WindowsXP下利用bind9配置DNS服务器
这两天为了在局域网内配置DNS服务器花了一番功夫,最终搞定了。简单整理一下步骤和遇到的问题
1.在https://www.isc.org/software/bind下载bind9, 我使用的版本是BIND 9.6.0-P1 for Windows XP/2003/2008
2.解压缩,运行BINDInstall.exe,不要勾选“Start Bind Service After Install”,Service Account Name和Password一定要输入有管理员权限的(Administrator),否则会提示创建不成功。然后点击“Install”执行安装
3.右击安装目录(C:/WINDOWS/system32/dns)->属性->安全,添加刚刚安装时指定的用户(Administrator)并给予完全控制权限
4.进入安装目录(/windows/system32/dns)下面的bin目录,而后运行
rndc-confgen -a (运行完成后会在etc目录下生成rndc.key)
rndc-confgen > ../etc/rndc.conf
5.在C:/WINDOWS/system32/dns/etc下创建如下几个文件:
a. named.root
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
把以上内容原封不动复制进去即可
b. local.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
c. localhost.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
d. test.com.zone
$TTL 86400
@ IN SOA test.com. root.test.com. (
1053891162
3H
15M
1W
1D )
IN NS test.com.
IN MX 5 test.com.
www IN A 10.64.39.134
* IN A 10.64.39.134
@ IN A 10.64.39.134
加上最后一行“@ IN A 10.64.39.134”表示可以省略www直接通过test.com访问
e. test.com.local
$TTL 86400
@ IN SOA test.com. root.test.com.(
20031001;
7200;
3600;
43200;
86400);
@ IN NS test.com.
134 IN PTR dns.test.com.
f. named.conf
include "C:/WINDOWS/system32/dns/etc/rndc.key";
options {
directory "C:/WINDOWS/system32/dns/etc"; #named区文件目录
pid-file "named.pid"; #进程id文件名
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "localhost.local";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "test.com.zone";
allow-update { none; };
};
zone "39.64.10.in-addr.arpa" IN {
type master;
file "test.com.local";
allow-update { none; };
};
可以用named-checkconf.exe测试配置是否正确
好了,现在可以运行service.msc,启动ISC BIND服务(或直接命令行 net start "ISC BIND"),看看效果了
测试可以通过nslookup, 然后输入test.com, 或直接ping test.com
可能遇到的主要问题:
1. 安装时提示账户无法创建,一定要输入有管理员权限的帐号及密码
2. IN前面至少要有一个空格!否则无法解析
3. 若启动"ISC BIND"服务时出现1067错误,请检测安装文件夹及etc文件夹是否赋予了指定用户读写权限;若非权限问题仍然出现此错误,请检查各配置文件是否有误