【Linux】【Services】【DNS】使用Bind搭建DNS服务
1. 简介
1.1. 实现的功能:DNS解析以及智能转发
1.2. 官方文档:
1.3. 基础概念:http://www.cnblogs.com/demonzk/p/6494968.html
2. 环境:
2.1. OS:Red Hat Enterprise Linux Server release 7.4 (Maipo)
2.2. Kernel:3.10.0-693.el7.x86_64
2.3. Bind:9.9.4-51.el7_4.1
3. 安装:
3.1. 操作系统:(略)
3.2. 配置yum:(略)
3.2. 安装bind
yum install bind
3.3. 在主节点172.16.0.81上修改配置文件/etc/named.conf,监听端口打开,不必要的选项注释掉或者写no
options {
listen-on port 53 { 172.16.0.81; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "/var/log/named/default.log";
severity dynamic;
};
channel query_logs {
file "/var/log/named/bind.log";
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "hccos.cn" IN {
type master;
file "hccos.cn.zone";
allow-transfer { 172.16.0.82; };
notify yes;
also-notify { 172.16.0.82; };
};
zone "0.16.172.in-addr.arpa" IN {
type master;
file "0.16.172.in-addr.arpa.zone";
allow-transfer { 172.16.0.82; };
notify yes;
also-notify { 172.16.0.82; };
};
在主节点上配置正向解析文件/var/named/hccos.cn.zone
$TTL 3600
$ORIGIN hccos.cn.
@ IN SOA hctjosinfra01.hccos.cn. hctjosinfra01.hccos.cn. (
2018010301 ; serial
2H ; refresh
10M ; retry
1W ; expire
1D ; negative answer ttl
)
;ns server
IN NS hctjosinfra01
IN NS hctjosinfra02
;docker+k8s
hctjosinfra01 IN A 172.16.0.81
hctjosinfra02 IN A 172.16.0.82
hctjosetcd01 IN A 172.16.0.83
hctjosetcd02 IN A 172.16.0.84
hctjosetcd03 IN A 172.16.0.85
hctjcephmon01 IN A 172.16.0.86
hctjcephmon02 IN A 172.16.0.87
hctjcephmon03 IN A 172.16.0.88
hctjcephadm01 IN A 172.16.0.89
hctjosk8smaster01 IN A 172.16.0.90
hctjosk8sslave01 IN A 172.16.0.91
hctjosk8sslave02 IN A 172.16.0.92
hctjcephblock01 IN A 172.16.0.93
hctjcephblock02 IN A 172.16.0.94
hctjosk8snode01 IN A 172.16.0.95
hctjosk8snode02 IN A 172.16.0.96
hctjosk8snode03 IN A 172.16.0.97
hctjosk8snode04 IN A 172.16.0.98
;openstack
hctjosmysql01 IN A 172.16.0.25
hctjosmysql02 IN A 172.16.0.26
hctjosmysql03 IN A 172.16.0.27
hctjoscache01 IN A 172.16.0.45
hctjoscache02 IN A 172.16.0.46
hctjoscache03 IN A 172.16.0.47
hctjosdr01 IN A 172.16.0.48
hctjosdr02 IN A 172.16.0.49
在主节点上配置反向解析文件/var/named/0.16.172.in-addr.arpa.zone
$TTL 3600
$ORIGIN 0.16.172.in-addr.arpa.
@ IN SOA hctjosinfra01.hccos.cn. hctjosinfra01.hccos.cn. (
20180103
1H
10M
3D
12H
)
IN NS hctjosinfra01.hccos.cn.
IN NS hctjosinfra02.hccos.cn.
;docker+k8s
81 IN PTR hctjosinfra01.hccos.cn.
82 IN PTR hctjosinfra02.hccos.cn.
83 IN PTR hctjosetcd01.hccos.cn.
84 IN PTR hctjosetcd02.hccos.cn.
85 IN PTR hctjosetcd03.hccos.cn.
86 IN PTR hctjcephmon01.hccos.cn.
87 IN PTR hctjcephmon02.hccos.cn.
88 IN PTR hctjcephmon03.hccos.cn.
89 IN PTR hctjcephadm01.hccos.cn.
90 IN PTR hctjosk8smaster01.hccos.cn.
91 IN PTR hctjosk8sslave01.hccos.cn.
92 IN PTR hctjosk8sslave02.hccos.cn.
93 IN PTR hctjcephblock01.hccos.cn.
94 IN PTR hctjcephblock02.hccos.cn.
95 IN PTR hctjosk8snode01.hccos.cn.
96 IN PTR hctjosk8snode02.hccos.cn.
97 IN PTR hctjosk8snode03.hccos.cn.
98 IN PTR hctjosk8snode04.hccos.cn.
;openstack
25 IN PTR hctjosmysql01.hccos.cn.
26 IN PTR hctjosmysql02.hccos.cn.
27 IN PTR hctjosmysql03.hccos.cn.
45 IN PTR hctjoscache01.hccos.cn.
46 IN PTR hctjoscache02.hccos.cn.
47 IN PTR hctjoscache03.hccos.cn.
48 IN PTR hctjosdr01.hccos.cn.
49 IN PTR hctjosdr02.hccos.cn.
3.4. 在slave节点上配置/etc/named.conf
options {
listen-on port 53 { 172.16.0.82; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "/var/log/named/default.log";
severity dynamic;
};
channel query_logs {
file "/var/log/named/bind.log";
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "hccos.cn" IN {
type slave;
file "slaves/hccos.cn.zone";
masters { 172.16.0.81; };
};
zone "0.16.172.in-addr.arpa" IN {
type slave;
file "slaves/0.16.172.in-addr.arpa.zone";
masters { 172.16.0.81; };
};
【Linux】【Services】【DNS】使用Bind搭建DNS服务的更多相关文章
- centos DNS服务搭建 DNS原理 使用bind搭建DNS服务器 配置DNS转发 配置主从 安装dig工具 DHCP dhclient 各种域名解析记录 mydns DNS动态更新 第三十节课
centos DNS服务搭建 DNS原理 使用bind搭建DNS服务器 配置DNS转发 配置主从 安装dig工具 DHCP dhclient 各种域名解析记录 mydns DNS动态更 ...
- 使用Bind搭建DNS服务
DNS域名解析服务(Domain Name System)是用于解析域名与IP地址对应关系的服务,功能上可以实现正向解析与反向解析: 正向解析:根据主机名(域名)查找对应的IP地址. 反向解析:根据I ...
- Bind搭建DNS服务
DNS域名解析服务(Domain Name System)是用于解析域名与IP地址对应关系的服务,功能上可以实现正向解析与反向解析: 正向解析:根据主机名(域名)查找对应的IP地址. 反向解析:根据I ...
- 利用bind搭建dns
下载bind,我下载的是bind-9.3.1rc1.tar.gz 我下载的文件放在/root目录下 进入目录解压缩 [root@linux root]#tar xfz bind-9.3.1rc1.ta ...
- 基于bind搭建DNS主从
使用bind的主从复制功能可以实现的功能:提供冗余,避免单点故障:均衡负载查询需求,从而提高系统可用性. 一.安装 #bind-chroot 负责DNS安全作用,将bind进程严格限制在特定的目录中 ...
- Linux搭建基于BIND的DNS服务器
Linux搭建基于BIND的DNS服务器 实验目标: 通过本实验掌握基于Linux的DNS服务器搭建. 实验步骤: 1.安装BIND 2.防火墙放通DNS服务 3.编辑BIND的主配置文件 4.编 ...
- 使用BIND搭建内部DNS服务
...
- 【Linux】【Services】【DNS】bind基础
1. 概念 1.1. DNS: Domain Name Service, 应用层协议,占用53/udp, 53/tcp 1.2. tld(顶级域):Top Level Domain 组织域:.com, ...
- 《搭建DNS负载均衡服务》RHEL6
搭建DNS负载均衡环境: 1.至少三台的linux虚拟机,一台主的DNS服务器,1台副的(可以N台),1台测试机. 负载均衡有很多种,apache那样的是为了缓解人们访问网站时给服务器造成太大的压力, ...
随机推荐
- 二.什么是Promise
二.什么是Promise 1.理解 2.promise 的状态改变 3.promise的基本流程 4.promise的基本使用 1.理解 抽象表达: Promise 是JS 中进行异步编程的新的解决方 ...
- 学习JS的第三天
一.逻辑分支(续) 1.三目运算符:条件运算符 a>b?c:d;表达式1?表达式2:表达式3; 根据表达式1执行的结果,来决定执行表达式2还是表达式3 表达式1结果是true执行表达式2,最终返 ...
- Python布尔值
在学到Python数据类型时,发现与大多数语言没什么区别 布尔值可以用 and or not 来运算 and运算是与运算,所有条件都符合才为true >>> True and Tru ...
- 分享一下Eclipse中节省时间的技巧吧
[初级技巧] ★★ 鼠标放在一个类名上面,会显示Javadoc.也可以通过屏幕下方的Javadoc面板来查看(你可以把它看成是MSDN的Java版). ★ 每个函数的第一行,左边有个圆圈,单击这个圆圈 ...
- [noi239]count
将每一个ai表示为$ai=ki\cdot m+ri$,即满足$m\sum ki+\sum ri=n$且$0<ri<m$枚举$S=\sum ri$(S范围是$k\le S\le k(m-1) ...
- [atAGC106F]Figures
考虑purfer序列,若生成树的pufer序列为$p_{i}$,则答案为$(\prod_{i=1}^{n}a_{i})\sum_{p}\prod_{i=1}^{n}\frac{(a_{i}-1)!}{ ...
- [loj3180]天桥
考虑将所有交点作为关键点来建图跑最短路,但图上的关键点数量最坏为$o(nm)$,需要优化 当$s=0$且$g=n-1$的部分分,有以下结论: 1.对于一段天桥$([l,r],y)$,不会从$(r,y) ...
- Apache ShardingSphere 5.0.0 内核优化及升级指南
经过近两年时间的优化和打磨,Apache ShardingSphere 5.0.0 GA 版终于在本月正式发布,相比于 4.1.1 GA 版,5.0.0 GA 版在内核层面进行了大量的优化.首先,基于 ...
- layui的入门使用
1.如果使用单独的layui插件的话需要先引入jquery的插件,官方建议1.8+的版本. 2.引入后就能根据规则正常使用了.
- 初识XSS攻击
初识XSS攻击 本文参考于<白帽子讲Web安全>第3章跨站脚本攻击(XSS),该书出版于2014年,因而现在可能存在一些新场景或新技术而未被提及,但本文对学习和了解XSS攻击仍具有重要价值 ...