[App] DNS 单点安装

来源：互联网发布：sql 双竖线是什么意思编辑：程序博客网时间：2024/05/04 10:02

rhel 7.2

server

192.168.1.150

client

192.168.1.152

#yum -y install bind bind-chroot bind-utils caching-nameserver

#rndc-confgen > /etc/rndc.conf

#chgrp named /etc/rndc.conf

#chmod 640 /etc/rndc.conf

#tail -11 /etc/rndc.conf >> /etc/named.conf

# vi/etc/sysconfig/named #关闭ipv6

OPTIONS="-4"

#vi /etc/named.conf

options {

listen-on port 53 { any; }; # 监听主机所有地址 53端口

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query {any; }; #任何人都可以申请查询请求

forwarders {

192.168.1.1; #解析不了的丢给这边，上层服务器

}

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

# Use with the following in named.conf, adjusting the allow list as needed:

key "rndc-key" {

algorithm hmac-md5;

secret "h1APCmb0iG5Y/dstFk6sRA==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

#vi /etc/named.rfc1912.zones #添加zone

zone "wxhp.cn" IN {

type master;

file "wxhp.cn.zone";

};

zone "1.168.192.in-addr.arpa" IN {

type master;

file "1.168.192.zone";

};

zone "wxjy.cn" IN {

type master;

file "wxjy.cn.zone";

};

#cd /var/named/

#cp named.localhost wxhp.cn.zone

#vi wxhp.cn.zone

$TTL 1D

@ IN SOA ns.wxhp.cn. root (

2017101301 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS ns.wxhp.cn.

ns IN A 192.168.1.150

#cp named.localhost 1.168.192.zone

#vi 1.168.192.zone

$TTL 1D

@ IN SOA ns.wxhp.cn. root (

2017101302 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS ns.wxhp.cn.

150 IN PTR ns.wxhp.cn.

151 IN PTR www.wxjy.cn.

#cp -a wxhp.cn.zone wxjy.cn.zone

#vi wxjy.cn.zone

$TTL 1D

@ IN SOA ns.wxhp.cn. root (

2017101303 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS ns.wxhp.cn.

www IN A 192.168.1.151

#chown :named *

#named-checkconf /etc/named.conf #测试配置文件有无报错

#named-checkzone 1.168.192 1.168.192.zone

#named-checkzone wxhp.cn wxhp.cn.zone

#named-checkzone wxjy.cn wxjy.cn.zone

#systemctl enable named &&systemctl start named

#rndc status #可以通过rndc reload重新加载配置文件

#客户端配置：

#vi /etc/resolv.conf

nameserver 192.168.1.150

#nslookup

> 192.168.1.150

Server: 192.168.1.150

Address: 192.168.1.150#53

150.1.168.192.in-addr.arpa name = ns.wxhp.cn.

> ns.wxhp.cn

Server: 192.168.1.150

Address: 192.168.1.150#53

Name: ns.wxhp.cn

Address: 192.168.1.150

> 192.168.1.151

Server: 192.168.1.150

Address: 192.168.1.150#53

151.1.168.192.in-addr.arpa name =www.wxjy.cn.

> www.wxjy.cn

Server: 192.168.1.150

Address: 192.168.1.150#53

Name: www.wxjy.cn

Address: 192.168.1.151

阅读全文

0 0