In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly introduces how to install and configure DNS with Bind under Solaris, which has a certain reference value, and interested friends can refer to it. I hope you can learn a lot after reading this article.
I. Foundation of DNS
DNS:Domain Name System, domain name resolution server, its role in the Internet is to convert domain names into ip addresses that can be recognized by the network.
BIND:Berkeley Internet Name Domain is the most frequently used implementation of the DNS protocol in unix.
For example, blog.sina.com.cn,blog is a level-4 domain name, sina is a level-3 domain name, com is a secondary domain name, and cn is a top-level domain name. A complete domain name can be up to 256 characters, and each level of domain name can be up to 63 characters.
DNS uses the in.named process. If / etc/named.conf exists, the system starts the in.named process and reads the / etc/named.conf file. In.named is actually a link to / usr/sbin/named.
Name-to-address lookup is called forward mapping; address-to-name lookup is called reverse mapping.
II. Installation and configuration of DNS server
The following are all for root user operations on the Solaris platform. No matter which distribution you use, the setting of unix,DNS has little to do with unix.
1. Install BIND. The current Release version is bind-9.4.2.tar.gz.
In order to facilitate the use of other operating systems, we still install it from the source code package. First, from the ISC company's home page (http://www.isc.org/index.pl?/sw/bind/index.php) under the software package.
Decompress:
# pwd
/ opt/wacos/encle
# gunzip bind-9.4.2.tar.gz
# tar-xvf bind-9.4.2.tar
The configuration is compiled and installed. BIND is normally installed in the / usr/local directory, but you can adjust the parameter setting of-- prefix. In this case, IPv6 is not used, and the startup file will eventually be installed in / usr/local/sbin:
# cd bind-9.4.2
#. / configure-prefix=/usr/local-sysconfdir=/etc-disable-ipv6
# make
# make install
Installation will take a long time. After installation, take a look at the current version:
# / usr/local/sbin/named-v
At this point, the Bind installation is complete.
2. Generate RNDC (used to control DNS server, Bind9 has) configuration file / etc/rndc.conf
Bind9 stipulates that if you want to use rndc to control dns, you must verify the file rndc.conf and the secret lock. The contents of the rndc.conf file, which can be generated with the rndc-confgen command.
# / usr/local/sbin/rndc-confgen > / etc/rndc.conf
If there is no random generator on the machine, in this case the system should let you enter some unrelated letters to replace the / dev/random function.
-
You must use the keyboard to create entropy, since your system is lacking
/ dev/random (or equivalent)
Start typing:
..
..
..
..
..
..
..
..
Stop typing.
# Start of rndc.conf
...
# End of named.conf
-
The generated rndc.conf is roughly as follows:
# cat / etc/rndc.conf
-
# Start of rndc.conf
Key "rndc-key" {
Algorithm hmac-md5
Secret "ZdAFUwS0QMr95427P7Xq+w=="
}
Options {
Default-key "rndc-key"
Default-server 127.0.0.1
Default-port 953
}
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5
# secret "ZdAFUwS0QMr95427P7Xq+w=="
#}
#
# controls {
# inet 127.0.0.1 port 953
# allow {127.0.0.1;} keys {"rndc-key";}
#}
# End of named.conf
#
-
When configuring / etc/named.conf later, copy everything under the line "# Use with the following in named.conf, adjusting the allow list as needed:" to the named.conf file.
3. Configure the boot file / etc/named.conf of the DNS server
The named.conf file contains:
Indicates the location of the file containing the root server
Establish a primary server, a secondary server, and a cache-only server
Indicate the authoritative area of the server
Indicate the location of the server's data file
Apply security options to a specific area
Define log specification
Options can be applied to a set of areas.
Named.conf authoring specification:
The statement ends with a; sign
Each statement may also include a statement enclosed by {}
Multi-line comment is / * /; single-line comment # or / start.
A statement can define:
Acl: define a named IP address matching list
Options: controls global server configuration options
Zone: defining area
First create the zone file directory / etc/named:
# mkdir / etc/named
Example of configuring named.conf:
# vi / etc/named.conf
-
Options {
/ / define the area file directory, indicating that the files in the following configurations are in this directory by default
Directory "/ etc/named"
}
/ / specify the configuration file / etc/named/named.root of the root DNS server, which can be downloaded from the network
Zone "." In {
Type hint
File "named.root"
}
/ / specify forward resolution profile / etc/named/encle.zone
Zone "encle.com" in {
Type master
File "encle.zone"
}
/ / specify reverse parsing configuration file / etc/named/encle.rzone, "111.19.172." Here, it depends on the distribution of network IP, and it is the first three segments of reverse IP.
Zone "111.19.172.in-addr.arpa" in {
Type master
File "encle.rzone"
}
/ / specify loopback reverse resolution profile / etc/named/named.local
Zone "0.0.127.in-addr.arpa" in {
Type master
File "named.local"
}
/ / copy the Key and Controls segments of / etc/rndc.conf generated above to here.
Key "rndc-key" {
Algorithm hmac-md5
Secret "ZdAFUwS0QMr95427P7Xq+w=="
}
Controls {
Inet 127.0.0.1 port 953
Allow {127.0.0.1;} keys {"rndc-key";}
}
-
4. Configure the area file
Most entries in the zone data file are called DNS resource records (resource record).
The order of resource records in the data file is as follows:
SOA record
Indicate the authority of the district
NS record
A name server in the area
Other records
Data about hosts in this area
A name to address mapping
PTR address to name mapping
CNAME alias
Note:
Use the semicolon (;) to end at the end of the line.
Set the default TTL value for the zone:
The name server provides this TTL value in the query response, allowing other servers to store the data in the cache for the time specified by TTL.
The units allowed are: W = week d = days h = hours m = minutes s = seconds
Resource record format:
[name] [ttl] [class] [type] [data]
Name: domain name
Ttl: cache lifetime, usually 86400 (1 day), which can also be expressed as 1D
Class: network category. Usually IN stands for Internet.
Type: the resource record type of the domain name
Data: data, such as hostname, ip, email address, etc.
Description of resource record types:
; the beginning of the comment
$TTL:Time To Live, cache lifetime
SOA:Start of Authority, marking the server of the main city, contact information, etc.
NS:Name Server, name server
A:Address, which specifies the IP of a host
PTR:Pointer, which specifies the hostname of an IP, which is used for reverse resolution (that is, resolving IP to hostname)
CNAME:Canonical Name, host alias (for example, www can replace a host name)
AAAA:quad-A, which specifies the IPv6 address of a host
A) / etc/named/named.root
This file is used when you are connected to internet.
The latest version of the file is available from http://www.internic.net/zones/named.root.
C) / etc/named/encle.zone
# vi / etc/named/encle.zone
-
; This file resolves hostnames to IP addresses in the encle.com. Domain.
$ORIGIN encle.com.
$TTL 1d
Encle.com. IN SOA dns.encle.com. Wangnc.gmail.com. (
20080201; serial number
1h; refresh
15m; retry
1W; expire
1D); ttl
Encle.com. IN NS dns.encle.com.
Dns IN A 172.19.111.37
Www IN A 172.19.111.40
Test IN A 172.19.111.42
-
C) / etc/named/encle.rzone
# vi / etc/named/encle.rzone
-
; This file resolves IP addresses to hostnames in the encle.com. Domain.
$ORIGIN 1.168.192.IN-ADDR.ARPA.
$TTL 1d
111.19.172.IN-ADDR.ARPA. IN SOA dns.encle.com. Wangnc.gmail.com. (
20080201; serial number
3h; refresh
1h; retry
1W; expire
1D); ttl
111.19.172.IN-ADDR.ARPA. IN NS dns.encle.com.
37 IN PTR dns.encle.com.
40 IN PTR www.encle.com.
42 IN PTR test.encle.com.
-
D) / etc/named/named.local
# vi / etc/named/named.local
-
$ORIGIN 0.0.127.IN-ADDR.ARPA.
$TTL 1d
0.0.127.IN-ADDR.ARPA. IN SOA dns.encle.com. Wangnc.gmail.com. (
20080201; version number
3h; refresh
1h; retry
1W; expire
1D); ttl
0.0.127.IN-ADDR.ARPA. IN NS dns.encle.com.
1 IN PTR localhost.encle.com.
-
5. Check the configuration file
# / usr/local/sbin/named-checkconf / etc/named.conf
# / usr/local/sbin/named-checkzone encle.com / etc/named/encle.zone
6. Start the in.named service process on the main DNS server
# / usr/local/sbin/named or # / usr/local/sbin/named-c / etc/named.conf (for cases where named.conf is not placed under the default location / etc)
View the processes that are open:
# ps-ef | grep named | grep-v grep
Test whether rndc is successful:
# / usr/local/sbin/rndc status
Number of zones: 14
Debug level: 0
Xfers running: 0
Xfers deferred: 0
Soa queries in progress: 0
Query logging is OFF
Recursive clients: 0/0/1000
Tcp clients: 0/100
Server is up and running
Indicates that rndc has successfully controlled Bind9. If the above information is not displayed, please check that your / usr/local/etc/named.conf file is configured with key in / usr/local/etc/rndc.conf.
Check to see if there is an error log message:
# tail-f / var/adm/messages
Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.notice] starting BIND 9.4.2
Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.error] binding TCP socket: address in use
Jan 30 14:26:54 fsdb37 last message repeated 1 time
Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.notice] command channel listening on 127.0.0.1#953
Jan 30 14:26:54 fsdb37 named [15667]: [ID 873579 daemon.notice] running
Note:
Bind is pre-installed in the solaris8&9 version, the directory is / usr/sbin, the program is in.named, and there is also its own nslookup and other programs. You can see its version:
# / usr/sbin/in.named-v
In.named BIND 8.2.4 Fri May 19 04:41:53 PDT 2006
Generic Patch-5.8-May 2006
And there is a startup definition of in.named in / etc/rc2.d/S72inetsvc: only the named.conf file under / etc will start in.named when the system starts.
-
...
If [- f / usr/sbin/in.named-a-f / etc/named.conf]; then
Echo 'starting internet domain name server.'
/ usr/sbin/in.named &
Fi
...
-
When we install our own bind, we often (by default) put the named.conf file under / etc! This causes us to configure our bind, as soon as we start the server,solaris preinstalled bind, we will report an error when we start our bind: Port 53 is already occupied. The solution is to modify / etc/rc2.d/S72inetsvc to comment out all the relevant in.named and add our named. In this way, our dns will run automatically when the system starts up.
In addition, the system comes with a nslookup under / usr/sbin/, and the nslookup after installing Bind9 is under / usr/local/bin. This way, we have two nslookup in the system. Among the PATH variables in the environment variables, / usr/sbin is generally at the top of the rankings, definitely before / usr/local/bin. This causes us to run the old version of nslookup when we type nslookup. In this way, we may get the wrong message. The solution is to overwrite the old file with the new nslookup, or adjust the environment variables to put / usr/local/bin first.
III. Configuration of DNS client
1. Create a / etc/resolv.conf file to record the address and domain name of the DNS server.
The resolv.conf file for an example is as follows:
# vi / etc/resolv.conf
-
Domain encle.com # default domain
Nameserver 172.19.111.37 # DNS server ip
-
The first line is "domain the domain name you applied for", and the second line is the name server, which is in the format of "nameserver IP address". If IP is 127.0.0.1, it means that the machine is the DNS server. This segment can be the primary domain name server, backup domain name server or buffer name server of DNS, but no more than 3 servers can be used when writing.
2. Modify / etc/nsswitch.conf, which means that the client can use the DNS service, which records the search order of the host name and other information.
The SUN client uses files as the server name resolution by default, and in order to use the DNS name resolution server, you must specify the use of the DNS service in / etc/nsswitch.conf.
# vi / etc/nsswitch.conf
-
...
Group: files
Hosts: files dns
Ipnodes: files
...
-
As in the example above, you only need to add the dns item to the hosts item.
3. Query the DNS server with nslookup, verify the settings of the client, and download the DNS database.
When started, nslookup targets the local server by default. The name and address of the target server are included in the response. > is the prompt, which means that you can start sending name service queries or configurations.
# nslookup
>.
> exit
4. Introduction of some tools related to BIND
Dig queries the DNS server.
Host is a DNS lookup tool.
Rndc controls the operation of BIND.
Rndc-confgen generates rndc.conf files
Named-checkconf checks the syntax of the named.conf file.
Named-checkzone checks the legality of the area file.
Lwresd is a cached name server for local processes.
Named is the name server daemon.
Dnssec-signzone generates a zone file with a signature.
Dnssec-signkey generates a signature for the zone file key set.
Dnssec-keygen is the DNS key generator.
Dnssec-makekeyset creates a key set using one or more keys generated by dnssec-keygen.
Nsupdate is used to submit DNS update requests.
Thank you for reading this article carefully. I hope the article "how to install and configure DNS with Bind under Solaris" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 238
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.