在Linux下安装bind服务,在Linux系统下安装DNS服务器BIND

最新推荐文章于 2024-02-04 23:22:13 发布
最新推荐文章于 2024-02-04 23:22:13 发布
阅读量345 收藏 1
点赞数
文章标签: 在Linux下安装bind服务

BIND是一种开源的DNS(Domain Name System)协议的实现,包含对域名的查询和响应所需的所有软件。它是互联网上最广泛使用的一种DNS服务器,下面讲解在linux系统下如何安装DNS服务器bind。

1.从http://www.isc.org/products/BIND/bind9.html下载bind9的源文件。目前版本为9 .23,源文件为bind-9.2.3.tar.gz。

2.将源文件bind-9.2.3.tar.gz置于/usr/local/src目录下。

3.解压缩源文件bind-9.2.3.tar.gz

# tar -xzvf bind-9.2.3.tar.gz -C /usr/local/src

4.进入安装目录

# cd bind-9.2.3

5.配置、编译

# ./configure

# make

6.安装

# make install

7.生成的可执行文件位于/usr/local/sbin目录下。最重要的可执行文件为named和rndc。

8.创建链接

# ln -s /usr/local/sbin/rndc /usr/sbin/rndc

# ln -s /usr/local/sbin/named /usr/sbin/named

9.创建rndc.conf配置文件。

# /usr/local/sbin/rndc-confgen > /etc/rndc.conf

# cat /etc/rndc.conf

输出为:

# Start of rndc.conf

key "rndc-key" {

algorithm hmac-md5;

secret "y9xvvfQjdWv9f/Fo7wquBg==";

};

options {

default-key "rndc-key";

default-server 127.0.0.1;

default-port 953;

};

# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

# algorithm hmac-md5;

# secret "y9xvvfQjdWv9f/Fo7wquBg==";

# };

#

# controls {

# inet 127.0.0.1 port 953

# allow { 127.0.0.1; } keys { "rndc-key"; };

# };

# End of named.conf

10.创建rndc.key文件。将rndc.conf文件中注释部分拷贝生成如下文件:

# vi /etc/rndc.key

key "rndc-key" {

algorithm hmac-md5;

secret "y9xvvfQjdWv9f/Fo7wquBg==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

检查rndc是否正常工作:

#/usr/local/sbin/named -g

Jan 11 11:56:45.075 starting BIND 9.2.3 -g

Jan 11 11:56:45.076 using 1 CPU

Jan 11 11:56:45.079 loading configuration from '/etc/named.conf'

......

#/usr/local/sbin/rndc status

11.创建named.conf配置文件。

# vi /etc/named.conf

// generated by named-bootconf.pl

options {

directory "/var/named";

/*

* If there is a firewall between you and nameservers you want

* to talk to, you might need to uncomment the query-source

* directive below. Previous versions of BIND always asked

* questions using port 53, but BIND 8.1 uses an unprivileged

* port by default.

*/

// query-source address * port 53;

};

//

// a caching only nameserver config

//

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "domain1.net" IN { //新加domain1.net的域

type master;

file "domain1.net.zone";

allow-update { none; };

};

zone "252.177.61.in-addr.arpa" IN { //新加域的反向解析

type master;

file "named.61.177.252";

allow-update { none; };

};

include "/etc/rndc.key";

12.创建/var/named目录

# mkdir /var/named

# cd /var/named

13.匿名登录到ftp站点FTP.RS.INTERNIC.NET,获取/domain目录下的named.root文件和named.ca文件,将该文件置于/var/named目录下。

14.创建localhost.zone文件

# vi /var/named/localhost.zone

$TTL 86400

$ORIGIN localhost.

@ 1D IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1D IN NS @

1D IN A 127.0.0.1

15.创建named.local文件

# vi named.local

$TTL 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

16.创建domain1.net.zone文件

# vi ycmail.net.zone

$TTL 86400

@ IN SOA localhost. root.localhost. (

2003061800 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

mail IN A 61.177.252.34

www IN CNAME mail

17.创建named.61.177.252文件

# vi named.61.177.252

$TTL 86400

@ IN SOA localhost. root.localhost. (

2003061800 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

34 IN PTR mail.domain1.net.

18.创建启动脚本

# vi /etc/rc.d/init.d/named

#!/bin/sh

#

# named This shell script takes care of starting and stopping

# named (BIND DNS server).

#

# chkconfig: 345 55 45

# description: named (BIND) is a Domain Name Server (DNS)

# that is used to resolve host names to IP addresses.

# probe: true

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ $ = "no" ] && exit 0

[ -f /usr/sbin/named ] || exit 0

[ -f /etc/named.conf ] || exit 0

# See how we were called.

case "" in

start)

# Start daemons.

echo -n "Starting named: "

daemon named

echo

touch /var/lock/subsys/named

;;

stop)

# Stop daemons.

echo -n "Shutting down named: "

killproc named

rm -f /var/lock/subsys/named

echo

;;

status)

/usr/sbin/rndc status

exit $?

;;

restart)

stop

start

exit $?

;;

reload)

/usr/sbin/rndc reload

exit $?

;;

probe)

# named knows how to reload intelligently; we don't want linuxconf

# to offer to restart every time

/usr/sbin/rndc reload >/dev/null 2>&1 || echo start

exit 0

;;

*)

echo "Usage: named "

exit 1

esac

exit 0

19.将/etc/rc.d/init.d/named变成可执行文件。

# chmod 755 /etc/rc.d/init.d/named

20.创建启动脚本symbollink

# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc0.d/K45named

# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc1.d/K45named

# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc2.d/K45named

# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc3.d/S55named

# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc4.d/S55named

# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc5.d/S55named

# ln -s /etc/rc.d/init.d/named /etc/rc.d/rc6.d/K45named

21.启动bind9

# /etc/rc.d/init.d/named start

停止bind9

# /etc/rc.d/init.d/named stop

查看状态

# /etc/rc.d/init.d/named status

22.检查配置文件及域文件

# /usr/local/sbin/named-checkconf

# /usr/local/sbin/named-checkzone domain1.net /var/named/domain1.net.zone0b1331709591d260c1c78e86d0c51c18.png

weixin_39640157
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
BIND-LINUX64位包
06-26
DNS解析BIND 9(适用于WINDOWS桌面系统) 完全改进: Security Fixes Treat an all zero netmask as invalid when generating the localnets acl to workaround bug on Windows platform. [CVE-2013-6230] [RT #34687] Fix crashes when serving some NSEC3 signed zones. memcpy was incorrectly called with overlapping ranges, resulting in malformed names being generated on some platforms. This could cause INSIST failures. (CVE 2014-0591) [RT #35120] Features Changes Add the ability to specify ndots to "nslookup". [RT #34711] Introduce a new tool "dnssec-importkey" to allow externally-generated DNSKEY to be imported into the DNSKEY management framework. [RT #34698] Check that EDNS subnet client options are well formed. [RT #34718] "named" now preserves the capitalization of names when responding to queries. [RT #34737] Include a comment in .nzf files (used for adding new zones via "rndc"), giving the name of the associated view. [RT #34765] Use separate rate limiting queues for refresh and notify requests. [RT #30589] Adjust when a master server is deemed unreachable to be less aggressive. [RT #27075] Create delegations for all "children" of empty zones except "forward first". [RT #34826] Changed the name of "isc-config.sh" developers script (for outputting compiler and linker flags) to "bind9-config". [RT #23825] Add "dig" option to keep the TCP socket open between successive queries (+[no]keepopen). [RT #34918] Add dns_client_createx2() function to DNS Client API to provide a way to specify the local address for use when sending update packets. [RT #34811] "named-checkconf -z" now checks zones of type hint as well as master. [RT #35046] Update config.guess and config.sub to add support for ppc64le (powerpc 64-bit Little Endian). [RT #35060] Update the Windows build system to support feature selection and WIN64 builds. This is a work in progress. [RT #34160] Add "dnssec-signzone -Q" switch to drop signatures from keys that are still published but no longer active. [RT #34990] Add a more detailed "not found" message to "rndc" commands which specify a zone name. [RT #35059] named will now warn when a zone's configured "key-directory" does not exist or is not a directory. [RT #35108] Added improvements to statistics channel XSL stylesheet: the stylesheet can now be cached by the browser; section headers are omitted from the stats display when there is no data in those sections to be displayed; counters are now right-justified for easier readability. (Only available with ./configure --enable-newstats.) [RT #35117] "named-checkconf" can now obscure shared secrets when printing by specifying '-x'. [RT #34465] "named" can now accept integer timestamps in RRSIG records. [RT #35185] The export-library API call for loading "resolv.conf", irs_resconf_load(), has been modified to return ISC_R_FILENOTFOUND when the file does not exist and initializes the resconf structure as if the file had existed and configured with nameservers at the localhost addresses (127.0.0.1 and ::1). [RT #35194] Bug Fixes Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238] Fix "host" and "nslookup" so don't need dot after the domain by checking ndots when searching. Only continue searching on NXDOMAIN responses. [RT #34711] Handle changes to sig-validity-interval settings better. [RT #34625] Fix bug where journal filename string could be set incorrectly, causing garbage in log messages. [RT #34738] Address a race condition when shutting down a zone. [RT #34750] Address race condition with manual notify requests. [RT #34806] Fix nslookup crash where some readline clones don't accept NULL pointers when calling add_history. [RT #34842] Fix Linux compilation issue when libcap-devel is installed. [RT #34838] Fix installation on Solaris -- don't add explicit make dependencies/rules for python programs as make won't use the implicit rules. [RT #34835] Fix hanging server with inline-signed zones by addressing lock order reversal deadlock with inline zones. [RT #34856] Fix "host" failure if a UDP query timed out. [RT #34870] Address bugs in dns_rdata_fromstruct and dns_rdata_tostruct for WKS and ISDN types. [RT #34910] Updated OpenSSL PKCS#11 patches to fix active list locking and other bugs. [RT #34855] Fix a potential hang with failure to release lock on error in receive_secure_db. #34944] Fix cast in lex.c which could see 0xff treated as EOF. This fixes issue with potential bad data in a database used by DLZ or SDB. [RT #34993] Fix build issue on newer FreeBSD needing -lhx509 for GSSAPI build. [RT #35001] Address read after free in server side of lwres_getrrsetbyname. [RT #29075] Fix "nsupdate" memory leak if "realm" was used multiple times. [RT #35073] Fix "dig" for cleaning up TCP sockets still waiting on connect(). [RT #35074] Fix "dnssec-importkey" so imported key won't overwrite an existing non-imported private key. Fix issue where queries covered by a disabled Response Policy Zone (query type was '*') are answered with TTL of 0. [RT #35026] Fix "nsupdate" memory leak if "realm" was used multiple times. [RT #35073] Fix "dig" for cleaning up TCP sockets still waiting on connect(). [RT #35074] Fix issue with "rndc retransfer" with inline-signing replacing NSEC3 with NSEC records. [RT #34745] Fix issue with "rndc refresh" failing to sign slave zones using inline-signing. [RT #35105] Fix potential hang (detected by our inline-signing system test) with null pointer dereference in libdns zone_xfrdone. [RT #35042] Address bug in libdns loadnode function that could return a freed node on out of memory. [RT #35106] Fixed a bug causing an insecure delegation from one "static-stub" zone to another to fail with a broken trust chain. [RT #35081] Fixed problem where iterative responses could be discarded when the "query-source" port for an upstream query was the same as the listener port (53). [RT #34925] Fix crashes in RBTDB implementation. Two calls to dns_db_getoriginnode were fatal if there was no data at the node. [RT #35080] Fix a possible race and crash in the socket_search() function in dispatch.c. [RT #35107] Fix "dig" so it can handle AXFR style IXFR responses which span multiple messages. [RT #35137] Fix a "host" tool problem with converting UTF-8 textname to IDN encoding by handling "." as a search list element when IDN support is enabled. [RT #35133] Fix "queryperf" to prevent a possible integer overflow when printing results. [RT #35182] Prevent a theoretically possible race and crash when obtaining a socket in dispatch.c [RT #35128] Use built-in versions of strptime() and timegm() on all platforms to avoid portability issues. [RT #35183] Fix a bug which could cause a crash when running "rndc reconfig" or "rndc reload" after configuration is changed from regular zones to automatic empty zones. [RT #35177]
Linxu系统(Centos 7)安装 DNS 服务
傻傻的心动的博客
12-03 2338
安装DNS服务Linux下架设DNS服务器通常使用BIND(BerkeleyInternetNameDonman)程序来实现,其守护进程是named。 子任务1安装BIND软件包 1.BIND软件包简介 BIND是一款实现DNS服务器的开放源码软件。BIND原本是美国DARPA资助研究伯克里大学(Berkeley)开设的一个研究生课题,经过多年的变化发展已经成为世界上使用最为广泛的DNS服务器软件,目前Intemet上绝大多数的DNS服务器都是用BIND来架
Linux安装bind9搭建自己的域名服务器
风水道人
07-06 494
Linux安装bind9搭建自己的域名服务器
Redhat LinuxBind的快速安装
09-16
Bind是一种常用的开源DNS服务器软件,在Redhat Linux系统中可以快速安装和配置本地DNS服务器,以下是 Bind 在Redhat Linux中的快速安装和配置过程: 一、安装Bind软件包 Bind 在Redhat Linux中可以使用rpm包进行...
linux系统DNS服务器的搭建共16页.pdf-文档整
08-07
以上就是Linux系统DNS服务器搭建的基本流程和关键知识点,通过理解和实践这些步骤,你可以成功地在自己的Linux环境中部署和管理DNS服务。在实际操作中,还需要根据具体需求和网络环境进行适当的调整。
linuxDNS服务器的配置,DNS的辅助服务器配置.doc
11-28
LinuxDNS 服务器的配置是指在 Linux 操作系统安装和配置 DNS 服务器,以提供域名解析服务DNS(Domain Name System)是互联网上的一种域名解析系统,它可以将人类易于记忆的域名转换为计算机易于识别的 IP ...
linuxbind9安装配置一例
01-10
一,安装BIND 1.下载BIND http://www.isc.org 也可以去本站下载 bind9 dns软件。 2.编译安装 代码如下:# tar zxvf bind-9.4.0.tar.gz # cd bind-9.4.0 # ./configure sysconfdir=/etc //更多安装选项 ./...
linux系统DNS服务器的搭建.doc
06-24
Linux 系统DNS 服务器的搭建 本文档将指导您搭建 Linux 系统下的 DNS 服务器,包括主 DNS 服务器和辅助 DNS 服务器的搭建。 DNS 服务器是网络中的重要组件,负责将域名解析为 IP 地址。 一、DNS 服务器的基本...
Linux虚拟机下bind域名服务器安装与使用(详细)
ChengGuo521的博客
12-07 5648
1. 简述 1.1 关于域名解析服务 DNS域名解析服务是用于解析域名和IP地址对应关系的服务,可以实现正反向解析的功能 正向解析:根据域名(主机名)去查找对应的IP 反向解析 :根据IP查找对应的域名(主机名) 1.2 关于DNS服务协议 DNS服务协议采用层次结构来记录域名和IP的的映射对应关系,从而形成一个分布式的数据库系统,即DNS结构模型 1.3 关于DNS服务器的工作形式 由于DNS服务器有着巨大的用户需求,所以在工作形式上又分为主服务器、从服务器和缓存服务器 ..
linux安装bind程序,Linux安装BIND服务实现DNS解析
weixin_42488179的博客
05-02 1592
DNS 系统的作用及类型整个Internet中连接了数以亿计的服务器、个人主机,其中大部分的网站、邮件等服务器都使用了域名形式的地址,要比使用IP地址的这种形式更加直观,而且更加容易记住。DNS系统在网络中的作用是维护着一个地址数据库,其中记录了各种主机域名与IP地址的对于关系,以便为客户程序提供正向或反向的地址查询服务,即正向解析与反向解析。正向解析:根据域名查询IP地址,即将指定域名解析为相对...
Linux实验记录:使用BIND提供域名解析服务
最新发布
d3535的博客
02-04 1659
本文是一篇关于初学者的实验记录。参考书籍:《就该这么学》实验环境:RedHatEnterpriseLinux[RHEL]8——红帽操作系统
Linux使用bind搭建DNS解析
weixin_45390751的博客
01-09 285
linux系统搭建DNS域名解析服务器
Centos-Linux安装bind9.17.9
qq_36819827的博客
11-15 2062
linux安装bind9.17.9,升级dig
linuxbind服务安装配置,linuxbind域名dns服务器安装配置
weixin_35715474的博客
05-11 443
linuxbind域名dns服务器安装配置一、从bind官网网站下载http://www.bind.com/pub/bind9/ 进行安装[root@redhat soft]# tar zxvf bind-9.9.0rc2.tar.gz[root@redhat soft]# cd bind-9.9.0rc2[root@redhat bind-9.9.0rc2]# ./configure --pr...
linux命令安装bind,linux安装配置bind-dns服务器
weixin_36087357的博客
04-30 971
本文中其他IP地址实验时并不存在,为了方便,解析记录也多为rhel自身,可自行建立测试.bind下载:http://www.isc.org/downloads可下载源码包编译安装,本文实验时候采用的rhel镜像自带rpm包.软件包:bind-*.rpmbind-utils-*.rpmbind-chroot-*.rpmcaching-nameserver-*.rpm*为版本号安装:[root@iso...
linuxbind9源码包安装使用,编译安装bind9
weixin_29040367的博客
05-12 488
一、下载bind9.9.5源码包可以通过www.isc.org站点来获得源码包。二、将源码包解压到任意目录源码包通常都是.tar.gz文件,因此我们需要先将其解压:三、编译安装bind1、安装前的准备工作安装gcc和openssl-develgcc无需多说,编译时必须要用到的工具;安装openssl-devel是因为在进行编译时,提示openssl头文件找不到,不安装openssl-devel的话...
Linux Bind 安装
_执着_的博客
07-07 4109
Bind 安装(以下安装是以源码包为主) 安装包下载 rpm下载地址:https://pkgs.org/download/bind 输入Bind搜索,依赖bind-utils、bind-libs、bind-license rpm安装时才需要安装依赖 rpm所有版本下载地址http://rpm.pbone.net/index.php3?stat=3&limit=1&srodzaj=1&dl=40&search=bind-9.9&field[]=1&field[]
LinuxDNS正反解析与主从配置
weixin_69148277的博客
03-10 1537
LinuxDNS正反解析与主从配置
Ubuntu配置DNS服务器--bind.doc
03-13
"Ubuntu配置DNS服务器--bind" DNS(Domain Name System)是互联网上的一种关键服务,它将人类可读的域名转换为对应的IP地址。BIND(Berkeley Internet Name Domain)是DNS协议的一个广泛使用的开源实现,由Internet...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值