1,donwload bind9
wget -P /usr/local https://www.isc.org/downloads/file/bind-9-10-4-p1/?version=tar-gz
2,install pkg
yum install gcc openssl-devel
3,编译安装
./configure --prefix=/usr/local/bind --with-openssl=no && make && make install
4,创建用户
useradd -r named
mkdir /etc/named
5,生存key
/usr/local/bind/sbin/rndc-confgen > /etc/named/rndc.conf
6,写入到named.conf中
tail -10 /etc/named/rndc.conf | head -9 | sed s/# //g > /etc/named/named.conf
7.编辑配置文件vim /etc/named/named.conf
#key
key "rndc-key" {
algorithm hmac-md5;
secret "6XeRgStQZy79gFQzKIqW7w==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#file dir
options {
directory "/var/named";
pid-file "named.pid";
recursion yes;
#forward first;
# forwarders { 8.8.8.8;8.8.4.4;114.114.114.114; }; /dns递归
allow-query { any; };
# dnssec-enable yes;
# dnssec-validation yes;
};
#localhost zone
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
8,生成named.root
dig > named.root
9,创建named.local和localhost.zonevim /var/named/named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
vim /var/named/localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
10.start
/usr/local/bind/sbin/named -c /etc/named/named.conf
ss -tlnp|grep :53
LISTEN 0 10 10.10.234.163:53 *:* users:(("named",66025,23))
LISTEN 0 10 127.0.0.1:53 *:* users:(("named",66025,22))
LISTEN 0 10 :::53 :::* users:(("named",66025,21))