named目录 bind:bind执行
http://www.ibiblio.org/gferg/ldp/BIND+AD-HOWTO/
2. Start configuring
Alright, let's get started.
2.1 Compiling Bind
For complete and detailed compilation and debugging on Bind, please refer to the Bind-HOWTO as this is not covered here.
First, let's get the latest version:wget ftp://ftp.isc.org/isc/bind9/9.2.0/bind-9.2.0.tar.gz
To unpack and compile:tar zxvf bind-9.2.0.tar.gz
cd bind-9.2.0
./configure --prefix=/var/named
make
To install (must be root):make install
Now Bind is configured to put all its configuration files in /var/named. If you wish to put it elsewhere you may, but keep in mind that this document will base itself on this location.
2.2 /etc/named.conf
First off, we will want to make an ACL for the AD servers on the network assuming you're using 10.10.10.0/24 as internal IP's. This is not necessary, but will make the config file easier to read if you have several AD servers.
The following information is to be entered in /etc/named.conf in addition to your own options.
acl "ADservers" {
10.10.10.2; 10.10.10.3
};
It is also possible to specify whole network blocks although this is not recommended for security reasons.
Next, we want to specify the location where the dynamic files entries will be stored. In this example we will use /var/named/etc.
zone "10.10.10.in-addr.arpa" {
type master;
file "reverse/10.10.10.db";
allow-update {ADservers;};
};
zone "domain.com" {
type master;
file "etc/domain.com.db";
check-names ignore;
allow-update {ADservers;};
};
zone "_msdcs.domain.com" {
type master;
file "etc/_msdcs.domain.com.db";
check-names ignore;
allow-update {ADservers;};
};
zone "_sites.domain.com" {
type master;
file "etc/_sites.domain.com.db";
check-names ignore;
allow-update {ADservers;};
};
zone "_tcp.domain.com" {
type master;
file "etc/_tcp.domain.com.db";
check-names ignore;
allow-update {ADservers;};
};
zone "_udp.domain.com" {
type master;
file "etc/_udp.domain.com.db";
check-names ignore;
allow-update {ADservers;};
};
2.3 Touching the dynamic zone files
The dynamic zone files (_domain.com, _tcp.domain.com, _tcp.domain.com, _udp.domain.com, _msdcs.domain.com and _sites_domain.com) need to exist before we start up the system. Insert the following RR's (Resource Records) into each dynamic zone file. Beware that _tcp.domain.com on line three and $origin _tcp.domain.com on line elleven must be changed to reflect its filename.
$ORIGIN . $TTL 86400 ; 1 day _tcp.domain.com IN SOA hostname.domain.com. hostmaster.domain.com. ( 2002010101 ; Todays serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 2419200 ; expire (4 weeks) 86400 ; minimum (1 day) ) NS ns.domain.com. $ORIGIN _tcp.domain.com.
2.4 Does it work?
Do a 'killall named' and 'named' to restart the named daemon. The locator records will automatically update themselves when the client machines are rebooted.
To verify that everything is in order, do a 'tail -f /var/log/messages'. You should se something that looks like this:
Jan 01 15:44:21 xxx named[4304]: adding an RR
Jan 01 15:44:21 xxx named[4304]: journal file etc/domain.com.db.jnl does not exist, creating it
Jan 01 15:44:22 xxx named[4304]: adding an RR
Jan 01 15:44:22 xxx named[4304]: journal file etc/_tcp.domain.com.db.jnl does not exist, creating it
Jan 01 15:44:22 xxx named[4304]: adding an RR
Jan 01 15:44:22 xxx named[4304]: journal file etc/_msdcs.domain.com.db.jnl does not exist, creating it
Jan 01 15:44:22 xxx named[4304]: adding an RR
Jan 01 15:44:22 xxx named[4304]: journal file etc/_udp.domain.com.db.jnl does not exist, creating it
Jan 01 15:44:22 xxx named[4304]: adding an RR
Jan 01 15:49:20 xxx named[4304]: journal file etc/_sites.domain.com.db.jnl does not exist, creating
The "journal file etc/_*.domain.com.db.jnl does not exist, creating it" message is generated when a Windows 2000 server (non-AD) attempts to update BIND9 configured with the conf file. This is a good thing.