Install and configure DNS server (BIND 9) on FreeBSD 5.2)

Install and configure DNS server (BIND 9) on FreeBSD 5.2)

Welcome to repost. This article follows the GNU Protocol rules ﹗

FreeBSD 5.2 has been out for a few months and has been trying to systematically learn its new functions. However, it has been too busy recently and there is no way to fully learn it. It took me an hour to install a new DNS server (BIND 9) after work this afternoon. I am afraid that I will forget it later. As the saying goes, it is better to have a good memory than a bad pen, remember it in your blog...

Preparations: Of course, FreeBSD should be installed. It is best to update ports. If you do not know how to update the ports, please refer to my previous articles and FreeBSD upgrade optimization book, ^ _ ^

Install bind9:

CD/usr/ports/DNS/bind9 enter the BIND 9 directory

Make install

Run the installer. After the hard disk rings for a while, the system will be installed. For convenience, * ^_^ *. After the installation is complete, bind9 will remind you: "If you use FreeBSD 4.x. Please browse http://people.freebsd.org /~ Dougb/randomness.html to get more information, if it is FreeBSD 5. x, you do not need to perform this step. If you want BIND 9 to run in the chroot environment, you must run the/dev/Random Device chroot ", it also reminds us to run "rndc-confgen-a" to generate a correct configuration file-random key. The system uses/usr/local as the root directory. Therefore, bind9 command files are stored in the/usr/local/sbin directory and/usr/local/bin directory. After BIND 9 is installed, the system automatically creates a "bind" user with UID 53 and a "bind" group with GID 53 for BIND services...

I like the powerful features of FreeBSD ports. Just make install... I don't like Linux to find RPM packages or source programs all over the world...

PS: I personally think that as long as the environment is not highly efficient, I try not to use source code compilation to save time. If I need to view the detailed compilation command, I can read the makefile to obtain information!

After installing bind9, you cannot directly run it. You need to configure the system as needed...

Configure bind9:

Bind important configuration files include named. conf, named. Root, rndc. conf, And the/etc/named directory. Because named. conf, localhost. rev and other content are installed in this directory (if I remember wrong, please correct it), while rndc. the conf file is stored in the/usr/local/etc directory named rndc. conf. sample

MV/etc/named. conf/usr/local/etc/if I remember wrong, please correct it

CD/usr/local/etc enter the BIND 9 configuration directory

VI named. conf open and compile the configuration file named. conf and BIND 9.

Options {

Directory "/etc/namedb"; // working directory

PID-file "/var/run/named/PID"; // put the PID file to the working directory

};

......

Please note that this file contains a lot of garbage and you should be careful with your judgment. Do not edit the error. Otherwise, you will not be able to run BIND 9 normally. The last part of the/* and */comments have the same meaning as the preceding content. You can use the following as needed:

Zone "onlinecq.com" {// This is the Domain Name

Type slave;

File "s/onlinecq.com. Bak ";

Masters {

192.168.0.19;

};

};

Zone "0.168.192.in-ADDR. Arpa "{

Type slave;

File "s/0.168.192.in-ADDR. ARPA. Bak ";

Masters {

192.168.0.19; // This is the IP address of the local machine.

};

};

Use the: WQ disk to exit. Please note that the configuration "s/onlinecq.com. Bak" just now does not have the S directory, so create and grant permissions now...

Mkdir/etc/namedb/s

Chown BIND: bind/etc/namedb/s

Chmod 750/etc/namedb/s

Okay, then we configure the localhost. Rev file. At first, the file does not exist in the directory, but we can run make-localhost to let the system generate the file automatically...

Chmod 755 make-localhost changes the make-localhost script permission

./Make-localhost

Localhost is automatically generated in the/etc/named directory after running. rev file and localhost-v6.rev file, localhost. the Rev file is for IPv4, And the localhost-v6.rev file is for IPv6, temporarily not used...

This is the content of my localhost. Rev file:

$ TTL 3600

@ In SOA freebsd.onlinecq.com. root.freebsd.onlinecq.com .(

20040217; Serial

3600; refresh

900; retry

3600000; expire

3600); Minimum

In NS freebsd.onlinecq.com.

1 In PTR localhost.onlinecq.com.

OK. So far, the operations in the/etc/named Directory have been completed...

Go to the/usr/local/etc directory.

CD/usr/local/etc

You will find an rndc. conf. sample file. This is an rndc sample file. You just need to generate one by yourself:

/Usr/local/sbin/rndc-confgen> rndc. conf

Then you will find that the current directory has an rndc. conf key file:

VI rndc. conf

Check that the content of my file is like this:

# Start of rndc. conf

Key "rndc-key "{

Algorithm hmac-md5;

Secret "9llye919/f2dte + Cobb 1kg = ";

};

Options {

Default-key "rndc-key ";

Default-server 127.0.0.1;

Default-port 953;

};

# End of rndc. conf

# Use with the following in named. conf, adjusting the allow list as needed:

# Key "rndc-key "{

# Algorithm hmac-md5;

# Secret "9llye919/f2dte + Cobb 1kg = ";

#};

#

# Controls {

# Inet 127.0.0.1 port 953

# Allow {127.0.0.1;} Keys {"rndc-key ";};

#};

# End of named. conf

Note:

# Use with the following in named. conf, adjusting the allow list as needed:

Add the starting part to/usr/local/etc/named. conf and remove #. Otherwise, the rndc status will display timeout and exit...

Well, so far, it seems that BIND 9 can run smoothly. Please test it in the following steps!

/Usr/local/sbin/named-G bind-C/usr/local/etc/named. conf &

& The role is to run in the background

-C is used to run the specified configuration file.

-G is used to initialize a user group name. Many debugging information is displayed on the screen, as shown in the following figure:

FreeBSD #/usr/local/sbin/named-GC/usr/local/etc/named. conf &

[1] 730

Feb 17 20:20:36. 892 starting bind 9.2.3-GC/usr/local/etc/named. conf

Feb 17 20:20:36. 892 using 1 CPU

Feb 17 20:20:36. 894 loading configuration from '/usr/local/etc/named. conf'

Feb 17 20:20:36. 894 listening on IPv4 interface fxp0, 192.168.0.19 #53

Feb 17 20:20:36. 895 listening on IPv4 interface lo0, 127.0.0.1 #53

FreeBSD # Feb 17 20:20:36. 896 Command Channel listening on 127.0.0.1 #953

Feb 17 20:20:36. 896 ignoring config file logging statement due to-G Option

Feb 17 20:20:36. 898 zone 0.0.127.in-ADDR. Arpa/In: loaded serial 20040217

Feb 17 20:20:36. 899 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/In: loaded serial 20040217

Feb 17 20:20:36. 899 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int/In: loaded serial 20040217

Feb 17 20:20:36. 899 running

When you see the running, it indicates that the configuration is correct. To control the running of BIND 9, it is more convenient to use the rndc command, for example, you can use the following command to check its status:

/Usr/local/sbin/rndc status

The following information may be displayed...

Number of zones: 5

Debug level: 0

Xfers running: 0

Xfers deferred: 0

SOA queries in progress: 0

Query logging is off

Server is up and running

If the above information is not displayed, check whether the key in/usr/local/etc/named. conf is configured in your/usr/local/etc/rndc. conf file.

Another test method is as follows:

Nslook, dig, netstat, and other commands can be used to check whether BIND is successfully installed. For specific methods, we suggest you find other materials, THX!

Next, we will add BIND 9 to the system service so that it can run every time it starts up...

VI/etc/rc. conf

Add the following lines to it

Named_enable = "yes"

Named_program = "/usr/local/sbin/named" # path to named, if you want a different one.

Named_flags = "-C/usr/local/etc/named. conf" # flags for named

Save disk and quit!

Because the FreeBSD 5.2 system contains BIND 8, in order not to cause conflicts, we must add a parameter and use the BIND 9 configuration file for guidance.

Now, restart FreeBSD to test whether the installation is successful.

Conclusion

So far, BIND 9 can be established in practice. You can reboot it to bring the latest settings and software into effect.

If an error occurs during the installation process, you can check the error before installing it. Or you can choose to install some of the parts you are interested in!