WindowsXP下利用bind9配置DNS服务器

这两天为了在局域网内配置DNS服务器花了一番功夫，最终搞定了。简单整理一下步骤和遇到的问题

 

1.在https://www.isc.org/software/bind下载bind9, 我使用的版本是BIND 9.6.0-P1 for Windows XP/2003/2008

 

2.解压缩，运行BINDInstall.exe，不要勾选“Start Bind Service After Install”，Service Account Name和Password一定要输入有管理员权限的（Administrator），否则会提示创建不成功。然后点击“Install”执行安装

 

3.右击安装目录（C:/WINDOWS/system32/dns）->属性->安全，添加刚刚安装时指定的用户（Administrator）并给予完全控制权限

 

4.进入安装目录(/windows/system32/dns)下面的bin目录，而后运行
                       rndc-confgen -a    (运行完成后会在etc目录下生成rndc.key)
                       rndc-confgen > ../etc/rndc.conf

 

5.在C:/WINDOWS/system32/dns/etc下创建如下几个文件：

 

a. named.root

 

; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File

把以上内容原封不动复制进去即可

 

b. local.zone

 

$TTL    86400
$ORIGIN localhost.
@    1D IN SOA       @ root (
 42              ; serial (d. adams)
 3H              ; refresh
 15M             ; retry
 1W              ; expiry
 1D )            ; minimum
1D IN NS        @
1D IN A         127.0.0.1

 

c. localhost.local

 

$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
      1997022700 ; Serial
      28800      ; Refresh
      14400      ; Retry
      3600000    ; Expire
      86400 )    ; Minimum
IN      NS      localhost.
1       IN      PTR     localhost.

 

d. test.com.zone

 

$TTL    86400
@   IN SOA  test.com.  root.test.com. (
       1053891162
 3H
 15M
 1W
 1D )
    IN NS          test.com.
    IN MX    5    test.com.
www IN A          10.64.39.134
*   IN A 10.64.39.134
@   IN A 10.64.39.134

 

加上最后一行“@   IN A 10.64.39.134”表示可以省略www直接通过test.com访问

 

e. test.com.local

 

$TTL 86400
@ IN SOA test.com. root.test.com.(
20031001;
7200;
3600;
43200;
86400);
@ IN NS test.com.
134 IN PTR dns.test.com.

f. named.conf

 

include "C:/WINDOWS/system32/dns/etc/rndc.key";
options { 
directory "C:/WINDOWS/system32/dns/etc"; #named区文件目录 
pid-file "named.pid"; #进程id文件名 
}; 
zone "." IN {
        type hint;
        file "named.root";
};
zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "localhost.local";
        allow-update { none; };
};
zone "test.com" IN {
        type master;
        file "test.com.zone";
        allow-update { none; };
};

zone "39.64.10.in-addr.arpa" IN {
        type master;
        file "test.com.local";
        allow-update { none; };
};

可以用named-checkconf.exe测试配置是否正确

 

好了，现在可以运行service.msc，启动ISC BIND服务（或直接命令行 net start "ISC BIND"），看看效果了

测试可以通过nslookup, 然后输入test.com, 或直接ping test.com

 

可能遇到的主要问题：

1. 安装时提示账户无法创建，一定要输入有管理员权限的帐号及密码

2. IN前面至少要有一个空格!否则无法解析

3. 若启动"ISC BIND"服务时出现1067错误，请检测安装文件夹及etc文件夹是否赋予了指定用户读写权限；若非权限问题仍然出现此错误，请检查各配置文件是否有误