2011年8月22日 星期一

Tiny Core ISC BIND9 安裝與設定

在 Tiny Core 的套件庫, 可以找到 BIND9 套件, 這是由 Internet Systems Consortium (ISC) 這個非營利組織所維護, 以下操作步驟, 教你安裝與設定 BIND9

安裝與設定 BIND

1.下載 ICS BIND 套件
$ su tc
$ tce-load -wi bind.tcz
Downloading: libxml2.tcz
Connecting to distro.ibiblio.org (152.19.134.43:80)
libxml2.tcz          100% |*******************************|   680k  0:00:00 ETA
libxml2.tcz: OK
Downloading: bind.tcz
Connecting to distro.ibiblio.org (152.19.134.43:80)
bind.tcz             100% |*******************************|  9276k  0:00:00 ETA
bind.tcz: OK

$ exit                    # 切回 root 身份

2.重新開機

$ sudo reboot

3.BIND 套件掛載後目錄結構

$ tree /tmp/tcloop/bind/
/tmp/tcloop/bind/
`-- usr
    `-- local
        |-- bin
        |   |-- dig
        |   |-- host
        |   |-- isc-config.sh
        |   |-- nslookup
        |   `-- nsupdate
        |-- etc
        |   `-- bind.keys
        |-- lib
        |-- sbin
        |   |-- arpaname
        |   |-- ddns-confgen
        |   |-- dnssec-dsfromkey
        |   |-- dnssec-keyfromlabel
        |   |-- dnssec-keygen
        |   |-- dnssec-revoke
        |   |-- dnssec-settime
        |   |-- dnssec-signzone
        |   |-- genrandom
        |   |-- isc-hmac-fixup
        |   |-- lwresd
        |   |-- named
        |   |-- named-checkconf
        |   |-- named-checkzone
        |   |-- named-compilezone -> named-checkzone
        |   |-- named-journalprint
        |   |-- nsec3hash
        |   |-- rndc
        |   `-- rndc-confgen
        |-- share
        `-- var
            `-- run

9 directories, 25 files

4.建立 BIND9 設定目錄

$ mkdir /usr/local/etc/bind

5.產生 BIND9 主要設定檔 (/usr/local/etc/bind/named.conf)

$ nano /usr/local/etc/bind/named.conf
acl "trusted-nameservers"       {
   localhost;                    // my localhost
  192.168.66.5;
  192.168.88.5;
};

options {
  directory               "/usr/local/etc/bind";
  pid-file                   "/var/run/named.pid";
  session-keyfile     "/var/run/session.key";
  auth-nxdomain      no;                         // conform to RFC1035
  version                  "Not disclosed";            // hide bind version 9.8.0
  notify                     yes;                        // inform slaves of updates
  allow-transfer       { trusted-nameservers; };   // allow servers to make zonetransfer
};

6.取得 DNS Root Server 清單

$ cd /usr/local/etc/bind
$ sudo wget ftp://FTP.INTERNIC.NET/domain/named.cache
$ mv named.cache db.root

7.修改 BIND9 主要設定檔
/usr/local/etc/bind/named.conf 設定檔的最後, 加入下式 :

zone "." { type hint;    file "/usr/local/etc/bind/db.root"; };

8.建立 BIND9 管理程式
bind9 這程式必須是 root 身分才可執行

$ nano /etc/init.d/bind9
#!/bin/sh
# bind9 is a Domain Name Server (DNS)

PATH=/sbin:/bin:/usr/sbin:/usr/bin

# for a chrooted server: "-u bind -t /var/lib/named"
# test -x /usr/sbin/rndc || exit 0

PIDFILE=/var/run/named.pid

case "$1" in
start)
echo "Starting domain name service..." "bind9"

mkdir -p /var/log/bind
chmod 775 /var/log/bind
chown root:root /var/log/bind >/dev/null 2>&1 || true

# start the server
/usr/local/sbin/named -c /usr/local/etc/bind/named.conf -u root
;;
stop)
echo "Stopping domain name service..." "bind9"

pid=$(/bin/cat ${PIDFILE})
if [ -n "$pid" ]; then
while kill $pid 2>/dev/null; do
echo "waiting for pid $pid to die"
sleep 1
done
fi
echo "Stoped!" $?
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/bind9 {start|stop|restart}"
exit 1
;;
esac
exit 0

完成 /etc/init.d/bind9 這程式後, 記得要付予執行權限, 命令如下 :

$ chmod +x /etc/init.d/bind9

9. 啟動 BIND9
使用自製的 bind9 程式啟動 DNS Server, 命令如下 :

$ /etc/init.d/bind9 start

10. 測試 BIND9
使用 nslookup 命令, 查詢 hinet.net 這網域的 SOA 記錄

# nslookup
> server 192.168.100.5
Default server: 192.168.100.5
Address: 192.168.100.5#53
> set type=soa
> hinet.net.
Server:        192.168.100.5
Address:    192.168.100.5#53

Non-authoritative answer:
hinet.net
    origin = hntp1.hinet.net
    mail addr = hostmaster.hinet.net
    serial = 201108160
    refresh = 3600
    retry = 7200
    expire = 3600000
    minimum = 86400

Authoritative answers can be found from:
hinet.net    nameserver = ans1.hinet.net.
hinet.net    nameserver = ans2.hinet.net.
> exit

11.備份設定

$ echo "usr/local/etc/bind" >> /opt/.filetool.lst
$ echo "etc/init.d/bind9" >> /opt/.filetool.lst
$ filetool.sh -b 

12.重新開機

$ sudo reboot

建立正向查詢資料庫

1. 在 BIND9 主要設定檔, 加入以下資訊 :

$ nano /usr/local/etc/bind/named.conf
                                       :
zone "kvm." {
   type master;
   file "/usr/local/etc/bind/kvm.db";
   allow-query     { any; };       // no restriction on queries
   allow-update    { none; };      // don't allow dynamic updates
   allow-transfer  { trusted-nameservers; }; // restrict zone trans
};

2. 在 /usr/local/etc/bind/ 目錄中, 產生 kvm 網域資料庫檔(kvm.db)

$ nano /usr/local/etc/bind/kvm.db    
$TTL 86400
@       IN SOA NS100.kvm. aaa.NS100.kvm. (
     1      ; Serial number
     43200           ; Refresh timer - 12 hours
     3600            ; Retry timer - 1 hour
     7200            ; Expire timer - 2 hour
     86400           ; Minimum timer - 1 day
)
@ IN      NS      NS100.kvm.
NS100.kvm. IN A 192.168.100.5

3. 重新啟動 BIND9

$ /etc/init.d/bind9 restart

4. 測試 BIND9

$ nslookup
> server 192.168.100.5
Default server: 192.168.100.5
Address: 192.168.100.5#53
> set type=soa
> kvm.
Server:        192.168.100.5
Address:    192.168.100.5#53

kvm
    origin = NS100.kvm
    mail addr = aaa.NS100.kvm
    serial = 1
    refresh = 43200
    retry = 3600
    expire = 7200
    minimum = 86400
> exit


ISC BIND9 官方網站 : http://www.isc.org/software/bind

沒有留言:

張貼留言