Installing bind9 posted on October 3, 2004 from Source Packet 16:56
ISC Bind is DNS specific implementation under UNIX and Linux, Bind 9 is a new generation of most Bind structural code, and Bind 9's main features are:
DNS Security DNSSEC (signed zones) TSIG (signed DNS requests) IPv6 Answers DNS queries on IPv6 sockets IPv6 resource records (DNAME, etc.) Experimental IPv6 Resolver Library implements the DNS protocol extensions of new features IXFR, DDNS, Notify, EDNS0 Improved standards Conformance View Function (Views) A server can provide multiple views of DNS namespace to support multiprocessor enhanced code portability
The current latest version of Bind 9 is BIND 9.3.0. Here we describe how to install BIND 9 from the source code.
1. Install Bind from the source code to require your UNIX or Linux system to support the compiler that supports ANSI C. If not, you can use the GNU to provide GCC2, to www.isc.org website to download the version of Bind source code you need. After the package 3, after downloading to your system, place the source code installation package into the / usr / src directory (you can also put it in other directories, I am used to place the source code package with this directory) Prepare 4, decompressed source code Package: $ CD / USR / SRC $ TAR XVFZ BIND-9.3.0.tar.gz (9.3.0 is Bind version number) If your tar command does not support z option (for extracting the compressed package of GZ suffix), You can do two steps: $ gunzip bind-9.3.0.tar.gz $ tar xvf bind-9.3.0.TAR This source code is decompressed to the BIND-9.3.0 directory. 5, start compilation: $ CD BIND-9.3.0 $ ./configure is like a word meaning, configure is compilation parameter configuration for the specific operating system before compiling, there are many options to choose, everyone can use - -HELP options to view all available options, here you introduce several most common options: --PREFIX = / usr / local / bind Settings Bind installation directory, default is / usr / local. Some people like to install Bind in a separate directory. You can set it. Named.PID placed directory, default is "$ prefix / var" --with-libtool compiles BIND library file as dynamic shared library file, this option is unselected by default. If you do not choose this option, then the compiled named command will be relatively large, the library file in the lib directory is. If you select this option, then the compiled named command will be small, lib directory library files It is. SO suffix --enable-threads If your system has multiple CPUs, you can use this option if ./configure has no error, then you can start compiling the source code. $ Make
Compilation requires a small meeting time, after the compilation is complete, start installing bind, installing the root user permission, so you must first convert into root users. $ Su - # make install
Thus BIND9 has been installed, but let Bind work normally, you need to do some configuration. The following describes the simplest Bind Cache Server. Since this paper is to configure the server as soon as possible, it is not explained in detail. It is recommended that beginners read "DNS and Bind".
The named.conf file is the configuration file of the bind. The configuration is as follows:
============= Named.conf ============= Options {Directory "/ var / bind"; listen-on-v6 {none}; // Prohibit IPv6 function Listen-on {127.0.0.1;}; // If you have multiple network cards, and you only want to listen to a specific network card, you can use this option Pid-file "/var/run/named.pid "; // Set the file}; zone"; zone "in the NAMED process." {Type hint; file "named.cache";
ZONE "localhost" in {type master; // area is set to master file "localhost.zone"; // District data file location allow-update {none;}; // Do not allow dynamic update of data NOTIFY NO; // If you do not allow dynamic updates, no need to update the function};
Zone "127.in-addr.Arpa" in {type master; file "127.zone"; allow-update {none;}; notify no;};
Below is the area profile required by the three zone:
============= Named.cache ============= This file records information about all root DNS servers, which is maintained by www.internic.net, Generally, it will change once a few years. You can go to ftp://ftp.rs.internic.net/domain/named.cache to download, here is not listed here.
============= localhost.zone ============= $ TTL 1W @ in SOA ns.localhost. root.localhost. (2004100501; Serial 28800; Refresh 14400; RETRY 604800; Expire - 1 Week 86400); Minimumin NS NSLOCALHOST. IN A 127.0.0.1
============= 127.Zone ============= $ ORIGIN 127.IN-ADDR.ARPA. $ TTL 1W @ 1D in SOA localhost. Root. (2004100501; Serial 3H; Refresh 15m; Retry 1w; Expire 1D); Minimum
1D in ns localhost. * 1D in Ptr Localhost.
All configuration files are set. But if you want your named process to be more secure, then you can run the NAMED process with a specialized user (such as: named user), not the ROOT user with the most permissions. The steps are as follows:
1. Create a NAMED user, remember to set the user's shell to the type where you cannot log in. 2, chown root /etc/bind/named.conf chmod 644 /etc/bind/named.conf3,chown named / var / bind / * chmod 644 / var / bind / * 5, use -u name when starting the NAMED process .
