此文章是:《Centos bind配置进阶版》与《Centos Bind配置完整版》的续篇,全部推倒重建。
基本环境:
主DNS服务器:
|
0 1 2 3 4 5 6 |
[root@Master /]# cat /etc/redhat-release CentOS release 6.4 (Final) [root@Master /]# uname -a Linux Master 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [root@Master /]# ifconfig | grep "inet addr" inet addr:1.1.1.19 Bcast:1.1.1.255 Mask:255.255.255.0 [root@MASTER /]# ifconfig eth0:0 192.168.1.19 netmask 255.255.255.0 |
从DNS服务器:
|
0 1 2 3 4 5 |
[root@Slave ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root@Slave ~]# uname -a Linux Slave 2.6.32-573.18.1.el6.x86_64 #1 SMP Tue Feb 9 22:46:17 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@Slave ~]# ifconfig | grep "inet addr" inet addr:1.1.1.20 Bcast:1.1.1.255 Mask:255.255.255.0 |
主DNS服务器编译:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
yum install vim wget gcc gcc-c++ python-ply python-devel openssl openssl-devel libcap-devel [root@Master /]# mkdir /byrd/tools -p [root@Master /]# mkdir /byrd/service [root@Master /]# cd /byrd/tools/ [root@MASTER tools]# wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.28.tar.gz [root@MASTER tools]# tar zxf mysql-5.6.28.tar.gz [root@MASTER tools]# cd mysql-5.6.28 [root@MASTER mysql-5.6.28]# cmake . -DCMAKE_INSTALL_PREFIX=/byrd/service/mysql-5.6.28 -DMYSQL_DATADIR=/byrd/service/mysql-5.6.28/data -DMYSQL_UNIX_ADDR=/byrd/service/mysql-5.6.28/tmp/mysql.sock -DMYSQL_USER=mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLED_LOCAL_INFILE=ON -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 [root@MASTER mysql-5.6.28]# make && make install [root@MASTER mysql-5.6.28]# groupadd mysql [root@MASTER mysql-5.6.28]# useradd -s /sbin/nologin -g mysql mysql [root@MASTER mysql-5.6.28]# ln -s /byrd/service/mysql-5.6.28 /usr/local/mysql [root@MASTER mysql-5.6.28]# /usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ --user=mysql [root@MASTER mysql-5.6.28]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld [root@MASTER mysql-5.6.28]# mv /etc/my.cnf /etc/my.cnf.backup [root@MASTER mysql-5.6.28]# cp /usr/local/mysql/support-files/my-default.cnf /etc/my.cnf [root@MASTER mysql-5.6.28]# /etc/init.d/mysqld start [root@MASTER mysql-5.6.28]# cd .. [root@Master tools]# wget ftp://ftp.isc.org/isc/bind9/9.9.8/bind-9.9.8.tar.gz [root@Master tools]# tar zxf bind-9.9.8.tar.gz [root@Master tools]# cd bind-9.9.8 [root@Master bind-9.9.8]# ./configure -h [root@MASTER bind-9.9.8]# ./configure --prefix=/byrd/service/bind-9.9.8 --with-dlz-mysql=/usr/local/mysql --with-libtool --enable-threads --enable-ipv6 --with-dlz-filesystem=yes 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' [root@Master bind-9.9.8]# make && make install /usr/bin/install -c -m 644 ./bind.keys /byrd/service/bind-9.9.8/etc [root@Master bind-9.9.8]# ln -s /byrd/service/bind-9.9.8 /usr/local/named [root@Master bind-9.9.8]# groupadd -r named -g 25 [root@Master bind-9.9.8]# useradd named -u 25 -g named -d /byrd/service/bind-9.9.8/ -s /sbin/nologin |
主DNS服务器配置:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
[root@Master bind-9.9.8]# cd /usr/local/named/etc [root@Master etc]# mkdir /var/named [root@Master etc]# chown -R named:named /var/named/ [root@Master etc]# chown -R named:named /usr/local/named [root@Master etc]# chmod 700 /usr/local/named/etc/ [root@Master etc]# chown -R named.named /usr/local/named/etc/ [root@Master etc]# cd /var/named/ [root@MASTER named]# /usr/local/named/bin/dig > named.root #wget https://www.internic.net/domain/named.root [root@MASTER named]# chown -R root.named /var/named/named.root [root@Master named]# /usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf #/usr/local/named/sbin/rndc-confgen -r /dev/urandom > /usr/local/named/etc/rndc.conf [root@Master named]# tail /usr/local/named/etc/rndc.conf | head -9 |sed s/\#//g > /usr/local/named/etc/named.conf [root@Master named]# cd - [root@Master etc]# chown -R named.named /usr/local/named/var/ [root@MASTER etc]# mkdir {/var/named/data,/var/named/zones} -p [root@MASTER etc]# chown -R named.named {/var/named/data,/var/named/zones} [root@MASTER etc]# grep -v "#" /var/local/named/etc/named.conf [root@MASTER zones]# cat /usr/local/named/etc/named.conf // named.conf options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; bindkeys-file "/usr/local/named/etc/bind.key"; allow-transfer { 1.1.1.20; }; # forwarders {114.114.114.114;}; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel gsquery { file "data/query.log" versions 3 size 20m; severity info; print-time yes; print-category yes; print-severity yes; }; category queries { gsquery; }; }; key "rndc-key" { algorithm hmac-md5; secret "ovH1P5Jg000GLBWJYifXRQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; include "/var/named/named.rfc1912.zones"; [root@MASTER zones]# cat /var/named/named.rfc1912.zones zone "localhost" IN { type master; file "zones/named.localhost"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "zones/named.loopback"; allow-update { none; }; }; zone "t4x.org" IN { type master; file "zones/t4x.org.zone"; allow-update { none; }; allow-transfer { 1.1.1.20; }; notify yes; also-notify { 1.1.1.20; }; #允许slave主机以外的备份 }; zone "1.168.192.in-addr.arpa" { type master; file "zones/192.168.1.zone"; allow-update { none; }; notify yes; allow-transfer { 1.1.1.20; }; }; [root@MASTER zones]# cat /var/named/zones/t4x.org.zone $TTL 600 @ IN SOA ns1.t4x.org. admin.t4x.org. ( 2015050702 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1 IN NS ns2.t4x.org. IN A 1.1.1.19 ns1 IN A 1.1.1.19 ns2 IN A 1.1.1.20 www IN A 192.168.1.19 bbs IN A 192.168.1.92 qwer IN A 1.2.3.4 test IN CNAME www blog IN CNAME www [root@MASTER zones]# cat /var/named/zones/192.168.1.zone $TTL 1D @ IN SOA ns1.t4x.org. admin.t4x.org. ( 2015050701 ; serial 10 ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.t4x.org. @ IN NS ns2.t4x.org. PTR localhost. 19 IN PTR ns1.t4x.org. 20 IN PTR ns2.t4x.org. 19 IN PTR note.t4x.org. 19 IN PTR ww.t4x.org. [root@MASTER zones]# cat named.localhost $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 PTR localhost. [root@MASTER zones]# cat named.loopback $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 PTR localhost. [root@MASTER zones]# /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -4u named |
正解、反解测试:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
[root@MASTER zones]# /usr/local/named/bin/dig note.t4x.org ;; QUESTION SECTION: ;note.t4x.org. IN A ;; ANSWER SECTION: note.t4x.org. 600 IN A 192.168.1.19 ;; AUTHORITY SECTION: t4x.org. 600 IN NS ns1.t4x.org. ;; ADDITIONAL SECTION: ns1.t4x.org. 600 IN A 1.1.1.19 [root@MASTER zones]# /usr/local/named/bin/dig blog.t4x.org ;; QUESTION SECTION: ;blog.t4x.org. IN A ;; ANSWER SECTION: blog.t4x.org. 600 IN CNAME note.t4x.org. note.t4x.org. 600 IN A 192.168.1.19 [root@MASTER zones]# /usr/local/named/bin/dig -x 192.168.1.19 ;; QUESTION SECTION: ;19.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 19.1.168.192.in-addr.arpa. 86400 IN PTR note.t4x.org. 19.1.168.192.in-addr.arpa. 86400 IN PTR ns1.t4x.org. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns1.t4x.org. ;; ADDITIONAL SECTION: ns1.t4x.org. 600 IN A 1.1.1.19 [root@MASTER zones]# /usr/local/named/bin/dig -x 192.168.1.92 ;; QUESTION SECTION: ;92.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 92.1.168.192.in-addr.arpa. 86400 IN PTR bbs.t4x.org. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns1.t4x.org. |
从DNS服务器编译:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 |
[root@Slave bind-9.9.8]# yum install vim get openssl openssl-devel lrzsz dos2unix gcc gcc-c++ -y [root@Slave ~]# mkdir /byrd/tools -p [root@Slave ~]# mkdir /byrd/service [root@Slave ~]# cd /byrd/tools/ [root@Slave tools]# wget ftp://ftp.isc.org/isc/bind9/9.9.8/bind-9.9.8.tar.gz [root@Slave tools]# tar zxf bind-9.9.8.tar.gz [root@Slave tools]# cd bind-9.9.8 [root@Slave bind-9.9.8]# ./configure --prefix=/byrd/service/bind-9.9.8 --with-libtool --enable-threads --enable-ipv6 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' [root@Slave bind-9.9.8]# make && make install [root@Slave bind-9.9.8]# /usr/local/named/sbin/rndc-confgen -r /dev/urandom > /usr/local/named/etc/rndc.conf [root@Slave etc]# tail /usr/local/named/etc/rndc.conf | head -9 |sed s/\#//g > /usr/local/named/etc/named.conf [root@Slave etc]# mkdir {/var/named/data,/var/named/slaves/} -p [root@Slave etc]# chown -R named.named {/var/named/data,/var/named/slaves/} |
从DNS服务器配置:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
[root@Slave named]# cat /usr/local/named/etc/named.conf options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; bindkeys-file "/usr/local/named/etc/bind.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel gsquery { file "data/query.log" versions 3 size 20m; severity info; print-time yes; print-category yes; print-severity yes; }; category queries { gsquery; }; }; key "rndc-key" { algorithm hmac-md5; secret "IZMCwXjEaNM1nkSQ+1qQxA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; include "/var/named/named.rfc1912.zones"; [root@Slave named]# cat /var/named/named.rfc1912.zones zone "t4x.org" IN { type slave; file "slaves/t4x.org.zone"; masters { 1.1.1.19; }; allow-transfer { none; }; }; zone "1.168.192.in-addr.arpa" { type slave; file "slaves/192.168.1.zone"; masters { 1.1.1.19; }; allow-transfer { none; }; }; |
验证从服务器同步:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
[root@MASTER zones]# cat t4x.org.zone $TTL 60 @ IN SOA ns1.t4x.org. admin.t4x.org. ( 2015050703 ; serial IN NS ns1 IN NS ns2.t4x.org. IN A 1.1.1.19 ns1 IN A 1.1.1.19 test IN CNAME www 23 21:43:21 MASTER named[38968]: client 1.1.1.20#35403 (t4x.org): transfer of 't4x.org/IN': AXFR-style IXFR started 23 21:43:21 MASTER named[38968]: client 1.1.1.20#35403 (t4x.org): transfer of 't4x.org/IN': AXFR-style IXFR ended 23 21:43:21 MASTER named[38968]: client 1.1.1.20#58007: received notify for zone 't4x.org' [root@Slave named]# /usr/local/named/sbin/named-compilezone -f raw -F text -o /tmp/t4x.org.txt t4x.org /var/named/slaves/t4x.org.zone zone t4x.org/IN: loaded serial 2015050703 [root@Slave named]# cat /tmp/t4x.org.txt t4x.org. 60 IN SOA ns1.t4x.org. admin.t4x.org. 2015050703 86400 3600 604800 10800 t4x.org. 60 IN NS ns1.t4x.org. t4x.org. 60 IN NS ns2.t4x.org. t4x.org. 60 IN A 1.1.1.19 bbs.t4x.org. 60 IN A 192.168.1.92 blog.t4x.org. 60 IN CNAME note.t4x.org. ns1.t4x.org. 60 IN A 1.1.1.19 ns2.t4x.org. 60 IN A 1.1.1.20 qwer.t4x.org. 60 IN A 1.2.3.4 test.t4x.org. 60 IN CNAME note.t4x.org. note.t4x.org. 60 IN A 192.168.1.19 23 21:43:21 Slave named[25033]: transfer of 't4x.org/IN' from 1.1.1.19#53: connected using 1.1.1.20#35403 23 21:43:21 Slave named[25033]: zone t4x.org/IN: transferred serial 2015050703 23 21:43:21 Slave named[25033]: transfer of 't4x.org/IN' from 1.1.1.19#53: Transfer status: success 23 21:43:21 Slave named[25033]: transfer of 't4x.org/IN' from 1.1.1.19#53: Transfer completed: 1 messages, 12 records, 298 bytes, 0.002 secs (149000 bytes/sec) 23 21:43:21 Slave named[25033]: zone t4x.org/IN: sending notifies (serial 2015050703) [root@MASTER zones]# tail -3 t4x.org.zone q IN A 11.11.111.11 a.q IN A 22.22.22.22 b.q IN A 33.33.33.33 [root@MASTER zones]# head -3 /var/named/zones/t4x.org.zone 2015050704 ; serial [root@MASTER zones]# /usr/local/named/sbin/rndc reload [root@Slave etc]# /usr/local/named/sbin/named-compilezone -f raw -F text -o /tmp/t4x.org.txt t4x.org /var/named/slaves/t4x.org.zone zone t4x.org/IN: loaded serial 2015050704 dump zone to /tmp/t4x.org.txt...done OK [root@Slave etc]# cat /tmp/t4x.org.txt t4x.org. 60 IN SOA ns1.t4x.org.t4x.org. admin.t4x.org. 2015050704 86400 3600 604800 10800 t4x.org. 60 IN NS ns1.t4x.org. t4x.org. 60 IN NS ns2.t4x.org. t4x.org. 60 IN A 1.1.1.19 bbs.t4x.org. 60 IN A 192.168.1.92 blog.t4x.org. 60 IN CNAME note.t4x.org. ns1.t4x.org. 60 IN A 1.1.1.19 ns2.t4x.org. 60 IN A 1.1.1.20 q.t4x.org. 60 IN A 11.11.111.11 a.q.t4x.org. 60 IN A 22.22.22.22 b.q.t4x.org. 60 IN A 33.33.33.33 qwer.t4x.org. 60 IN A 1.2.3.4 test.t4x.org. 60 IN CNAME note.t4x.org. note.t4x.org. 60 IN A 192.168.1.19 |
yum版本编译参数:
|
0 |
--build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-libtool --localstatedir=/var --enable-threads --enable-ipv6 --enable-filter-aaaa --with-pic --disable-static --disable-openssl-version-check --enable-rpz-nsip --enable-rpz-nsdname --with-dlopen=yes --with-dlz-ldap=yes --with-dlz-postgres=yes --with-dlz-mysql=yes --with-dlz-filesystem=yes --with-gssapi=yes --disable-isc-spnego --with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets --enable-fixed-rrset build_alias=x86_64-redhat-linux-gnu host_alias=x86_64-redhat-linux-gnu target_alias=x86_64-redhat-linux-gnu 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' |
启动脚本:{使用yum版本的脚本,稍作修改}
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 |
[root@MASTER init.d]# cat named #!/bin/bash # # named This shell script takes care of starting and stopping # named (BIND DNS server). # # chkconfig: - 13 87 # description: named (BIND) is a Domain Name Server (DNS) \ # that is used to resolve host names to IP addresses. # probe: true ### BEGIN INIT INFO # Provides: $named # Required-Start: $local_fs $network $syslog # Required-Stop: $local_fs $network $syslog # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: start|stop|status|restart|try-restart|reload|force-reload DNS server # Description: control ISC BIND implementation of DNS server ### END INIT INFO # Source function library. . /etc/rc.d/init.d/functions [ -r /etc/sysconfig/named ] && . /etc/sysconfig/named RETVAL=0 export KRB5_KTNAME=${KEYTAB_FILE:-/etc/named.keytab} named='named' #if [ -x /usr/sbin/named-sdb ]; then # named='named-sdb' #fi # Don't kill named during clean-up NAMED_SHUTDOWN_TIMEOUT=${NAMED_SHUTDOWN_TIMEOUT:-25} if [ -n "$ROOTDIR" ]; then ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`; rdl=`/usr/bin/readlink $ROOTDIR`; if [ -n "$rdl" ]; then ROOTDIR="$rdl"; fi; fi PIDFILE="/usr/local/named/var/run/named/named.pid" ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key' umount_chroot_conf() { if [ -n "$ROOTDIR" ]; then for all in $ROOTDIR_MOUNT; do # Check if file is mount target. Do not use /proc/mounts because detecting # of modified mounted files can fail. if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then umount "$ROOTDIR$all" # Remove temporary created files [ -f "$all" ] && rm -f "$ROOTDIR$all" fi done fi } check_pidfile() { PID="`pidofproc -p "$ROOTDIR$PIDFILE" "$named"`" if [ -n "$PID" ] && [ "`ps -p "$PID" --no-headers -o comm`" != "$named" ]; then rm -f $ROOTDIR$PIDFILE &> /dev/null fi } pidofnamed() { pidofproc -p "$ROOTDIR$PIDFILE" "$named"; } # Check if all what named needs running start() { [ "$EUID" != "0" ] && exit 4 # Source networking configuration. [ -r /etc/sysconfig/network ] && . /etc/sysconfig/network # Check that networking is up # [ "${NETWORKING}" = "no" ] && exit 1 # [ -x /usr/sbin/"$named" ] || exit 5 if [ ! -s /usr/local/named/etc/rndc.key -a ! -s /usr/local/named/etc/rndc.conf ]; then # Generate rndc.key if doesn't exist AND there is no rndc.conf echo -n $"Generating /usr/local/named/etc/rndc.key:" if /usr/local/named/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then chmod 640 /usr/local/named/etc/rndc.key chown root.named /usr/local/named/etc/rndc.key [ -x /sbin/restorecon ] && /sbin/restorecon /usr/local/named/etc/rndc.key success $"/usr/local/named/etc/rndc.key generation" echo else failure $"/usr/local/named/etc/rndc.key generation" echo fi fi # Handle -c option previous_option='unspecified'; for a in $OPTIONS; do if [ $previous_option = '-c' ]; then named_conf=$a; fi; previous_option=$a; done; named_conf=${named_conf:-/usr/local/named/etc/named.conf}; # check if named is running before mounting files/dirs echo -n $"Starting named: " check_pidfile if [ -n "`pidofnamed`" ]; then echo -n $"named: already running" success echo exit 0; fi; if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then OPTIONS="${OPTIONS} -t ${ROOTDIR}" ckcf_options="$ckcf_options -t ${ROOTDIR}"; [ -s /etc/localtime ] && cp -fp /etc/localtime ${ROOTDIR}/etc/localtime; fi RETVAL=0 # check if configuration is correct if [ -x /usr/local/named/sbin/named-checkconf ] && [ -x /usr/local/named/sbin/named-checkzone ] && /usr/local/named/sbin/named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then daemon --pidfile "$ROOTDIR$PIDFILE" /usr/local/named/sbin/"$named" -4u named ${OPTIONS}; RETVAL=$? if [ $RETVAL -eq 0 ]; then rm -f /var/run/{named,named-sdb}.pid; ln -s "$ROOTDIR$PIDFILE" /var/run/"$named".pid; fi; else named_err="`/usr/local/named/sbin/named-checkconf $ckcf_options $named_conf 2>&1`"; echo echo "Error in named configuration:"; echo "$named_err"; failure echo [ -x /usr/bin/logger ] && echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed; umount_chroot_conf exit 2; fi; echo if [ $RETVAL -eq 0 ]; then touch /var/lock/subsys/named; else umount_chroot_conf exit 7; fi return 0; } stop() { [ "$EUID" != "0" ] && exit 4 # Stop daemons. echo -n $"Stopping named: " check_pidfile [ -x /usr/sbin/rndc ] && /usr/sbin/rndc stop >/dev/null 2>&1; RETVAL=$? # was rndc successful? [ "$RETVAL" -eq 0 ] || \ killproc -p "$ROOTDIR$PIDFILE" "$named" -TERM >/dev/null 2>&1 timeout=0 RETVAL=0 while pidofnamed &>/dev/null; do if [ $timeout -ge $NAMED_SHUTDOWN_TIMEOUT ]; then RETVAL=1 break else sleep 2 && echo -n "." timeout=$((timeout+2)) fi; done umount_chroot_conf # remove pid files if [ $RETVAL -eq 0 ]; then rm -f /var/lock/subsys/named rm -f /var/run/{named,named-sdb}.pid fi; if [ $RETVAL -eq 0 ]; then success else failure RETVAL=1 fi; echo return $RETVAL } rhstatus() { [ -x /usr/sbin/rndc ] && /usr/sbin/rndc status; check_pidfile status -p "$ROOTDIR$PIDFILE" -l named /usr/sbin/"$named"; return $? } restart() { stop start } reload() { [ "$EUID" != "0" ] && exit echo -n $"Reloading "$named": " check_pidfile p=`pidofnamed` RETVAL=$? if [ "$RETVAL" -eq 0 ]; then /usr/sbin/rndc reload >/dev/null 2>&1 || /bin/kill -HUP $p; RETVAL=$? fi [ "$RETVAL" -eq 0 ] && success $"$named reload" || failure $"$named reload" echo return $RETVAL } checkconfig() { ckcf_options='-z'; if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then ckcf_options="$ckcf_options -t ${ROOTDIR}"; if ! [ -e "$ROOTDIR/$PIDFILE" ]; then mount_chroot_conf fi fi; if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} ; then RETVAL=0 else RETVAL=1 fi if ! [ -e "$ROOTDIR/$PIDFILE" ]; then umount_chroot_conf fi return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) rhstatus; RETVAL=$? ;; restart) restart ;; condrestart|try-restart) if [ -e /var/lock/subsys/named ]; then restart; fi ;; reload) reload ;; force-reload) if ! reload; then restart; fi ;; checkconfig|configtest|check|test) checkconfig RETVAL=$? ;; *) echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}" [ "x$1" = "x" ] && exit 0 exit 2 esac exit $RETVAL |
参考文档:
1:https://www.isc.org/downloads/
2:ftp://ftp.isc.org/isc/bind9/9.9.8/doc/arm/Bv9ARM.pdf
3:https://note.t4x.org/system/centos-bind-config/
4:https://note.t4x.org/system/bind-configuring-advanced/
5:https://note.t4x.org/system/bind-dns-problems/
6:http://blog.kissdata.com/2014/07/10/ubuntu-dns-bind.htmlSourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-bases/
SourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-bases/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
