FreeBSD 5.2 has been going out for a few months, always wants to fully learn its new features, but it is too busy recently, there is no way to learn. I was busy when I was going to get off work this afternoon, I spent an hour from the new installed DNS Server (Bind 9), afraid that she later forgot, as the saying goes, it is better to make a pen, remember it in their own blog, also in CNFUG published. 0, ready to work: Of course, you have to install FreeBSD, it is best to update the ports, if you don't know how to update, please refer to my previous write and freebsd upgrade optimization, ^ _ ^ 1, install bind9:
# cd / usr / ports / dns / bind9 # make install
Run the installer, wait for the hard drive to ring, the system is installed, it is convenient, * ^ _ ^ *. After the installation is complete, Bind9 will remind you: "If you use FreeBSD 4.x. Please visit http://people.freebsd.org/~dougb/randomness.html Get more information, if it is FreeBSD 5.x No need to perform this step, if you want BIND 9 running in the Chroot environment, you must use the / dev / random device chroot, it also reminds us to run "RDC-Confgen -a" to generate a correct configuration file - random Key. The system is based on / usr / local as root directory, so bind9 command files are placed in / usr / local / sbin directory and / usr / local / bin directory. After installing the BIND 9, the system will automatically establish the "bind" user of the UID 53 and GID 53 "Bind" group for bind service to use the power of freebsd ports, what is as long as make install Just, huh, huh, huh ... Linux is also full of RPM packages or source programs, I don't like PS: I personally think that as long as I don't use the source code compilation, save time. If I need to look at its detailed compile command, I can get information by reading Makefile! Installed BIND9, is it possible to run directly, but also let the system configure the configuration bind9: bind compare configuration files according to our needs: named.conf, named.root, rndc.conf, and / etc / named table of Contents. Because the default installation puts named.conf, localhost.rev and other content (if I remember, please correct it), and rndc.conf is placed in / usr / local / etc directory , Name is rndc.conf.sample
MV /etc/named/named.conf / usr / local / etc / cd / usr / local / etcvi named.conf options {directory "/ etc / namedb"; // work directory PID-file "/ var / run / named / PID "; // put the PID file to the working directory};
......
Please pay attention, there are many garbage in this file, you have to judge yourself, don't edit the wrong, or you can't run Bind 9 normally. In the end, the part of / * and * / annotations is the same as the previous content, you can use as needed:
ZONE "onlinecq.com" {// This is domain name Type Slave; file "s / onlinecq.com.bak"; masters {192.168.0.19;};}; zone "0.168.192.in-addr.Arpa" {TYPE Slave; File "S / 0.168.192.in-addr.arpa.bak"; MASTERS {192.168.0.19; // This is the ip} of this unit;
Use: WQ store exit, please pay attention to the configuration "S / OnlineCQ.com.bak", we don't have a S directory, so I will now establish and give privileges.
MKDIR / ETC / NAMEDB / SCHOWN BIND: BIND / ETC / NAMEDB / SCHMOD 750 / ETC / NAMEDB / S
Ok, then we will configure the localhost.rev file. At first, there is no such file below, but we can run make-localhost, let the system generate the file.
CHMOD 755 Make-localhost./make-localhost
LocalHost.rev files and localhost-v6.rev files are automatically generated after running / etc / named directory, and the localhost.rev file is used by IPv4, and the localhost-v6.rev file is used by IPv6, temporarily unable to use . This is my localhost.rev file:
$ TTL 3600
@ In soa freebsd.onlinecq.com. Root.freebsd.onlinecq.com. (20040217; Serial3600; Refresh900; Retry3600000; Expire3600); minimum ns freebsd.onlinecq.com.
1 in
Ptr localhost.onlinecq.com.
OK, until this, the operation in the / etc / named directory completes the back / usr / local / etc directory, you will find an RDC.conf.sample file, this is a sample file of an RDC, don't worry it, we I can generate one yourself:
/ usr / local / sbin / rndc-confgen> rndc.conf
Then you will find that the current directory has a key file with rndc.conf, huh, if you want to look at the content, you can use:
Vi rndc.conf
Check out, my file content is like this:
# Start of rndc.confkey "rndc-key" {algorithm HMAC-MD5; Secret "9LLYE919 / F2DTE COBB
1kg
== ";
Options {Default-key "rNDC-key"; default-server 127.0.0.1; default-port 953;}; # end of rndc.conf
# @ Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" {# algorithm hmac-md5; # secret "9LLYE919 / F2DTE COBB
1kg
== "; #}; ## controls {# inet 127.0.0.1 port 953 # allow {127.0.0.1;} keys {" rndc-key ";}; #}; # end of named.conf pay attention, please put it later In:
# Use with the folowing in named.conf, Adjusting the allow list as needed:
This part of the beginning, add to /usr/local/etc/named.conf and remove # to, otherwise the following RDC Status will display the timeout exit. Well, until this, as if BIND 9 can run smoothly, please test it below!
/ usr / local / sbin / named -g bind -c /usr/local/etc/named.conf &
The role is that the role of running -c in the background is to run -g's role in the specified profile is the initialization of a user group name, and there will also be a lot of debugging information on the screen, I am as follows:
FreeBSD # / usr / local / sbin / named -gc /usr/local/etc/named.conf & [1] 730FEB 17 20: 20: 36.892 Starting Bind
9.2.3
-gc /usr/local/etc/named.conffeb 17 20: 20: 36.892 USING 1 CPUFEB 17 20: 20: 36.894 Loading configuration from '/usr/local/etc/named.conf'Feb 17 20: 20: 36.894 listenging ON IPv4 Interface FXP0, 192.168.0.19 # 53Feb 17 20: 20: 36.895 listening on IPv4 Interface LO0, 127.0.0.1 # 53Freebsd # Feb 17 20: 20: 36.896 Command Channel Listening on 127.0.0.1 # 953feb 17 20: 20: 36.896 Ignoring config file logging statement Due to -g OptionFeb 17 20: 20: 36.898 zone 0.0.127.in-addr.arpa/in: loading series 20040217feb 17 20: 20: 36.899 zone 1.0.0.0.0.0.0.0.0.0.0 . 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 . 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int / in: loaded Serial 20040217 Feb 17 20: 20: 36.899 Running
When you have a word running, the description has been configured correctly. If you want to control the operation of BIND 9, it is more convenient to use the RDC command, such as detecting its status, you can use the following command:
/ usr / local / sbin / rndc status
When the following information is displayed, the following information may be displayed.
Number of zones: 5debug level: 0 XFERS Running: 0 XFERS Deferred: 0 SOA Queries in Progging IS Offer IS Up and Running
If you do not display the above information, check if you configured /usr/local/etc/rndc.conf in your /usr/local/etc/named.conf file. Another test method is: nslook, dig, netstat, etc., you can observe whether to install bind success, specific method, I suggest you find other information, THX! Let's add BIND 9 to the system service, let it run VI /etc/rc.conf every time you turn it on.
Please add the following line behind it.
Named_enable = "yes" named_program = "/ usr / local / sbin / name" # path to named, if you want a different one.named_flags = "- c /usr/local/etc/named.conf" # Flags for name
Because the FreeBSD 5.2 system comes with BIND 8, in order not to cause conflicts, we must add parameters to boot with the configuration file of BIND 9. Ok, please restart your FreeBSD to test if it is completely installed. Ending the language, it is generally possible to establish BIND 9, you can reocconate, let the latest settings and software take effect. If an error occurs during the installation process, you can check the error first, then install it. Or you can choose some parts you are interested in! Of course, because of the time rush, the knowledge involved is too wide, plus my ability is limited, in which the mistakes are inevitable, please ask the readers to raise together, and make progress together!
