首页 小组 文章 搜索 用户
全部 linux Nginx Apache PHP DNS windows 其它 同步与备份 js 数据库 前端 unix

centos7下安装最新bind9.17.2版本

天边的云
发表于 2020-07-10 17:13:14

先打开dns的防火墙

firewall-cmd --add-port=53/udp --permanent
firewall-cmd --add-port=953/tcp --permanent
firewall-cmd --reload

安装源包 

rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

安装必备组件

yum install -y wget groupinstall pcre-devel zlib-devel gcc gcc-c++ autoconf automake make pcre-devel zlib-devel openssl-devel openldap-devel libcap libcap-devel libuv libuv-devel unixODBC-devel gcc libtool openssl

下载并编译安装bind9

wget http://ftp.isc.org/isc/bind9/9.17.2/bind-9.17.2.tar.xz
tar -Jxvf bind-9.17.2.tar.xz
cd bind-9.17.2
./configure --prefix=/usr/local/bind --enable-threads --enable-largefile --disable-ipv6 --with-openssl --with-libtool --disable-chroot --disable-static
make&&make install

创建bind运行用户组使其运行在用户模式下,增强安全性

useradd -s /sbin/nologin -M named
mkdir -p /usr/local/bind/log/
mkdir -p /usr/local/bind/var/
chown -R named:named /usr/local/bind/

加入环境变量

echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile
source /etc/profile

生成配置文件

cd /usr/local/bind/sbin/
./rndc-confgen > /usr/local/bind/etc/rndc.conf
cd /usr/local/bind/etc

注意,下面有个反杠,一定要打上

tail -10 rndc.conf | head -9 | sed -e s/# //g > named.conf

如下,一定要注意


下载ca文件

wget http://www.internic.net/domain/named.root

编辑named.conf文件,增加以下内容

controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." IN {
    type hint;
    file "/usr/local/bind/etc/named.root";
};

options {
        tcp-clients 50000;
        directory "/usr/local/bind/var";
        pid-file "/usr/local/bind/var/bind.pid";
        dump-file "/usr/local/bind/var/bind_dump.db";
        statistics-file "/usr/local/bind/var/bind.stats";
        rate-limit {
                nxdomains-per-second 3;
                window 1;
        };
        notify yes;
		listen-on port 53 { any; };
        recursion yes;
        version "osyum-bind:1.0.24";
        allow-notify       { none; };
        allow-recursion    { any; };
        allow-transfer     { none; };
        allow-query        { any; };
};

logging {
        channel bind_log {
                file "/usr/local/bind/log/bind.log" versions 3 size 20m;
                severity info;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
        category default {
                bind_log;
        };
};
include  "/usr/local/bind/etc/default.zones";

新建default.zones文件并添加以下内容

zone "osyum.com" IN {
    type master;
    file "/usr/local/bind/zones/osyum.com.zone";
};

zone "1.1.1.in-addr.arpa" IN {
    type master;
    file "/usr/local/bind/zones/1.1.1.zone";
};

创建zones,新建一个osyum域并配置解析域文件

mkdir /usr/local/bind/zones 
cd /usr/local/bind/zones

新建osyum.com.zone输入以下内容

$TTL 1D
@   IN  SOA osyum.com.   bbs.osyum.com. ( 0 1D 1H 1W 3H )
        NS  ns1.osyum.com.
        NS  ns2.osyum.com.
        A   127.0.0.1
        AAAA    ::1
        MX  10 mx.osyum.com.
ttl IN  A   1.1.1.22
www     IN  A   1.1.1.33   
bbs IN  CNAME   www
mx  IN  A   1.1.1.66
ns1 IN  A   1.1.1.11
ns2 IN  A   1.1.1.11

vi 1.1.1.zone
$TTL 1D
@       IN      SOA     osyum.com. bbs.osyum.com. ( 0 2H 10M 7D 1D )
        NS  ttl.osyum.com.
        A   127.0.0.1
        AAAA    ::1
22  IN      PTR     osyum.com
33  IN      PTR     www.osyum.com.
11  IN      PTR     ns1.osyum.com.
11  IN      PTR     ns2.osyum.com.
66  IN      PTR     mx.osyum.com.

测试启动

/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named

看有无报错

更新本机(centos7)的dns,为本机的ip,修改文件为/etc/resolv.conf ,把第一个nameserver,后面的ip改为本机ip。

测试

nslookup

成功。

426 2

评论 (2)
  • edup

    edup 2020-08-14 15:38:06 1#

    能否出一篇bind+mysql的dns主从配置教程,网上大多是3、5年前的教程各种报错,谢谢!

    天边的云 作者 08-14 15:57

    用这个,然后用mysql同步,简单好用,如你不会在来说https://www.osyum.com/article/show/412/