bind9

安装BIND9：

# tar zxvf bind-9.3.1.tar.gz
# cd bind-9.3.1
# ./configure
--prefix=/opt/named
--disable-ipv6
# make
# make install

建立BIND用户：

# groupadd bind
# useradd -g bind -d /opt/named -s /sbin/nologin bind

创建配置文件目录：

# mkdir –p /opt/named/etc
# chown bind:bind /opt/named/etc
# chmod 700 /opt/named/etc

创建主要的配置文件：

# vi /opt/named/etc/named.conf
===========================named.conf=======================

acl "trust-lan" { 127.0.0.1/8; 192.168.1.0/24;};
options {
           directory "/opt/named/etc/";
pid-file "/var/run/named/named.pid";
version "0.0.0";
datasize 40M;
allow-transfer {
"trust-lan";};
recursion yes;
allow-notify {
"trust-lan";
};
allow-recursion {
"trust-lan";
};
auth-nxdomain no;
forwarders {
202.96.128.166;
202.96.134.133;};
};
logging {
        channel warning
        { file "/var/log/named/dns_warnings" versions 3 size 1240k;
        severity warning;
        print-category yes;
        print-severity yes;
        print-time yes;
        };
        channel general_dns
        { file "/var/log/named/dns_logs" versions 3 size 1240k;
        severity info;
        print-category yes;
        print-severity yes;
        print-time yes;
        };
        category default { warning; };
        category queries { general_dns; };
};
zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost";
};

zone "level.org.cn" {
        type slave;
        file "level.org.cn";
        masters {
                192.168.1.2;
        };
};

zone "1.168.192.in-addr.arpa" {
        type slave;
        file "1.168.192.in-addr";
        masters {
                192.168.1.2;
        };
};
=========================named.conf==========================

# vi /opt/named/etc/level.org.cn

============================ home.com ==========================
$TTL 86400
$ORIGIN level.org.cn.
@       IN      SOA     redhat.level.org.cn. root.level.org.cn (
        2001111601 ; serial
        28800 ; refresh
        14400 ; retry
        3600000 ; expire
        86400 ; default_ttl
        )
        IN      NS      redhat.level.org.cn.

;; -- default address -

@       IN      A       192.168.1.2

;; -- redhat SerVer --

redhat    IN      A               192.168.1.2
           IN      MX      0       redhat.level.org.cn.
          IN       MX      10      linux.level.org.cn
IN      HINFO           "redhat as 4.0".
           IN      TXT             "The internet gateway".

;; --- WIN2K SerVer ---

win2k   IN      A               192.168.1.3
        IN      MX      0       win2k.level.org.cn.
        IN      MX      10      redhat.level.org.cn.
        IN      HINFO           "windows 2000 server".

;; ------ cnames ------

dns     IN      CNAME   redhat
www     IN      CNAME   redhat
mail    IN      CNAME   redhat
ftp     IN      CNAME   redhat
============================ level.org.cn ==========================

# vi /opt/named/etc/1.168.192.in-addr

======================== 1.168.192.in-addr =====================
$TTL 86400
@       IN      SOA     redhat.level.org.cn. root.home.level.org.cn. (
                2001111601      ; Serial
                28800           ; refresh
                14400           ; retry
                3600000         ; expire
                86400 )         ; minimum

@       IN      NS      redhat.level.org.cn.
1       IN      PTR     dns.level.org.cn.
1       IN      PTR     www.level.org.cn.
1       IN      PTR     mail.level.org.cn.
1       IN      PTR     ftp.level.org.cn.
10      IN      PTR     win2k.level.org.cn.
======================== 1.168.192.in-addr ======================

# vi /opt/named/etc/localhost
=========================== localhost ===========================
$TTL    3600
@       IN      SOA     redhat.level.org.cn. root.home.level.org.cn.  (
                                20040526  ; Serial
                                3600       ; Refresh
                                900        ; Retry
                                3600000   ; Expire
                                3600 )    ; Minimum
        IN      NS      redhat.level.org.cn.
1       IN      PTR     localhost.level.org.cn.
=========================== localhost ===========================

更新根区文件：

# cd /opt/named/etc/
# wget ftp://ftp.internic.org/domain/named.root

创建PID和日志文件：

# mkdir /var/run/named/
# chmod 777 /var/run/named/
# chown bind:bind /var/run/named/

# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:bind /var/log/named/*

生成rndc-key：

# cd /opt/named/etc/
# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中：
# Use with the following in named.conf, adjusting the allow list as needed:
后面以的部分加到/opt/named/etc/named.conf中并去掉注释

运行测试：

# /opt/named/sbin/named -gc /opt/named/etc/named.conf &

状态检查：

# /opt/named/sbin/rndc status

建立启动脚本：

# vi /etc/init.d/named
============================== named.sh============================
#!/bin/bash
#
# named        a network name service.
#
#
# chkconfig: 545 35 75
# description: a name server
#
if [ `id -u` -ne 0 ]
then
        echo "ERROR:For bind to port 53,must run as root."
        exit 1
fi
case "$1" in

start)
        if [ -x /opt/named/sbin/named ]; then
        /opt/named/sbin/named -u bind -c /opt/named/etc/named.conf && echo . && echo 'BIND9 server started.'
        fi
        ;;

stop)
        kill `cat /var/run/named/named.pid` && echo . && echo 'BIND9 server stopped.'
        ;;
        restart)
        echo .
        echo "Restart BIND9 server"
        $0 stop
        sleep 10
        $0 start
        ;;
        *)
        echo "$0 start | stop | restart"
        ;;

esac
===============================named.sh============================

# chmod 755 /etc/init.d/named
# chown root:root /etc/init.d/named
# chkconfig --add named
# chkconfig named on