linux DNS

linux   下安装 域名服务器
1: 下载bind-version.tar.gz
2: 解压 编译:
tar zxvf bind-version.tar.gz
cd bind-version
./configure
make&&make install

3: 创建chroot环境:
The chroot Environment   From BIND’s point of view ,/var/named is the root of the filesystem.
/dev/zero /dev/random /dev/log and/or /etc/localtime`

mkdir -p /var/named/chroot
添加用户:
# useradd named -g named -d /var/named/chroot -s /sbin/nologin
mkdir -p /var/named/chroot/var/run
mkdir -p /var/named/chroot/etc
mkdir -p /var/named/chroot/var/named
mkdir -p /var/named/chroot/var/run
chown -R named.named *

安装后的文件:
/usr/local/sbin/ 下有:
dnssec-keygen dnssec-signzone lwresd named named-checkconf named-checkzone rndc rndc-confgen
/usr/local/bin 下有:
host nsloookup nsupdate
/usr/local/man/ 下有manual手册
4: 配置文件:
cd /var/named/chroot/var/named
vi named.conf

options{
directory "/var/named"; //working directory
}
zone "." IN {
type hint;
file "named.ca";
}
zone "localhost" IN{
type master;
file "localhost.zone";
allow-update { none; };
}
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
}

本地正向解析文件:
vi localhost.zone

$TTL 86400
@ 1D IN SOA @ root(
42
3H
15M
1W
1D)
IN NS @
IN A  127.0.0.1

本地反向解析文件:
vi named.local

$TTL 86400
@ IN SOA lcoalhost. root.localhost. (
20061202 ;Serial
2800       ;Refresh
14400      ;Retry
3600000  ;Expire
864000 ) ;Minimum
IN NS  localhost.
1  IN PTR localhost.

创建根服务器的数据文件(最新的根域服务器列) named.ca
dig -t NS . >/var/named/chroot/var/named/named.ca

/usr/local/sbin/named -g 调试
最后的文件目录:
tree /var/named/chroot

/var/named/chroot
|-- dev
|     |-- random
|     `-- zero
|-- etc
|     |-- localtime
|     |-- named.conf
|     `-- rndc.key
`-- var
|-- named
|     |-- 59.81.183.rev
|     |-- localhost.zone
|     |-- named.ca
|     |-- named.local
|     `-- sunliguo.edu1000.net
`-- run
`-- named.pid

5 directories, 11 files

rndc
产生rndc控制文件
# rndc-confgen>/etc/rndc.conf
tail +13 /etc/rndc.conf >>/etc/named.conf
调试:
可以用-g参数,将调试信息显示在终端。
2009-05-25补充:
添加日志的分析,在配置文件中添加:

logging {
channel query_log{
        file "/var/log/query.log";
        severity info;
        print-time yes;
        print-category yes;
};
category queries {
        query_log;
};
};

将查询的日志添加到query.log文件中。注意文件的权限,启动named的时候,多看看/var/log/messages 文件中的提示。
2009-06-11:
今天重启named服务的时候,报错。说: /var/run/named.pid 没有权限。因为是用的chroot环境,仔细排除。给 /var/named/chroot/var/run 目录的其他用户加上 读写权限可以启动。
2009-07-03:
添加了sunliguo.com 的A 记录。

随机文章:

发表评论