Install bind9 from the source code package
Isc bind is the specific implementation of DNS in UNIX and Linux. BIND 9 is a new generation version that re-compiles most bind Structure Code. The main features of BIND 9 include:
- DNS Security
DNSSEC (signed zones)
TSIG (signed DNS requests)
- IPv6
Answers DNS queries on IPv6 Sockets
IPv6 resource records (dname, etc .)
Experimental IPv6 resolver library
- New DNS Protocol extensions
Ixfr, ddns, ipvy, edns0
Improved standards Conformance
- Views)
One server can provide multiple views of DNS namespace
- Multi-processor support
- Enhanced code portability
The latest version of BIND 9 is bind 9.3.0. The following describes how to install BIND 9 from the source code.
1. Installing bind from Source Code requires that your UNIX or Linux system be installed with a compiler that supports ansi c. If not, you can use GCC provided by GNU
2. Download the BIND source code package from www.isc.org.
3. After downloading the package to your system, put the source code installation package in the/usr/src directory (you can also put it in another directory. I am used to using this directory to place the source code package) for installation.
4. decompress the source code package:
$ CD/usr/src
$ Tar xvfz bind-9.3.0.tar.gz (9.3.0 is the BIND Version)
If your tar command does not support the Z option (used to decompress the zip package with the GZ extension), you can do this in two steps:
$ Gunzip bind-9.3.0.tar.gz
$ Tar xvf bind-9.3.0.tar
In this way, the source code is extracted to the bind-9.3.0 directory.
5. Start Compilation:
$ CD bind-9.3.0
$./Configure
As the word means, configure configures the compilation parameters of the source code for the specific operating system before compilation. There are many options to choose from, you can use the -- help option to view all available options. Here we will introduce several of the most common options:
-- Prefix =/usr/local/BIND: Set the BIND installation directory. The default value is/usr/local.
Some people like to install bind in a separate directory.
-- Sysconfdir =/etc/BIND: Set the directory where the named. conf configuration file is stored. The default value is "$ prefix/etc"
-- Localstatdir =/var: Set the directory where run/named. PID is stored. The default value is "$ prefix/Var"
-- With-libtool compiles bind library files into dynamic shared library files. This option is not selected by default.
If this option is not selected, the compiled named command will be large, and the library files in the lib directory are all suffixed with..
If this option is selected, the compiled named command is very small, and the library file in the lib directory is the. So suffix.
-- Enable-threads if your system has multiple CPUs, you can use this option.
If no error is reported for./configure, You can compile the source code.
$ Make
Compilation takes a short time. After compilation, bind will be installed. The installation requires the root user permission. Therefore, you must first convert it to the root user.
$ Su-
# Make install
In this way, bind9 has been installed, but some configuration is required for bind to work properly. The following describes the simplest Bind Cache server configuration. This article is intended for beginners of DNS to configure the server as soon as possible, so I have not explained in detail. We recommend that you read DNS and bind carefully for beginners.
The named. conf file is the BIND configuration file. The configuration is as follows:
==================
Named. conf
==================
Options {
Directory "/var/bind ";
Listen-on-v6 {none}; // disable IPv6 functionality
Listen-on {127.0.0.1;}; // if you have multiple NICs and you only want to listen to a specific Nic, you can use this option.
PID-file "/var/run/named. PID"; // The file that records the PID number when the named process is running
};
Zone "." In {
Type hint;
File "named. cache ";
};
Zone "localhost" in {
Type master; // set the type of the zone to master
File "localhost. Zone"; // location of the data file in the Zone
Allow-update {none ;}; // the data in the region cannot be dynamically updated.
Y no; // because dynamic update is not allowed, the notification function does not need to be updated.
};
Zone "127. in-addr.arpa" in {
Type master;
Files "127. Zone ";
Allow-update {none ;};
Y no;
};
The following is the zone configuration file required by the three zones:
==================
Named. Cache
==================
This file records the information of all the root DNS servers, which are maintained by www.internic.net and generally changed once several years. You can go to the ftp://ftp.rs.internic.net/domain/named.cache to download it. It won't be listed here.
==================
Localhost. Zone
==================
$ TTL 1 W
@ In SOA ns. localhost. Root. localhost .(
2004100501; Serial
28800; refresh
14400; retry
604800; expire-1 week
86400); Minimum
In NS
Localhost. In a 127.0.0.1
==================
127. Zone
==================
$ Origin 127. in-addr.arpa.
$ TTL 1 W
@ 1D in SOA localhost. Root. localhost .(
2004100501; Serial
3 h; refresh
15 m; retry
1 W; expire
1D); Minimum
1D in NS localhost.
* 1D in PTR localhost.
In this way, all the configuration files are ready. However, if you want your named process to be more secure, you can run the named process with a dedicated user (such as a named user, instead of running it with the root user with the highest permissions. The procedure is as follows:
1. Create a named user. Remember to set the user's shell to a type that cannot be logged on.
2. chown root/etc/bind/named. conf
Chmod 644/etc/bind/named. conf
3. chown named/var/bind /*
Chmod 644/var/bind /*
5. Use the-u named option when starting the named process.
In this way, the simplest cache server is configured. Remember to start the named process, check syslog To see if there is any error information, and then run the NSLookup or dig command to test it.