The basic use of bind has been introduced before. An entry-level approach to bind is available at: http://www.cnblogs.com/anpengapple/p/5877661.html Simple Tutorial Series, this article only talk about bind installation.
This source code installation does not want to introduce, but the recent reload, still burst out a lot of problems. Alas, the apt way is used, the script that generates the configuration file is according to APT's directory and the user, the source code way some pits. So, let's introduce it (some parts are taken directly from the front).
First, because DNSSEC needs to be turned on, you must install OpenSSL. If you do not need to install, or have already installed OpenSSL, you can skip this step.
Installing OpenSSL split-line ****************
OpenSSL try to use the source code installation, first download from the official website (https://www.openssl.org/) to the latest stable version (my 1.0.2h, not the latest version, it should be no different), and then, with the usual software a little bit different.
tar zxvf openssl-1.0. 2h. Tar . GZCD OpenSSL-1.0. 2hsudo ./config--prefix=/usr/Local (Note that this is config instead of configure)sudo make depend (Note that this must be depend first) sudomakesudomakeinstall
Because less write a sentence depend pit for a week I ... There is no error on the OpenSSL installation, but when installing bind./configure to die, and reported such a mistake:
Checking for OpenSSL library ... using OpenSSL from/usr/local/lib and/usr/local/includechecking whether linking with Open SSL works ... noconfigure:error:Could not run test program using OpenSSL from/usr/local/lib and/usr/local/include. Please check the argument to--with-openssl and yourshared library configuration (e.g., Ld_library_path).
I'm almost crying for this damn thing. Later, I installed OpenSSL indefinitely, and then in a corner saw a make depend, saved me a broken heart.
**********************************
*
* Skip the installation of OpenSSL to see the students from here
*
**********************************
OK, next go to bind installation, or use the source code. To the official website (https://www.isc.org/downloads/) Download the latest stable version of BIND (I am using 9.10.4-P3 now, because the previous P1 and P2 versions have recently burst into a serious loophole). And then
tar zxvf bind-9.10. 4-p2. Tar . GZCD bind-9.10. 4-P2sudo ./configure--sysconfdir=/etc/bind--with-libtoolsudo Make sudo Make Install
The parameters of the Configure are determined by their own circumstances. There are several main:
- --prefix=/usr/local:named default location is here, can not write, if put in other directories to write.
- --sysconfdir: I used to put all the configuration files under/etc/bind, add--sysconfdir, if not add, name.conf default in/etc under, very messy.
- --with-libtool: It is said that adding the resulting file is. So rather than. A, which takes up less space. But I added this parameter after make compile will error, I am not very familiar with this compilation method, so I gave up.
- --enable-threads: Many pages on this parameter, in fact, not necessary, with this parameter is to let bind in multi-threaded mode, the default number of threads equals the number of CPU cores. Now this parameter is the default.
- --without-openssl: If you do not want to install OpenSSL, you need to use this parameter.
After loading, in order to start the convenience and security (in fact, to start the convenience), we'd better give bind to build a user, and then get a startup script.
To create a bind user:
-G bind-d/usr/local/sbin bind
Note that the-D here is the user home directory. We are here the default installation of bind,named and RNDC are installed in/usr/local/sbin. Included in the automatic startup script I wrote later, there are many places to write this directory, if you specify a different directory, or later bind default installation to other directories, also need to modify (in other words, APT is the default installed in/usr/sbin, from other places to get the startup script can not be used I am also a variety of embarrassment, later various changes).
Okay, finally, the bind startup script:
The following script is placed in the/ETC/INIT.D/BIND9:
#!/bin/SH-e### BEGIN INIT info# provides:bind9# Required-Start: $remote _fs# Required-Stop: $remote _fs# should-Start: $network $syslog # should-Stop: $network $syslog # Default-start:2 3 4 5# Default-stop:0 1 6# Short-Description:start and Stop bind9# description:bind9 is a Domain Name Server (DNS) #whichtranslates IP addresses to and from the Internet names### END INIT INFOPATH=/sbin:/bin:/usr/sbin:/usr/bin# forA chrooted server:"- u bind-t/var/lib/named"# Don'T Modify this line, change or create/etc/default/bind9.options=""resolvconf=notest-f/etc/default/bind9 &&. /etc/default/bind9test-X/USR/LOCAL/SBIN/RNDC | | Exit0. /lib/lsb/init-Functionspidfile=/var/run/named/named.pidcheck_network () {if[-x/usr/bin/uname] && ["x$ (/usr/bin/uname-o)"= Xsolaris]; Thenifconfig_opts="-au" Elseifconfig_opts="" fi if[-Z"$ (/sbin/ifconfig $IFCONFIG _opts)"]; Then#log_action_msg"NO networks configured."return1 fireturn0} Case " $" inchstart) log_daemon_msg"starting domain Name Service ..." "bind9" modprobeCapability >/dev/NULL 2>&1||true# dirs under/var/run can go away on reboots. mkdir-p/var/run/namedchmod 775/var/run/namedChownRoot:bind/var/run/named >/dev/NULL 2>&1||true if[!-x/usr/local/sbin/named]; Thenlog_action_msg"named binary Missing-not starting"log_end_msg1 fi if! Check_network; Thenlog_action_msg"No networks configured"log_end_msg1 fi ifStart-stop-daemon--start--oknodo--quiet--exec/usr/local/sbin/named--pidfile ${pidfile}--$OPTIONS; Then if["x$resolvconf"!="xno"] && [-x/sbin/resolvconf]; Then Echo "nameserver 127.0.0.1"| /sbin/resolvconf-a lo.namedfilog_end_msg0 Elselog_end_msg1 fi ;; Stop) log_daemon_msg"stopping domain Name Service ..." "bind9" if! Check_network; Thenlog_action_msg"No networks configured"log_end_msg1 fi if["x$resolvconf"!="xno"] && [-x/sbin/resolvconf]; Then/sbin/resolvconf-D lo.namedfiPID=$ (/USR/LOCAL/SBIN/RNDC stop-p |awk '/^pid:/ {Print $}') ||true if[-Z"$pid"]; Then# No PID found, so either not running, or error PID=$ (pgrep-f ^/usr/local/sbin/named) | |trueStart-stop-daemon--stop--oknodo--quiet--exec/usr/local/sbin/named--pidfile ${pidfile}--$OPTIONSfi if[-N"$pid"]; ThenSig=0N=1 while Kill-$sig $pid2>/dev/NULL; Do if[$n-eq1]; Then Echo "waiting for PID $pid" fi if[$n-eq One]; Then Echo "giving up in PID $pid with kill-0; trying-9"Sig=9 fi if[$n-GT -]; Then Echo "giving up on PID $pid" BreakfiN=$ (($n +1)) Sleep 1 Done filog_end_msg0 ;; Reload|force-Reload) log_daemon_msg"Reloading Domain Name Service ..." "bind9" if! Check_network; Thenlog_action_msg"No networks configured"log_end_msg1 fi/USR/LOCAL/SBIN/RNDC Reload >/dev/NULL&& log_end_msg0|| Log_end_msg1 ;; Restart)if! Check_network; Thenlog_action_msg"No networks configured"Exit1 fi $0Stop $0start;; Status) RET=0Status_of_proc-P ${pidfile}/usr/local/sbin/named bind92>/dev/NULL|| Ret=$?exit $ret;; *) log_action_msg"Usage:/etc/init.d/bind9 {start|stop|reload|restart|force-reload|status}"Exit1 ;;EsacExit0
Note the location of the named and RNDC directories inside!
The following script is placed in the/ETC/DEFAULT/BIND9:
# run resolvconf? resolvconf=for the serveroptions="-u bind"
If you have not created a bind user before, just want to start with root, then the last line here is written
options=""
After the startup script is written, the last
sudo chmod 755 /etc/init.d/bind9
Change permissions, and then you can use the
sudo service bind9 start|stop|restart|status
To control bind without having to start the kill process every time named.
All right, just the sauce.
Bind easy Tutorial (0): In Ubuntu under the source code installation bind (actually with the previous tutorial does not have much relation)