windows 7 Installation DNS BIND

http://www.zytrax.com/books/dns/ch5/win2k.html#contents

Not officially supported by ISC (Dec 2010). You have been warned. It is not officially supported.

This section describes installation of BIND 9.7.2-P2 under Windows 7 Home Premium (64 bit) on a modestly powered laptop using the standard binary package. Windows 7 is not currently supported by ISC, however, after being in daily use for some time (>5 months) has yielded no operational problems. It is presented here in the hope that it will encourage readers to explore BIND 9 in what is becoming an increasingly popular environment and especially since some of the changes in procedure illustrated reflect current Windows architectural changes (especially in the area of security practices) and therefore are likely to be more useful over time. The officially supported platforms (Server 2003 and XP) have minor differences which are noted as appropriate. The installation process was found to be fast and, relatively, simple.

Note: Many people - especially those who like to experiment - lose patience with the User Account Control (UAC) features of modern Windows platforms (Vista, Server 2008 and 7) and turn it off completely. This is entirely a matter of choice and taste. The system used to illustrate the installation uses an unmodified Windows 7 UAC. There is no need to sacrifice UAC capabilities in order to install and use BIND 9. Windows 7 has many features to allow customization of displays and menus. Consequently some of the screens displayed may not look exactly like those on another system. Notes are supplied where there is a high likelihood this may be the case - perhaps reflecting the author's attempts to make all Windows systems look like a much-missed, frozen-in-time Windows NT 4.0 system wherever possible.

  1. Download Bind 9.7.2-P2.zip from the ISC site (www.isc.org) and unzip it into any suitable temporary location, for example, c:\temp\bind. As always, you are advised to get the latest stable release of BIND 9.

  2. There is a file called readme1st.txt with the distribution that provides some useful information about the installation. In particular it mentions that BIND (or named.exe) will run as a service on Windows and will require a user account called named with specific permissions. The install process will create the required account and basic permissions.

  3. In the temporary directory (c:\temp\bind), find and right-click BindInstall.exe, which will display the screen shown:

    windows 7 Installation DNS BIND_第1张图片

    From the popup window select 'Run as administrator' to provide the right permissions required for the installation.

  4. BIND 9 install will display the screen shown below:

    windows 7 Installation DNS BIND_第2张图片

    The password entry is mandatory with the default named account. The readme1st.txt file contains descriptions of other accounts that may not require a password if you wish to experiment. The test installation used the default Service Account Name as shown above. The default install directory is c:\Windows\system32\dns (or %SystemRoot%\system32\dns in Windows terms). Do not check the box labeled Start BIND Service after Install. The Tools Only box works as advertised - leave it unchecked for this install - unless, of course, you only want the tools and not the DNS server. Click the Install button.

  5. Use Windows Explorer to navigate to the directory called c:\Windows\sysWOW64\dns\etc. While, the install screen indicated c:\Windows\system32\dns this is a 64-bit version of Windows 7 and BIND 9 is a 32-bit application. The windows 32-bit emulation system intercepts all runtime requests for c:\Windows\system32 and replaces them with c:\Windows\sysWOW64 (Windows on Windows 64). In the case of a 32-bit Windows system c:\Windows\system32\dns is the location for all installed files and all subsequent paths should be modified appropriately. Place or create the master.localhost, localhost.rev, named.conf and root.servers files in the c:\Windows\sysWOW64\dns\etc subdirectory. The named.conf file is a standard resolver (Caching-only DNS Server) modified to reflect the Windows path values in the installation and shown below. BIND will accept either Windows or Unix line termination conventions.

    // generated by ME
    // CACHING NAME SERVER for WINDOWS 
    //  Oct 2010
    //  a. changed directory statement to windows format
    //  b. changed location of log file to named\log\named.log
    //   c. changed location of all zone files to named\zones
    //   d. added pid-file directive in named\run\named.pid
    options {
      directory "C:\Windows\system32\dns\etc";
      // version added for security, otherwise may be able
           // to exploit known weaknesses
      version "not currently available";
      pid-file "named.pid";
      recursion yes;
      // the following statement closed the server but limits
      // limits queries to the location PC only
      // alternatively use allow-recursion {192.188.2/24;}; (change IP as required) 
      // or allow-recursion {"localnets"}; if your netmask is appropriate
      listen-on {127.0.0.1;};
    };
    
    // log to named.log events from info UP in severity (no debug)
    // defaults to use 3 files in rotation
    // failure messages up to this point are in the event log
      logging{
      channel my_log{
        file "named.log" versions 3 size 250k;
        severity info;
      };
      category default{
        my_log;
      };
    };
    zone "." {
      type hint;
      file "root.servers";
    };
    
    zone "localhost" in{
      type master;
      file "master.localhost";
      allow-update{none;};
    };
    zone "0.0.127.in-addr.arpa" in{
      type master;
      file "localhost.rev";
      allow-update{none;};
    };
    
  6. Windows 7 uses the NTFS filesystem and assuming the PID and log files are written to the installed directories no further permissions need to be set. Writing PID and log files into the /etc subdirectory may offend the aesthetic values of certain readers but has the merit of requiring the minimal work - always an important consideration. If the reader is still offended by this gross breach of normal *nix practice then appropriately named subdirectories may be created - but permissions will need to be added to allow the named account to write to these locations. The broad principle of setting permissions is shown in the next section.

  7. If the UAC system denies you access to the Windows, sysWOW64 or other required directories for adding or modifying files then you will need to change permission. One method of doing this is illustrated. Select the required directory (directory, right-click, and from the pop-up menu click Properties. This will display a tabbed window from which the Security tab should be selected. Select the Users account (secondary description will reflect the name of the users PC) and confirm that Full Control (or Write as a minimum) is enabled as shown:

  8. If the required permissions are not available click the Edit button, again select the Users account and then add the required permissions (see below). Finally, click OK. Windows will prompt with a warning along the lines that the sun will fall out of the sky if you continue, but in spite of that just click OK:

    windows 7 Installation DNS BIND_第3张图片

  9. BIND installs its software to a nonstandard location (%SystemRoot%\ system32\dns\bin or c:\Windows\sysWOW64\dns\bin). To use diagnostic tools such as dig and other command-line tools, the full path will be required or the Windows path environment variable can be changed to include the BIND installation directory. You can then forget where the BIND tools are installed! The path variable can be set using the following procedure. Click the Start Icon then right-click Computer and select Properties (the Computer entry on the Start menu is controlled by its properties which may be modified by right-clicking the Start Icon and selecting Properties then the Customize button on the Start Menu tab). Alternatively, if you have a My Computer icon right-click that and select Properties. In the resulting window select the advanced tab and click Environmental Variables (see below). If you enjoy typing long paths at the command prompt you can ignore this item.

    windows 7 Installation DNS BIND_第4张图片

    On the resulting screen select the path variable in the lower widow and click Edit. At the end of the line add the following ;%SystemRoot%\sysWOW64\dns\bin (or ;%SystemRoot%\system32\dns\bin for 32-bit systems) and click OK. See below:

    windows 7 Installation DNS BIND_第5张图片

    Note: The path separator on Windows is a semicolon, not a colon, as in the Unix world. Setting the path has the effect of automatically locating, say, dig or nsupdate. However, there is a Windows version of nslookup that will be found first. Using the BIND version of nslookup either requires a full path command, such as c:\Windows\sysWOW64\dns\bin\nslookup.exe (or c:\Windows\system32\dns\bin\nslookup.exe for 32-bit systems) when running it from the command line, or the preceding path directive must be placed first in the list-which, in turn, has the disadvantage that it will add an extra check for all other program loading operations that use normal Windows locations.

  10. As both a test of the success of the path change operation and in order to add the required rndc key file prior to staring bind run rndc-confgen from a command prompt. Click the Start icon and then click the Run button (if the run button is not present it may be added by right-clicking the Start icon, selecting Properties and then Customize from the Start Menu tab - all kinds of interesting goodies are also available using this procedure). At the run prompt type cmd and OK. At the resulting command prompt (aka DOS Box) enter rndc-confgen -a to write the rndc.key file as shown below:

    windows 7 Installation DNS BIND_第6张图片

  11. Now the installation is ready to replace the normal Windows 7 DNS Client with the BIND 9 version. Click the Start icon, click Administrative Tools and select Services. At the resulting screen find and right-click the DNS Client entry, then click Properties. The screen shown below will be displayed:

    windows 7 Installation DNS BIND_第7张图片

    Select Manual (or Disabled) from the drop down box, then click the Stop button. Finally click OK to close the window. At this point the PC has no DNS service and any applications that depend on it will fail temporarily until we start the BIND 9 replacement service.

  12. Find and select the service named ISC BIND, right-click and click the Start menu item as shown below:

    windows 7 Installation DNS BIND_第8张图片

  13. Finally, the PC may need to be configured to use the local DNS service other than one which may have been allocated by DHCP or a similar service. Click the Start icon and click Control Panel. Click Network and Sharing Center, then from the resulting window select Local Area Network and click Properties. See Figure below:

    windows 7 Installation DNS BIND_第9张图片

    From the properties screen select Internet Protocol Version 4 (TCP/IPv4) then click Properties. See below:

    windows 7 Installation DNS BIND_第10张图片

    In the TCP/IPv4 Properties window click the radio button 'Use the following DNS server addresses', then enter the IPv4 address of the PC or more simply, as shown, its loopback or local address 127.0.01 (see below). Click OK to dismiss all previous windows and we are now fully operational using a BIND 9 caching resolver (assuming use of the named.conf file shown previously - though any configuration can be used depending on local needs).

  14. To fully test the server, it is necessary to reboot. When the server has rebooted, use Event Viewer to check the Applications log for failure messages, and then use Task Manager to check that the ISC BIND service started up (it loads as named.exe).

Installing BIND on Windows 2003 Server, Windows XP or the (currently) unsupported Windows 7 is a simple task requiring little user intervention. The entire process takes less than 10 minutes. If you need or want consistency of DNS for maintenance and other purposes across mixed Windows, Unix, Linux, or BSD environments, using BIND is the only solution. As a happy side benefit, you also get dig, nsupdate, rndc, nsupdate and other tools, meaning that you can diagnose, update, and control BIND installations on other OS platforms from a Windows desktop, laptop or server.

你可能感兴趣的:(dns)