os | rhel 7.2 |
server | 192.168.1.150 |
client | 192.168.1.152 |
# yum -y install bind bind-chroot bind-utils caching-nameserver
# rndc-confgen > /etc/rndc.conf
# chgrp named /etc/rndc.conf
# chmod 640 /etc/rndc.conf
# tail -11 /etc/rndc.conf >> /etc/named.conf
# vi /etc/sysconfig/named # 关闭ipv6
OPTIONS="-4" |
# vi /etc/named.conf
options { listen-on port 53 { any; }; # 监听主机所有地址 53 端口 #listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; # 任何人都可以申请查询请求 forwarders { 192.168.1.1; # 解析不了的丢给这边,上层服务器 } /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes;
dnssec-enable yes; dnssec-validation yes;
/* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
# Use with the following in named.conf, adjusting the allow list as needed: key "rndc-key" { algorithm hmac-md5; secret "h1APCmb0iG5Y/dstFk6sRA=="; };
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; |
# vi /etc/named.rfc1912.zones # 添加zone
zone "wxhp.cn" IN { type master; file "wxhp.cn.zone"; };
zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.zone"; };
zone "wxjy.cn" IN { type master; file "wxjy.cn.zone"; }; |
# cd /var/named/
# cp named.localhost wxhp.cn.zone
# vi wxhp.cn.zone
$TTL 1D @ IN SOA ns.wxhp.cn. root ( 2017101301 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.wxhp.cn. ns IN A 192.168.1.150 |
# cp named.localhost 1.168.192.zone
# vi 1.168.192.zone
$TTL 1D @ IN SOA ns.wxhp.cn. root ( 2017101302 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.wxhp.cn. 150 IN PTR ns.wxhp.cn. 151 IN PTR www.wxjy.cn. |
# cp -a wxhp.cn.zone wxjy.cn.zone
# vi wxjy.cn.zone
$TTL 1D @ IN SOA ns.wxhp.cn. root ( 2017101303 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.wxhp.cn. www IN A 192.168.1.151 |
# chown :named *
# named-checkconf /etc/named.conf # 测试配置文件有无报错
# named-checkzone 1.168.192 1.168.192.zone
# named-checkzone wxhp.cn wxhp.cn.zone
# named-checkzone wxjy.cn wxjy.cn.zone
#systemctl enable named && systemctl start named
# rndc status # 可以通过 rndc reload 重新加载配置文件
# 客户端配置:
# vi /etc/resolv.conf
nameserver 192.168.1.150 |
# nslookup
> 192.168.1.150 Server: 192.168.1.150 Address: 192.168.1.150#53
150.1.168.192.in-addr.arpa name = ns.wxhp.cn. > ns.wxhp.cn Server: 192.168.1.150 Address: 192.168.1.150#53
Name: ns.wxhp.cn Address: 192.168.1.150 > 192.168.1.151 Server: 192.168.1.150 Address: 192.168.1.150#53
151.1.168.192.in-addr.arpa name = www.wxjy.cn. Server: 192.168.1.150 Address: 192.168.1.150#53
Name: www.wxjy.cn Address: 192.168.1.151 |