检查是否报错的命令
named-checkzone mayun.com var/named/mayun.com.zone.wan
named-checkzone mayun.com var/named/mayun.com.zone.lan
反向解析步骤
[root@localhost ~]# vim /etc/named.conf 进入主配置文件两个地方改为any
[root@localhost ~]# vim /etc/named.rfc1912.zones 进入区域配置文件配置正向和反向(正向省略)
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "253.168.192.in-addr.arpa" IN { 地址反写并且省略第四节地址
type master;
file "ky11.com.zone"; 定义数据改为ky11.com.zone
allow-update { none; };
};
[root@localhost ~]# cd /var/named
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost ky11.com.zone 复制到ky11.com.zone里面
[root@localhost named]# vim ky11.com.zone
$TTL 1D
@ IN SOA @ admin.ky11.com. ( 设置一个邮箱
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.253.100
www A 192.168.253.100
100 PTR www.ky11.com.
~
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone ky11.com /var/named/ky11.com.zone
zone ky11.com/IN: loaded serial 0
OK
[root@localhost named]# systemctl start named
[root@localhost named]# netstat -anpu | grep named 查看进程
udp 0 0 192.168.122.1:53 0.0.0.0:* 85710/named
udp 0 0 192.168.253.100:53 0.0.0.0:* 85710/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 85710/named
udp6 0 0 ::1:53 :::* 85710/named
进入win10客户机配置
缓存解析步骤
使用另一台centos作为缓存服务器(cen1换成153.100 cen2换成153.200)
下载bind软件包
[root@localhost ~]# vim /etc/named.conf
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
directory "/var/named";
forwarders { 192.168.153.100; };
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
~ (其他内容全部删除)
~
-- 插入 -- 9,30 底端
[root@localhost ~]# systemctl start named
主从解析
在从上面配置
在主上面配置
分离解析
[root@localhost network-scripts]# systemctl start httpd
[root@localhost network-scripts]# netstat -antp | grep 80
vim /var/www/html/index.html
curl 127.0.0.1
vim /etc/named.conf
vim /etc/named.rfc1912.zones
vim /etc/named.conf 文件中
named-checkconf 无报错即为正确
cd /var/named
cp -p named.localhost mayun.com.zone.lan
cp -p named.localhost mayun.com.zone.wan
复制两个,并起名lan, wan
vim mayun.com.zone.lan
vim mayun.com.zone.wan