概述
安装配置DNS
一、安装dns
配置本地yum源 安装dns服务 yum -y install bind bind-utils -y
主配置文件是/etc/named.conf
区域文件是/etc/named.named.rfc1912.zoes
正向解析反向解析在/var/named
二、配置解析
主配置文件
options {
listen-on port 53 { 192.168.10.102; }; //设置named服务器监听端口及IP地址
listen-on-v6 port 53 { ::1; };
directory "/var/named"; //设置区域数据库文件的默认存放地址
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; }; //允许DNS查询客户端
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes; //设置允许递归查询
include "/etc/named.rfc1912.zones";
};
区域配置文件/etc/named.rfc1912.zones
zone "." IN { //定义了根域
type hint; //定义服务器类型为hint
file "named.ca"; //定义根域的配置文件名
};
zone "localdomain" IN { //定义正向DNS区域
type master; //定义区域类型
file "localdomain.zone"; //设置对应的正向区域地址数据库文件
allow-update { none; }; //设置允许动态更新的客户端地址(none为禁止)
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN { //设置反向DNS区域
type master;
file "named.local";
allow-update { none; };
};
根域配置文件named.ca
根域配置文件设定根域的域名数据库,包括根域中13台DNS服务器的信息。几乎所有系统的这个文件都是一样的,用户不需要进行修改。
正向域名解析数据库文件
$TTL 600
@ IN SOA dns.cwlinux.com dnsadmin.cwlinux.com. (//SOA字段
2015031288 //版本号 同步一次 +1
1H //更新时间
2M // 更新失败,重试更新时间
2D // 更新失败多长时间后此DNS失效时间
1D //解析不到请求不予回复时间
)
IN NS dns //有两域名服务器
IN NS ns2
IN MX 10 mial // 定义邮件服务器,10指优先级 0-99 数字越小优先级越高
ns2 IN A 192.168.1.113 //ns2域名服务器的ip地址
dns IN A 192.168.1.10 //dns域名服务器的ip地址
mail IN A 192.168.1.111 //邮件服务器的ip地址
www IN A 192.168.1.112 //www.cwlinux.com的ip地址
pop IN CNAME mail //pop的正式名字是mail
ftp IN CNAME www //ftp的正式名字是www
反向域名解析数据库文件
$TTL 600
@ IN SOA dns.cwlinux.com. dnsadmin.cwlinux.com. (
2014031224
1H
2M
2D
1D
)
IN NS dns.cwlinux.com.
10 IN PTR dns.cwlinux.com. //反向解析PTR格式
111 IN PTR mail.cwlinux.com.
112 IN PTR www.cwlinux.com.
// 声明域的时候已经有了,192.168.1 所以我们只需要输入10既代表192.168.1.10jc
实验
一、配置IP:192.168.10.102
修改/etc/named.conf vim /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; }; #设置named服务器监听端口及IP地址 为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; #允许DNS查询客户端
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#修改/etc/named.rfc1912.zones
#定义正反向区域
zone "skills.com" IN {
type master;
file "skills.com.zone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "192.168.10.arpa";
allow-update { none; };
};
#增加正反向解析数据库文件
cd /var/named/
cp -p named.localhost skills.com.zone
cp -p named.loopback 192.168.10.arpa
#修改正反向数据库文件
#skills.com.zone 正向解析
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
dns A 192.168.10.102
abc A 192.168.10.103
bcd A 192.168.10.104
#192.168.10.arpa 反向解析
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
102 PTR dns.skills.com.
103 PTR abc.skills.com.
104 PTR bcd.skills.com.
重新启动dns systemctl restart named
#nslookup 测试 (本机DNS设置为本机IP自测)
#正向测试
nslookup
> dns.skills.com
Server: 192.168.10.102
Address: 192.168.10.102#53
Name: dns.skills.com
Address: 192.168.10.102
> abc.skills.com
Server: 192.168.10.102
Address: 192.168.10.102#53
Name: abc.skills.com
Address: 192.168.10.103
> bcd.skills.com
Server: 192.168.10.102
Address: 192.168.10.102#53
Name: bcd.skills.com
Address: 192.168.10.104
>
#反向测试
nslookup
> 192.168.10.102
102.10.168.192.in-addr.arpa name = dns.skills.com.
> 192.168.10.103
103.10.168.192.in-addr.arpa name = abc.skills.com.
> 192.168.10.104
104.10.168.192.in-addr.arpa name = bcd.skills.com.
>
最后
以上就是冷傲手链为你收集整理的centos8 安装解析dns 简易实验的全部内容,希望文章能够帮你解决centos8 安装解析dns 简易实验所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复