Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to install and configure DNS with Bind under Solaris

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to install and configure DNS with Bind under Solaris, which has a certain reference value, and interested friends can refer to it. I hope you can learn a lot after reading this article.

I. Foundation of DNS

DNS:Domain Name System, domain name resolution server, its role in the Internet is to convert domain names into ip addresses that can be recognized by the network.

BIND:Berkeley Internet Name Domain is the most frequently used implementation of the DNS protocol in unix.

For example, blog.sina.com.cn,blog is a level-4 domain name, sina is a level-3 domain name, com is a secondary domain name, and cn is a top-level domain name. A complete domain name can be up to 256 characters, and each level of domain name can be up to 63 characters.

DNS uses the in.named process. If / etc/named.conf exists, the system starts the in.named process and reads the / etc/named.conf file. In.named is actually a link to / usr/sbin/named.

Name-to-address lookup is called forward mapping; address-to-name lookup is called reverse mapping.

II. Installation and configuration of DNS server

The following are all for root user operations on the Solaris platform. No matter which distribution you use, the setting of unix,DNS has little to do with unix.

1. Install BIND. The current Release version is bind-9.4.2.tar.gz.

In order to facilitate the use of other operating systems, we still install it from the source code package. First, from the ISC company's home page (http://www.isc.org/index.pl?/sw/bind/index.php) under the software package.

Decompress:

# pwd

/ opt/wacos/encle

# gunzip bind-9.4.2.tar.gz

# tar-xvf bind-9.4.2.tar

The configuration is compiled and installed. BIND is normally installed in the / usr/local directory, but you can adjust the parameter setting of-- prefix. In this case, IPv6 is not used, and the startup file will eventually be installed in / usr/local/sbin:

# cd bind-9.4.2

#. / configure-prefix=/usr/local-sysconfdir=/etc-disable-ipv6

# make

# make install

Installation will take a long time. After installation, take a look at the current version:

# / usr/local/sbin/named-v

At this point, the Bind installation is complete.

2. Generate RNDC (used to control DNS server, Bind9 has) configuration file / etc/rndc.conf

Bind9 stipulates that if you want to use rndc to control dns, you must verify the file rndc.conf and the secret lock. The contents of the rndc.conf file, which can be generated with the rndc-confgen command.

# / usr/local/sbin/rndc-confgen > / etc/rndc.conf

If there is no random generator on the machine, in this case the system should let you enter some unrelated letters to replace the / dev/random function.

-

You must use the keyboard to create entropy, since your system is lacking

/ dev/random (or equivalent)

Start typing:

..

..

..

..

..

..

..

..

Stop typing.

# Start of rndc.conf

...

# End of named.conf

-

The generated rndc.conf is roughly as follows:

# cat / etc/rndc.conf

-

# Start of rndc.conf

Key "rndc-key" {

Algorithm hmac-md5

Secret "ZdAFUwS0QMr95427P7Xq+w=="

}

Options {

Default-key "rndc-key"

Default-server 127.0.0.1

Default-port 953

}

# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

# algorithm hmac-md5

# secret "ZdAFUwS0QMr95427P7Xq+w=="

#}

#

# controls {

# inet 127.0.0.1 port 953

# allow {127.0.0.1;} keys {"rndc-key";}

#}

# End of named.conf

#

-

When configuring / etc/named.conf later, copy everything under the line "# Use with the following in named.conf, adjusting the allow list as needed:" to the named.conf file.

3. Configure the boot file / etc/named.conf of the DNS server

The named.conf file contains:

Indicates the location of the file containing the root server

Establish a primary server, a secondary server, and a cache-only server

Indicate the authoritative area of the server

Indicate the location of the server's data file

Apply security options to a specific area

Define log specification

Options can be applied to a set of areas.

Named.conf authoring specification:

The statement ends with a; sign

Each statement may also include a statement enclosed by {}

Multi-line comment is / * /; single-line comment # or / start.

A statement can define:

Acl: define a named IP address matching list

Options: controls global server configuration options

Zone: defining area

First create the zone file directory / etc/named:

# mkdir / etc/named

Example of configuring named.conf:

# vi / etc/named.conf

-

Options {

/ / define the area file directory, indicating that the files in the following configurations are in this directory by default

Directory "/ etc/named"

}

/ / specify the configuration file / etc/named/named.root of the root DNS server, which can be downloaded from the network

Zone "." In {

Type hint

File "named.root"

}

/ / specify forward resolution profile / etc/named/encle.zone

Zone "encle.com" in {

Type master

File "encle.zone"

}

/ / specify reverse parsing configuration file / etc/named/encle.rzone, "111.19.172." Here, it depends on the distribution of network IP, and it is the first three segments of reverse IP.

Zone "111.19.172.in-addr.arpa" in {

Type master

File "encle.rzone"

}

/ / specify loopback reverse resolution profile / etc/named/named.local

Zone "0.0.127.in-addr.arpa" in {

Type master

File "named.local"

}

/ / copy the Key and Controls segments of / etc/rndc.conf generated above to here.

Key "rndc-key" {

Algorithm hmac-md5

Secret "ZdAFUwS0QMr95427P7Xq+w=="

}

Controls {

Inet 127.0.0.1 port 953

Allow {127.0.0.1;} keys {"rndc-key";}

}

-

4. Configure the area file

Most entries in the zone data file are called DNS resource records (resource record).

The order of resource records in the data file is as follows:

SOA record

Indicate the authority of the district

NS record

A name server in the area

Other records

Data about hosts in this area

A name to address mapping

PTR address to name mapping

CNAME alias

Note:

Use the semicolon (;) to end at the end of the line.

Set the default TTL value for the zone:

The name server provides this TTL value in the query response, allowing other servers to store the data in the cache for the time specified by TTL.

The units allowed are: W = week d = days h = hours m = minutes s = seconds

Resource record format:

[name] [ttl] [class] [type] [data]

Name: domain name

Ttl: cache lifetime, usually 86400 (1 day), which can also be expressed as 1D

Class: network category. Usually IN stands for Internet.

Type: the resource record type of the domain name

Data: data, such as hostname, ip, email address, etc.

Description of resource record types:

; the beginning of the comment

$TTL:Time To Live, cache lifetime

SOA:Start of Authority, marking the server of the main city, contact information, etc.

NS:Name Server, name server

A:Address, which specifies the IP of a host

PTR:Pointer, which specifies the hostname of an IP, which is used for reverse resolution (that is, resolving IP to hostname)

CNAME:Canonical Name, host alias (for example, www can replace a host name)

AAAA:quad-A, which specifies the IPv6 address of a host

A) / etc/named/named.root

This file is used when you are connected to internet.

The latest version of the file is available from http://www.internic.net/zones/named.root.

C) / etc/named/encle.zone

# vi / etc/named/encle.zone

-

; This file resolves hostnames to IP addresses in the encle.com. Domain.

$ORIGIN encle.com.

$TTL 1d

Encle.com. IN SOA dns.encle.com. Wangnc.gmail.com. (

20080201; serial number

1h; refresh

15m; retry

1W; expire

1D); ttl

Encle.com. IN NS dns.encle.com.

Dns IN A 172.19.111.37

Www IN A 172.19.111.40

Test IN A 172.19.111.42

-

C) / etc/named/encle.rzone

# vi / etc/named/encle.rzone

-

; This file resolves IP addresses to hostnames in the encle.com. Domain.

$ORIGIN 1.168.192.IN-ADDR.ARPA.

$TTL 1d

111.19.172.IN-ADDR.ARPA. IN SOA dns.encle.com. Wangnc.gmail.com. (

20080201; serial number

3h; refresh

1h; retry

1W; expire

1D); ttl

111.19.172.IN-ADDR.ARPA. IN NS dns.encle.com.

37 IN PTR dns.encle.com.

40 IN PTR www.encle.com.

42 IN PTR test.encle.com.

-

D) / etc/named/named.local

# vi / etc/named/named.local

-

$ORIGIN 0.0.127.IN-ADDR.ARPA.

$TTL 1d

0.0.127.IN-ADDR.ARPA. IN SOA dns.encle.com. Wangnc.gmail.com. (

20080201; version number

3h; refresh

1h; retry

1W; expire

1D); ttl

0.0.127.IN-ADDR.ARPA. IN NS dns.encle.com.

1 IN PTR localhost.encle.com.

-

5. Check the configuration file

# / usr/local/sbin/named-checkconf / etc/named.conf

# / usr/local/sbin/named-checkzone encle.com / etc/named/encle.zone

6. Start the in.named service process on the main DNS server

# / usr/local/sbin/named or # / usr/local/sbin/named-c / etc/named.conf (for cases where named.conf is not placed under the default location / etc)

View the processes that are open:

# ps-ef | grep named | grep-v grep

Test whether rndc is successful:

# / usr/local/sbin/rndc status

Number of zones: 14

Debug level: 0

Xfers running: 0

Xfers deferred: 0

Soa queries in progress: 0

Query logging is OFF

Recursive clients: 0/0/1000

Tcp clients: 0/100

Server is up and running

Indicates that rndc has successfully controlled Bind9. If the above information is not displayed, please check that your / usr/local/etc/named.conf file is configured with key in / usr/local/etc/rndc.conf.

Check to see if there is an error log message:

# tail-f / var/adm/messages

Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.notice] starting BIND 9.4.2

Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.error] binding TCP socket: address in use

Jan 30 14:26:54 fsdb37 last message repeated 1 time

Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.notice] command channel listening on 127.0.0.1#953

Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.notice] running

Note:

Bind is pre-installed in the solaris8&9 version, the directory is / usr/sbin, the program is in.named, and there is also its own nslookup and other programs. You can see its version:

# / usr/sbin/in.named-v

In.named BIND 8.2.4 Fri May 19 04:41:53 PDT 2006

Generic Patch-5.8-May 2006

And there is a startup definition of in.named in / etc/rc2.d/S72inetsvc: only the named.conf file under / etc will start in.named when the system starts.

-

...

If [- f / usr/sbin/in.named-a-f / etc/named.conf]; then

Echo 'starting internet domain name server.'

/ usr/sbin/in.named &

Fi

...

-

When we install our own bind, we often (by default) put the named.conf file under / etc! This causes us to configure our bind, as soon as we start the server,solaris preinstalled bind, we will report an error when we start our bind: Port 53 is already occupied. The solution is to modify / etc/rc2.d/S72inetsvc to comment out all the relevant in.named and add our named. In this way, our dns will run automatically when the system starts up.

In addition, the system comes with a nslookup under / usr/sbin/, and the nslookup after installing Bind9 is under / usr/local/bin. This way, we have two nslookup in the system. Among the PATH variables in the environment variables, / usr/sbin is generally at the top of the rankings, definitely before / usr/local/bin. This causes us to run the old version of nslookup when we type nslookup. In this way, we may get the wrong message. The solution is to overwrite the old file with the new nslookup, or adjust the environment variables to put / usr/local/bin first.

III. Configuration of DNS client

1. Create a / etc/resolv.conf file to record the address and domain name of the DNS server.

The resolv.conf file for an example is as follows:

# vi / etc/resolv.conf

-

Domain encle.com # default domain

Nameserver 172.19.111.37 # DNS server ip

-

The first line is "domain the domain name you applied for", and the second line is the name server, which is in the format of "nameserver IP address". If IP is 127.0.0.1, it means that the machine is the DNS server. This segment can be the primary domain name server, backup domain name server or buffer name server of DNS, but no more than 3 servers can be used when writing.

2. Modify / etc/nsswitch.conf, which means that the client can use the DNS service, which records the search order of the host name and other information.

The SUN client uses files as the server name resolution by default, and in order to use the DNS name resolution server, you must specify the use of the DNS service in / etc/nsswitch.conf.

# vi / etc/nsswitch.conf

-

...

Group: files

Hosts: files dns

Ipnodes: files

...

-

As in the example above, you only need to add the dns item to the hosts item.

3. Query the DNS server with nslookup, verify the settings of the client, and download the DNS database.

When started, nslookup targets the local server by default. The name and address of the target server are included in the response. > is the prompt, which means that you can start sending name service queries or configurations.

# nslookup

>.

> exit

4. Introduction of some tools related to BIND

Dig queries the DNS server.

Host is a DNS lookup tool.

Rndc controls the operation of BIND.

Rndc-confgen generates rndc.conf files

Named-checkconf checks the syntax of the named.conf file.

Named-checkzone checks the legality of the area file.

Lwresd is a cached name server for local processes.

Named is the name server daemon.

Dnssec-signzone generates a zone file with a signature.

Dnssec-signkey generates a signature for the zone file key set.

Dnssec-keygen is the DNS key generator.

Dnssec-makekeyset creates a key set using one or more keys generated by dnssec-keygen.

Nsupdate is used to submit DNS update requests.

Thank you for reading this article carefully. I hope the article "how to install and configure DNS with Bind under Solaris" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 238

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report