测试环境:
主:192.168.79.130
从:192.168.79.128、
域名:linux.com
一、编译安装
这里采用编译安装,相比rpm方式安装效果更能了解其工作机制。
(下载源文件包)
#tar -zxvf bind-9.9.3.tar.gz (解压)
# cd bind-9.9.3 (进入解压出来的目录)
# ./configure –prefix=/usr/local/named –enable-threads –with-dlz-mysql
(进行编译,–perfix选项指定安装目录,–enable-threads选项用来打开线程支持以提高服务器性 能,–with-dlz-mysql选项用来启用区域的动态加载,适合大型的dns服务器系统,其他编译选项可输入./configure –help查看)
checking for MySQL DLZ driver… not found
configure: error: MySQL was not found in any of /usr /usr/local /usr/local/mysql /usr/pkg; use –with-dlz-mysql=/path
(系统中没有找到mysql开发头文件,CentOS下mysql开发头文件名称是mysql-devel,可以使用yum -y install mysql-devel命令安装)
# ./configure –prefix=/usr/local/named –enable-threads
#make && make install (编译完后进行安装,这个过程比较长,耐心等待下!)
# ls /usr/local/named/ (查看安装完后的目录)
bin etc include lib man sbin var首先生成一个控制key,用于主从同步数据加密的key。
#/usr/local/named/sbin/rndc-confgen -a -c linux.key -k linux
并也把生成的/ linux.key传到主从服务器。
进入/usr/local/named/etc,将rndc.conf及named.conf生成
#/usr/local/named/sbin/rndc-confgen >/usr/local/named/etc/rndc.conf
(使用rndc-confgen命令生成rndc.conf文件,rndc主要用来通过网络控制bind9服务器,在能够控制一台bind服务器前,必须要建立双方的认证机制。)
# cat etc/rndc.conf
# Start of rndc.conf
key ”rndc-key” {
algorithm hmac-md5;
secret ”uLNAkFRNnTEChIurTi6bow==”;
};
options {
default-key ”rndc-key”;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key ”rndc-key” {
# algorithm hmac-md5;
# secret ”uLNAkFRNnTEChIurTi6bow==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { ”rndc-key”; };
# };
# End of named.conf
# tail -10 rndc.conf |head -9
# key ”rndc-key” {
# algorithm hmac-md5;
# secret ”uLNAkFRNnTEChIurTi6bow==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { ”rndc-key”; };
# };
把rndc.conf 中的key信息输出到 named.conf 中
#cd etc/
这里强调一下,rndc.conf与named.conf的key值必须完全一样,而且并不需要生
成rndc.key
# tail -10 rndc.conf |head -9 > name.conf (将rndc.conf的倒数第10行到倒数2行的文件重定向到name.conf )
去除这9行前面的#号
# cat name.conf
key ”rndc-key” {
algorithm hmac-md5;
secret ”uLNAkFRNnTEChIurTi6bow==”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { ”rndc-key”; };
};
二、配置主服务器
修改主Bind配置文件,加载zhir.key
#vim named.conf
#acl ”linux_acl” {192.168.1,10;192.168.2.10;}; #用acl做访问控制
options {
directory ”/usr/local/named/var/named”;
version ”0.0.0″;
datasize 40M;
pid-file ”/var/run/named.pid”;
listen-on port 53 {any;};
dump-file ”/usr/local/bind/var/data/cache_dump.db”;
statistics-file ”/usr/local/bind/var/data/bind_stats.txt”;
auth-nxdomain no;
notify yes;
also-notify { 192.168.79.128; };
transfer-format many-answers;
interface-interval 0;
allow-query { any; };
};
logging {
channel warning {
file ”dns_warnings” versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file ”dns_logs” versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
include ”/usr/local/named/etc/linux.key”;
#可以指定 “linux”值
#key ”linux” {
# algorithm hmac-md5;
# secret ”/3+UyJBAAS8WDus4DudqzQ==”;
#};
view ”view_linux” {
match-clients { any; };
#match-clients { linux_acl; };
server 192.168.79.128 {keys linux;}; #从库加密认证
zone ”.” IN {
type hint;
file ”named.ca”;
};
zone ”localhost” IN {
type master;
file ”localhost.zone”;
};
zone ”linux.com” IN {
type master;
file ”linux.zone”;
allow-transfer { key linux; }; #加密传输
};
};
key ”rndc-key” {
algorithm hmac-md5;
secret ”uLNAkFRNnTEChIurTi6bow==”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { ”rndc-key”; };
};
创建/usr/local/named/var/named文件夹
#mkdir /usr/local/named/var/named
#cd /usr/local/named/var/named
#vim localhost.zone
写入如下内容
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
将跟服务器的信息导入到/usr/local/named/var/named/named.ca文件中
#dig -t NS .>/usr/local/named/var/named/named.ca
创建文件named.local
#vim named.local
$TTL 60
@ IN SOA localhost. root.localhost. (
2013062100 ; Serial
60 ; Refresh
60 ; Retry
60 ; Expire
60 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
创建 linux.zone
#vim linux.zone
$TTL 60
@ IN SOA linux.com. root.linux.com. (
2013062106 ; serial (d. adams)
60 ; refresh
60 ; retry
60 ; expiry
60 ) ; minimum
IN NS dns.swm.com.
IN MX 5 mail
www IN A 192.168.79.130
it IN A 192.168.79.128
blog IN A 192.168.79.129
my IN A 192.168.33.33
m IN A 192.168.33.30
下面就可以启动bind来测试是否安装成功了
/usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &
加-gc参数,可以显示出启动日志,以便排错
如果运行结果最后一行显示
Running
表明安装并启动成功。
测试rndc命令 /usr/local/named/sbin/rndc status
正确的话应该有状态提示
我一般是直接编辑vim /root/.bashrc加进一个
alias rndc9=’/usr/local/named/sbin/rndc’
把named 添加到启动项,随操作系统一起启动。
# cd /etc/rc.d
# vim rc.local
在最后添加以下内容
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf &
三、配置从服务器
从的bind配置基本上一样,只是在试图中设置slave状态和主服务器同步信息
#vim named.conf
#acl ”linux_acl” {192.168.1,10;192.168.2.10;}; #用acl做访问控制
options {
directory ”/usr/local/named/var/named”;
version ”0.0.0″;
datasize 40M;
pid-file ”/var/run/named.pid”;
listen-on port 53 {any;};
dump-file ”/usr/local/bind/var/data/cache_dump.db”;
statistics-file ”/usr/local/bind/var/data/bind_stats.txt”;
auth-nxdomain no;
transfer-format many-answers;
interface-interval 0;
allow-query { any; };
};
logging {
channel warning {
file ”dns_warnings” versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file ”dns_logs” versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
#key ”linux” {
# algorithm hmac-md5;
# secret ”/3+UyJBAAS8WDus4DudqzQ==”;
#};
include ”/usr/local/named/etc/linux.key”;
view ”view_linux” {
match-clients { any; };
#match-clients { linux_acl; };
server 192.168.79.130 {keys linux;};
zone ”.” IN {
type hint;
file ”named.ca”;
};
zone ”localhost” IN {
type master;
file ”localhost.zone”;
};
zone ”linux.com” IN {
type slave;
file ”linux.zone”;
masters { 192.168.79.130; };
};
};
key ”rndc-key” {
algorithm hmac-md5;
secret ”shYDeMYIp3SjAzcncOGHcw==”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { ”rndc-key”; };
};
注意:
如果需要允许外部对此dns进行查询,还需要named.conf里面options添加一条
allow-query { any; };
具体样式是
options {
allow-query { any; };
directory ”/usr/local/named/var/named”;
};
查看当前活动的TCP端口
# netstat -ntpl | grep named
tcp 0 0 192.168.79.130:53 0.0.0.0:* LISTEN 26610/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 26610/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 26610/named
从库会同步数据到/usr/local/named/var/named目录生成linux.com(打开发现为乱码,估计和加密有关系)
四、主从同步测试
从库状态:
注:以上图片上传到红联Linux系统教程频道中。
# nslookup (进行解析测试,测试机需要将dns改为192.168.79.130)
> www.linux.com
Server: 192.168.79.130
Address: 192.168.79.130#53
Name: www.linux.com
Address: 192.168.79.130
> m.linux.com
Server: 192.168.79.130
Address: 192.168.79.130#53
Name: m.linux.com
Address: 192.168.33.30