centos7下编译安装bind9.17.6版本,配合GeoIP支持分地域智能DNS解析
测试环境:centos7,ip地址为,公网IP,先打开dns的防火墙
yum update -y
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=953/udp --permanent
firewall-cmd --reload安装必备组件
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh epel-release-latest-7.noarch.rpm
yum install -y libuv libuv-devel pcre-devel zlib-devel gcc gcc-c++ autoconf automake make pcre-devel zlib-devel openssl-devel openldap-devel unixODBC-devel gcc libtool openssl libmaxminddb libmaxminddb-devel libnghttp* libcap*下载安装bind9.17.6,可以到bind9官方去下载最新版本,官网地址
wget http://ftp.isc.org/isc/bind9/9.17.6/bind-9.17.6.tar.xz
tar -Jxvf bind-9.17.6.tar.xz
cd bind-9.17.6
./configure --prefix=/usr/local/bind --enable-threads --enable-largefile --disable-ipv6 --with-openssl --with-libtool --disable-chroot --disable-static --with-maxminddb
make&&make install创建bind运行用户组使其运行在用户模式下,增强安全性
useradd -s /sbin/nologin -M named
mkdir /usr/local/bind/log/
chown -R named:named /usr/local/bind/加入环境变量
echo "export PATH=${PATH}:/usr/local/bind/sbin/:/usr/local/bind/bin/" >> /etc/profile
source /etc/profile生成配置文件
cd /usr/local/bind/sbin/
./rndc-confgen > /usr/local/bind/etc/rndc.conf
cd /usr/local/bind/etc
tail -10 rndc.conf | head -9 | sed -e s/#\ //g > named.conf下载ca文件
wget http://www.internic.net/domain/named.root下载GeoIP文件,更新时间为2020.10.20
cd /usr/local/bind
mkdir -p geoip
cd geoip
wget http://source.loshub.com/linux/GeoIP/GeoLite2-Country.mmdb
wget http://source.loshub.com/linux/GeoIP/GeoLite2-City.mmdb
wget http://source.loshub.com/linux/GeoIP/GeoLite2-ASN.mmdb
chown -R named:named /usr/local/bind/ 编辑配置文件,
cd /usr/local/bind/etc在named.conf文件的最新下加入 GeoIP说明
options {
directory "/usr/local/bind/etc";
pid-file "named.pid";
geoip-directory "/usr/local/bind/geoip";
}; 创建域名zones文件夹
mkdir -p /usr/local/bind/etc/zones在named.conf文件的最新下加入,一个是美国解析到美国,一个是默认解析。
acl "unitedstates" {
geoip country US;
};
view "unitedstates" {
match-clients { unitedstates; };
zone "loshub.com" {
file "zones/us";
type master;
};
};
view "default" {
zone "loshub.com" {
file "zones/de";
type master;
};
}; 创建zones/us文件,解析到美国的文件
$TTL 3H
@ IN SOA root root (
20 ; serial
300 ; refresh
200 ; retry
900 ; expire
3H ) ; minimum
@ NS ns.loshub.cyou.#注意是你的服务器的ip的解析网址
www.loshub.com. A 10.2.2.2创建zones/de文件,解析到默认的文件
$TTL 3H
@ IN SOA root root (
20 ; serial
300 ; refresh
200 ; retry
900 ; expire
3H ) ; minimum
@ NS ns.loshub.cyou.#注意是你的服务器的ip的解析网址
www.loshub.com. A 10.2.1.2测试启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named看有无报错
后台启动
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -f -g -u named & 停止方法
/usr/local/bind/sbin/rndc stop加入系统启动,创建/lib/systemd/system/named.service文件,输入以下代码
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service
[Service]
Type=forking
ExecStart=/usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf -u named
ExecReload=/usr/local/bind/sbin/rndc reload
ExecStop=/usr/local/bind/sbin/rndc stop
[Install]
WantedBy=multi-user.target保存退出,创建软连
ln -s /lib/systemd/system/named.service /etc/systemd/system/multi-user.target.wants/named载入启动
systemctl daemon-reload启动named
systemctl start named停止
systemctl stop named加入系统启动
systemctl enable named 完成
版权申明
本文系作者 @天边的云 原创发布在Loshub站点。未经许可,禁止转载。
暂无评论数据