Windows XP 上安装 Bind9 DNS 服务器笔记
1,从 https://www.isc.org/downloadables/11 下载得到 BIND9.6.0-P1.zip
2,解压,运行 BindInstall.exe ,安装位置不变,服务的账户名为 named 不变,密码随便设置,我设置的是 123456 。下面的三个选项勾选前两个即可。点击 Install,如图:
Bind9 安装界面
3,开 Cmd ,转到 C:\Windows\system32\dns\bin 目录下,运行 rndc-confgen.exe 产生默认的配置文件
>rndc-confgen.exe > temp.conf
>cat temp.conf
# Start of rndc.conf
key “rndc-key” {
algorithm hmac-md5;
secret “GnEDdo4iFTiPxEfvQJYE/Q==”;
};options {
default-key “rndc-key”;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf# Use with the following in named.conf, adjusting the allow list as needed:
# key “rndc-key” {
# algorithm hmac-md5;
# secret “GnEDdo4iFTiPxEfvQJYE/Q==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { “rndc-key”; };
# };
# End of named.conf
4,在 C:\Windows\System32\dns\etc\ 目录下建立 rndc.conf 文件,把刚才生成的 temp.conf 的前半部分复制到里面
>cat rndc.conf
# Start of rndc.conf
key “rndc-key” {
algorithm hmac-md5;
secret “khlj1YwaAoj7PuH+zFpkJA==”;
};options {
default-key “rndc-key”;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
5,在 C:\Windows\System32\dns\etc\ 目录下建立 named.conf 文件,把刚才生成的 temp.conf 的后半部分复制到里面,并修改为如下样式
>cat named.conf
options {
forwarders {
202.112.14.151;
218.6.200.139;
208.67.222.222;
202.112.14.161;
61.139.2.69;
208.67.220.220;
};
allow-query {
any;
};
allow-transfer {
any;
};
};key “rndc-key” {
algorithm hmac-md5;
secret “GnEDdo4iFTiPxEfvQJYE/Q==”;
};controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
};zone “.” {
type hint;
file “c:\windows\system32\dns\etc\named.root”;
};zone “localhost”{
type master;
file “c:\windows\system32\dns\etc\localhost.zone”;
}
6,named.root 文件可以在这里获得: http://www.internic.net/zones/named.root
>cat named.root
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the “cache .”
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Dec 12, 2008
; related version of root zone: 2008121200
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File
7,local.zone 内容示例如下:
>cat local.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum1D IN NS @
1D IN A 127.0.0.1
8,named.local 内容示例如下:
>cat named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.1 IN PTR localhost
9,修改 C:\Windows\system32\dns\etc 权限(现在文件夹选项里取消“使用简单文件共享”),如下图所示:
添加用户
查找用户
设置权限
10,在服务中开启 ISC Bind 服务,并将本地连接的首选服务器更换为 127.0.0.1 即可。