[App] DNS 单点安装
来源:互联网 发布:sql 双竖线是什么意思 编辑:程序博客网 时间:2024/05/04 10:02
os
rhel 7.2
server
192.168.1.150
client
192.168.1.152
#yum -y install bind bind-chroot bind-utils caching-nameserver
#rndc-confgen > /etc/rndc.conf
#chgrp named /etc/rndc.conf
#chmod 640 /etc/rndc.conf
#tail -11 /etc/rndc.conf >> /etc/named.conf
# vi/etc/sysconfig/named #关闭ipv6
OPTIONS="-4"
#vi /etc/named.conf
options {
listen-on port 53 { any; }; # 监听主机所有地址 53端口
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {any; }; #任何人都可以申请查询请求
forwarders {
192.168.1.1; #解析不了的丢给这边,上层服务器
}
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "h1APCmb0iG5Y/dstFk6sRA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#vi /etc/named.rfc1912.zones #添加zone
zone "wxhp.cn" IN {
type master;
file "wxhp.cn.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.zone";
};
zone "wxjy.cn" IN {
type master;
file "wxjy.cn.zone";
};
#cd /var/named/
#cp named.localhost wxhp.cn.zone
#vi wxhp.cn.zone
$TTL 1D
@ IN SOA ns.wxhp.cn. root (
2017101301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.wxhp.cn.
ns IN A 192.168.1.150
#cp named.localhost 1.168.192.zone
#vi 1.168.192.zone
$TTL 1D
@ IN SOA ns.wxhp.cn. root (
2017101302 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.wxhp.cn.
150 IN PTR ns.wxhp.cn.
151 IN PTR www.wxjy.cn.
#cp -a wxhp.cn.zone wxjy.cn.zone
#vi wxjy.cn.zone
$TTL 1D
@ IN SOA ns.wxhp.cn. root (
2017101303 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.wxhp.cn.
www IN A 192.168.1.151
#chown :named *
#named-checkconf /etc/named.conf #测试配置文件有无报错
#named-checkzone 1.168.192 1.168.192.zone
#named-checkzone wxhp.cn wxhp.cn.zone
#named-checkzone wxjy.cn wxjy.cn.zone
#systemctl enable named &&systemctl start named
#rndc status #可以通过rndc reload重新加载配置文件
#客户端配置:
#vi /etc/resolv.conf
nameserver 192.168.1.150
#nslookup
> 192.168.1.150
Server: 192.168.1.150
Address: 192.168.1.150#53
150.1.168.192.in-addr.arpa name = ns.wxhp.cn.
> ns.wxhp.cn
Server: 192.168.1.150
Address: 192.168.1.150#53
Name: ns.wxhp.cn
Address: 192.168.1.150
> 192.168.1.151
Server: 192.168.1.150
Address: 192.168.1.150#53
151.1.168.192.in-addr.arpa name =www.wxjy.cn.
> www.wxjy.cn
Server: 192.168.1.150
Address: 192.168.1.150#53
Name: www.wxjy.cn
Address: 192.168.1.151
- [App] DNS 单点安装
- [App] MongoDB 单点安装及应用
- keepalived 配置 dns 单点恢复
- app实现dns解析
- [App] DNS 主从配置
- [App] DNS Bind + MySQL
- Hadoop单点安装FAQ
- Linux 安装redis单点
- 单点LDAP安装配置
- rabbitmq 安装-单点
- [Linux] MySQL 单点安装
- 安装 DNS WMI Provider
- dns服务的安装
- linux安装dns
- DNS服务器的安装
- dns安装和服务
- dns概念以及安装
- centos安装DNS服务器
- 连接到 Azure 上的 SQL Server 虚拟机(经典部署)
- 浅谈HTTP长连接
- [最大生成树+LCA]NOIP 2013——货车运输
- 解决分布式调用时候数据的一致性
- linux python 爬虫 服务器部署 crontab定时执行
- [App] DNS 单点安装
- 前端面试知识点个人总结
- centOS 安装mongodb
- python如何查找函数文档
- 微信H5网页分享API 调用
- linux文件权限操作
- SpringMVC入门及系列教程(二)-SpringMVC请求周期及响应处理(初级)(详细)
- PHP程序员的技术成长规划
- 全硬件TCP/IP协议栈学习笔记(第十一天:FPGA+W5500 PING通)