在 Tiny Core 的套件庫, 可以找到 BIND9 套件, 這是由 Internet Systems Consortium (ISC) 這個非營利組織所維護, 以下操作步驟, 教你安裝與設定 BIND9
安裝與設定 BIND
1.下載 ICS BIND 套件
$ su tc
$ tce-load -wi bind.tcz
Downloading: libxml2.tcz
Connecting to distro.ibiblio.org (152.19.134.43:80)
libxml2.tcz 100% |*******************************| 680k 0:00:00 ETA
libxml2.tcz: OK
Downloading: bind.tcz
Connecting to distro.ibiblio.org (152.19.134.43:80)
bind.tcz 100% |*******************************| 9276k 0:00:00 ETA
bind.tcz: OK
$ exit # 切回 root 身份
2.重新開機
$ sudo reboot
3.BIND 套件掛載後目錄結構
$ tree /tmp/tcloop/bind/
/tmp/tcloop/bind/
`-- usr
`-- local
|-- bin
| |-- dig
| |-- host
| |-- isc-config.sh
| |-- nslookup
| `-- nsupdate
|-- etc
| `-- bind.keys
|-- lib
|-- sbin
| |-- arpaname
| |-- ddns-confgen
| |-- dnssec-dsfromkey
| |-- dnssec-keyfromlabel
| |-- dnssec-keygen
| |-- dnssec-revoke
| |-- dnssec-settime
| |-- dnssec-signzone
| |-- genrandom
| |-- isc-hmac-fixup
| |-- lwresd
| |-- named
| |-- named-checkconf
| |-- named-checkzone
| |-- named-compilezone -> named-checkzone
| |-- named-journalprint
| |-- nsec3hash
| |-- rndc
| `-- rndc-confgen
|-- share
`-- var
`-- run
9 directories, 25 files
4.建立 BIND9 設定目錄
$ mkdir /usr/local/etc/bind
5.產生 BIND9 主要設定檔 (/usr/local/etc/bind/named.conf)
$ nano /usr/local/etc/bind/named.conf
acl "trusted-nameservers" {
localhost; // my localhost
192.168.66.5;
192.168.88.5;
};
options {
directory "/usr/local/etc/bind";
pid-file "/var/run/named.pid";
session-keyfile "/var/run/session.key";
auth-nxdomain no; // conform to RFC1035
version "Not disclosed"; // hide bind version 9.8.0
notify yes; // inform slaves of updates
allow-transfer { trusted-nameservers; }; // allow servers to make zonetransfer
};
6.取得 DNS Root Server 清單
$ cd /usr/local/etc/bind
$ sudo wget ftp://FTP.INTERNIC.NET/domain/named.cache
$ mv named.cache db.root
7.修改 BIND9 主要設定檔
在 /usr/local/etc/bind/named.conf 設定檔的最後, 加入下式 :
zone "." { type hint; file "/usr/local/etc/bind/db.root"; };
8.建立 BIND9 管理程式
bind9 這程式必須是 root 身分才可執行
$ nano /etc/init.d/bind9
#!/bin/sh
# bind9 is a Domain Name Server (DNS)
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# for a chrooted server: "-u bind -t /var/lib/named"
# test -x /usr/sbin/rndc || exit 0
PIDFILE=/var/run/named.pid
case "$1" in
start)
echo "Starting domain name service..." "bind9"
mkdir -p /var/log/bind
chmod 775 /var/log/bind
chown root:root /var/log/bind >/dev/null 2>&1 || true
# start the server
/usr/local/sbin/named -c /usr/local/etc/bind/named.conf -u root
;;
stop)
echo "Stopping domain name service..." "bind9"
pid=$(/bin/cat ${PIDFILE})
if [ -n "$pid" ]; then
while kill $pid 2>/dev/null; do
echo "waiting for pid $pid to die"
sleep 1
done
fi
echo "Stoped!" $?
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/bind9 {start|stop|restart}"
exit 1
;;
esac
exit 0
完成 /etc/init.d/bind9 這程式後, 記得要付予執行權限, 命令如下 :
$ chmod +x /etc/init.d/bind9
9. 啟動 BIND9
使用自製的 bind9 程式啟動 DNS Server, 命令如下 :
$ /etc/init.d/bind9 start
10. 測試 BIND9
使用 nslookup 命令, 查詢 hinet.net 這網域的 SOA 記錄
# nslookup
> server 192.168.100.5
Default server: 192.168.100.5
Address: 192.168.100.5#53
> set type=soa
> hinet.net.
Server: 192.168.100.5
Address: 192.168.100.5#53
Non-authoritative answer:
hinet.net
origin = hntp1.hinet.net
mail addr = hostmaster.hinet.net
serial = 201108160
refresh = 3600
retry = 7200
expire = 3600000
minimum = 86400
Authoritative answers can be found from:
hinet.net nameserver = ans1.hinet.net.
hinet.net nameserver = ans2.hinet.net.
> exit
11.備份設定
$ echo "usr/local/etc/bind" >> /opt/.filetool.lst
$ echo "etc/init.d/bind9" >> /opt/.filetool.lst
$ filetool.sh -b
12.重新開機
$ sudo reboot
建立正向查詢資料庫
1. 在 BIND9 主要設定檔, 加入以下資訊 :
$ nano /usr/local/etc/bind/named.conf
:
zone "kvm." {
type master;
file "/usr/local/etc/bind/kvm.db";
allow-query { any; }; // no restriction on queries
allow-update { none; }; // don't allow dynamic updates
allow-transfer { trusted-nameservers; }; // restrict zone trans
};
2. 在 /usr/local/etc/bind/ 目錄中, 產生 kvm 網域資料庫檔(kvm.db)
$ nano /usr/local/etc/bind/kvm.db
$TTL 86400
@ IN SOA NS100.kvm. aaa.NS100.kvm. (
1 ; Serial number
43200 ; Refresh timer - 12 hours
3600 ; Retry timer - 1 hour
7200 ; Expire timer - 2 hour
86400 ; Minimum timer - 1 day
)
@ IN NS NS100.kvm.
NS100.kvm. IN A 192.168.100.5
3. 重新啟動 BIND9
$ /etc/init.d/bind9 restart
4. 測試 BIND9
$ nslookup
> server 192.168.100.5
Default server: 192.168.100.5
Address: 192.168.100.5#53
> set type=soa
> kvm.
Server: 192.168.100.5
Address: 192.168.100.5#53
kvm
origin = NS100.kvm
mail addr = aaa.NS100.kvm
serial = 1
refresh = 43200
retry = 3600
expire = 7200
minimum = 86400
> exit
沒有留言:
張貼留言