系统环境:
操作系统:三期及以上中科方德
CPU类型:Hygon
旧的Windows的DNS服务器未开启反向解析,只有正向解析,准备将DNS服务器从Windows系统过度到中科方德服务器上。
功能概述:
解决目标平台上使用 dns 服务,满足服务器系统使用域名解析的需求。
依赖包:
root# rpm -qa |grep bind
bind-9.11.4-26.P2.nfs.x86_64
bind-libs-lite-9.11.4-26.P2.nfs.x86_64
bind-libs-9.11.4-26.P2.nfs.x86_64
bind-utils-9.11.4-26.P2.nfs.x86_64
bind-license-9.11.4-26.P2.nfs.noarch
bind-chroot-9.11.4-26.P2.x86_64
bind-export-9.11.4-26.P2.nfs.x86_64
备份文件:
[root@csdn]# cp -p /etc/named.conf /etc/named.conf.bak0
[root@csdn]# cp -p /etc/resolv.conf /etc/resolv.conf.bak0
[root@csdn]# cp -rp /var/named /var/named.bak0
[root@csdn]# cp -p /var/named/named.localhost csdn.net.zone //如csdn.net域,有几个主要区域就复制几个
修改配置文件:
[root@csdn]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
options {
listen-on port 53 { any; }; //允许本地所有网络接口监听UDP 53端口
# listen-on-v6 port 53 { ::1; }; //我这里没开启IPv6地址,就注释掉了。
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt"; //统计档案、文件
memstatistics-file "/var/named/data/named_mem_stats.txt"; //分配统计目录
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //允许某个网段的用户查询,可以写any或地址段如192.0.0.0/8。
forwarders { 8.8.8.8; }; //其他的转发器地址,比如上级域名解析服务器地址,没有就不需要添加这一条。/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes; //允许递归
dnssec-enable yes;
dnssec-validation no; //禁用DNS自动检测功能,使DNS能缓存外部信息到本机managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";};
logging { //指定日志记录分类和他们的目标位置
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};zone "csdn.net" IN { //区域配置内容
type master; //主名称服务器
file "csdn.net.zone"; //
};
include "/etc/named.rfc1912.zones"; //包含其他的配置文件
include "/etc/named.root.key";
[root@csdn]# vim /etc/resolv.conf
#Generated by NetworkManager
nameserver 192.168.1.1 //这里填写服务器IPv4地址
domain localdomain
search localdomain
[root@csdn]# vim /var/named/csdn.net.zone
$TTL 1D
@ IN SOA ns.csdn.net. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.csdn.net.
ns IN A 192.168.1.1 //服务器IP地址
mail IN A 192.168.1.1csdn.net. IN MX 5 mail.csdn.net
www IN A 192.168.1.1 //服务器IP地址
[root@csdn]# cd /var/named
[root@csdn]# chown named.named * //文件赋权
[root@csdn]# ll
total 24
drwxr-x--- 7 named named 61 Jun 23 10:55 chroot
drwxrwx--- 2 named named 23 Jun 23 10:57 data
drwxrwx--- 2 named named 60 Jun 23 17:28 dynamic
-rw-r----- 1 named named 2253 Apr 5 2018 named.ca
-rw-r----- 1 named named 152 Dec 15 2009 named.empty
-rw-r----- 1 named named 152 Jun 23 11:58 named.localhost
-rw-r----- 1 named named 168 Dec 15 2009 named.loopback
-rw-r----- 1 named named 271 Jun 23 14:13 csdn.net.zone
drwxrwx--- 2 named named 6 Feb 25 2019 slaves
[root@csdn]# systemctl restart named //重启服务
[root@csdn]# systemctl enable --now named //开机自启动
验证:
[root@csdn]# nslookup www.csdn.net
[root@csdn]# dig www.csdn.net
参考文献:
https://blog.csdn.net/jks212454/article/details/118146815
linux下的DNS服务器部署(详细)_linux配置dns-CSDN博客Linux设备配置DNS服务器,实现正向解析和反向解析,实现DNS主从服务器同步,实现批量域名正/反向解析_linux c dns 解析-CSDN博客
3593
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
