主DNS配置
一,安装BIND
[root@localhost ~]# yum install bind bind-chroot bind-utils
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
cdrom | 4.1 kB ::
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 :9.9.-.el7 will be installed
--> Processing Dependency: bind-libs = :9.9.-.el7 for package: :bind-9.9.-.el7.x86_64
--> Processing Dependency: libbind9.so.()(64bit) for package: :bind-9.9.-.el7.x86_64
--> Processing Dependency: libdns.so.()(64bit) for package: :bind-9.9.-.el7.x86_64
--> Processing Dependency: libisc.so.()(64bit) for package: :bind-9.9.-.el7.x86_64
--> Processing Dependency: libisccc.so.()(64bit) for package: :bind-9.9.-.el7.x86_64
--> Processing Dependency: libisccfg.so.()(64bit) for package: :bind-9.9.-.el7.x86_64
--> Processing Dependency: liblwres.so.()(64bit) for package: :bind-9.9.-.el7.x86_64
---> Package bind-chroot.x86_64 :9.9.-.el7 will be installed
---> Package bind-utils.x86_64 :9.9.-.el7 will be installed
--> Running transaction check
---> Package bind-libs.x86_64 :9.9.-.el7 will be installed
--> Finished Dependency Resolution Dependencies Resolved ==================================================================================================
Package Arch Version Repository Size
==================================================================================================
Installing:
bind x86_64 :9.9.-.el7 cdrom 1.8 M
bind-chroot x86_64 :9.9.-.el7 cdrom k
bind-utils x86_64 :9.9.-.el7 cdrom k
Installing for dependencies:
bind-libs x86_64 :9.9.-.el7 cdrom 1.0 M Transaction Summary
==================================================================================================
Install Packages (+ Dependent package) Total download size: 3.0 M
Installed size: 7.2 M
Is this ok [y/d/N]: y
Downloading packages:
--------------------------------------------------------------------------------------------------
Total MB/s | 3.0 MB ::
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : :bind-libs-9.9.-.el7.x86_64 /
Installing : :bind-9.9.-.el7.x86_64 /
Installing : :bind-chroot-9.9.-.el7.x86_64 /
Installing : :bind-utils-9.9.-.el7.x86_64 /
Verifying : :bind-9.9.-.el7.x86_64 /
Verifying : :bind-libs-9.9.-.el7.x86_64 /
Verifying : :bind-chroot-9.9.-.el7.x86_64 /
Verifying : :bind-utils-9.9.-.el7.x86_64 / Installed:
bind.x86_64 :9.9.-.el7 bind-chroot.x86_64 :9.9.-.el7
bind-utils.x86_64 :9.9.-.el7 Dependency Installed:
bind-libs.x86_64 :9.9.-.el7 Complete!
二,BIND配置
/etc/named.conf 主配置文件
/etc/named.rfc1912.zones 区域配置文件
/var/named/named.localhost 资源记录配置文件
1,编辑主配置文件
[root@localhost ~]# vim /etc/named.conf //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// options {
listen-on port { any; }; //将“127.0.0.1”改为any,可监听任何IP地址(域名服务器的IP)
listen-on-v6 port { ::; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //将“localhost”改为any,代表允许任何主机查询 /*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes; dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto; /* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; zone "." IN {
type hint;
file "named.ca";
}; include "/etc/named.rfc1912.zones"; //区域配置文件
include "/etc/named.root.key";
2,编辑区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones // named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
}; zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
}; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
}; zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
}; zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "kernel.org" IN { //"kernel.org"为域名
type master; //"master"代表主域名服务器
file "kernel.org.zone"; //"kernel.org.zone"为资源信息记录文件,在/var/named/目录下
allow-update { none; };
};
3,编辑资源信息文件
[root@localhost ~]# cp -a /var/named/named.localhost /var/named/kernel.org.zone
[root@localhost ~]# vim /var/named/kernel.org.zone $TTL 1D
@ IN SOA @ rname.invalid. ( //"@"表示域名,相当于"kernel.org"可替换成"kernel.org" "SOA"表示权威区域的开始 "rname.invalid."表示域名管理员邮箱
; serial //区域传送序列号
1D ; refresh //从服务器更新主服务器资源的时间
1H ; retry //"refresh"失败,重试的时间间隔
1W ; expire //从服务器过期时长
3H ) ; minimum //无效解析记录过期时长
NS ns.kernel.org. //域名服务器记录
ns IN A 192.168.16.20 //域名地址记录
IN MX 10 mail.kernel.org. //邮箱交换记录
www IN A 192.168.16.20 //加入一条资源信息,即"www.kernel.org"和"192.168.16.20"的对应关系
mail IN A 192.168.16.21
将DNS指向域名服务器IP地址
[root@localhost ~]# vim /etc/resolv.conf # Generated by NetworkManager
nameserver 192.168.16.20 //如果在其他客户端测试需要将其DNS地址更改为本域名服务器IP:"nameserver 192.168.16.20"
关闭SELinux、firewalld,清空防火墙
[root@localhost ~]# setenforce
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# iptables -F
三,验证DNS
在另一台客户端查询“www.kernel.org”IP地址,需要将客户端DNS改为域名服务器IP地址
[root@localhost ~]# dig www.kernel.org ; <<>> DiG 9.9.-RedHat-9.9.-.el7 <<>> www.kernel.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;www.kernel.org. IN A ;; ANSWER SECTION:
www.kernel.org. IN A 192.168.16.20 ;; AUTHORITY SECTION:
kernel.org. IN NS ns.kernel.org. ;; ADDITIONAL SECTION:
ns.kernel.org. IN A 192.168.16.20 ;; Query time: msec
;; SERVER: 192.168.16.20#(192.168.16.20)
;; WHEN: Fri Feb :: CST
;; MSG SIZE rcvd:
查询“kernel.org”域的邮件记录
[root@localhost ~]# dig -t mx kernel.org ; <<>> DiG 9.9.-RedHat-9.9.-.el7 <<>> -t mx kernel.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;kernel.org. IN MX ;; AUTHORITY SECTION:
kernel.org. IN SOA kernel.org. rname.invalid. ;; Query time: msec
;; SERVER: 192.168.16.20#(192.168.16.20)
;; WHEN: Fri Feb :: CST
;; MSG SIZE rcvd:
主DNS配置的更多相关文章
- Redhat linux DNS配置指南(SCANIP配置手册)
在oracle 11g的RAC中增加了SCAN IP,而使用 SCAN IP的一种方式就是使用DNS,这里介绍在Redhat Linux 5.4中DNS的详细配置操作在配置DNS之前修改主机名Redh ...
- 6.DNS公司PC访问外网的设置 + 主DNS服务器和辅助DNS服务器的配置
网站部署之~Windows Server | 本地部署 http://www.cnblogs.com/dunitian/p/4822808.html#iis DNS服务器部署不清楚的可以看上一篇:ht ...
- 配置域主DNS服务器
一.DNS服务器的类型 ①Primary DNS Server(Master) 一个域的主服务器保存着该域的zone配置文件,该域所有的配置.更改都是在该服务器上进行,本篇随笔要讲解的也是如何配置一个 ...
- Linux_配置主DNS服务(基础)
[RHEL8]-DNSserver:[Centos7.4]-DNSclient !!!测试环境我们首关闭防火墙和selinux(DNSserver和DNSclient都需要) [root@localh ...
- Linux 如何查看修改DNS配置
DNS服务器介绍 DNS是计算机域名系统(Domain Name System 或Domain Name Service) 的缩写,它是由域名解析器和域名服务器组成的.域名服务器是指保存有该网络中所有 ...
- DNS配置
配置永久IP: cd /etc/sysconfig/network-scripts/ 主DNS服务器配置: 由于caching-nameserver软件包提供了各种配置文件的模板,大大降低了BIND ...
- 从DNS配置
从服务器可以从主服务器上抓取指定的区域数据文件起到备份解析记录和负载均衡的作用. 主DNS服务器IP:192.168.16.20 从DNS服务器IP:192.168.16.30 1,修改主服务器区域配 ...
- 安装Oracle 11g RAC R2 之Linux DNS 配置
Oracle 11g RAC 集群中引入了SCAN(Single Client Access Name)的概念,也就是指集群的单客户端访问名称.SCAN 这个特性为客户端提供了单一的主机名,用于访问集 ...
- RedHat Linux AS4 DNS 配置
RedHat Linux AS4 DNS配置 检查当前系统中安装 DNS功能组件bind情况 [root@svr01 /]# rpm -qa|grep bind* ypbind-1.17.2 ...
随机推荐
- JAVA虚拟机垃圾回收算法原理
除了释放不再被引用的对象外,垃圾收集器还要处理堆碎块.新的对象分配了空间,不再被引用的对象被释放,所以堆内存的空闲位置介于活动的对象之间.请求分配新对象时可能不得不增大堆空间的大小,虽然可以使用的总空 ...
- SESSION和COOKIE的作用和区别,SESSION信息的存储方式,如何进行遍历?
二者的定义:当你在浏览网站的时候,WEB 服务器会先送一小小资料放在你的计算机上,Cookie 会帮你在网站上所打的文字或是一些选择,都纪录下来.当下次你再光临同一个网站,WEB 服务器会先看看有没有 ...
- HTTP调试工具扩展
★Fiddler神器之一,IE-WinNet-Fiddler-Server,能跟踪调试HTTP和HTTPS是优点也是缺点. 地址:http://www.fiddler2.com/ ★Charles,可 ...
- Change the Windows 7 Taskbar Thumbnail and List Mode
Manually in Registry Editor 1. Open the Start Menu, then type regedit in the search boxand press Ent ...
- Linux 本人常用到的基本命令
cat -n FileName //查看FileName文件的内容.-n显示对应行号. yum install SoftName //安装软件,切记使用root权限. service //查看服务.例 ...
- linux 多个python版本的切换
源码安装新的python版本,我的安装路径: /usr/self/Python3.5.2 修改软链接到你所安装的python版本中: 默认python命令是在/usr/bin/目录下 1 sudo m ...
- java并发编程_CountDownLanch(倒计数锁存器)应用场景
使用介绍: 一个同步辅助类,在完成一组正在其他线程中执行的操作之前,它允许一个或多个线程一直等待. 用给定的计数 初始化 CountDownLatch.由于调用了 countDown() 方法,所以在 ...
- 众安「尊享e生」果真牛的不可一世么?
近日,具有互联网基因的.亏损大户(成立三年基本没盈利,今年二季度末亏损近4亿,你能指望它多厉害?).财产险公司—众安推出“尊享e生”中高端医疗保险(财险公司经营中高端医疗真的很厉害?真的是中高端医疗险 ...
- Memcache的总结介绍和一些命令的总结
1.1memcached是什么? 来看一些官方的一些解释: 1 free&opensource,high-performance,distributed memory object cachi ...
- MFC坐标空间与映射模式
逻辑坐标:使用GDI绘图时使用的坐标系 设备坐标系:实际设备(显示器.打印机)的坐标系,即我们实际看到的坐标系. 坐标空间 在Windows NT/2000中Win32 API中支持以下四层坐标空间: ...