编译安装

1、环境准备

# yum groupinstall "Development Tools"

2、下载及解压

# wget -q ftp://172.16.0.1/pub/Sources/sources/bind/bind-9.9.5.tar.gz
# tar -xf bind-9.9.5.tar.gz

3、检查并准备编译环境

# cd bind-9.9.5
# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot
#             程序安装路径                  配置文件路径             开启多线程          多路复用IO      不使用chroot
checking for OpenSSL library... configure: error: OpenSSL was not found in any of /usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw; use --with-openssl=/path
If you don't want OpenSSL, use --without-openssl
# 缺少openssl 库,一般来讲编译环境缺少的都会是开发包,安装openssl开发包
# yum -y install openssl-devel
...
Complete! # openssl-devel安装完成
# 重新检查编译环境
# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot

4、编译

# make

5、安装

# make install

6、编辑配置文件

# vim /etc/named/named.con
# 写入下面的内容
options {
        directory "/var/named";
        pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-transfer { none; };
};

7、编辑数据文件

# mkdir /var/named
# dig -t NS . @172.16.0.1 > /var/named/named.ca
# vim /var/named/named.localhost
# 写入下面内容
$TTL 86400
@ IN SOA localhost. admin.localhost. (
                20140317
                2H
                10M
                7D
                1D
                )
       IN   NS  localhost.
localhost. IN A 127.0.0.1
                                                                                                                                                                                                                                                                                                                           
# vim /var/named/named.loopback
# 写入下面的内容
$TTL 86400
@ IN SOA localhost. admin.localhost. (
                20140317
                2H
                10M
                7D
                1D
                )
        IN   NS    localhost.
1       IN   PTR   localhost.

8、设置运行环境

# groupadd -g 53 -r named
# useradd -g named -r named
# chown root:named /etc/named/named.conf  /var/named/*
# chmod 640 /etc/named/named.conf /var/named/*

9、导出环境变量

# PATH环境变量
# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh
# source /etc/profile.d/named.sh
# 头文件
# ln -sv /usr/local/bind9/include  /usr/include/named
# 库文件
# vim /etc/ld.so.d/named.conf
    /usr/local/bind9/lib64
# man文档
# man -M /usr/local/bind9/share/man named
# 或者
# vim /etc/man.config
    MANPATH /usr/local/bind9/share/man

10、试启动

# named -u named
# 以named用户运行程序
# 查看监听端口
# ss -tnul
# 查看日志
# tail /var/log/messages

11、配置rndc(远程管理工具,很显然需要密钥)。

# 生成密钥
# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
# 改变密钥文件属性
# chown root:named /etc/named/rndc.conf
# chmod 640 /etc/named/rndc.conf # 其他用户没有任何权限

12、打开rndc.conf按要求操作。

# vim /etc/named/rndc.conf

wKiom1Mo64qCwth0AALgMSDeufs856.jpg

# vim /etc/named.conf

wKioL1Mo7B_w-mbUAAGzsrp--78700.jpg

13、重启服务,并测试rndc(本地测试)

# killall named
# named -u named
# rndc status
version: 9.9.5 <id:f9b8a50e>
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 100
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

14、编辑服务配置脚本。

# vim /etc/init.d/named
# 写入脚本
#!/bin/bash
# description: daemon named
# chkconfig: 345 20 50
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
        if [ -e $lockFile ]; then
                echo "named is already running..."
        else
                echo -n "Starting named:"
                daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
                RETVAL=$?
                if [ $RETVAL -eq 0 ]; then
                        touch $lockFile
                        success
                else
                        rm -f $lockFile $pidFile
                        failure
                fi
                echo
        fi
}
stop() {
        if [ ! -e $lockFile ]; then
                echo "named is stopped."
        else
                echo -n "Stopping named:"
                killproc named
                RETVAL=$?
                if [ $RETVAL -eq 0 ];then
                        rm -f $lockFile $pidFile
                        success
                else
                        echo "Cannot stop named."
                        failure
                fi
                echo
        fi
}
restart() {
        stop
        sleep 2
        start
}
reload() {
        echo -n "Reloading named: "
        killproc named -HUP
        echo
}
status() {
        if pidof named &> /dev/null; then
                echo -n "named is running..."
        else
                echo -n "named is stopped..."
        fi
        echo
}
usage() {
        echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
        start ;;
stop)
        stop ;;
restart)
        restart ;;
status)
        status ;;
reload)
        reload ;;
*)
        usage
            ;;
esac

15、将脚本添加到服务中去并启动。

# chmod +x /etc/init.d/named # 给脚本增加执行权限
# chkconfig --add /etc/init.d/named
# chkconfig --list named
named           0:off   1:off   2:off   3:on    4:on    5:on    6:off
# service named start
Starting named:                                            [  OK  ]
# ss -tnul | grep ":53"

压力测试