源码编译安装DNS Server

4rwgf

1.源码包的获取：

1	wget http://pkgs.fedoraproject.org/re ... ind-9.9.1-P2.tar.gz

2.解压安装：

1 2 3 4

tar zxvf bind-9.9.1-P2.tar.gz cd bind-9.9.1-P2 ./configure  --prefix=/usr/local/named  --mandir=/usr/local/share/man/  --enable-threads  --enable-openssl-version-check make && make  install

3.检查安装情况

4.配置bind需要的配置文件,生成rndc.conf配置文件

1 2 3 4 5

[iyunv@localhost~]# cd /usr/local/named/etc/ [iyunv@localhostetc]# /usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf 把rndc.conf中key的信息输出到named.conf中 [iyunv@localhostetc]# tail -n 10 rndc.conf  | head  -n9 | sed -e "s/# //g" > named.conf

5.配置named.conf文件如下：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

options {         directory "/usr/local/named";         pid-file "named.pid";         listen-on port 53 {any;};         listen-on-v6 {none;};         allow-query {any;};         dump-file "/usr/local/named/data/cache_dump.db";         statistics-file "/usr/local/named/data/named_stats.txt";         }; zone "." IN {         type hint;         file "named.root";         }; zone "localhost" IN {         type master;         file "localhost.zone";         }; zone "0.0.127.in-addr.arpa" IN {         type master;         file "localhost.rev";         }; zone "tonlo.com" IN {         type master;         file "tonlo.com.zone";         }; zone "50.168.192.in-addr.arpa" IN {         type master;         file "192.168.50.zone";         }; key "rndc-key" {         algorithm hmac-md5;         secret "mLP2tMyf3pddC9geE53tyg=="; }; controls {         inet 127.0.0.1 port 953                 allow { 127.0.0.1; } keys { "rndc-key"; }; };

在主配置文件/etc/named.conf中定义一个根域，根域文件是/var/named 目录下的named.root文件，他是一个非常重要的文件，包含了internet根服务器的名字和ip地址，当bind接到客户端的查询请求是，如果本地不能解释，也不能在cache中找到相应的数据，就会通过根服务器进行查询
由于根服务器地址经常会发生变化，因此named.conf也应该随之更新，最新的根服务器列表可以从ftp://ftp.rs.internic.net/domain/ 下载，文件名是named.conf

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

[iyunv@localhost~]# wget ftp://ftp.rs.internic.net/domain/named.root --2014-01-0915:29:22-- ftp://ftp.rs.internic.net/domain/named.root            => “named.root” 正在解析主机 ftp.rs.internic.net... 199.7.50.73 正在连接 ftp.rs.internic.net|199.7.50.73|:21... 已连接。 正在以 anonymous 登录 ... 登录成功！ ==>SYST ... 完成。    ==> PWD ... 完成。 ==>TYPE I ... 完成。 ==> CWD (1) /domain ... 完成。 ==>SIZE named.root ... 3048 ==>PASV ... 完成。   ==> RETR named.root ... 完成。 长度：3048 (3.0K) (非正式数据) 100%[==============================================================================>]3,048       --.-K/s   in 0.004s 2014-01-0915:29:35 (749 KB/s) - “named.root” 已保存 [3048] [iyunv@localhost~]# mv named.root  /usr/local/named/

分别配置域名文件，正向区域数据库文件，反向区域数据库文件
localhost.zonelocalhost.rev  和tonlo.com.zone 192.168.50.zone

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45

[iyunv@localhost~]# cd /usr/local/named/ [iyunv@localhost named]# vim localhost.zone $TTL 86400 @ IN SOA localhost. root.localhost. (         2014010801         3H         15M         1W         1D ) @       IN NS ns.localhost. ns      IN A 127.0.0.1 [iyunv@localhost named]# vim localhost.rev $TTL 86400 @       IN SOA localhost.root.localhost. (         2014010801         3H         15M         1W         1D )         IN NS ns.localhost. 1       IN PTR ns.localhost. [iyunv@localhostnamed]# vim tonlo.com.zone $TTL 86400 @       IN SOA  tonlo.com. root.tonlo.com. (         2014010801         3H         15M         1W         1D )         IN NS ns.tonlo.com. ns      IN A 192.168.50.234 [iyunv@localhostnamed]# vim 192.168.50.zone $TTL 86400 @       IN SOA  tonlo.com. root.tonlo.com. (         2014010801         3H         15M         1W         1D )         IN NS ns.tonlo.com. 234     IN PTR ns.tonlo.com.

启动named进程

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138

/usr/local/named/sbin/named -4gc /usr/local/named/etc/named.conf & 09-Jan-2014 16:08:57.467 starting BIND 9.9.1-P2 -4gc /usr/local/named/etc/named.conf 09-Jan-2014 16:08:57.467 built with '--prefix=/usr/local/named' '--mandir=/usr/local/share/man/' '--enable-threads' '--enable-openssl-version-check' 09-Jan-2014 16:08:57.467 ---------------------------------------------------- 09-Jan-2014 16:08:57.467 BIND 9 is maintained by Internet Systems Consortium, 09-Jan-2014 16:08:57.467 Inc. (ISC), a non-profit 501(c)(3) public-benefit 09-Jan-2014 16:08:57.467 corporation.  Support and training for BIND 9 are 09-Jan-2014 16:08:57.467 available at https://www.isc.org/support 09-Jan-2014 16:08:57.467 ---------------------------------------------------- 09-Jan-2014 16:08:57.467 adjusted limit on open files from 4096 to 1048576 09-Jan-2014 16:08:57.467 found 2 CPUs, using 2 worker threads 09-Jan-2014 16:08:57.467 using 2 UDP listeners per interface 09-Jan-2014 16:08:57.468 using up to 4096 sockets 09-Jan-2014 16:08:57.472 loading configuration from '/usr/local/named/etc/named.conf' 09-Jan-2014 16:08:57.473 reading built-in trusted keys from file '/usr/local/named/etc/bind.keys' 09-Jan-2014 16:08:57.473 using default UDP/IPv4 port range: [1024, 65535] 09-Jan-2014 16:08:57.473 using default UDP/IPv6 port range: [1024, 65535] 09-Jan-2014 16:08:57.474 no IPv6 interfaces found 09-Jan-2014 16:08:57.475 listening on IPv4 interface lo, 127.0.0.1#53 09-Jan-2014 16:08:57.476 listening on IPv4 interface eth0, 192.168.50.234#53 09-Jan-2014 16:08:57.477 generating session key for dynamic DNS 09-Jan-2014 16:08:57.477 sizing zone task pool based on 5 zones 09-Jan-2014 16:08:57.480 set up managed keys zone for view _default, file 'managed-keys.bind' 09-Jan-2014 16:08:57.480 automatic empty zone: 10.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 16.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 17.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 18.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 19.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 20.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 21.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 22.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 23.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 24.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 25.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 26.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 27.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 28.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 29.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 30.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 31.172.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 168.192.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 0.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 127.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 254.169.IN-ADDR.ARPA 09-Jan-2014 16:08:57.480 automatic empty zone: 2.0.192.IN-ADDR.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 100.51.198.IN-ADDR.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 113.0.203.IN-ADDR.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: D.F.IP6.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 8.E.F.IP6.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 9.E.F.IP6.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: A.E.F.IP6.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: B.E.F.IP6.ARPA 09-Jan-2014 16:08:57.481 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA 09-Jan-2014 16:08:57.484 command channel listening on 127.0.0.1#953 09-Jan-2014 16:08:57.484 ignoring config file logging statement due to -g option 09-Jan-2014 16:08:57.484 managed-keys-zone: loaded serial 0 09-Jan-2014 16:08:57.484 zone 0.0.127.in-addr.arpa/IN: loaded serial 2014010801 09-Jan-2014 16:08:57.485 zone 50.168.192.in-addr.arpa/IN: NS 'ns.tonlo.com.50.168.192.in-addr.arpa' has no address records (A or AAAA) 09-Jan-2014 16:08:57.485 zone 50.168.192.in-addr.arpa/IN: not loaded due to errors. 09-Jan-2014 16:08:57.486 zone localhost/IN: loaded serial 2014010801 09-Jan-2014 16:08:57.486 zone tonlo.com/IN: loaded serial 2014010801 09-Jan-2014 16:08:57.486 all zones loaded 09-Jan-2014 16:08:57.486 running

证明已经运行
客户端指定此DNS地址，可以看到解析成功：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

[iyunv@localhost named]# 09-Jan-2014 16:10:54.564 success resolving 'nsclick.baidu.com/A' (in 'baidu.com'?) after disabling EDNS 09-Jan-2014 16:10:55.018 success resolving 'a3.verisigndns.com/A' (in 'verisigndns.com'?) after disabling EDNS 09-Jan-2014 16:10:55.031 success resolving 'a1.verisigndns.com/A' (in 'verisigndns.com'?) after disabling EDNS 09-Jan-2014 16:10:55.042 success resolving 'a2.verisigndns.com/A' (in 'verisigndns.com'?) after disabling EDNS 09-Jan-2014 16:10:56.463 success resolving 'phx.corporate-ir.net/A' (in 'corporate-ir.net'?) after disabling EDNS 09-Jan-2014 16:11:00.331 success resolving 'price.52che.com/A' (in '52che.com'?) after reducing the advertised EDNS UDP packet size to 512 octets

注意：iptables允许连接TCP UDP的53端口

1 2 3 4 5 6

iptables  -A INPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --sport 53 -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT