安装named服务器与配置
#安装name服务器
yum -y install bind*
#备份配置文件
cp -p /etc/named.conf /etc/named.conf.bak
#配置
vim /etc/named.conf
named.conf 内容改成
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forward first;
forwarders { 114.114.114.114; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
#bindkeys-file "/etc/named.root.key";
#managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
#session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
#增加正向解析示例
add-domain.sh
domain=$1
ipaddr=$2
if [ ! -n "$domain" ] ;then
echo "you must input domain";
echo "example : ./add-domain.sh baidu.com 127.0.0.1"
exit 0;
fi
if [ ! -n "$ipaddr" ] ;then
echo "you must input ip";
echo "example : ./add-domain.sh baidu.com 127.0.0.1"
exit 0;
fi
zonefile=/var/named/${domain}.zone
if [ -f "${zonefile}" ];then
echo $domain"解析已存在,无需再次增加"
exit 0;
fi
rfcfile=/etc/named.rfc1912.zones
echo 'zone "'${domain}'" IN { type master; file "'${domain}'.zone"; allow-update { none; }; };' >> $rfcfile
rm -rf $zonefile
touch $zonefile
echo '$TTL 1D' >> $zonefile
echo '@ IN SOA www.'${domain}'. root (' >> $zonefile
echo ' 0 ; serial' >> $zonefile
echo ' 1D ; refresh' >> $zonefile
echo ' 1H ; retry' >> $zonefile
echo ' 1W ; expire' >> $zonefile
echo ' 3H ) ; minimum' >> $zonefile
echo '@ IN NS '${domain}'.' >> $zonefile
echo '@ IN A '${ipaddr} >> $zonefile
echo '*.'${domain}'. IN A '${ipaddr} >> $zonefile
systemctl restart named.service
systemctl enable named.service
echo ==========$rfcfile============
tail -10 $rfcfile
echo ==========$rfcfile end=============
echo ==========$zonefile start==========
cat $zonefile
echo ==========$zonefile end============
add-point.sh
domain=$1
ipaddr=$2
note=$3
if [ ! -n "$domain" ] ;then
echo "you must input domain";
echo "example : ./add-point.sh baidu.com 127.0.0.1 www"
exit 0;
fi
if [ ! -n "$ipaddr" ] ;then
echo "you must input ip";
echo "example : ./add-point.sh baidu.com 127.0.0.1 www"
exit 0;
fi
if [ ! -n "$note" ] ;then
echo "you must input note";
echo "example : ./add-point.sh baidu.com 127.0.0.1 www"
exit 0;
fi
filename=/var/named/${domain}.zone
if [ ! -f "${filename}" ];then
echo "域名解析不存在,请先使用add-domain.sh进行增加"
exit 0;
fi
echo ${note}'.'${domain}'. IN A '${ipaddr} >> $filename
systemctl restart named.service
systemctl enable named.service
cat $filename
del-domain.sh
domain=$1
rfcfile=/etc/named.rfc1912.zones
zonefile=/var/named/${domain}.zone
if [ ! -n "$domain" ] ;then
echo "you must input domain";
echo "example : ./del-domain.sh baidu.com"
exit 0;
fi
if [ ! -f "${zonefile}" ] ;then
echo "域名解析不存在"
exit 0;
fi
rcTxt='zone "'${domain}'" IN { type master; file "'${domain}'.zone"; allow-update { none; }; };'
taTxt=''
echo "s/$rcTxt/$taTxt/g"
sed -i "s/$rcTxt/$taTxt/g" $rfcfile
rm -rf $zonefile
systemctl restart named.service
systemctl enable named.service
tail -10 $rfcfile
del-point.sh
domain=$1
note=$2
if [ ! -n "$domain" ] ;then
echo "you must input domain";
echo "example : ./add-point.sh baidu.com www"
exit 0;
fi
if [ ! -n "$note" ] ;then
echo "you must input note";
echo "example : ./del-point.sh baidu.com www"
exit 0;
fi
filename=/var/named/${domain}.zone
sed -i "/${note}.${domain}./d" $filename
systemctl restart named.service
systemctl enable named.service
cat $filename