Bind 9 DNS服务器的安装配置记录

作者：白东(Albert Ding)

由于更换服务器，因此更换了bind 8为bind 9的版本。

Bind 官方网站地址是：http://www.isc.org/

安装版本为：9.3.0，下载地址是：ftp://ftp.isc.org/isc/bind9/9.3.0/bind-9.3.0.tar.gz

1. 解压： ( tar xvfz bind-9.3.0.tar.gz )
2. Bind 配置： ( ./configure --sbindir=/usr/sbin --sysconfdir=/etc --libdir=/var/lib --datadir=/usr/share/bind --localstatedir=/var --mandir=/usr/man --with-openssl=no)
   安装后一些相关文件的位置是：
   1. named.conf ( /etc/named.conf )
   2. rndc.key ( /etc/rndc.key )
   3. rndc-access.conf (/etc/named.d/rndc-access.conf )
   4. named ( /usr/sbin/named )
   5. named-checkconf ( /usr/sbin/named-checkconf )
   6. named-checkzone ( /usr/sbin/named-checkzone )
   7. zone files ( /var/lib/named/ )
   8. createNamedConfInclude ( /usr/share/bind/createNamedConfInclude )
   9. ldapdump ( /usr/share/bind/ldapdump )
   10. named.pid ( /var/lib/named/var/run/named.pid 这个文件本来想设定在 /var/run/named.pid 后来没弄了)
3. 编译和安装 ( make / make install )
4. 配置文件见附录。
5. 启动 named DNS Server ( /usr/sbin/named -c /etc/named.conf -t /var/lib/named )
6. 如果要调试启动（即启动时输出错误提示） ( /usr/sbin/named -gc /etc/named.conf -t /var/lib/named )
7. 编写一个启动脚本 ( /etc/init.d/named )
8. 测试
   1. rndc status
      系统显示：
      number of zones: 11 #注意这里的数字和你在named.conf中设定的数目是相等的
      debug level: 0
      xfers running: 0
      xfers deferred: 0
      soa queries in progress: 0
      query logging is OFF
      recursive clients: 0/1000
      tcp clients: 0/100
      server is up and running
   2. 使用 named-checkconf 和 named-checkzone 进行测试
   3. 使用nslookup测试 （下面的“...”为系统显示内容）
      $ nslookup - 127.0.0.1
      > set all
      ...
      > ns.demo.com. #名字服务器地址
      ...
      > set query=any
      > demo.com. #域名
      ...
      > set query=ptr
      > 10.0.0.1 #IP地址
      ...
      > set class=CHAOS
      > version.bind #bind 版本
      ...
   4. 如果以上都正确，那bind安装设置成功！

==============
|| 附录 ||
==============

named.conf
========

options {
directory "/var/lib/named";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on-v6 { any; };
notify no;
};

zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

zone "master.demo.zone" {
type master; // what used to be called "primary"
database "somedb -option1 -option2 arg1 arg2 arg3";
file "master.demo.zone";
check-names fail;
allow-update { none; };
allow-update-forwarding { 10.0.0.5; !any; };
allow-transfer { any; };
allow-query { any; };
sig-validity-interval 990;
notify explicit;
also-notify { 1.0.0.1; }; // don't notify any nameservers other
// than those on the NS list for this
// zone
forward first;
forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; };
};

zone "slave.demo.zone" {
type slave; // what used to be called "secondary"
file "slave.demo.zone";
ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file
masters {
1.2.3.4 port 10 key "foo"; // where to zone transfer from
5.6.7.8;
6.7.8.9 key "zippo";
};
transfer-source 10.0.0.53; // fixes multihoming problems
check-names warn;
allow-update { none; };
allow-transfer { any; };
allow-update-forwarding { any; };
allow-query { any; };
max-transfer-time-in 120; // if not set, global option is used.
max-transfer-time-out 1; // if not set, global option is used.
max-transfer-idle-in 2; // if not set, global option is used.
max-transfer-idle-out 3; // if not set, global option is used.
also-notify { 1.0.0.2; };
forward only;
forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; };
};

include "/etc/named.conf.include";

rndc-access.conf
============

include "/etc/rndc.key";

controls {
# Bind BIND's control channel to localhost and allow access from
# loopback addresses only.
# This control channel is used for the init script /etc/init.d/named,
# rcnamed while called with the option reload or status
inet 127.0.0.1 allow {
127.0.0.0/8;
} keys { rndc-key; };

# In the following example BIND's control channel in addition is bound
# to IP address 192.0.2.1 and access is granted to loopback addresses
# and the 192.0.2.0/24 network.

#inet 192.0.2.1 allow {
# 127.0.0.0/8;
# 192.0.2.0/24;
#} keys { rndc-key; };
};

rndc.key
=======

key "rndc-key" {
algorithm hmac-md5;
secret "/EtMpzgu4tiyK+Q8sGJIzsI2w73Q/MNfOmpcWluLIi1kC8Ae0s2ryZR0UloKmR2JSbmdjXtR0QohgL8i0BW0Ug==";
};

named (启动脚本)
=============

#!/bin/sh
#
#Description: named (BIND) is a Domain Name Server (DNS)
export PATH=/usr/sbin

case "$1" in
start)
echo -n "Starting named: "
named -c /etc/named.conf
echo "done"
;;
stop)
echo -n "Shutting down named: "
rndc stop
echo "done"
;;
status)
rndc status
exit $?
;;
restart)
echo -n "Reload named: "
rndc reload
echo "done"
;;
reload)
echo -n "Reload named: "
rndc reload
echo "done"
;;
*)
echo "Usage: named {start|stop|status|restart|reload}"
exit 1
esac

exit 0