安装环境:Linux 2.6.18-92.el5 x86_64
安装软件:bind-9.7.5
1、 bind安装
在压缩包存放的目录下(假设我们要把bind放在/home/目录下)
cd /home/
tar zxvf bind-9.7.5.tar.gz
cd bind-9.7.5
./configure --prefix=/usr/local/bind
make depend
make
make install
mkdir -p /usr/local/bind/var/run
mkdir -p /usr/local/bind/var/named
mkdir -p /usr/local/bind/etc
touch /usr/local/bind/etc/named.conf
touch /usr/local/bind/etc/rndc.conf
ln -sf /usr/local/bind/etc/named.conf /etc/named.conf
ln -sf /usr/local/bind/etc/rndc.conf /etc/rndc.conf
ln -sf /usr/local/bind/var/named /var/named
ln -sf /usr/local/bind/sbin/rndc /usr/sbin/rndc
ln -sf /usr/local/bind/sbin/named /usr/sbin/named
2、 bind配置
(1)创建密钥
cd /usr/local/bind
sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST worldhello.
为bind提供了一种安全机制Transaction Signatures,使用共享密钥进行安全的DNS通知和更新。生成的密钥文件K*****.key,K*****.private。其中*.private文件包含的Key: ******* 即为共享密钥。
(2)创建配置文件:etc/rndc.conf
rndc是远程域名服务控制器。是管理员用来控制域名服务器的应用程序,用于动态加载、停止和配置DNS服务。它的配置文件/etc/rndc.conf内容如下:
key worldhello. { /*共享密钥用于和受控DNS服务器之间完成认证*/
algorithm "hmac-md5";
secret "************************"; /*其中*为上面创建的共享密钥*/
};
options {
default-server localhost; /*管理的DNS主机名称,本例为管理本机*/
default-key worldhello. ;
};
server localhost {
key worldhello. ;
};
(3)创建配置文件:/etc/named.conf
named.conf 是域名服务器的主配置文件。zone是配置文件中的最重要的部分,描述了一个授权域名下的域名解析信息。
<!--EndFragment-->
[root@linux etc]# cd /var/named
建立localhost.zone文件
[root@linux named]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
建立named.local文件
[root@linux named]#vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
dig命令直接生成named.root文件
[root@linux named]#dig > named.root
建立test.com域名正向解析文件
[root@linux named]#vi test.zone
$TTL 86400
$ORIGIN test.com.
@ IN SOA ns.test.com. root.test.com.(
2012051600
3600
300
604800
3600)
@ IN NS ns.test.com.
ns IN A 127.0.0.1
www IN A 192.168.101.206
注明:192.168.101.206为www.test.com机器的ip
建立test.com域名反向解析文件
[root@linux named]#vi test.local
$TTL 86400
@ IN SOA test.com. root.test.com.(
20031001;
7200;
3600;
43200;
86400);
@ IN NS test.com.
82 IN PTR dns.test.com.
配置named.conf加如以下代码
[root@linux etc]# vi named.conf
key worldhello. {
algorithm "hmac-md5";
secret "************************"; /*其中*为上面创建的共享密钥*/
};
controls {
inet 127.0.0.1 allow { localhost; } keys { worldhello.; };
};
options {
directory "/var/named";
allow-query { any; };
pid-file "named.pid";
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "test.zone";
allow-update { none; };
};
zone "101.168.192.in-addr.arpa" IN {
type master;
file "test.local";
allow-update { none; };
};