bind-9.3.2源码
make
6.开始安装
make install
(二)设置根区
7.创建/var/named目录,用于存放各个区文件
mkdir /var/named
8.创建Bind服务器的主配置文件/etc/named.conf
vi /etc/named.conf
添加以下内容:
options { directory "/var/named"; };
zone "." {
type hint;
file "named.ca";
};
9.添加一个由ISP提供给我们的DNS服务器(此处的202.103.224.68为广西电信的DNS服务器)。
echo "nameserver 202.103.224.68" > /etc/resolv.conf
10.测试能不能从这个DNS服务器查询到根域DNS服务器的地址
dig -t NS .
得到的信息:
; <<>> DiG 9.3.2 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20569
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 9
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 200150 IN NS I.ROOT-SERVERS.NET.
. 200150 IN NS J.ROOT-SERVERS.NET.
. 200150 IN NS K.ROOT-SERVERS.NET.
. 200150 IN NS L.ROOT-SERVERS.NET.
. 200150 IN NS M.ROOT-SERVERS.NET.
. 200150 IN NS A.ROOT-SERVERS.NET.
. 200150 IN NS B.ROOT-SERVERS.NET.
. 200150 IN NS C.ROOT-SERVERS.NET.
. 200150 IN NS D.ROOT-SERVERS.NET.
. 200150 IN NS E.ROOT-SERVERS.NET.
. 200150 IN NS F.ROOT-SERVERS.NET.
. 200150 IN NS G.ROOT-SERVERS.NET.
. 200150 IN NS H.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 604611 IN A 198.41.0.4
C.ROOT-SERVERS.NET. 507782 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 507782 IN A 128.8.10.90
F.ROOT-SERVERS.NET. 507782 IN A 192.5.5.241
I.ROOT-SERVERS.NET. 503584 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 604611 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 507782 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 507783 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 507782 IN A 202.12.27.33
;; Query time: 54 msec
;; SERVER: 202.103.224.68#53(202.103.224.68)
;; WHEN: Sat Jul 15 12:28:57 2006
;; MSG SIZE rcvd: 372
11. A记录只找到了9个DNS,还不够齐全,这里再用刚才查询到的根DNS服务器之一(192.58.128.30)来查询其他
的根DNS服务。
echo "nameserver 192.58.128.30" > /etc/resolv.conf
12.再次查询
dig -t NS .
查询结果:
; <<>> DiG 9.3.2 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37054
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
;; Query time: 139 msec
;; SERVER: 192.58.128.30#53(192.58.128.30)
;; WHEN: Sat Jul 15 13:04:11 2006
;; MSG SIZE rcvd: 436
13.把这次查询到的结果导入到named.ca文件中(即:生成保存根域DNS服务器地址的文件)
dig -t NS . > /var/named/named.ca
14.把DNS搜索地址指向自己
vi resolv.conf
nameserver 127.0.0.1
15.启动named
16.查看日志
tail /var/log/messages
显示:
Jul 15 11:50:39 xpower sshd(pam_unix)[2082]: session opened for user root by (uid=0)
Jul 15 11:52:02 xpower sshd(pam_unix)[2082]: session opened for user root by (uid=0)
Jul 15 13:28:34 xpower named[13721]: starting BIND 9.3.2
Jul 15 13:28:34 xpower named[13721]: loading configuration from '/etc/named.conf'
Jul 15 13:28:34 xpower named[13721]: no IPv6 interfaces found
Jul 15 13:28:34 xpower named[13721]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 15 13:28:34 xpower named[13721]: listening on IPv4 interface eth0, 172.16.0.10#53
Jul 15 13:28:34 xpower named[13721]: none:0: open: /etc/rndc.key: file not found
Jul 15 13:28:34 xpower named[13721]: couldn't add command channel 127.0.0.1#953: file not found
Jul 15 13:28:34 xpower named[13721]: running
可以看见named进程已经在运行,但是有其他的错误:/etc/rndc.key: file not found。
17.再次检查named进程有没有在运行:
ps aux |grep named
root 13721 0.0 2.2 4668 2104 ? S 13:28 0:00 named
root 13725 0.0 0.6 4444 628 pts/1 S 13:29 0:00 grep named
可以看见named进程已经在运行了。
18.测试DNS服务器能不能查询
host
www.china.com;; connection timed out; no servers could be reached
表明此DNS服务器还不能正常工作
19.配置rndc服务器,控制DNS服务器,生成rndc.conf控制文件
rndc-confgen > /etc/rndc.conf
20.将/etc/rndc.conf文件尾的全部13行添加到/etc/named.conf
tail +13 /etc/rndc.conf >> /etc/named.conf
21.杀掉named进程
killall -9 named
22.确认没有named进程
ps aux|grep named
root 13742 0.0 0.6 4444 628 pts/0 S 14:09 0:00 grep named
23.再次启动named
named
24.查看启动日志
tail /var/log/messages
25.出现提示错误信息,还未生成/etc/rndc.key文件
Jul 15 13:28:34 xpower named[13721]: couldn't add command channel 127.0.0.1#953: file not found
Jul 15 13:28:34 xpower named[13721]: running
Jul 15 14:11:05 xpower named[13744]: starting BIND 9.3.2
Jul 15 14:11:05 xpower named[13744]: loading configuration from '/etc/named.conf'
Jul 15 14:11:05 xpower named[13744]: no IPv6 interfaces found
Jul 15 14:11:05 xpower named[13744]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 15 14:11:05 xpower named[13744]: listening on IPv4 interface eth0, 172.16.0.10#53
Jul 15 14:11:05 xpower named[13744]: none:0: open: /etc/rndc.key: file not found
Jul 15 14:11:05 xpower named[13744]: couldn't add command channel 127.0.0.1#953: file not found
Jul 15 14:11:05 xpower named[13744]: running
26.查看rndc服务状态,拒绝连接
rndc status
rndc: connect failed: connection refused
27.编辑/etc/named.conf,去掉这段语句前面的#号注悉符。
# key "rndc-key" {
# algorithm hmac-md5;
# secret "obFdFta8MS1HijgvEyZICQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
变成:
key "rndc-key" {
algorithm hmac-md5;
secret "obFdFta8MS1HijgvEyZICQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
28.检查named进程
ps aux|grep named
root 13744 0.0 2.2 4668 2100 ? S 14:11 0:00 named
root 13752 0.0 0.6 4444 624 pts/0 S 14:16 0:00 grep named
29.杀掉named进程
killall -9 named
30.检查named进程
ps aux|grep named
root 13755 0.0 0.6 4444 628 pts/0 S 14:20 0:00 grep named
31.启动named
named
32.查看启动日志
tail /var/log/messages
结果:
Jul 15 14:11:05 xpower named[13744]: none:0: open: /etc/rndc.key: file not found
Jul 15 14:11:05 xpower named[13744]: couldn't add command channel 127.0.0.1#953: file not found
Jul 15 14:11:05 xpower named[13744]: running
Jul 15 14:20:41 xpower named[13757]: starting BIND 9.3.2
Jul 15 14:20:41 xpower named[13757]: loading configuration from '/etc/named.conf'
Jul 15 14:20:41 xpower named[13757]: no IPv6 interfaces found
Jul 15 14:20:41 xpower named[13757]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 15 14:20:41 xpower named[13757]: listening on IPv4 interface eth0, 172.16.0.10#53
Jul 15 14:20:41 xpower named[13757]: command channel listening on 127.0.0.1#953
Jul 15 14:20:41 xpower named[13757]: running
已经没有错误了!
33.查看rndc服务状态
rndc status
number of zones: 0
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
表明rdnc服务器运行很正常!
34.测试一下能不能查询到Internet上的主机
host
www.china.com;; connection timed out; no servers could be reached
查询了十几秒,提示失败。
35.再次查询
host
www.china.com;; Warning: ID mismatch: expected ID 28737, got 38981
;; Warning: ID mismatch: expected ID 28737, got 38981
www.china.com is an alias for chcache.china.com.
chcache.china.com has address 61.151.243.197
chcache.china.com has address 61.151.243.207
chcache.china.com has address 61.151.243.218
chcache.china.com has address 61.151.243.226
chcache.china.com has address 61.151.243.245
chcache.china.com has address 61.151.243.247
www.china.com is an alias for chcache.china.com.
www.china.com is an alias for chcache.china.com.
OK,完全成功!
再再查一下
host
www.sina.com.cnwww.sina.com.cn is an alias for jupiter.sina.com.cn.
jupiter.sina.com.cn is an alias for antares.sina.com.cn.
antares.sina.com.cn has address 218.30.66.61
antares.sina.com.cn has address 218.30.66.62
antares.sina.com.cn has address 218.30.66.63
antares.sina.com.cn has address 218.30.66.64
antares.sina.com.cn has address 218.30.66.65
antares.sina.com.cn has address 218.30.66.66
antares.sina.com.cn has address 218.30.66.67
antares.sina.com.cn has address 218.30.66.68
antares.sina.com.cn has address 218.30.66.69
antares.sina.com.cn has address 218.30.66.70
antares.sina.com.cn has address 218.30.66.71
antares.sina.com.cn has address 218.30.66.108
antares.sina.com.cn has address 218.30.66.109
antares.sina.com.cn has address 218.30.66.110
antares.sina.com.cn has address 218.30.66.111
antares.sina.com.cn has address 218.30.66.112
www.sina.com.cn is an alias for jupiter.sina.com.cn.
jupiter.sina.com.cn is an alias for antares.sina.com.cn.
www.sina.com.cn is an alias for jupiter.sina.com.cn.
jupiter.sina.com.cn is an alias for antares.sina.com.cn.
这表明这台DNS服务器可以正常使用了!
(三)增加一个localhost本地区
36.
vi /etc/named.conf
添加:
zone "localhost" {
type master;
file "named.local";
};
37.
vi /var/named/named.local
添加:
@ 1D IN SOA localhost. root (
2006071501
1H
15M
1W
1D )
IN NS @
IN A 127.0.0.1
38.
rndc reload
server reload successful
39.测试
host localhost
localhost has address 127.0.0.1
dig -t A localhost
; <<>> DiG 9.3.2 <<>> -t A localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41946
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 86400 IN NS localhost.
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 16 14:21:29 2006
;; MSG SIZE rcvd: 57
dig -t NS localhost
; <<>> DiG 9.3.2 <<>> -t NS localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36152
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;localhost. IN NS
;; ANSWER SECTION:
localhost. 86400 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 16 14:22:10 2006
;; MSG SIZE rcvd: 57
测试很成功。可以正常解析localhost域。
<真实正向解析域部分将很快完成>
|