DNS正向解析
1.yum install bind* -y
2./etc/init.d/named restart
3 cd /var/named/chroot/etc/
4.vim named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; }; 打开53端口
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN { 添加的自己要解析的域
type master;
file "luoning.cn.zone";
};
include "/etc/named.rfc1912.zones";
5 cd /var/named/chroot/var/named
cp -p named.localhost luoning.cn.zone
5.vim luoning.cn.zone
$ORIGIN .
$TTL 86400 ; 1 day 解析的域名 邮件的所有人
luoning.cn IN SOA luoning.cn. root. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS luoning.cn.
A 192.168.0.132 A记录
AAAA ::1
$ORIGIN luoning.cn.
$TTL 600 ; 10 minutes
www A 192.168.0.119 usdate添加的A记录
DNS update
1.使用不安全的ip地址
vim /etc/named.conf
最后的添加域名的地方
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {192.168.0.132;};
};
2.rndc reload
3.cd /var/named/chroot/var/
4chmod 77 named
5getsebool -a|grep named
5setebool -p named_wirte_master_zones on
6nsudate
>(server 192.168.0.132
>zone luoning.cn
>update add www.luoning.cn 500 A 192.168.0.119)远程添加A记录
>send
>quit
2.使用安全的加密key
cd /var/namedchroot/etc
dnssec-keygen -a HMAC-MDS -B 2 -N HOST westos 加密算法以及公钥私钥
vim /var/named/chroot/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
key westos{
algorithm hmac-md5; 加密的算法
secret 6Q==; key
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {key westos;}; 允许升级的类型,和名字
};
include "/etc/named.rfc1912.zones";
rndc reload
update -k Kwestos.+ 157+37219.key
>server 192.168.0.113
>zone luoning.cn
>update add ftp.luoning.cn 600 A 192.168.0.11
>send
>quit
转载于:https://blog.51cto.com/luoning504/681780
316
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
