CentOS 5: Build and install the Bind9 DNS Master/Slave Server Based on View and key encrypted transmission

Source: Internet
Author: User
Tags hmac

Test environment:

MASTER: 192.168.79.130

From: 192.168.79.128,

Domain Name: bkjia.com

I. Compilation and Installation

Here, we use compilation and installation to better understand the working mechanism than the rpm installation method.

(Download the source file package)

# Tar-zxvf bind-9.9.3.tar.gz (extract)

# Cd bind-9.9.3 (enter the extracted directory)

#./Configure-prefix =/usr/local/named-enable-threads-with-dlz-mysql

(For compilation, the-perfix option specifies the installation directory. The-enable-threads option is used to enable thread support to improve server performance. The-with-dlz-mysql option is used to enable dynamic loading of regions, suitable for large dns server systems. Other compilation options can be entered. /configure-help view)
Checking for MySQL DLZ driver... Not found
Configure: error: MySQL was not found in any of/usr/local/mysql/usr/pkg; use-with-dlz-mysql =/path

(The mysql development header file is not found in the system. The mysql development header file name in CentOS is mysql-devel. you can install it using the yum-y install mysql-devel command)

#./Configure-prefix =/usr/local/named-enable-threads
# Make & make install !)

# Ls/usr/local/named/(view the directory after installation)
Bin etc include lib man sbin var first generates a control key for master-slave data encryption.
#/Usr/local/named/sbin/rndc-confgen-a-c bkjia. key-k bkjia

The generated/bkjia. key is also uploaded to the Master/Slave server.

Enter/usr/local/named/etc, and generate rndc. conf and named. conf.

#/Usr/local/named/sbin/rndc-confgen>/usr/local/named/etc/rndc. conf

(Use the rndc-confgen command to generate the rndc. conf file. rndc is mainly used to control the bind9 server through the network. before being able to control a bind server, you must establish an authentication mechanism between the two parties .)
# Cat etc/rndc. conf

# Start of rndc. conf

Key "rndc-key "{

Algorithm hmac-md5;

Secret "uLNAkFRNnTEChIurTi6bow = ";

};

Options {

Default-key "rndc-key ";

Default-server 127.0.0.1;

Default-port 953;

};

# End of rndc. conf

# Use with the following in named. conf, adjusting the allow list as needed:

# Key "rndc-key "{

# Algorithm hmac-md5;

# Secret "uLNAkFRNnTEChIurTi6bow = ";

#};

#

# Controls {

# Inet 127.0.0.1 port 953

# Allow {127.0.0.1;} keys {"rndc-key ";};

#};

# End of named. conf
# Tail-10 rndc. conf | head-9
# Key "rndc-key "{

# Algorithm hmac-md5;

# Secret "uLNAkFRNnTEChIurTi6bow = ";

#};

#

# Controls {

# Inet 127.0.0.1 port 953

# Allow {127.0.0.1;} keys {"rndc-key ";};

#};

Output the key information in rndc. conf to named. conf.

# Cd etc/

It is emphasized that the key values of rndc. conf and named. conf must be the same and do not need to be generated.

Rndc. key
# Tail-10 rndc. conf | head-9> name. conf (redirects the last 10th rows of rndc. conf to the last 2 rows of files to name. conf)

Remove the # number before the 9 rows
# Cat name. conf
Key "rndc-key "{

Algorithm hmac-md5;

Secret "uLNAkFRNnTEChIurTi6bow = ";

};

Controls {

Inet 127.0.0.1 port 953

Allow {127.0.0.1;} keys {"rndc-key ";};

};
Ii. Configure the master server

Modify the main Bind configuration file and load zhir. key

# Vim named. conf

# Acl "bkjia_acl" {192.168.1, 10; 192.168.2.10 ;}; # Use acl for access control

Options {

Directory "/usr/local/named/var/named ";

Version "0.0.0 ″;

Datasize 40 M;

Pid-file "/var/run/named. pid ";

Listen-on port 53 {any ;};

Dump-file "/usr/local/bind/var/data/cache_dump.db ";

Statistics-file "/usr/local/bind/var/data/bind_stats.txt ";

Auth-nxdomain no;

Optional Y yes;

Also-policy {192.168.79.128 ;};

Transfer-format allow-answers;

Interface-interval 0;

Allow-query {any ;};

};

Logging {

Channel warning {

File "dns_warnings" versions 3 size 1240 k;

Severity warning;

Print-category yes;

Print-severity yes;

Print-time yes;

};

Channel general_dns {

File "dns_logs" versions 3 size 1240 k;

Severity info;

Print-category yes;

Print-severity yes;

Print-time yes;

};

Category default {warning ;};

Category queries {general_dns ;};

};

Include "/usr/local/named/etc/bkjia. key ";

# The Value of "bkjia" can be specified.

# Key "bkjia "{

# Algorithm hmac-md5;

# Secret "/3 + UyJBAAS8WDus4DudqzQ = ";

#};

View "view_bkjia "{

Match-clients {any ;};

# Match-clients {bkjia_acl ;};

Server 192.168.79.128 {keys bkjia;}; # slave database encryption and authentication

Zone "." IN {

Type hint;

File "named. ca ";

};

Zone "localhost" IN {

Type master;

File "localhost. zone ";

};

Zone "bkjia.com" IN {

Type master;

File "bkjia. zone ";

Allow-transfer {key bkjia;}; # encrypted transmission

};

};

Key "rndc-key "{

Algorithm hmac-md5;

Secret "uLNAkFRNnTEChIurTi6bow = ";

};

Controls {

Inet 127.0.0.1 port 953

Allow {127.0.0.1;} keys {"rndc-key ";};

};

  • 1
  • 2
  • Next Page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.