国产一级a片免费看高清,亚洲熟女中文字幕在线视频,黄三级高清在线播放,免费黄色视频在线看

Bind9 安裝設(shè)置指南

你可以免費(fèi):

拷貝、分發(fā)、呈現(xiàn)和表演當(dāng)前作品

制作派生作品

是必須基于以下條款:

署名。你必須明確標(biāo)明作者的名字。.

非商業(yè)用途。 你不可將當(dāng)前作品用于商業(yè)目的。

保持一致。 如果你基于當(dāng)前作品更改、變換或構(gòu)造新作品,你應(yīng)當(dāng)按

照與當(dāng)前協(xié)議完全相同的協(xié)議分發(fā)最終作品。

對(duì)于任何二次使用或分發(fā),你必須讓其他人明確當(dāng)前作品的授權(quán)條

款

在得到作者的明確允許下,這里的某些條款可以放棄

目錄

[隱藏]

1 HOWTO Setup BIND9 DNS Server (如何安裝設(shè)置 Bind9 DNS

服務(wù)器)

o 1.1 Repositories 軟件庫

o 1.2 Installing BIND9 (安裝 BIND9)

o

1.3 BIND9 Scenarios

1.3.1 Caching Server(緩沖服務(wù)器)

1.3.2 Master Server(主服務(wù)器)

1.3.3 Slave Server(從服務(wù)器)

1.3.4 Hybrids(混和模式)

1.3.5 Stealth Servers(私密服務(wù)器)

1.4 DNS Record Types(DNS 記錄類型)

1.4.1 Address Records(地址記錄)

1.4.2 Alias Records(別名記錄)

1.4.3 Mail Exchange Records(郵件交換記錄)

1.4.4 Name Server Records(域名服務(wù)器記錄)

o

o 1.5 Configuring BIND9(配置 BIND9)

         1.5.1 Caching Server(緩沖服務(wù)器)

                         1.5.2 Master Server(主服務(wù)器)

                                     1.5.3 Slave Server(從服務(wù)器)

o 1.6 Chrooting BIND9

  1.6.1 The Chroot Enviroment(Chroot 環(huán)境)

           1.6.2 BIND9's Configuration(BIND9 的配置)

1.6.3 Ubuntu's syslogd Daemon Configuration

(Ubuntu 的 syslogd 守護(hù)進(jìn)程配置)

1.6.4 Restart the syslog server and BIND9(重啟

syslog 服務(wù)及 BIND9)

1.7 Starting, Stopping, and Restarting BIND9(開始、停止

和重啟 BIND9)

1.7.1 Status(狀態(tài))

1.8 Tips & Tricks(提示與技巧)

1.9 Additional Possibilities(附加功能)

1.10 Further Information(更多信息)

1.10.1 Online Recources(在線資源)

1.10.2 Printed Resources(印刷資源)

o

o

o

o

[編輯]HOWTO

服務(wù)器)

原文出處:

原文作者:

Setup BIND9 DNS Server (如何安裝設(shè)置 Bind9 DNS

授權(quán)許可:

創(chuàng)作共享協(xié)議 Attribution-ShareAlike 2.0

GNU 自由文檔許可證

翻譯人員:FireHare

校正人員:purewind

貢獻(xiàn)人員:

適用版本:

本指南是寫給那些想學(xué)習(xí)如何配置和維護(hù) DNS 服務(wù)器的人,例如為某個(gè)網(wǎng)絡(luò)或者 DNS zones(DNS 域)

提供 Domain Name(域名)服務(wù)

[編輯]Repositories

軟件庫

BIND9 已經(jīng)包含在 Ubuntu 核心庫中,BIND9 并不需要啟用其它附加庫。

在我們開始之前,您應(yīng)該熟悉 RootSudo。

[編輯]Installing

BIND9 (安裝 BIND9)

The Server

服務(wù)器

$ sudo apt-get install bind9

Useful Tools (For Testing)

有用的工具(測(cè)試用)

$ sudo apt-get install bind9-host dnsutils

Documentation (Optional)

文檔(可選)

$ sudo apt-get install bind9-doc

[編輯]BIND9

Scenarios

There are many setups BIND9 may be configured.

BIND9 可以安裝配置成許多類型。

The most useful setups are: 最常用的配置有:

[編輯]Caching Server(緩沖服務(wù)器)

This can be useful for a broadband connection to a host or small network. By caching DNS

queries, you reduce the bandwidth used and (hopefully) reducing your bandwidth used (and

hopefully even your broadband bill!).

這對(duì)于寬帶連接的主機(jī)或小網(wǎng)絡(luò)來說是有用的。通過緩沖 DNS 隊(duì)列,您可以減少帶寬的消耗,或者說有

望減少您帶寬的使用(甚至有望減少您寬帶費(fèi)用)。

[編輯]Master Server(主服務(wù)器)

BIND9 can be used to serve DNS records (groups of records are referred to as zones) for a

registered domain name or an imaginary one (but only if used on a restricted network)

BIND9 可以用于為已注冊(cè)或虛擬的(僅用于受限網(wǎng)絡(luò)中)域名提供 DNS 記錄(指向域的記錄組)。

[編輯]Slave Server(從服務(wù)器)

A slave DNS server is used to complement a Master DNS server by serving a copy of the

zone(s) configured on the Master server. Slave servers are recommended in larger setups

(larger networks or on the internet) if you intend to power a registered domain name, since

they ensure that your DNS zone is still available, even if your Master server is not online.

從服務(wù)器用于提供一個(gè)在主服務(wù)器中配置域的完整備份。如果您想要支持一個(gè)注冊(cè)的域名,建議將從服務(wù)

器用在較大的機(jī)構(gòu)(較大的網(wǎng)絡(luò)或在因特網(wǎng)上)。因?yàn)檫@樣做可以確保您的 DNS 域甚至在您主服務(wù)器沒

有在線的情況下依然可用。

[編輯]Hybrids(混和模式)

You can even configure BIND9 to be a Caching and Master DNS server simultaneously, a

Caching and a Slave server or even a Caching, Master and Slave server. All that is required is

simply combining the differnet configuration examples from this document.

您甚至可以將 BIND9 同時(shí)配置成一個(gè)緩沖和主服務(wù)器,一個(gè)緩沖服務(wù)器和一個(gè)從服務(wù)器,甚至是一個(gè)緩

沖、主、從服務(wù)器。而所有這一切只需將本文檔中不同配置簡單的合并在一起就可以了。 What's this?

[編輯]Stealth Servers(私密服務(wù)器)

There are also two other common DNS server setups (used when working with zones for

registered domain names), Stealth Master and Stealth Slave. These are effectively the same

as Master and Slave DNS servers, but with a slight organisational difference.

還有另外兩種常用的 DNS 服務(wù)器的安裝(使用注冊(cè)域名運(yùn)行):私有主服務(wù)器和私有從服務(wù)器。它們的

作用與主、從 DNS 服務(wù)是相同的,但在組織結(jié)構(gòu)上有所不同。

For example, you have 3 DNS servers; A, B and C.

例如,您有 3 個(gè) DNS 服務(wù)器:A、B 和 C。

A is the Master, B and C are slaves.

A 是主服務(wù)器,B 和 C 是從服務(wù)器。

If you configure your registered domain to use A and B as your domain's DNS servers, then

C is a Stealth Slave. It's still a slave, but it's not going to be asked about the zone you are

serving to the internet from A and B

如果您將 A 和 B 配置成您的域 DNS 服務(wù)器,然后 C 是一個(gè)私密從服務(wù)器。它也是個(gè)從服務(wù)器,但您

為互聯(lián)網(wǎng)提供服務(wù)的 A 和 B 不會(huì)去詢問其中的域。

If you configure your registerd domain to use B and C as your domain's DNS servers, then A

is a stealth master. Any additional records or edits to the zone are done on A, but computers

on the internet will only ever ask B and C about the zone.

如果您將 B 和 C 配置成您的域 DNS 服務(wù)器,然后 A 是一個(gè)私密主服務(wù)器。任何附加的記錄或?qū)^(qū)域

的編輯都做在 A 上,但在互聯(lián)網(wǎng)上的計(jì)算機(jī)只會(huì)詢問 B 和 C 中的域。

[編輯]DNS

Record Types(DNS 記錄類型)

There are lots of different DNS record types, but for a someone reading this document, you

need only deal with these record types

DNS 記錄類型是有很多不同的,但對(duì)于閱讀本文檔的人來說,您只需要處理以下這些記錄類型

[編輯]Address Records(地址記錄)

The most commonly used type of record.

最常用的記錄類型

www

IN

A

1.2.3.4

[編輯]Alias Records(別名記錄)

Used to create an alias from an existing A record. You cannot create a CNAME record pointing

to another CNAME record.

常用于為一個(gè)已有的 A 記錄創(chuàng)建別名。您不能創(chuàng)建一個(gè) CNAME 記錄指向另一個(gè) CNAME 記錄。

mail IN CNAME www

www IN A 1.2.3.4

[編輯]Mail Exchange Records(郵件交換記錄)

Used to define where email should be sent to. Must point to an A record, not a CNAME.

常用于定義郵件發(fā)往何處。必須指向一個(gè) A 記錄,不能是 CNAME。

IN

MX

mail.example.com.

[...]

mail

IN

A

1.2.3.4

[編輯]Name Server Records(域名服務(wù)器記錄)

Used to define which servers serve copies of this zone. It must point to an A record, not a

CNAME.

常用于定義哪個(gè)服務(wù)器提供該區(qū)域的拷貝。它必須指向一個(gè) A 記錄,不能是 CNAME。

This is where Master and Slave servers are definied. Stealth servers are intentionally omitted.

這是定義主、從服務(wù)器的地方。私密服務(wù)器被有意省略。

IN

NS

ns.example.com.

[...]

ns

IN

A

1.2.3.4

[編輯]Configuring

BIND9(配置 BIND9)

BIND9 Configuration files are stored in

BIND9 配置文件被保存在

/etc/bind/

The main configuration is stored in the following files

主配置文件被保存在下列文件中

/etc/bind/named.conf

/etc/bind/named.conf.options

/etc/bind/named.conf.local

[編輯]Caching Server(緩沖服務(wù)器)

The default configuration is setup to act as a caching server by default.

缺省狀態(tài)下默認(rèn)是當(dāng)作緩沖服務(wù)器來配置安裝的。

All that is required is simply adding the IP numbers of your ISP's DNS servers.

所有的要求只是簡單的添加您 ISP 的 DNS 服務(wù)器的 IP 而已。

Simply uncomment and edit the following:

只需反注釋并編輯下列內(nèi)容:

named.conf.options:

[...]

forwarders {

1.2.3.4;

5.6.7.8;

};

[...]

(where 1.2.3.4 and 5.6.7.8 are the IP numbers of your ISP's DNS servers)

(其中 1.2.3.4 和 5.6.7.8 是您 ISP 商 DNS 服務(wù)器的 IP。

[編輯]Master Server(主服務(wù)器)

To add a DNS zone to BIND9, turning BIND9 into a Master server, all you simply have to do

is:

要添加 DNS 域到 BIND9,讓 BIND9 成為主服務(wù)器,您只需如下所示:

named.conf.local:

[...]

zone "example.com" {

type master;

file "/etc/bind/db.example.com";

};

[...]

Now use an existing zone file as a template

現(xiàn)在使用一個(gè)已有域文件作為模板

$ sudo cp /etc/bind/db.local /etc/bind/db.example.com

Now, to edit our zone

現(xiàn)在,編輯我們的域

db.example.com:

;

; BIND data file for local loopback interface

;

$TTL 604800

@ IN

1

604800

86400

SOA

localhost. root.localhost. (

; Serial

; Refresh

; Retry

2419200

; Expire

604800 )

; Negative Cache TTL

;

@ IN NS localhost.

@ IN A 127.0.0.1

localhost. to the FQDN of your server, with an additional "." at the end.

編輯 localhost. 指向您服務(wù)器的 FQDN,在其后有一個(gè)附加的 "."。

Edit

Eg:

例如:

db.example.com:

;

; BIND data file for local loopback interface

;

$TTL 604800

@ IN

1

SOA

box.example.com. root.localhost. (

; Serial

604800

; Refresh

86400

; Retry

2419200

; Expire

604800 )

; Negative Cache TTL

;

@ IN NS localhost.

@ IN A 127.0.0.1

Edit

root.localhost to be your email address, but with a "." instead of the "@", and another

"." at the end.

編輯

root.localhost 指向你的郵件地址,不過要用 "." 代替 "@",另一個(gè) "." 放在末尾。

Eg:

例如:

johndoe@exmaple.com should be added as johndoe.example.com.

johndoe@exmaple.com 將使用 johndoe.example.com. 的形式添加。

Increment the Serial number (you must increment the serial number for every time you make

any changes to the zone file and reload the zone by restarting BIND9. If you make multiple

changes before restarting BIND9, simply increment the serial once.

增加序列號(hào)(您必須在您每次對(duì)域文件做更改并通過重啟 BIND9 重新引導(dǎo)域時(shí)增加您的序列號(hào)。如果您

在重啟 BIND9 之前做了多處改變,只需增加一次序列號(hào)即可)。

Tip: Many people like to use the last date edited as the serial of a zone, such

as

2005010100 which is yyyymmddss (where s is serial)

技巧:許多人喜歡使用最新的日期作為域的序列號(hào),例如以 yyyymmddss 的形式

2005010100 。

Now, you can add DNS records to the bottom of the zone. Do remember to increment the

serial as you add entries though.

現(xiàn)在,您可以將 DNS 記錄添加在域的底部。記住在您添加條目之后要增加序列號(hào)。

[編輯]Slave Server(從服務(wù)器)

First, on the master server, you have to allow the zone transfer. The sample zone definition

/etc/bind/named.conf.local should like this:

首先,在主服務(wù)器上,您必須允許域可以傳輸。這個(gè)在 /etc/bind/named.conf.local 中域定義的示

in

例如下所示:

[...]

zone "example.com" {

type master;

file "/etc/bind/db.example.com";

allow-transfer {

@ip_slave;

};

};

[...]

On the slave, you have to proceed to the same installation that was done on the master. Then

/etc/bind/named.conf.localand add the following declaration for the zone:

在從服務(wù)器上,

您還必須象主服務(wù)器上一樣做同樣處理。

然后編輯 /etc/bind/named.conf.local 并

edit the

為域添加下列聲明:

[...]

zone "example.com" {

type slave;

file "/etc/bind/db.example.com";

masters { @ip_master; };

};

[...]

Restart the server, you should see in

重啟服務(wù)器,您將在

/var/log/syslog something like:

/var/log/syslog 類似下面的提示:

syslog.5.gz:May 14 23:33:53 smith named[5064]: zone example.com/IN: transferred serial

2006051401

syslog.5.gz:May 14 23:33:53 smith named[5064]: transfer of 'example.com/IN' from 10.0.0.202#53:

end of transfer

[編輯]Chrooting

BIND9

Chrooting BIND9 is a recommended setup from a security perspective. In a chroot

enviroment, BIND9 has access to all the files and hardware devices it needs, but is unable to

access anything it should not need.

Chrooting BIND9 從安全角度來說是被推薦的安裝。在 chroot 環(huán)境中,BIND9 可以訪問所有它所需

的文件和硬件,但不能訪問它所不需要的。

To chroot BIND9, simply create a chroot enviroment for it and add the additional

configuration below

要 chroot BIND9,只需為它創(chuàng)建一個(gè) chroot 環(huán)境并在下面添加額外配置。

[編輯]The Chroot Enviroment(Chroot 環(huán)境)

Create the following directory structure

創(chuàng)建下面目錄結(jié)構(gòu)

$ sudo mkdir -p /chroot/named

$ cd /chroot/named

$ sudo mkdir -p dev etc/namedb/slave var/run

Set permissions for chroot environment

為 chroot 環(huán)境設(shè)置權(quán)限

$ sudo chown root:root /chroot

$ sudo chmod 700 /chroot

$ sudo chown bind:bind /chroot/named

$ sudo chmod 700 /chroot/named

Create or move the bind configuration file.

創(chuàng)建或移動(dòng) bind 配置文件。

$ sudo touch /chroot/named/etc/named.conf

or

或

$ sudo cp /etc/named.conf /chroot/named/etc

Give write permissions to the user bind for /chroot/named/etc/namedb/slave directory.

將 /chroot/named/etc/namedb/slave 目錄的寫權(quán)限賦予 bind 用戶。

$sudo chown bind:bind /chroot/named/etc/namedb/slave

This is where the files for all slave zones will be kept. This increases security, by stopping the

ability of an attacker to edit any of your master zone files if they do gain access as the bind

user. Accordingly, all slave file names in the /chroot/named/etc/named.conf file will need to

have directory names that designate the slave directory. An example zone definition is listed

below.

所有的從域?qū)⒎胖迷诖颂?。這樣可以增強(qiáng)安全性,如果攻擊者得到了 bind 用戶的權(quán)限,他們也沒有辦法

修改您的主域文件。因此在 /chroot/named/etc/named.conf 文件中的所有的從文件名都必須帶著指

向從目錄的目錄名。下面列出了一個(gè)域定義的示例:

zone “my.zone.com.” {

type slave;

file “slaves/my.zone.com.dns”;

masters {

10.1.1.10;

};

};

Create the devices BIND9 requires

創(chuàng)建 BIND9 的環(huán)境

$ sudo mknod /chroot/named/dev/null c 1 3

$ sudo mknod /chroot/named/dev/random c 1 8

Give the user bind access to the /chroot/named/var/run directory that will be used to strore

PID and statistical data.

給 bind 用戶訪問 /chroot/named/var/run 目錄的權(quán)限,該目錄用于保存 PID 和狀態(tài)數(shù)據(jù)

$ sudo chown bind:bind /chroot/named/var/run

[編輯]BIND9's Configuration(BIND9 的配置)

Edit the bind startup options found in /etc/default/bind9. Change the line the reads:

在 /etc/default/bind9 中編輯 bind 啟動(dòng)選項(xiàng)。原來選項(xiàng)如下:

/etc/default/bind9:

OPTIONS=”-u bind”

So that it reads

現(xiàn)在改為

/etc/default/bind9:

OPTIONS="-u bind -t /var/named -t /chroot/named -c /etc/named.conf"

The -t option changes the root directory from which bind operates to be /chroot/named. The

-c option tells Bind that the configuration file is located at /etc/named.conf. Remember that

this path is relative to the root set by -t.

選項(xiàng) -t 將 bind 操作的根目錄改成 /chroot/named,選項(xiàng) -c 則告訴 bind 配置文件在

/etc/named.conf。記住用 -t 設(shè)置的是相對(duì)路徑。

The named.conf file must also recieve extra options in order to run correctly below is a

minimal set of options:

named.conf 文件也必須接受額外的選項(xiàng)以便正常運(yùn)行,下面是最小的選項(xiàng)集:

/chroot/named/etc/named.conf:

options {

directory "/etc/namedb";

pid-file "/var/run/named.pid";

statistics-file "/var/run/named.stats";

};

[編輯]Ubuntu's syslogd Daemon Configuration(Ubuntu 的 syslogd 守護(hù)進(jìn)程配置)

/etc/init.d/sysklogd:

[...]

SYSLOGD="-u syslog -a /chroot/named/dev/log"

[...]

(Author Note: Check this config)

(注意:檢查該配置)

[編輯]Restart the syslog server and BIND9(重啟 syslog 服務(wù)及 BIND9)

$ sudo /etc/init.d/sysklogd restart

$ sudo /etc/init.d/bind9 restart

At this point you should check /var/log/messages for any errors that may have been thrown

by bind.

這里,您要檢查 /var/log/messages 是否有 bind 引起的錯(cuò)誤。

[編輯]Starting,

Stopping, and Restarting BIND9(開始、停止和重啟 BIND9)

Use the following command to start BIND9 :

使用下列命令開始 BIND9:

$ sudo /etc/init.d/bind9 start

To stop it, use :

停止它,使用:

$ sudo /etc/init.d/bind9 stop

Finally, to restart it, run

最后,要重啟它,運(yùn)行:

$ sudo /etc/init.d/bind9 restart

[編輯]Status(狀態(tài))

To check the status of your BIND9 installation:

要檢查您的 BIND9 安裝狀態(tài):

$ host $record localhost

or

或

$ dig $record @localhost

(where localhost is the system you are setting BIND9 up on. If not localhost, use the

appropriate IP number.) (在這里 localhost 是您安裝 BIND9 的系統(tǒng)。如果不要 localhost,那么

使用適當(dāng)?shù)?IP 地址。)

[編輯]Tips

& Tricks(提示與技巧)

[編輯]Additional

Possibilities(附加功能)

You can monitor your BIND9 server usage by installing the bindgraph package from the

Universe (To enable Universe - see AddingRepositoriesHowto) and following configuration

details as outlined in bindgraph's README documents

您可以從 Universe 庫中安裝 bindgraph 包(要激活 Universe 庫 - 請(qǐng)參見

AddingRepositoriesHowto),并用它來監(jiān)視您的 BIND9 服務(wù)器的使用,配置細(xì)節(jié)可以在 bindgraph

README 文檔中找到。

[編輯]Further

Information(更多信息)

[編輯]Online Recources(在線資源)

"ISC's BIND9 Manual"

TLDP's "DNS HOWTO" (For General Overview)

"Chroot BIND Howto"

[編輯]Printed Resources(印刷資源)

"DNS & BIND" - Paul Albitz & Cricket Liu - 4th Editi

本站僅提供存儲(chǔ)服務(wù)，所有內(nèi)容均由用戶發(fā)布，如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請(qǐng)點(diǎn)擊舉報(bào)。