OS: FreeBSD 10.0

Bind 9.9.6

1. 使用default安裝。

root@ns2:/usr/ports/# cd /usr/ports/dns/bind99  <<<99之後把named放在/usr/local/etc下,而不是/etc下了。要注意!
root@ns2:/usr/ports/dns/bind99# make install clean

....................

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/named

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
https://www.isc.org/software/bind
===>  Cleaning for libxml2-2.9.2_2
===>  Cleaning for idnkit-1.0_5
===>  Cleaning for gmake-4.1_1
===>  Cleaning for pkgconf-0.9.7
===>  Cleaning for gettext-tools-0.19.3
===>  Cleaning for gettext-runtime-0.19.3
===>  Cleaning for indexinfo-0.2.2
===>  Cleaning for expat-2.1.0_2
===>  Cleaning for bind99-9.9.6P1_3

root@ns2:/usr/ports/dns/bind99 # rehash
root@ns2:/usr/ports/dns/bind99 # /usr/local/sbin/named -v
BIND 9.9.6-P1 (Extended Support Version)
root@ns2:/usr/ports/dns/bind99 # ls -l /usr/local/sbin/named*
-r-xr-xr-x  2 root  wheel  2394700 Jun  7 17:40 /usr/local/sbin/named
-r-xr-xr-x  1 root  wheel  1841256 Jun  7 17:40 /usr/local/sbin/named-checkconf
-r-xr-xr-x  1 root  wheel  1763496 Jun  7 17:40 /usr/local/sbin/named-checkzone
lrwxr-xr-x  1 root  wheel       15 Jun  7 17:40 /usr/local/sbin/named-compilezone -> named-checkzone
-r-xr-xr-x  1 root  wheel  1746772 Jun  7 17:40 /usr/local/sbin/named-journalprint
 

2. 建立rndc.key:

root@ns2:/usr/ports/dns/bind99 #/usr/local/sbin/rndc-confgen > /usr/local/etc/namedb/rndc.conf   <<<建立rndc key。

將其中的rndc.conf中的key複製到rndc.key

root@ns2:/usr/local/etc/namedb # cat rndc.conf | more
# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "pYFb+pxTNZ1kQGD11DAmSg==";
};

................................

將key複製後貼到rndc.key中。


root@ns2:/usr/local/etc/namedb #vi rndc.key

key "rndc-key" {
        algorithm hmac-md5;
        secret "pYFb+pxTNZ1kQGD11DAmSg==";
};

存檔退出。

rndc.key, rndc.conf都要在/usr/local/etc/namedb/下。

 

3. 在/etc/rc.conf中將named的功能啟用。

root@ns2:/usr/ports/dns/bind99 # vi /etc/rc.conf
# -- DNS Settings -- #
named_enable="Yes"
named_flags="-c /usr/local/etc/namedb/named.conf"  <<<注意,路徑要對!
named_program="/usr/local/sbin/named"

 

4. 設定named.conf

root@ns2:/usr/ports/dns/bind99 # vi /usr/local/etc/namedb/named.conf

options {
        directory       "/usr/local/etc/namedb/working";  <<<注意,路徑要對!
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        version         "None of your business";
        empty-zones-enable no;
        allow-query { any; };

        allow-recursion { 127.0.0.1; 168.95.1.1; 168.95.192.1;
                        192.168.1.1/24; };

        forwarders {
                168.95.1.1;
                168.95.192.1;
        };
};


// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
{
        type master;
        file "localhost-v6.rev";   <<<這個檔案沒有,要自己建。
};

// RFC 1886 -- deprecated
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
        type master;
        file "localhost-v6.rev";
};


zone "." {
        type hint;
        file "named.root";
};


zone "ns2.com" {
        type master;
        file "db.ns2.com";
};


zone "1.168.192.in-addr.arpa" {
        type master;
        file "db.192.168.1";
};


5. 設定dns:

root@test:/etc/namedb/working # vi db.ns2.com <<<<<<這是正解檔。檔名和路徑要跟named.conf相同!
$TTL    259200
@       IN      SOA     ns2.ns2.com. postmaster.ns2.com. (
                        2014021301      ;Serial
                        10800           ;Refresh
                        900             ;Retry
                        1209600         ;Expire
                        3600 )          ;Minimum

; Name Server
                in ns           ns2.ns2.com.
                in a            192.168.1.1
                in ns           ns1.ns2.com.
                in a            192.168.1.2

; Mail Exchange
                  in mx   20      mail
@               in mx   10      ns2.ns2.com.

; Server Address
ns1             in a    192.168.1.1
mail            in a    192.168.1.1
ns2             in a    192.168.1.2
www          in a    192.168.1.2

root@ns2:/etc/namedb/working # vi db.192.168.1  <<<<<<這是反解檔。檔名和路徑要跟named.conf相同!
$TTL    259200
@       IN      SOA     ns2.ns2.com. postmaster.ns2.com. (
                        2014021301      ;Serial
                        10800           ;Refresh
                        900             ;Retry
                        1209600         ;Expire
                        3600 )          ;Minimum

; Name Server
        in ns   ns1.ns2.com.
        in ns   ns2.ns2.com.
        in ns   test.ns2.com.

; PTR
1     in ptr  ns1.ns2.com.
2     in ptr  www.ns2.com.
1     in ptr  mail.ns2.com.
2     in ptr  ns2.ns2.com.



root@test:/usr/local/etc/namedb/working # vi localhost-v6.rev
$TTL    3600

@       IN      SOA     ns2.ns2.com. root.ns2.ns2.com.  (
                                2014021701  ; Serial
                                3600    ; Refresh
                                900     ; Retry
                                3600000 ; Expire
                                3600 )  ; Minimum
        IN      NS      mail.ns2.com.
        IN      PTR     localhost.ns2.com.


root@test:/usr/local/etc/namedb # cp named.root working/    <<<將named.root複製到工作目錄下。

6. 檢查文法是否正確:

root@ns2:/etc/namedb # /usr/local/sbin/named-checkconf

如果這邊有顯示錯誤,DNS將無法正確啟動,要修改。

 

7. 啟動DNS:

root@ns2:/etc/rc.d # /usr/local/etc/rc.d/named start  <<<注意路徑。
/var/run/named
Starting named.

 

8. 更改解析檔:

root@ns2:/etc/rc.d # vi /etc/resolv.conf
nameserver 127.0.0.1  <<<自己解析自己。
nameserver 168.95.192.1
nameserver 168.95.1.1
domain sinomatrix.com

9. 檢查DNS解析是否正確。

root@ns2:/etc/rc.d # host ns2.com 
sinomatrix.com has address 192.168.1.1
sinomatrix.com has address 192.168.1.2
sinomatrix.com mail is handled by 10 mail.ns2.com.
sinomatrix.com mail is handled by 20 ns2.ns2.com.

↑如果這邊顯示正確,表示DNS啟動正常。

 

10. 工作目錄下至少有這些檔案:

root@ns2:/usr/local/etc/namedb # ls
dynamic                 named.conf.sample       rndc.key
master                  named.root              named.conf            
rndc.conf               slave            rndc.conf.sample        working

root@test:/usr/local/etc/namedb/working # ls
db.192.168.1           localhost-v6.rev
db.ns2.com       named.root

11. 檢查啟動後有無錯誤訊息:

root@tea:/etc # tail /var/log/messages
Jan 12 15:05:47 tea named[78687]: ----------------------------------------------------
Jan 12 15:05:47 tea named[78687]: BIND 9 is maintained by Internet Systems Consortium,
Jan 12 15:05:47 tea named[78687]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 12 15:05:47 tea named[78687]: corporation.  Support and training for BIND 9 are
Jan 12 15:05:47 tea named[78687]: available at https://www.isc.org/support
Jan 12 15:05:47 tea named[78687]: ----------------------------------------------------
Jan 12 15:05:47 tea named[78687]: command channel listening on 127.0.0.1#953
Jan 12 15:05:47 tea named[78687]: command channel listening on ::1#953
Jan 12 15:05:47 tea named[78687]: all zones loaded
Jan 12 15:05:47 tea named[78687]: running

 

 

, , ,

貓熊麗麗 發表在 痞客邦 PIXNET 留言(0) 人氣()