Bind easy Tutorial (0): In Ubuntu under the source code install bind (actually with the previous tutorial does not have much relation)

The basic use of bind has been introduced before. An entry-level approach to bind is available at: http://www.cnblogs.com/anpengapple/p/5877661.html Simple Tutorial Series, this article only talk about bind installation.

This source code installation does not want to introduce, but the recent reload, still burst out a lot of problems. Alas, the apt way is used, the script that generates the configuration file is according to APT's directory and the user, the source code way some pits. So, let's introduce it (some parts are taken directly from the front).

First, because DNSSEC needs to be turned on, you must install OpenSSL. If you do not need to install, or have already installed OpenSSL, you can skip this step.

Installing OpenSSL split-line ****************

OpenSSL try to use the source code installation, first download from the official website (https://www.openssl.org/) to the latest stable version (my 1.0.2h, not the latest version, it should be no different), and then, with the usual software a little bit different.

tar zxvf openssl-1.0. 2h. Tar . GZCD OpenSSL-1.0. 2hsudo ./config--prefix=/usr/Local     (Note that this is config instead of configure)sudo make depend    (Note that this must be depend first)  sudomakesudomakeinstall

Because less write a sentence depend pit for a week I ... There is no error on the OpenSSL installation, but when installing bind./configure to die, and reported such a mistake:

Checking for OpenSSL library ... using OpenSSL from/usr/local/lib and/usr/local/includechecking whether linking with Open SSL works ... noconfigure:error:Could not run test program using OpenSSL from/usr/local/lib and/usr/local/include. Please check the argument to--with-openssl and yourshared library configuration (e.g., Ld_library_path).

I'm almost crying for this damn thing. Later, I installed OpenSSL indefinitely, and then in a corner saw a make depend, saved me a broken heart.

**********************************
*
* Skip the installation of OpenSSL to see the students from here
*
**********************************

OK, next go to bind installation, or use the source code. To the official website (https://www.isc.org/downloads/) Download the latest stable version of BIND (I am using 9.10.4-P3 now, because the previous P1 and P2 versions have recently burst into a serious loophole). And then

tar zxvf bind-9.10. 4-p2. Tar . GZCD bind-9.10. 4-P2sudo ./configure--sysconfdir=/etc/bind--with-libtoolsudo  Make sudo  Make Install

The parameters of the Configure are determined by their own circumstances. There are several main:

• --prefix=/usr/local:named default location is here, can not write, if put in other directories to write.
• --sysconfdir: I used to put all the configuration files under/etc/bind, add--sysconfdir, if not add, name.conf default in/etc under, very messy.
• --with-libtool: It is said that adding the resulting file is. So rather than. A, which takes up less space. But I added this parameter after make compile will error, I am not very familiar with this compilation method, so I gave up.
• --enable-threads: Many pages on this parameter, in fact, not necessary, with this parameter is to let bind in multi-threaded mode, the default number of threads equals the number of CPU cores. Now this parameter is the default.
• --without-openssl: If you do not want to install OpenSSL, you need to use this parameter.

After loading, in order to start the convenience and security (in fact, to start the convenience), we'd better give bind to build a user, and then get a startup script.
To create a bind user:

-G bind-d/usr/local/sbin bind

Note that the-D here is the user home directory. We are here the default installation of bind,named and RNDC are installed in/usr/local/sbin. Included in the automatic startup script I wrote later, there are many places to write this directory, if you specify a different directory, or later bind default installation to other directories, also need to modify (in other words, APT is the default installed in/usr/sbin, from other places to get the startup script can not be used I am also a variety of embarrassment, later various changes).

Okay, finally, the bind startup script:

The following script is placed in the/ETC/INIT.D/BIND9:

#!/bin/SH-e### BEGIN INIT info# provides:bind9# Required-Start: $remote _fs# Required-Stop: $remote _fs# should-Start: $network $syslog # should-Stop: $network $syslog # Default-start:2 3 4 5# Default-stop:0 1 6# Short-Description:start and Stop bind9# description:bind9 is a Domain Name Server (DNS) #whichtranslates IP addresses to and from the Internet names### END INIT INFOPATH=/sbin:/bin:/usr/sbin:/usr/bin# forA chrooted server:"- u bind-t/var/lib/named"# Don'T Modify this line, change or create/etc/default/bind9.options=""resolvconf=notest-f/etc/default/bind9 &&. /etc/default/bind9test-X/USR/LOCAL/SBIN/RNDC | | Exit0. /lib/lsb/init-Functionspidfile=/var/run/named/named.pidcheck_network () {if[-x/usr/bin/uname] && ["x$ (/usr/bin/uname-o)"= Xsolaris]; Thenifconfig_opts="-au"    Elseifconfig_opts=""    fi    if[-Z"$ (/sbin/ifconfig $IFCONFIG _opts)"]; Then#log_action_msg"NO networks configured."return1    fireturn0} Case " $" inchstart) log_daemon_msg"starting domain Name Service ..." "bind9"    modprobeCapability >/dev/NULL 2>&1||true# dirs under/var/run can go away on reboots. mkdir-p/var/run/namedchmod 775/var/run/namedChownRoot:bind/var/run/named >/dev/NULL 2>&1||true    if[!-x/usr/local/sbin/named]; Thenlog_action_msg"named binary Missing-not starting"log_end_msg1    fi    if! Check_network; Thenlog_action_msg"No networks configured"log_end_msg1    fi    ifStart-stop-daemon--start--oknodo--quiet--exec/usr/local/sbin/named--pidfile ${pidfile}--$OPTIONS; Then        if["x$resolvconf"!="xno"] && [-x/sbin/resolvconf]; Then        Echo "nameserver 127.0.0.1"| /sbin/resolvconf-a lo.namedfilog_end_msg0    Elselog_end_msg1    fi    ;; Stop) log_daemon_msg"stopping domain Name Service ..." "bind9"    if! Check_network; Thenlog_action_msg"No networks configured"log_end_msg1    fi    if["x$resolvconf"!="xno"] && [-x/sbin/resolvconf]; Then/sbin/resolvconf-D lo.namedfiPID=$ (/USR/LOCAL/SBIN/RNDC stop-p |awk '/^pid:/ {Print $}') ||true    if[-Z"$pid"]; Then# No PID found, so either not running, or error PID=$ (pgrep-f ^/usr/local/sbin/named) | |trueStart-stop-daemon--stop--oknodo--quiet--exec/usr/local/sbin/named--pidfile ${pidfile}--$OPTIONSfi    if[-N"$pid"]; ThenSig=0N=1         while Kill-$sig $pid2>/dev/NULL; Do        if[$n-eq1]; Then            Echo "waiting for PID $pid"        fi        if[$n-eq One]; Then            Echo "giving up in PID $pid with kill-0; trying-9"Sig=9        fi        if[$n-GT -]; Then            Echo "giving up on PID $pid" BreakfiN=$ (($n +1))        Sleep 1         Done    filog_end_msg0    ;; Reload|force-Reload) log_daemon_msg"Reloading Domain Name Service ..." "bind9"    if! Check_network; Thenlog_action_msg"No networks configured"log_end_msg1    fi/USR/LOCAL/SBIN/RNDC Reload >/dev/NULL&& log_end_msg0|| Log_end_msg1    ;; Restart)if! Check_network; Thenlog_action_msg"No networks configured"Exit1    fi    $0Stop $0start;; Status) RET=0Status_of_proc-P ${pidfile}/usr/local/sbin/named bind92>/dev/NULL|| Ret=$?exit $ret;; *) log_action_msg"Usage:/etc/init.d/bind9 {start|stop|reload|restart|force-reload|status}"Exit1    ;;EsacExit0

Note the location of the named and RNDC directories inside!

The following script is placed in the/ETC/DEFAULT/BIND9:

# run resolvconf? resolvconf=for the  serveroptions="-u bind"

If you have not created a bind user before, just want to start with root, then the last line here is written

options=""

After the startup script is written, the last

sudo chmod 755 /etc/init.d/bind9

Change permissions, and then you can use the

sudo service bind9 start|stop|restart|status

To control bind without having to start the kill process every time named.

All right, just the sauce.

Bind easy Tutorial (0): In Ubuntu under the source code installation bind (actually with the previous tutorial does not have much relation)