centos7搭建DNS伺服器
1. 安裝 BIND 伺服器軟體並啟動
yum -y install bind bind-utils
systemctl start named.service // 啟動服務
systemctl enable named // 設為開機啟動
1.1. 檢視named程式是否正常啟動
ps -eaf|grep named // 檢查程式
ss -nult|grep :53 // 檢查監聽埠
1.2. 開放 TCP 和 UDP 的 53 埠
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload // 重新載入防火牆配置,讓配置生效
2. DNS 服務的相關配置檔案
2.1. 修改主要檔案 /etc/named.conf
修改前先備份: cp -p /etc/named.conf /etc/named.conf.bak // 引數-p表示備份檔案與原始檔的屬性一致。
修改配置:vi /etc/named.conf , 配置內容如下:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//zone "." IN {
// type hint;
// file "named.ca";
//};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
檢查一下
named-checkconf // 檢查named.conf是否有語法問題
2.2. 配置正向解析和反向解析
2.2.1. 修改/etc/named.rfc1912.zones
新增配置: vi /etc/named.rfc1912.zones , 配置內容如下:
zone "reading.zt" IN {
type master;
file "named.reading.zt";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" {
type master;
file "named.192.168.0";
allow-update { none; };
};
2.2.2. 新增正向解析域
基於 name.localhost 模板,建立配置檔案:cp -p /var/named/named.localhost /var/named/named.reading.zt
配置正向域名解析檔案 named.reading.zt : vi /var/named/named.reading.zt ,配置內容如下:
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
mirror A 192.168.0.233
test A 192.168.0.232
說明:
http://mirror.reading.zt/ 將會解析為 http://192.168.0.233/
授權 named 使用者 chown :named /var/named/named.reading.zt
檢查區域檔案是否正確 named-checkzone “reading.zt” “/var/named/named.reading.zt”
2.2.3. 新增反向解析域
基於 name.localhost 模板,建立配置檔案: cp -p /var/named/named.localhost /var/named/named.192.168.0
配置反向域名解析檔案 named.192.168.0 : vi /var/named/named.192.168.0
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
233 PTR mirror.reading.zt
232 PTR test.reading.zt
授權 named 使用者 chown :named /var/named/named.192.168.0
檢查區域檔案是否正確 named-checkzone “0.168.192.in-addr.arpa” “/var/named/named.192.168.0” ,如圖:
2.2.4. 重啟 named 服務,讓配置生效
重啟 named 服務,讓配置生效 systemctl restart named
3. 使用nslookup測試
nslookup test.reading.zt
nslookup 192.168.0.232
相關文章
- dns劫持伺服器搭建、DNS劫持原理與操作DNS伺服器
- Centos7搭建NFS伺服器CentOSNFS伺服器
- 使用Dnsmasq搭建本地dns伺服器上網DNS伺服器
- k8s之DNS伺服器搭建K8SDNS伺服器
- centos7 NFS伺服器搭建記錄CentOSNFS伺服器
- Centos7下搭建FTP檔案伺服器CentOSFTP伺服器
- windows2003伺服器搭建DNS伺服器配置圖解教程Windows伺服器DNS圖解
- centos7使用samba搭建檔案共享伺服器CentOSSamba伺服器
- CentOS7使用NTP搭建時間同步伺服器CentOS伺服器
- CentOS7環境搭建L2TP伺服器。CentOS伺服器
- dns伺服器DNS伺服器
- Centos7系統配置DNS服務CentOSDNS
- Cobalt Strike 之團隊伺服器的搭建與DNS通訊演示伺服器DNS
- DNS域名伺服器DNS伺服器
- DNS/DHCP 伺服器DNS伺服器
- centos7 wiki搭建CentOS
- Linux centos7上gitlab伺服器的搭建,本地配置和使用LinuxCentOSGitlab伺服器
- RHE5伺服器中搭建DNS伺服器的方法步驟說明[圖文]伺服器DNS
- DNS解析常見問題:什麼是主DNS伺服器和輔助DNS伺服器?DNS伺服器
- DNS軟體bind-實現DNS伺服器DNS伺服器
- 公共DNS伺服器整理DNS伺服器
- DNS伺服器介紹DNS伺服器
- 配置Ubuntu DNS伺服器UbuntuDNS伺服器
- CentOS7下搭建JumpServerCentOSServer
- DNS伺服器是什麼?DNS伺服器的主要型別都有哪些?DNS伺服器型別
- 恆訊科技分析:DNS伺服器和DNS伺服器地址是什麼?DNS伺服器
- 國內DNS最快的伺服器 解析最快的dnsDNS伺服器
- 如何修改域名DNS伺服器?修改DNS伺服器常見問題彙總DNS伺服器
- Linux之DNS伺服器實戰:部署本地正解反解DNS伺服器,部署主從伺服器,DNS_View檢視實驗LinuxDNS伺服器View
- DNS 伺服器的型別DNS伺服器型別
- 企業DNS伺服器部署DNS伺服器
- CentOS7搭建Fabric-1.2CentOS
- centos7搭建redis叢集CentOSRedis
- 使用 Vagrant 快速搭建 CentOS7CentOS
- CentOS7 搭建 Redis 叢集CentOSRedis
- centos7搭建基礎dockerCentOSDocker
- centos7搭建dolphinscheduler叢集CentOS
- DNS伺服器保護方法:幾點保護DNS伺服器的有效方法小結DNS伺服器