Install Bind9.6 in CentOS 5.5

Source: Internet
Author: User
Tags dns2 hmac

Install gcc before installing bind, configure the yum source, yum-y install gcc, if there is run. pid error: rm-rf/var/run/yum. pid (solves the problem that the yum-updatesd service is running)

Download bind9.6 to/root/Desktop, first to the directory, then wget ftp://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz

Decompress bind-9.6.0-p1.tar.gz

# Tar zxvf bind-9.6.0-P1.tar.gz

Go to the bind-9.6.0-P1.gz folder

# Cd bind-9.6.0-P1

Create the installation directory, which is installed in/opt/bind

# Mkdir/opt/bind

Compile, specify the installation directory, and enable Multithreading

#./Configure -- prefix =/opt/bind -- enable-threads -- disable-openssl-version-check -- disable-ipv6



# Make takes about a few minutes. If no error is reported, continue.

# Make

# Make install Installation

# Make install

If no error is reported, the installation is successful.



Start configuring bind. The next step is to enable rndc to manage bind9.6.

Create the rndc. conf file and use the bind built-in program to generate it.

Enter/opt/bind/etc and generate rndc. conf and named. conf.

# Cd/opt/bind/etc

#/Opt/bind/sbin/rndc-confgen>/opt/bind/etc/rndc. conf

Output the key information in rndc. conf to named. conf.

# Tail-10 rndc. conf | head-9 | sed-e s/# \ // g> named. conf





It is emphasized that the key values of rndc. conf and named. conf must be exactly the same and do not need to generate rndc. key. This problem has plagued me for about three hours.



# Vim named. conf

Key "rndc-key "{

Algorithm hmac-md5;

Secret "WeHHAt0lui + 9WihUW6HdsQ = ";

};



Controls {

Inet 127.0.0.1 port 953

Allow {127.0.0.1;} keys {"rndc-key ";};

};

Options {

Directory "/opt/bind/var/named ";

};



Zone "." IN {

Type hint;

File "named. ca ";

};



Zone "localhost" IN {

Type master;

File "localhost. zone ";

};



Zone "0.0.127.in-addr. arpa" IN {

Type master;

File "named. local ";

Allow-update {none ;};

};



Zone "linuxidc.com" IN {

Type master;

File "linuxidc. zone ";

};

Zone "88181.com" IN {

Type master;

Files "88181. zone ";



};
Create a named Folder:



# Mkdir/opt/bind/var/named



Enter the named folder



# Cd/opt/bind/var/named/





Write the following content

# Vi localhost. zone

Write the following content:

$ TTL 86400

$ ORIGIN localhost.

@ 1D in soa @ root (

42; serial (d. adams)

3 H; refresh

15 M; retry

1 W; expiry

1D); minimum



1D in ns @

1D in a 127.0.0.1





Import the server information to the/opt/bind/var/named. ca file.



# Dig-t NS.>/opt/bind/var/named. ca



Create File named. local



# Vi named. local



$ TTL 86400

@ In soa localhost. root. localhost .(

1997022700; Serial

28800; Refresh

14400; Retry

3600000; Expire

86400); Minimum

In ns localhost.



1 in ptr localhost.





Create linuxidc. zone



# Vi linuxidc. zone



$ TTL 86400

@ In soa linuxidc.com. root.linuxidc.com .(

57; serial (d. adams)

3 H; refresh

15 M; retry

1 W; expiry

1D); minimum



In ns dns.linuxidc.com.

In mx 5 mail



Dns in a 121.101.211.72

Dns1 in a 121.101.211.72

Dns2 in a 121.101.211.74

Www in a 121.101.211.76



Create zone 88181



# Vi 88181. zone



$ TTL 86400

@ In soa 88181.com. root.88181.com .(

57; serial (d. adams)

3 H; refresh

15 M; retry

1 W; expiry

1D); minimum



In ns dns.88181.com.

In mx 5 mail



Dns in a 121.101.211.72

Dns1 in a 121.101.211.72

Dns2 in a 121.101.211.74

Www in a 192.168.1.179



Note: bind configuration documents are case sensitive.

You can start bind to test whether the installation is successful.

#/Opt/bind/sbin/named-gc/opt/bind/etc/named. conf &

Add the-gc parameter to display the startup log for troubleshooting.

If the last line of the running result is displayed

Running

Indicates that the installation and startup are successful.



Test the rndc command/opt/bind/sbin/rndc status. If it is correct, there should be a status prompt. I usually directly edit vim/root /. add an alias rndc9 = '/opt/bind/sbin/rndc' to bashrc'



Add the named to the startup Item and start it with the operating system.

# Cd/etc/rc. d

# Vim rc. local

Add the following content at the end

/Opt/bind/sbin/named/opt/bind/etc/named. conf &

Exit and save.

You can restart the server, run the nslookup and dig commands, or use pa axu | grep named to end the service with the command killall named.







Append the slave DNS configuration file:



Key "rndc-key "{

Algorithm hmac-md5;

Secret "c97aVpbK9mWdlbefliG7qg = ";

};



Controls {

Inet 127.0.0.1 port 953

Allow {127.0.0.1;} keys {"rndc-key ";};

};

Options {

Directory "/opt/bind/var/named ";



};



Zone "." IN {

Type hint;

File "named. ca ";

};



Zone "localhost" IN {

Type master;

File "localhost. zone ";

};



Zone "0.0.127.in-addr. arpa" IN {

Type master;

File "named. local ";

Allow-update {none ;};

};



Zone "linuxidc.com" IN {

Type slave;

File "slaves/linuxidc. salve ";

Masters {192.168.1.179 ;};



};

Zone "88181.com" IN {

Type slave;

File "sles/88181. salve ";

Masters {192.168.1.179 ;};

Attach firewall policy


[Root @ linuxidc opt] # vi vivabj069.sh

#! /Bin/bash


# Start iptables services

Service iptables restart


# Flush all the policy

Iptables-F


# Setting the default policy

Iptables-P INPUT DROP

Iptables-P FORWARD DROP

Iptables-P OUTPUT DROP


Iptables-a input-m state -- state RELATED, ESTABLISHED-j ACCEPT

Iptables-a output-m state -- state RELATED, ESTABLISHED-j ACCEPT


# Allow access 22, 80 from LAN by tcp

Iptables-a input-p TCP/IP-m tcp-s 0/0 -- dport 22-j ACCEPT

Iptables-a output-p tcp-m tcp -- dport 22-j ACCEPT

Iptables-a output-p tcp -- sport 20020:20030-j ACCEPT

Iptables-a input-p tcp -- dport 20020:20030-j ACCEPT

Iptables-a input-p tcp -- dport 21-j ACCEPT

Iptables-a input-p tcp -- dport 20-j ACCEPT

Iptables-a output-p tcp -- sport 21-j ACCEPT

Iptables-a output-p tcp -- sport 20-j ACCEPT

Iptables-a input-p tcp -- dport 8080-j ACCEPT

Iptables-a output-p tcp -- dport 8080-j ACCEPT

Iptables-a input-p tcp-m tcp -- dport 80-j ACCEPT

Iptables-a output-p tcp-m tcp -- dport 80-j ACCEPT


Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- dport 953-j ACCEPT

Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- sport 953-j ACCEPT

Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- sport 953-j ACCEPT

Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- dport 953-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- dport 953-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- sport 953-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- sport 953-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- dport 953-j ACCEPT


Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- dport 53-j ACCEPT

Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- sport 53-j ACCEPT

Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- dport 53-j ACCEPT

Iptables-a input-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- sport 53-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- dport 53-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p tcp-m tcp -- sport 53-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- sport 53-j ACCEPT

Iptables-a output-s 0.0.0.0/0-d 0.0.0.0/0-p udp-m udp -- dport 53-j ACCEPT


Run the Firewall:


CNAME resolution record

# Sh vivabj069.sh


# Vi linuxidc. zone


$ TTL 86400

@ In soa linuxidc.com. root.linuxidc.com .(

57; serial (d. adams)

3 H; refresh

15 M; retry

1 W; expiry

1D); minimum


In ns dns.linuxidc.com.

In mx 5 mail


Dns in a 121.101.211.72

Dns1 in a 121.101.211.72

Dns2 in a 121.101.211.74

Www in a 121.101.211.76

Wwww in cname www.linuxidc.com.


Note that the domain name must be followed by ".";


This article from the Linux community website original article link: http://www.linuxidc.com/Linux/2013-02/79889p3.htm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.