CentOS 5: Build and install the Bind9 DNS Master/Slave Server Based on View and key encrypted transmission

Test environment:

MASTER: 192.168.79.130

From: 192.168.79.128,

Domain Name: bkjia.com

I. Compilation and Installation

Here, we use compilation and installation to better understand the working mechanism than the rpm installation method.

(Download the source file package)

# Tar-zxvf bind-9.9.3.tar.gz (extract)

# Cd bind-9.9.3 (enter the extracted directory)

#./Configure-prefix =/usr/local/named-enable-threads-with-dlz-mysql

(For compilation, the-perfix option specifies the installation directory. The-enable-threads option is used to enable thread support to improve server performance. The-with-dlz-mysql option is used to enable dynamic loading of regions, suitable for large dns server systems. Other compilation options can be entered. /configure-help view)
Checking for MySQL DLZ driver... Not found
Configure: error: MySQL was not found in any of/usr/local/mysql/usr/pkg; use-with-dlz-mysql =/path

(The mysql development header file is not found in the system. The mysql development header file name in CentOS is mysql-devel. you can install it using the yum-y install mysql-devel command)

#./Configure-prefix =/usr/local/named-enable-threads
# Make & make install !)

# Ls/usr/local/named/(view the directory after installation)
Bin etc include lib man sbin var first generates a control key for master-slave data encryption.
#/Usr/local/named/sbin/rndc-confgen-a-c bkjia. key-k bkjia

The generated/bkjia. key is also uploaded to the Master/Slave server.

Enter/usr/local/named/etc, and generate rndc. conf and named. conf.

#/Usr/local/named/sbin/rndc-confgen>/usr/local/named/etc/rndc. conf

(Use the rndc-confgen command to generate the rndc. conf file. rndc is mainly used to control the bind9 server through the network. before being able to control a bind server, you must establish an authentication mechanism between the two parties .)
# Cat etc/rndc. conf

# Start of rndc. conf

Key "rndc-key "{

Algorithm hmac-md5;

Secret "uLNAkFRNnTEChIurTi6bow = ";

};

Options {

Default-key "rndc-key ";

Default-server 127.0.0.1;

Default-port 953;

};

# End of rndc. conf

# Use with the following in named. conf, adjusting the allow list as needed:

# Key "rndc-key "{

# Algorithm hmac-md5;

# Secret "uLNAkFRNnTEChIurTi6bow = ";

#};

#

# Controls {

# Inet 127.0.0.1 port 953

# Allow {127.0.0.1;} keys {"rndc-key ";};

#};

# End of named. conf
# Tail-10 rndc. conf | head-9
# Key "rndc-key "{

# Algorithm hmac-md5;

# Secret "uLNAkFRNnTEChIurTi6bow = ";

#};

#

# Controls {

# Inet 127.0.0.1 port 953

# Allow {127.0.0.1;} keys {"rndc-key ";};

#};

Output the key information in rndc. conf to named. conf.

# Cd etc/

It is emphasized that the key values of rndc. conf and named. conf must be the same and do not need to be generated.

Rndc. key
# Tail-10 rndc. conf | head-9> name. conf (redirects the last 10th rows of rndc. conf to the last 2 rows of files to name. conf)

Remove the # number before the 9 rows
# Cat name. conf
Key "rndc-key "{

Algorithm hmac-md5;

Secret "uLNAkFRNnTEChIurTi6bow = ";

};

Controls {

Inet 127.0.0.1 port 953

Allow {127.0.0.1;} keys {"rndc-key ";};

};
Ii. Configure the master server

Modify the main Bind configuration file and load zhir. key

# Vim named. conf

# Acl "bkjia_acl" {192.168.1, 10; 192.168.2.10 ;}; # Use acl for access control

Options {

Directory "/usr/local/named/var/named ";

Version "0.0.0 ″;

Datasize 40 M;

Pid-file "/var/run/named. pid ";

Listen-on port 53 {any ;};

Dump-file "/usr/local/bind/var/data/cache_dump.db ";

Statistics-file "/usr/local/bind/var/data/bind_stats.txt ";

Auth-nxdomain no;

Optional Y yes;

Also-policy {192.168.79.128 ;};

Transfer-format allow-answers;

Interface-interval 0;

Allow-query {any ;};

};

Logging {

Channel warning {

File "dns_warnings" versions 3 size 1240 k;

Severity warning;

Print-category yes;

Print-severity yes;

Print-time yes;

};

Channel general_dns {

File "dns_logs" versions 3 size 1240 k;

Severity info;

Print-category yes;

Print-severity yes;

Print-time yes;

};

Category default {warning ;};

Category queries {general_dns ;};

};

Include "/usr/local/named/etc/bkjia. key ";

# The Value of "bkjia" can be specified.

# Key "bkjia "{

# Algorithm hmac-md5;

# Secret "/3 + UyJBAAS8WDus4DudqzQ = ";

#};

View "view_bkjia "{

Match-clients {any ;};

# Match-clients {bkjia_acl ;};

Server 192.168.79.128 {keys bkjia;}; # slave database encryption and authentication

Zone "." IN {

Type hint;

File "named. ca ";

};

Zone "localhost" IN {

Type master;

File "localhost. zone ";

};

Zone "bkjia.com" IN {

Type master;

File "bkjia. zone ";

Allow-transfer {key bkjia;}; # encrypted transmission

};

};

Key "rndc-key "{

Algorithm hmac-md5;

Secret "uLNAkFRNnTEChIurTi6bow = ";

};

Controls {

Inet 127.0.0.1 port 953

Allow {127.0.0.1;} keys {"rndc-key ";};

};

1 2 Next Page