参考文献1:http://blog.51cto.com/sw5720/1611777 参考文献2:https://blog.csdn.net/orapeasant/article/details/1801395 参考文献3:http://www.linuxfromscratch.org/blfs/view/stable/server/bind.html 1、下载最新bind软件,此次使用bind-9.12.1.tar.gz 官方网站https://www.isc.org/downloads/ 2、解压至/root下 tar -zxvf bind-9.10.1-P1.tar.gz 3、进入解压后的文件夹 cd bind-9.10.1-P1 4、安装必备的openssl等插件 yum install gcc gcc-c++ openssl openssl-dev* 5、设置安装路径等参数、编译、安装
-
下面命令参数为:指定路径 多线程功能 大文件支持 DNSSEC支持 设置安装路径为/usr/local/named,多线程,大文件支持,DNSSEC支持 #./configure --prefix=/usr/local/named --enable-threads --enable-largefile --with-tuning=large --with-openssl
-
创建服务专用账户named,禁止本地登陆 #useradd -d /usr/local/named -s /sbin/nologin named
-
编译 #make
-
安装 #make install
-
进入安装后的配置文件夹 #cd /usr/local/named/etc
-
生成rndc.conf文件 #/usr/local/named/sbin/rndc-confgen > rndc.conf
-
将rndc.conf内容导入named.conf #tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
-
编辑主配置文件 #vim named.conf options { listen-on port 53 { 127.0.0.1; }; directory "/usr/local/named/var"; //域名文件存放的绝对路径 pid-file "named.pid";
recursion yes; allow-query { any; }; recursive-clients 30000; query-source ...; //如果查不到要解析地址,将会查询其它域名服务器 notify-source ...; //使用本地的源地址和可选的UDP端口,用于发送NOTIFY消息 }; logging { channel query_log { //查询日志 file "/var/log/named/query.log" versions 20 size 300m; severity info; print-time yes; print-category yes; }; channel error_log { //报错日志 file "/var/log/named/error.log" versions 3 size 10m; severity info; print-time yes; print-severity yes; print-category yes; }; category queries { query_log; }; category default { error_log; }; }; zone "." IN { type hint;
file "named.root"; //存放在//usr/local/named/var目录 }; zone "localhost" IN { type master;
file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master;
file "named.local";
allow-update { none; }; }; -
生成根服务器文件 #cd /usr/local/named/var #dig @a.root-servers.net . ns > named.root
-
创建本地域文件 #vim localhost.zone $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 #vim named.local $TTL 86400 @ IN SOA localhost. root.localhost. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. 1 IN PTR localhost.
-
创建服务起停脚本 #vi /etc/rc.d/init.d/named //服务启停脚本 #!/bin/bash # named a network name service. # chkconfig: 345 35 75 # description: a name server if [
id -u-ne 0 ] then echo -e "\e[31mERROR:For bind to port 53,must run as root.\e[0m" exit 1 fi case "$1" in start) if [ -x /usr/local/named/sbin/named ]; then /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u named && echo . && echo -e 'BIND9 server \e[32mstarted\e[0m' fi ;; stop) killcat /usr/local/named/var/named.pid&& echo . && echo -e 'BIND9 server \e[33mstopped\e[0m' ;; restart) echo . echo "Restart BIND9 server" $0 stop sleep 1 echo -n "." && sleep 2 && echo -n "." && sleep 2 && echo -n "." && sleep 2 $0 start ;; reload) /usr/local/named/sbin/rndc reload ;; status) /usr/local/named/sbin/rndc status ;; *) echo "$0 start | stop | restart |reload |status" ;; esac -
更改脚本文件权限 #chmod 755 /etc/rc.d/init.d/named
-
添加至服务控制 #chkconfig --add named
-
为named赋权限 #chown -R named.named /usr/local/named/
-
创建软连接 #ln -s /usr/local/named/sbin/named /sbin
-
创建日志文件夹 #mkdir /var/log/named/
-
日志文件夹权限修改 #chown -R named.named /var/log/named/
-
调试模式测试是否正常启动 #named -g //调试模式启动
-
设置开机服务自启动 #chkconfig named on && service named start
-
排错,参考http://bbs.chinaunix.net/thread-4187966-1-1.html 启动异常时查看日志 named -g tail -n 30 /var/log/messages
