centos8 安装解析dns 简易实验

最新推荐文章于 2023-08-24 17:34:49 发布

星埃i

最新推荐文章于 2023-08-24 17:34:49 发布

阅读量1.1k

点赞数

文章标签： p2p 网络协议网络 centos 服务器

本文链接：https://blog.csdn.net/m0_58972236/article/details/121878801

版权

安装配置DNS

一、安装dns

配置本地yum源安装dns服务 yum -y install bind bind-utils -y

主配置文件是/etc/named.conf

区域文件是/etc/named.named.rfc1912.zoes

正向解析反向解析在/var/named

二、配置解析

主配置文件

options {

listen-on port 53 { 192.168.10.102; }; //设置named服务器监听端口及IP地址

listen-on-v6 port 53 { ::1; };

directory "/var/named"; //设置区域数据库文件的默认存放地址

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; }; //允许DNS查询客户端

allow-query-cache { any; };

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

view localhost_resolver {

match-clients { any; };

match-destinations { any; };

recursion yes; //设置允许递归查询

include "/etc/named.rfc1912.zones";

};

区域配置文件/etc/named.rfc1912.zones

zone "." IN { //定义了根域

type hint; //定义服务器类型为hint

file "named.ca"; //定义根域的配置文件名

};

zone "localdomain" IN { //定义正向DNS区域

type master; //定义区域类型

file "localdomain.zone"; //设置对应的正向区域地址数据库文件

allow-update { none; }; //设置允许动态更新的客户端地址（none为禁止）

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN { //设置反向DNS区域

type master;

file "named.local";

allow-update { none; };

};

根域配置文件named.ca

根域配置文件设定根域的域名数据库，包括根域中13台DNS服务器的信息。几乎所有系统的这个文件都是一样的，用户不需要进行修改。

正向域名解析数据库文件

$TTL 600

@ IN SOA dns.cwlinux.com dnsadmin.cwlinux.com. (//SOA字段

2015031288 //版本号同步一次 +1

1H //更新时间

2M // 更新失败，重试更新时间

2D // 更新失败多长时间后此DNS失效时间

1D //解析不到请求不予回复时间

)

IN NS dns //有两域名服务器

IN NS ns2

IN MX 10 mial // 定义邮件服务器，10指优先级 0-99 数字越小优先级越高

ns2 IN A 192.168.1.113 //ns2域名服务器的ip地址

dns IN A 192.168.1.10 //dns域名服务器的ip地址

mail IN A 192.168.1.111 //邮件服务器的ip地址

www IN A 192.168.1.112 //www.cwlinux.com的ip地址

pop IN CNAME mail //pop的正式名字是mail

ftp IN CNAME www //ftp的正式名字是www

反向域名解析数据库文件

$TTL 600

@ IN SOA dns.cwlinux.com. dnsadmin.cwlinux.com. (

2014031224

)

IN NS dns.cwlinux.com.

10 IN PTR dns.cwlinux.com. //反向解析PTR格式

111 IN PTR mail.cwlinux.com.

112 IN PTR www.cwlinux.com.

// 声明域的时候已经有了，192.168.1 所以我们只需要输入10既代表192.168.1.10jc

实验

一、配置IP：192.168.10.102

修改/etc/named.conf vim /etc/named.conf

// named.conf

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {

listen-on port 53 { any; }; #设置named服务器监听端口及IP地址为any

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

secroots-file "/var/named/data/named.secroots";

recursing-file "/var/named/data/named.recursing";

allow-query { any; }; #允许DNS查询客户端

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */

include "/etc/crypto-policies/back-ends/bind.config";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

#修改/etc/named.rfc1912.zones

#定义正反向区域

zone "skills.com" IN {

type master;

file "skills.com.zone";

allow-update { none; };

};

zone "10.168.192.in-addr.arpa" IN {

type master;

file "192.168.10.arpa";

allow-update { none; };

};

#增加正反向解析数据库文件

cd /var/named/

cp -p named.localhost skills.com.zone

cp -p named.loopback 192.168.10.arpa

#修改正反向数据库文件

#skills.com.zone 正向解析

$TTL 1D

@ IN SOA @ rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS @

A 127.0.0.1

dns A 192.168.10.102

abc A 192.168.10.103

bcd A 192.168.10.104

#192.168.10.arpa 反向解析

$TTL 1D

@ IN SOA @ rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS @

A 127.0.0.1

102 PTR dns.skills.com.

103 PTR abc.skills.com.

104 PTR bcd.skills.com.

重新启动dns systemctl restart named

#nslookup 测试（本机DNS设置为本机IP自测）

#正向测试

nslookup

> dns.skills.com

Server: 192.168.10.102

Address: 192.168.10.102#53

Name: dns.skills.com

Address: 192.168.10.102

> abc.skills.com

Server: 192.168.10.102

Address: 192.168.10.102#53

Name: abc.skills.com

Address: 192.168.10.103

> bcd.skills.com

Server: 192.168.10.102

Address: 192.168.10.102#53

Name: bcd.skills.com

Address: 192.168.10.104

#反向测试

nslookup

> 192.168.10.102

102.10.168.192.in-addr.arpa name = dns.skills.com.

> 192.168.10.103

103.10.168.192.in-addr.arpa name = abc.skills.com.

> 192.168.10.104

104.10.168.192.in-addr.arpa name = bcd.skills.com.

星埃i

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
centos8 安装解析dns 简易实验

安装配置DNS一、安装dns配置本地yum源安装dns服务 yum -y install bind bind-utils -y主配置文件是/etc/named.conf区域文件是/etc/named.named.rfc1912.zoes正向解析反向解析在/var/named二、配置解析主配置文件options {listen-on port 53 { 192.168.10.102; }; //设置named服务器监听端口及IP地址...
复制链接

扫一扫