Shulou(Shulou.com)06/01 Report--

Source code installation bind

1. Prepare the source code package:

Bind official website: http://www.isc.org/downloads/bind/

[root@dns1 ~] # ll-rw-r--r-- 1 root root 8356463 Dec 11 11:16 bind-9.10.1-P1.tar.gz

two。 The compilation environment is normal and the bind package for rpm is not installed.

[root@dns1] # yumgroupinstall Development tools [root@dns1 ~] # yumgroupinstall Server Platform Development [root@dns1 ~] # rpm-qa bind [root@dns1 ~] #

3. Compile and install the source package:

Decompress the source code:

[root@dns1 ~] # tar jxf bind-9.10.1-P1.tar.gz [root@dns1 ~] # cd bind-9.10.1-P1 [root@dns1bind-9.10.1-P1] #

You can get help from this:

[root@dns1bind-9.10.1-P1] #. / configure-- help | less

Compilation: set installation path, program configuration file path, disable Ipv6, disable chroot, allow multithreading

[root@dns1bind-9.10.1-P1] # / configure-- prefix=/usr/local/bind-- sysconfdir=/etc/named/-- disable-ipv6-- disable-chroot-- enable-threads

I have a compilation error here, relying on the package of openssl-devel:

[root@dns1bind-9.10.1-P1] # yum install openssl-devel

Recompile:

[root@dns1bind-9.10.1-P1] # / configure-- prefix=/usr/local/bind-- sysconfdir=/etc/named/-- disable-ipv6-- disable-chroot-- enable-threads

Installer:

[root@dns1bind-9.10.1-P1] # make & & make install

4. Try to join the system user named to manage bind

[root@dns1] # groupadd-r-g 53 named [root@dns1] # useradd-r-g named-u 53 named

5. The following steps are to be taken:

Export the program path to PATH

Export help file

Export library files and header files:

If the developer doesn't use the libraries, you don't have to export.

[root@dns1 ~] # ls / usr/local/bind/sbin/arpaname dnssec-revoke lwresd named-rrcheckerddns-confgen dnssec-settime named nsec3hashdnssec-dsfromkey dnssec-signzone named-checkconf rndcdnssec-importkey dnssec-verify named-checkzone rndc-confgendnssec-keyfromlabel genrandom named-compilezone tsig-keygendnssec-keygen isc-hmac-fixup named-journalprint [root@dns1 ~] # ls / usr/local/bind/bin/bind9-config delv dig host isc-config.sh nslookup nsupdate [root@dns1 ~] # vim .bash _ profilePATH=$PATH:$HOME/bin:/usr/local/bind/bin:/usr/local/bind/ Sabin [root @ dns1 ~] # source .ba sh_profile

6. Source installation does not have any configuration files and service scripts!

# ls/etc/named/ main configuration file # ls/var/named/ zone resolution library file # ls/etc/rc.d/init.d startup script

We write our own configuration files and service scripts!

[root@dns1 ~] # mkdir / var/named [root@dns1 ~] # cd / var/named

Access an accessible DNS to get the root zone file:

[root@dns1named] # dig-t NS. @ 172.16.0.1 > / var/named/named.ca [root@dns1named] # lsnamed.ca

Edit the local parse library file:

[root@dns1 named] # vim named.localhost$TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1

[root@dns1 named] # vi named.loopback$TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1 PTR localhost.

Permission settings and settings belong to the group named:

[root@dns1 named] # chmod 640 * [root@dns1 named] # chown: named * [root@dns1 named] # lltotal 12 RWMAY r-1 root named 2100 Dec 11 11 root@dns1 named 56named.CaMurray RWMI r-1 root named 374 Dec 11 11:57 named.localhost-rw-r- 1 root named 401 Dec 11 11:58 named.loopback

Provide the main configuration file: named.conf

Set up the rndc key profile first:

[root@dns1 named] # rndc-confgen-r / dev/urandom > / etc/named/rndc.conf

The rndc key file needs to be configured in the named.conf file:

[root@dns1 named] # cat / etc/named/named.conf options {directory "/ var/named";}; zone ". IN {type hint; file "named.ca";}; zone "localhost" IN {type master; file "named.localhost"; allow-update {none;};}; zone "0.0.127.in-addr.arpa" IN {type master; file "named.loopback"; allow-update {none;};} # Use with the following in named.conf,adjusting the allow list as needed: key "rndc-key" {algorithm hmac-md5; secret "4a8 rndc-key AsRRQ5OH5a0oRaBeAgenda =";}; # controls {inet 127.0.0.1 port 953 allow {127.0.0.1;} keys {"rndc-key";}; # End of named.conf

Set the permissions and groups of the file:

[root@dns1 named] # chmod 640 / etc/named/* [root@dns1 named] # chown: named/ etc/named/* [root@dns1 named] # ll / etc/named/total 12Murray RWDec r-1 root named 2389 Dec 11 Val 29bind.Keys RWMI r-1 root named 545 Dec 11 12:09 named.conf-rw-r- 1 root named 479 Dec 11 12:01 rndc.conf

7. We can actually start the named service at this point!

But it's a little complicated, just say some orders!

View help files

# ls / usr/local/bind9/share/man#man-M / usr/local/bind9/share/man named

The front desk starts and the log is recorded at the front desk.

[root@dns1 named] # named-u named-g

Make it run in the background:

[root@dns1 named] # named-u named

View startup status:

[root@dns1 named] # ss-tunl | grep: 53udp UNCONN 00 172.16.31.100 53udp UNCONN 53 *: * udp UNCONN 00 127.0.0.1 tunl 53 *: * tcp LISTEN 0 10 172.16.31.100 tunl 53 *: * Tcp LISTEN 0 10 127.0.0.1 root@dns1 named 53 *: * tcp LISTEN 0128: 53887:: * [root@dns1 named] # ps aux | grep namednamed 18870 0.01.1 13 × × × 11848? Ssl 12:23 0:00 named-u namedroot 18883 0.0 103252 824 pts/1 S + 12:24 0:00 grep named

Shut down the named service:

[root@dns1 named] # killall named [root@dns1 named] # ps aux | grep namedroot 18887 0.0 103252 824 pts/1 S+ 12:24 0:00 grep named

8. Let's now implement the join area:

[root@dns1 named] # vim / etc/named/named.confzone "oracle.com" IN {type master; file "oracle.com.zone";}

Set the region forward region resolution library file:

[root@dns1 named] # vim / var/named/oracle.com.zone$ORIGIN oracle.com.@ IN SOA ns.oracle.com. Root.oracle.com. (2014121101; serial 1D; refresh 5m; retry 1W; expiry 1H); minimum@ IN NS ns.oracle.com. IN MX 5 mail.oracle.com.ns IN A 172.16.31.100www IN A 172.16.31.100www IN A 172.16.31.101mail IN A 172.16.31.100pop3 IN CNAME mailiamp4 IN CNAME mail

Set permissions and belong to groups:

[root@dns1 named] # chmod 640 oracle.com.zone [root@dns1 named] # chown: named oracle.com.zone

Start the named service:

[root@dns1 named] # named-u named

View the log:

[root@dns1 named] # tail / var/log/messages Dec 11 12:33:41 dns1 named [18945]: automaticempty zone: 8.B.D.0.1.0.0.2.IP6.ARPADec 11 12:33:41 dns1 named [18945]: commandchannel listening on 127.0.0.1#953Dec 11 12:33:41 dns1 named [18945]: the workingdirectory is not writableDec 11 12:33:41 dns1 named [18945]: managed-keys-zone: loaded serial 0Dec 11 12:33:41 dns1 named [ 18945]: zonelocalhost/IN: loaded serial 0Dec 11 12:33:41 dns1 named [18945]: oracle.com.zone:2: no TTL specified Using SOA MINTTL insteadDec 11 12:33:41 dns1 named [18945]: zoneoracle.com/IN: loaded serial 2014121101Dec 11 12:33:41 dns1 named [18945]: zone0.0.127.in-addr.arpa/IN: loaded serial 0Dec 11 12:33:41 dns1 named [18945]: all zonesloadedDec 11 12:33:41 dns1 named [18945]: running

You can query:

[root@dns1 named] # dig-t A www.oracle.com@172.16.31.100; DiG9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6-t A www.oracle.com@172.16.31.100;; global options: + cmd;; Got answer:;;-> > HEADER

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.