一.配置网卡:
vim /etc/sysconfig/network-scripts/ifcfg-em2
DEVICE=em2
HWADDR=00:26:B9:3E:F0:C0
TYPE=Ethernet
UUID=03b43dc2-6de4-4317-a13a-b339a33f8799
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=211.162.x.x
NETMASK=255.255.255.240
GATEWAY=211.162.x.x
二.更改主机名:
hostname GZ-DNS-DG02
vi /etc/sysconfig/network
三.优化:
1)关闭selinux和防火墙:
service iptables stop
chkconfig iptables off
vi /etc/selinux/config
SELINUX=disabled
2)
vi /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
===========复制以下=======================
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
:wq
sysctl -q //完成后执行
3)
vi /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
:wq
======注:开启
======
TCP:0~65535
UDP:0~65535
ulimit -n //启动配置
配置ssh安全
4)允许访问主机和拒绝访问主机:
vi /etc/hosts.allow
sshd:211.162.x.x:allow
vi /etc/hosts.deny
sshd:ALL:deny
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config //不允许空密码登录
sed -i 's/Port 22/Port 822/' /etc/ssh/sshd_config //修改ssh默认端口
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config //禁止root用户远程登录
service sshd reload
echo "export TMOUT=30" /etc/profile //不进行任何操作30秒
启动xinetd才生效:
yum -y install xinetd wget gcc
chkconfig xinetd on
service xinetd start
四、开始安装bind:
1)安装依赖包:
yum update //更新软件包
yum groupinstall "Development Tools" //安装一些依赖包
安装完重启系统:
reboot
2)编译bind软件包:
groupadd named
useradd -g named named
tar zxvf bind-9.9.8-P4.tar.gz
cd bind-9.9.8-P4
./configure --enable-threads --without-openssl --with-libtool
make && make install
3)创建配置文件目录、用户和给权限:
mkdir -p /var/named/chroot/etc
mkdir /var/named/chroot/dev
mkdir -p /var/named/chroot/var/named/data
mkdir -p /var/named/chroot/var/run
cd /var/named/chroot/etc/
touch named.conf
touch rndc.key
cd /var/named/chroot/dev
mknod null c 1 3
mknod random c 1 8
mknod zero c 1 5
chmod 666 null random
named -u named -t /var/named/chroot/ //启动named服务能看到53端口就算成功了
nestat -unl
=================================================================
dig -t NS . @8.8.8.8 > /var/named/data/named.ca //创建CA
chown root:named /var/named/chroot/etc/named.conf
chown root:named /var/named/chroot/etc/rndc.key
chown root:named /var/named/chroot/etc/
chmod 760 /var/named/chroot/etc/named.ca
chmod 760 /var/named/chroot/etc/named.conf
chmod 760 /var/named/chroot/etc/rndc.key
chmod 760 /var/named/chroot/etc/
chmod 760 /var/named/chroot/var/named/
chown root:named /var/named/chroot/var/named/data/
chown root:named /var/named/chroot/var/named/data/
chown root:named /var/named/chroot/var/named/data/
chown root:named /var/named/data/
d /var/named/chroot/
chown root:named var/named/data/127.0.0.rev
chown root:named var/named/data/localhost.zone
chown root:named var/named/data/named.ca
chmod 660 var/named/data/
chmod 660 var/named/data/*
主配置文件:================================================
cat /var/named/chroot/etc/named.conf
options {
directory "/var/named/data";
dump-file "/usr/local/named/data/cache_dump.db";
pid-file "/usr/local/named/named.pid";
statistics-file "/usr/local/named/data/named_stats.txt";
memstatistics-file "/usr/local/named/data/named_mem_stats.txt";
# forwarders { 211.162.x.x;211.162.x.x; };
forwarders { 211.162.x.x; }; #需要域名转发到那台服务器做解析
allow-query { any; };
# recursion yes;
recursive-clients 10000;
allow-query-cache { any; };
minimal-responses yes;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
# allow-update { none; };
};
zone "0.0.127.in-addr.arpa." IN {
type master;
file "127.0.0.rev";
# allow-update { none; };
};
include "/etc/rndc.key";
#bgp
#include "/var/named/data/cutv.conf";
#include "/var/named/data/baidu.conf";
区域配置文件:
cat /var/named/data/127.0.0.rev
$TTL 1d
@ IN SOA localhost. root.localhost. (
2014031301
1h
15m
1w
1d )
IN NS localhost.
1 IN PTR localhost.
cat /var/named/data/localhost.zone
$TTL 1d
@ IN SOA localhost. root (
2014031301 ;serials
1h ;refresh
15m ;retry
1w ;expire
1d ) ;ttl
IN NS localhost.
IN A 127.0.0.1
IN AAAA ::1
cat /var/named/data/named.ca
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS j.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
4)启动服务及查看监听端口:
named -u named -t /var/named/chroot/ 启动服务
netstat -unl 查看监听端口
named-checkconf -t /var/named/chroot/ //检查主配置文件 有错误会报错,正确没输出
vim /etc/sysconfig/network-scripts/ifcfg-em2
DEVICE=em2
HWADDR=00:26:B9:3E:F0:C0
TYPE=Ethernet
UUID=03b43dc2-6de4-4317-a13a-b339a33f8799
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=211.162.x.x
NETMASK=255.255.255.240
GATEWAY=211.162.x.x
二.更改主机名:
hostname GZ-DNS-DG02
vi /etc/sysconfig/network
三.优化:
1)关闭selinux和防火墙:
service iptables stop
chkconfig iptables off
vi /etc/selinux/config
SELINUX=disabled
2)
vi /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
===========复制以下=======================
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
:wq
sysctl -q //完成后执行
3)
vi /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
:wq
======注:开启
======
TCP:0~65535
UDP:0~65535
ulimit -n //启动配置
配置ssh安全
4)允许访问主机和拒绝访问主机:
vi /etc/hosts.allow
sshd:211.162.x.x:allow
vi /etc/hosts.deny
sshd:ALL:deny
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config //不允许空密码登录
sed -i 's/Port 22/Port 822/' /etc/ssh/sshd_config //修改ssh默认端口
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config //禁止root用户远程登录
service sshd reload
echo "export TMOUT=30" /etc/profile //不进行任何操作30秒
启动xinetd才生效:
yum -y install xinetd wget gcc
chkconfig xinetd on
service xinetd start
四、开始安装bind:
1)安装依赖包:
yum update //更新软件包
yum groupinstall "Development Tools" //安装一些依赖包
安装完重启系统:
reboot
2)编译bind软件包:
groupadd named
useradd -g named named
tar zxvf bind-9.9.8-P4.tar.gz
cd bind-9.9.8-P4
./configure --enable-threads --without-openssl --with-libtool
make && make install
3)创建配置文件目录、用户和给权限:
mkdir -p /var/named/chroot/etc
mkdir /var/named/chroot/dev
mkdir -p /var/named/chroot/var/named/data
mkdir -p /var/named/chroot/var/run
cd /var/named/chroot/etc/
touch named.conf
touch rndc.key
cd /var/named/chroot/dev
mknod null c 1 3
mknod random c 1 8
mknod zero c 1 5
chmod 666 null random
named -u named -t /var/named/chroot/ //启动named服务能看到53端口就算成功了
nestat -unl
=================================================================
dig -t NS . @8.8.8.8 > /var/named/data/named.ca //创建CA
chown root:named /var/named/chroot/etc/named.conf
chown root:named /var/named/chroot/etc/rndc.key
chown root:named /var/named/chroot/etc/
chmod 760 /var/named/chroot/etc/named.ca
chmod 760 /var/named/chroot/etc/named.conf
chmod 760 /var/named/chroot/etc/rndc.key
chmod 760 /var/named/chroot/etc/
chmod 760 /var/named/chroot/var/named/
chown root:named /var/named/chroot/var/named/data/
chown root:named /var/named/chroot/var/named/data/
chown root:named /var/named/chroot/var/named/data/
chown root:named /var/named/data/
d /var/named/chroot/
chown root:named var/named/data/127.0.0.rev
chown root:named var/named/data/localhost.zone
chown root:named var/named/data/named.ca
chmod 660 var/named/data/
chmod 660 var/named/data/*
主配置文件:================================================
cat /var/named/chroot/etc/named.conf
options {
directory "/var/named/data";
dump-file "/usr/local/named/data/cache_dump.db";
pid-file "/usr/local/named/named.pid";
statistics-file "/usr/local/named/data/named_stats.txt";
memstatistics-file "/usr/local/named/data/named_mem_stats.txt";
# forwarders { 211.162.x.x;211.162.x.x; };
forwarders { 211.162.x.x; }; #需要域名转发到那台服务器做解析
allow-query { any; };
# recursion yes;
recursive-clients 10000;
allow-query-cache { any; };
minimal-responses yes;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
# allow-update { none; };
};
zone "0.0.127.in-addr.arpa." IN {
type master;
file "127.0.0.rev";
# allow-update { none; };
};
include "/etc/rndc.key";
#bgp
#include "/var/named/data/cutv.conf";
#include "/var/named/data/baidu.conf";
区域配置文件:
cat /var/named/data/127.0.0.rev
$TTL 1d
@ IN SOA localhost. root.localhost. (
2014031301
1h
15m
1w
1d )
IN NS localhost.
1 IN PTR localhost.
cat /var/named/data/localhost.zone
$TTL 1d
@ IN SOA localhost. root (
2014031301 ;serials
1h ;refresh
15m ;retry
1w ;expire
1d ) ;ttl
IN NS localhost.
IN A 127.0.0.1
IN AAAA ::1
cat /var/named/data/named.ca
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS j.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
4)启动服务及查看监听端口:
named -u named -t /var/named/chroot/ 启动服务
netstat -unl 查看监听端口
named-checkconf -t /var/named/chroot/ //检查主配置文件 有错误会报错,正确没输出
扫一扫
544
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
