bind安装,rndc和bind升级

有用的东西,收藏
1.原系统自带rpm格式安装的bind9.2.4。使用rpm -q检查出来版本信息,为了测试二进制安装bind,首先使用rpm -e删除bind9.2.4.
[root@jww etc]# root@jww etc]# rpm -e bind-9.2.4-2 --nodeps
warning: /etc/sysconfig/named saved as /etc/sysconfig/named.rpmsave
warning: /etc/rndc.key saved as /etc/rndc.key.rpmsave
[root@jww etc]# rpm -q bind
package bind is not installed


2.安装二进制的bind-9.4.3:
[root@jww jww]# tar -zxvf bind-9.4.3-P3.tar.gz
bind-9.4.3-P3/
bind-9.4.3-P3/bin
...
...
...
...
[root@jww jww]# cd bind-9.4.3-P3
[root@jww bind-9.4.3-P3]# ./configure
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux
...
...
...
...
config.status: creating config.h
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING                                                                                        WARNING
WARNING            Your OpenSSL crypto library may be vulnerable to            WARNING
WARNING            one or more of the the following known security            WARNING
WARNING            flaws:                                                                    WARNING
WARNING                                                                                        WARNING
WARNING            CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and            WARNING
WARNING            CVE-2006-2940.                                                        WARNING
WARNING                                                                                        WARNING
WARNING            It is recommended that you upgrade to OpenSSL                WARNING
WARNING            version 0.9.8d/0.9.7l (or greater).                            WARNING
WARNING                                                                                        WARNING
WARNING            You can disable this warning by specifying:                WARNING
WARNING                                                                                        WARNING
WARNING                    --disable-openssl-version-check                        WARNING
WARNING                                                                                        WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
出错纠正。。。。
[root@jww bind-9.4.3-P3]# ./configure --disable-openssl-version-check
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
...
...
...
...
config.status: creating config.h
config.status: config.h is unchanged
[root@jww bind-9.4.3-P3]#
[root@jww bind-9.4.3-P3]#
[root@jww bind-9.4.3-P3]# make
...
...
...
...
[root@jww bind-9.4.3-P3]# make install
...
...
...
...
[root@jww bind-9.4.3-P3]# rpm -q bind
package bind is not installed
[root@jww bind-9.4.3-P3]#
[root@jww ~]# /usr/sbin/named -v                    *******二进制安装使用rpm检查不出来********
BIND 9.4.3-P3

备注:我使用二进制方式安装bind,在/etc下面没有产生named.conf文件,在/var也没有产生named文件夹及文件夹里面的7个文件和1个chroot文件夹。
因为之前我的系统中有bind-9.2.4,这些文件都有了。所以我不比去网上搜寻,直接使用。


3.生成rndc的key
# /usr/local/sbin/rndc-confgen >rndc.conf
# /usr/local/sbin/named -g
  Jan 11 11:56:45.075 starting BIND 9.2.3 -g
  Jan 11 11:56:45.076 using 1 CPU
  Jan 11 11:56:45.079 loading configuration from '/etc/named.conf'
[root@jww ~]# more /etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
            algorithm hmac-md5;
            secret "DSqZHhpd8HuK9YtsQlZZIg==";
};

options {
            default-key "rndc-key";
            default-server 127.0.0.1;
            default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
      algorithm hmac-md5;
      secret "DSqZHhpd8HuK9YtsQlZZIg==";
# };
#
# controls {
      inet 127.0.0.1 port 953
                  allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
[root@jww ~]#
打开刚在/etc/rndc.conf 文件.打# Use with the following in named.conf, adjusting the allow list as needed: 这行下的所有复制到你的named.conf 文件里
[root@jww ~]# more /etc/named.conf
//
// named.conf for Red Hat caching-nameserver
//

options {
            directory "/var/named";
            dump-file "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
           
            // query-source address * port 53;
};
key "rndc-key" {
        algorithm hmac-md5;
        secret "DSqZHhpd8HuK9YtsQlZZIg==";
};

controls {
        inet 127.0.0.1 port 953
                    allow { 127.0.0.1; } keys { "rndc-key"; };
};

//
// a caching only nameserver config
//
#controls {
      inet 127.0.0.1 allow { localhost; } keys { rndckey; };
#};

zone "." IN {
            type hint;
            file "named.ca";
};


4.创建链接
# ln -s /usr/local/sbin/rndc /usr/sbin/rndc
# ln -s /usr/local/sbin/named /usr/sbin/named




5.启动bind
[root@jww ~]# /usr/sbin/named -gc /etc/named.conf
11-Aug-2009 12:04:50.406 starting BIND 9.4.3-P3 -gc /etc/named.conf
11-Aug-2009 12:04:50.408 using up to 4096 sockets
11-Aug-2009 12:04:50.503 loading configuration from '/etc/named.conf'
11-Aug-2009 12:04:50.527 using default UDP/IPv4 port range: [1024, 65535]
11-Aug-2009 12:04:50.529 using default UDP/IPv6 port range: [1024, 65535]
11-Aug-2009 12:04:50.545 listening on IPv4 interface lo, 127.0.0.1#53
11-Aug-2009 12:04:50.552 listening on IPv4 interface eth0, 10.8.1.195#53
11-Aug-2009 12:04:50.679 automatic empty zone: 127.IN-ADDR.ARPA
11-Aug-2009 12:04:50.682 automatic empty zone: 254.169.IN-ADDR.ARPA
11-Aug-2009 12:04:50.683 automatic empty zone: 2.0.192.IN-ADDR.ARPA
11-Aug-2009 12:04:50.684 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
11-Aug-2009 12:04:50.684 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
11-Aug-2009 12:04:50.685 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
11-Aug-2009 12:04:50.687 automatic empty zone: D.F.IP6.ARPA
11-Aug-2009 12:04:50.688 automatic empty zone: 8.E.F.IP6.ARPA
11-Aug-2009 12:04:50.688 automatic empty zone: 9.E.F.IP6.ARPA
11-Aug-2009 12:04:50.689 automatic empty zone: A.E.F.IP6.ARPA
11-Aug-2009 12:04:50.689 automatic empty zone: B.E.F.IP6.ARPA
11-Aug-2009 12:04:50.710 command channel listening on 127.0.0.1#953
11-Aug-2009 12:04:50.711 ignoring config file logging statement due to -g option
11-Aug-2009 12:04:50.765 zone 0.in-addr.arpa/IN: NS 'localhost.0.in-addr.arpa' has no address records (A or AAAA)
11-Aug-2009 12:04:50.767 zone 0.in-addr.arpa/IN: loaded serial 42
11-Aug-2009 12:04:50.778 zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
11-Aug-2009 12:04:50.830 zone 255.in-addr.arpa/IN: NS 'localhost.255.in-addr.arpa' has no address records (A or AAAA)
11-Aug-2009 12:04:50.831 zone 255.in-addr.arpa/IN: loaded serial 42
11-Aug-2009 12:04:50.835 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
11-Aug-2009 12:04:50.841 zone localdomain/IN: loaded serial 42
11-Aug-2009 12:04:50.844 zone localhost/IN: loaded serial 42
11-Aug-2009 12:04:50.845 running
只要有最后一行,那么你的配置就算是基本成功了。
第一次启动遇到如下问题:
[root@jww ~]# /usr/sbin/named -gc /etc/named.conf
11-Aug-2009 12:10:44.292 starting BIND 9.4.3-P3 -gc /etc/named.conf
11-Aug-2009 12:10:44.294 using up to 4096 sockets
11-Aug-2009 12:10:44.307 loading configuration from '/etc/named.conf'
11-Aug-2009 12:10:44.309 /etc/rndc.key:1: key 'rndc-key': already exists previous definition: /etc/named.conf:18
11-Aug-2009 12:10:44.311 loading configuration: failure
11-Aug-2009 12:10:44.312 exiting (due to fatal error)
[root@jww ~]#
解决方法:将/etc/rndc.key文件屏蔽
第二次启动出现如下错误:
[root@jww etc]# /usr/local/sbin/named -gc /etc/named.conf
10-Dec-2008 00:26:07.283 starting BIND 9.6.1-P1 -gc /etc/named.conf
10-Dec-2008 00:26:07.288 built with '--disable-openssl-version-check'
10-Dec-2008 00:26:07.289 using up to 4096 sockets
10-Dec-2008 00:26:07.305 loading configuration from '/etc/named.conf'
10-Dec-2008 00:26:07.308 /etc/named.conf:92: open: /etc/rndc.key: file not found
10-Dec-2008 00:26:07.311 loading configuration: file not found
10-Dec-2008 00:26:07.312 exiting (due to fatal error)
解决方法:将named.conf文件的第92行屏蔽


6.使用rndc控制named
[root@jww ~]# rndc status
number of zones: 17
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@jww ~]#
[root@jww named]# /usr/sbin/rndc stop
10-Dec-2008 00:43:29.579 received control channel command 'stop'
10-Dec-2008 00:43:29.581 shutting down: flushing changes
10-Dec-2008 00:43:29.582 stopping command channel on 127.0.0.1#953
[root@jww named]# 10-Dec-2008 00:43:29.588 no longer listening on 127.0.0.1#53
10-Dec-2008 00:43:29.589 no longer listening on 10.8.1.195#53
10-Dec-2008 00:43:29.600 exiting

[1]+    Done                            /usr/local/sbin/named -gc /etc/named.conf    (wd: /etc)
(wd now: /var/named)
[root@jww named]#

7.升级到bind-9.6.1
停止named服务
[root@jww jww]# tar -zxvf bind-9.6.1-P1.tar.gz
[root@jww jww]# cd bind-9.6.1-P1
[root@jww bind-9.6.1-P1]# ./configure --disable-openssl-version-check
[root@jww bind-9.6.1-P1]# make
[root@jww bind-9.6.1-P1]# make install
[root@jww bind-9.6.1-P1]# /usr/sbin/named -v
BIND 9.6.1-P1
[root@jww bind-9.6.1-P1]#/usr/local/sbin/rndc-confgen >rndc.conf
使用rndc.conf中的key和named.conf文件覆盖。
[root@jww etc]# /usr/local/sbin/named -gc /etc/named.conf &        后台启动named
[root@jww etc]# /usr/local/sbin/rndc status                   
version: 9.6.1-P1
number of zones: 17
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@jww etc]

8.打开系统防火墙,打开53端口TCP和UDP应用。这个是为了别的机器使用本机的域名解析服务。

9.测试:
[root@jww named]# dig @10.8.1.195 www.sohu.com

; <<>> DiG 9.6.1-P1 <<>> @10.8.1.195 www.sohu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10924
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
; www.sohu.com.                        IN        A

;; ANSWER SECTION:
www.sohu.com.                600        IN        CNAME    d7.a.sohu.com.
d7.a.sohu.com.            1200    IN        CNAME    pgcnctct07.a.sohu.com.
pgcnctct07.a.sohu.com.    300        IN              61.135.179.160
pgcnctct07.a.sohu.com.    300        IN              61.135.179.184
pgcnctct07.a.sohu.com.    300        IN              61.135.179.190
pgcnctct07.a.sohu.com.    300        IN              61.135.133.37
pgcnctct07.a.sohu.com.    300        IN              61.135.133.38
pgcnctct07.a.sohu.com.    300        IN              61.135.133.88
pgcnctct07.a.sohu.com.    300        IN              61.135.133.89
pgcnctct07.a.sohu.com.    300        IN              61.135.179.155

;; AUTHORITY SECTION:
a.sohu.com.                3600    IN        NS        z.a.sohu.com.
a.sohu.com.                3600    IN        NS        x.a.sohu.com.
a.sohu.com.                3600    IN        NS        y.a.sohu.com.

;; Query time: 926 msec
;; SERVER: 10.8.1.195#53(10.8.1.195)
;; WHEN: Wed Dec 10 00:37:35 2008
;; MSG SIZE    rcvd: 250
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值