配置DNS的正反向解析
先关闭防火墙,下载bind
DNS的正向解析配置:
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 {any; }; #定义监听端口
directory "/var/named"; #定义数据文件目录
};
zone "openlab.com" IN { #定义一个区域
type master;
file "named.openlab.com";
#定义区域服务器配置文件名
};
[root@localhost named]# touch named.openlab.com
[root@localhost named]# vim named.openlab.com
[root@localhost named]#
[root@localhost named]# cat named.openlab.com
@ IN SOA @ admin.openlab.com. ( 0 1D 1H 1W 3H )
IN NS ns.openlab.com.
IN MX 10 mail.openlab.com.
ns IN A 10.10.122.225
mail IN A 10.10.122.225
www IN A 10.10.122.225
ftp IN CNAME www
DNS的反向解析配置:
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 {any; };
directory "/var/named";
};
zone "openlab.com" IN {
type master;
file "named.openlab.com";
allow-transfer {192.168.226.60;};
};
zone "122.10.10.in-addr.arpa" IN { #定义区域服务器
type master;
file "named.arpa"; #定义区域服务器配置文件名
};
#再进入区域服务器配置文件
$TTL 1D
@ IN SOA ns.openlab.com. admin.openlab.com. (2023329 1D 1H 1W 3H)
IN NS ns.openlab.com.
182 IN PTR ns.openlab.com. #反向解析
182 IN PTR www.openlab.com.
182 IN PTR mail.openlab.com.
182 IN PTR ftp.openlab.com.
#重启服务之后,配置需要使用的HTTP服务用于验证DNS服务器
[root@localhost ~]# systemctl restart named
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 10.10.122.225:80>
ServerName www.openlab.com
DocumentRoot /www/openlab
Alias /student /www/student
Alias /data /www/data
</VirtualHost>
<VirtualHost 10.10.122.225:443>
ServerName www.openlab.com
DocumentRoot /www/money
Alias /money /www/money
sslengine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</VirtualHost>
<directory /www/student>
authtype basic
authname "please login:"
authuserfile /etc/httpd/openlab
require user song tian
</directory>
<directory /www>
allowoverride none
require all granted
</directory>
验证(采用本地验证):
[root@localhost ~]nslookup www.openlab.com 10.10.122.225
Server: 10.10.122.225
Address: 10.10.122.225
Name: www.openlab.com #正向DNS解析
Address: 10.10.112.182
[root@localhost ~]nslookup 10.10.122.225 10.10.122.226
182.112.10.10.in-addr.arpa name = www.openlab.com.
#反向DNS解析
192.122.10.10.in-addr.arpa name = ns.openlab.com.
192.122.10.10.in-addr.arpa name = ftp.openlab.com.
192.122.10.10.in-addr.arpa name = mail.openlab.com.
0 ; serial --更新序列号,可以是 10 位以内的整数
1D ; refresh --刷新时间,重新下载地址数据的间隔 1H ; retry --重试延时,下载失败后的重试间隔 3D ; expire --失效时间,超过该时间仍无法下载则放弃
1D ) ; minimum 无效解析记录的生存周期
-
@代表zone的意思,现在@代表test.com.;
-
SOA代表资源记录的名称为起始授权记录;
-
admin.test.com.表示有问题找该管理员;
-
0代表序列号;
-
1D代表更新频率为1天;
-
1H代表失败重新尝试时间为1小时;
-
3D代表失效时间为1周;
-
1D代表缓存时间为3小时