安装配置DNS服务器

最新推荐文章于 2022-06-06 07:38:34 发布

Diablogs

最新推荐文章于 2022-06-06 07:38:34 发布

阅读量199

点赞数

分类专栏： centos

本文链接：https://blog.csdn.net/Diablogs/article/details/104365720

版权

centos 专栏收录该内容

11 篇文章 0 订阅

订阅专栏

安装named服务器与配置

#安装name服务器
yum -y install bind*
#备份配置文件
cp -p /etc/named.conf /etc/named.conf.bak
#配置
vim /etc/named.conf

named.conf 内容改成

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { any; };
	#listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };
	forward first;
	forwarders { 114.114.114.114; };
	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	#bindkeys-file "/etc/named.root.key";

	#managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	#session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";

#增加正向解析示例

add-domain.sh

domain=$1
ipaddr=$2

if  [ ! -n "$domain" ] ;then
    echo "you must input domain";
    echo "example : ./add-domain.sh baidu.com 127.0.0.1"
    exit 0;
fi

if  [ ! -n "$ipaddr" ] ;then
    echo "you must input ip";
    echo "example : ./add-domain.sh baidu.com 127.0.0.1"
    exit 0;
fi

zonefile=/var/named/${domain}.zone

if [ -f "${zonefile}" ];then

  echo $domain"解析已存在，无需再次增加"
  exit 0;
fi


rfcfile=/etc/named.rfc1912.zones

echo 'zone "'${domain}'" IN { type master; file "'${domain}'.zone";  allow-update { none; }; };' >> $rfcfile


rm -rf $zonefile
touch $zonefile
echo '$TTL 1D' >> $zonefile
echo '@       IN SOA  www.'${domain}'. root (' >> $zonefile
echo '                                        0       ; serial' >> $zonefile
echo '                                        1D      ; refresh' >> $zonefile
echo '                                        1H      ; retry' >> $zonefile
echo '                                        1W      ; expire' >> $zonefile
echo '                                        3H )    ; minimum' >> $zonefile
echo '@       IN      NS      '${domain}'.' >> $zonefile
echo '@       IN      A       '${ipaddr} >> $zonefile
echo '*.'${domain}'.     IN      A       '${ipaddr} >> $zonefile


systemctl restart named.service
systemctl enable named.service

echo ==========$rfcfile============
tail -10 $rfcfile
echo ==========$rfcfile end=============

echo ==========$zonefile start==========
cat $zonefile
echo ==========$zonefile end============

add-point.sh

domain=$1
ipaddr=$2
note=$3

if  [ ! -n "$domain" ] ;then
    echo "you must input domain";
    echo "example : ./add-point.sh baidu.com 127.0.0.1 www"
    exit 0;
fi

if  [ ! -n "$ipaddr" ] ;then
    echo "you must input ip";
    echo "example : ./add-point.sh baidu.com 127.0.0.1 www"
    exit 0;
fi

if  [ ! -n "$note" ] ;then
    echo "you must input note";
    echo "example : ./add-point.sh baidu.com 127.0.0.1 www"
    exit 0;
fi



filename=/var/named/${domain}.zone


if [ ! -f "${filename}" ];then
  
  echo "域名解析不存在，请先使用add-domain.sh进行增加"
  exit 0;
fi

echo ${note}'.'${domain}'.     IN      A       '${ipaddr} >> $filename

systemctl restart named.service
systemctl enable named.service

cat $filename

del-domain.sh

domain=$1

rfcfile=/etc/named.rfc1912.zones
zonefile=/var/named/${domain}.zone

if  [ ! -n "$domain" ] ;then
    echo "you must input domain";
    echo "example : ./del-domain.sh baidu.com"
    exit 0;
fi

if [ ! -f "${zonefile}" ] ;then
  echo "域名解析不存在"
  exit 0;
fi

rcTxt='zone "'${domain}'" IN { type master; file "'${domain}'.zone";  allow-update { none; }; };'
taTxt=''
echo "s/$rcTxt/$taTxt/g"
sed -i "s/$rcTxt/$taTxt/g" $rfcfile

rm -rf $zonefile

systemctl restart named.service
systemctl enable named.service

tail -10 $rfcfile

del-point.sh

domain=$1
note=$2


if  [ ! -n "$domain" ] ;then
    echo "you must input domain";
    echo "example : ./add-point.sh baidu.com www"
    exit 0;
fi

if  [ ! -n "$note" ] ;then
    echo "you must input note";
    echo "example : ./del-point.sh baidu.com www"
    exit 0;
fi



filename=/var/named/${domain}.zone

sed -i "/${note}.${domain}./d" $filename

systemctl restart named.service
systemctl enable named.service

cat $filename