FreeBSD 5.2 has been out for a few months and has been trying to systematically learn its new functions. However, it has been too busy recently and there is no way to fully learn it. It took me an hour to install a new DNS server (BIND 9) after work this afternoon. I am afraid that I will forget it later. As the saying goes, it is better to have a good memory than a bad pen, remember it in your blog...
Preparations: Of course, FreeBSD should be installed. It is best to update ports. If you do not know how to update the ports, please refer to my previous articles and FreeBSD upgrade optimization book, ^ _ ^
Install bind9:
CD/usr/ports/DNS/bind9 enter the BIND 9 directory
Make install
Run the installer. After the hard disk rings for a while, the system will be installed. For convenience, * ^_^ *. After the installation is complete, bind9 will remind you: "If you use FreeBSD 4.x. Please browse http://people.freebsd.org /~ Dougb/randomness.html to get more information, if it is FreeBSD 5. x, you do not need to perform this step. If you want BIND 9 to run in the chroot environment, you must run the/dev/Random Device chroot ", it also reminds us to run "rndc-confgen-a" to generate a correct configuration file-random key. The system uses/usr/local as the root directory. Therefore, bind9 command files are stored in the/usr/local/sbin directory and/usr/local/bin directory. After BIND 9 is installed, the system automatically creates a "bind" user with UID 53 and a "bind" group with GID 53 for BIND services...
I like the powerful features of FreeBSD ports. Just make install... I don't like Linux to find RPM packages or source programs all over the world...
PS: I personally think that as long as the environment is not highly efficient, I try not to use source code compilation to save time. If I need to view the detailed compilation command, I can read the makefile to obtain information!
After installing bind9, you cannot directly run it. You need to configure the system as needed...
Configure bind9:
Bind important configuration files include named. conf, named. Root, rndc. conf, And the/etc/named directory. Because named. conf, localhost. rev and other content are installed in this directory (if I remember wrong, please correct it), while rndc. the conf file is stored in the/usr/local/etc directory named rndc. conf. sample
MV/etc/named. conf/usr/local/etc/if I remember wrong, please correct it
CD/usr/local/etc enter the BIND 9 configuration directory
VI named. conf open and compile the configuration file named. conf and BIND 9.
Options {
Directory "/etc/namedb"; // working directory
PID-file "/var/run/named/PID"; // put the PID file to the working directory
};
......
Please note that this file contains a lot of garbage and you should be careful with your judgment. Do not edit the error. Otherwise, you will not be able to run BIND 9 normally. The last part of the/* and */comments have the same meaning as the preceding content. You can use the following as needed:
Zone "onlinecq.com" {// This is the Domain Name
Type slave;
File "s/onlinecq.com. Bak ";
Masters {
192.168.0.19;
};
};
Zone "0.168.192.in-ADDR. Arpa "{
Type slave;
File "s/0.168.192.in-ADDR. ARPA. Bak ";
Masters {
192.168.0.19; // This is the IP address of the local machine.
};
};
Use the: WQ disk to exit. Please note that the configuration "s/onlinecq.com. Bak" just now does not have the S directory, so create and grant permissions now...
Mkdir/etc/namedb/s
Chown BIND: bind/etc/namedb/s
Chmod 750/etc/namedb/s
Okay, then we configure the localhost. Rev file. At first, the file does not exist in the directory, but we can run make-localhost to let the system generate the file automatically...
Chmod 755 make-localhost changes the make-localhost script permission
./Make-localhost
Localhost is automatically generated in the/etc/named directory after running. rev file and localhost-v6.rev file, localhost. the Rev file is for IPv4, And the localhost-v6.rev file is for IPv6, temporarily not used...
This is the content of my localhost. Rev file:
$ TTL 3600
In SOA freebsd.onlinecq.com. root.freebsd.onlinecq.com .(
20040217; Serial
3600; refresh
900; retry
3600000; expire
3600); Minimum
In NS freebsd.onlinecq.com.
1 In PTR localhost.onlinecq.com.
OK. So far, the operations in the/etc/named Directory have been completed...
Go to the/usr/local/etc directory.
CD/usr/local/etc
You will find an rndc. conf. sample file. This is an rndc sample file. You just need to generate one by yourself:
/Usr/local/sbin/rndc-confgen> rndc. conf
Then you will find that the current directory has an rndc. conf key file:
VI rndc. conf
Check that the content of my file is like this:
# Start of rndc. conf
Key "rndc-key "{
Algorithm hmac-md5;
Secret "9llye919/f2dte + Cobb 1kg = ";
};
Options {
Default-key "rndc-key ";
Default-server 127.0.0.1;
Default-port 953;
};
# End of rndc. conf
# Use with the following in named. conf, adjusting the allow list as needed:
# Key "rndc-key "{
# Algorithm hmac-md5;
# Secret "9llye919/f2dte + Cobb 1kg = ";
#};
#
# Controls {
# Inet 127.0.0.1 port 953
# Allow {127.0.0.1;} Keys {"rndc-key ";};
#};
# End of named. conf
Note:
# Use with the following in named. conf, adjusting the allow list as needed:
Add the starting part to/usr/local/etc/named. conf and remove #. Otherwise, the rndc status will display timeout and exit...
Well, so far, it seems that BIND 9 can run smoothly. Please test it in the following steps!
/Usr/local/sbin/named-G bind-C/usr/local/etc/named. conf &
& The role is to run in the background
-C is used to run the specified configuration file.
-G is used to initialize a user group name. Many debugging information is displayed on the screen, as shown in the following figure:
FreeBSD #/usr/local/sbin/named-GC/usr/local/etc/named. conf &
[1] 730
Feb 17 20:20:36. 892 starting bind 9.2.3-GC/usr/local/etc/named. conf
Feb 17 20:20:36. 892 using 1 CPU
Feb 17 20:20:36. 894 loading configuration from ''/usr/local/etc/named. conf''
Feb 17 20:20:36. 894 listening on IPv4 interface fxp0, 192.168.0.19 #53
Feb 17 20:20:36. 895 listening on IPv4 interface lo0, 127.0.0.1 #53
FreeBSD # Feb 17 20:20:36. 896 Command Channel listening on 127.0.0.1 #953
Feb 17 20:20:36. 896 ignoring config file logging statement due to-G Option
Feb 17 20:20:36. 898 zone 0.0.127.in-ADDR. Arpa/In: loaded serial 20040217
Feb 17 20:20:36. 899 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/In: loaded serial 20040217
Feb 17 20:20:36. 899 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int/In: loaded serial 20040217
Feb 17 20:20:36. 899 running
When you see the running, it indicates that the configuration is correct. To control the running of BIND 9, it is more convenient to use the rndc command, for example, you can use the following command to check its status:
/Usr/local/sbin/rndc status
The following information may be displayed...
Number of zones: 5
Debug level: 0
Xfers running: 0
Xfers deferred: 0
SOA queries in progress: 0
Query logging is off
Server is up and running
If the above information is not displayed, check whether the key in/usr/local/etc/named. conf is configured in your/usr/local/etc/rndc. conf file.
Another test method is as follows:
Nslook, dig, netstat, and other commands can be used to check whether BIND is successfully installed. For specific methods, we suggest you find other materials, THX!
Next, we will add BIND 9 to the system service so that it can run every time it starts up...
VI/etc/rc. conf
Add the following lines to it
Named_enable = "yes"
Named_program = "/usr/local/sbin/named" # path to named, if you want a different one.
Named_flags = "-C/usr/local/etc/named. conf" # flags for named
Save disk and quit!
Because the FreeBSD 5.2 system contains BIND 8, in order not to cause conflicts, we must add a parameter and use the BIND 9 configuration file for guidance.
Now, restart FreeBSD to test whether the installation is successful.
During the entire installation process, you can use the buttons in the following table to operate. If you have any questions during the operation, you can press F1 for help at any time.