centos7下配置dns服务器
2015-06-03 16:48
597 查看
参考诸多资料,步骤如下:(说明:用a.com做dns解析用,解析b.com)
1、在centos上安装bind,命令yum install bind-chroot
bind -y
2、拷贝bind相关文件,准备bind chroot
环境。[root@centos7 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/*
/var/named/chroot/var/named/
3、在bind
chroot 的目录中创建相关文件
[root@centos7 ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named.run
[root@centos7 ~]# mkdir /var/named/chroot/var/named/dynamic
[root@centos7 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind
4、将
Bind 锁定文件设置为可写
[root@centos7 ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@centos7 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic
5、 将 /etc/named.conf 拷贝到 bind chroot目录
[root@centos7 ~]# cp -p /etc/named.conf /var/named/chroot/etc/named.conf
6、配置named.conf文件
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { none; }; /*防止抓取*/
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no; /*递归的开关*/
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ns.a.com" IN {
type master;
file "a.com";
};
zone "b.com" IN {
type master;
file "b.com";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-transfer {192.168.1.2;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
7、配置正向解析文件
文件放在var/named目录下,要是不行一份到/var/named/chroot/var/named/
vi
a.com
$TTL 1D
$TTL 600
@ IN SOA ns.a.com admin.a.com (
0 ;serial
1D ;refresh
1H ;retry
1w ;expire
3H ) ;minimum
@ IN NS ns
ns IN A 192.168.1.2
:wq保存退出
vi b.com$TTL 1D
$TTL 600
@ IN SOA b.com admin.b.com (
0 ;serial
1D ;refresh
1H ;retry
1w ;expire
3H ) ;minimum
@ IN NS ns.a.com.
www IN A 192.168.1.3
:wq保存退出
8、反向解析文件
vi 192.168.1.zone
$TTL
1D
$TTL
600
@ IN SOA 1.168.192.in-addr.arpa. admin.a.com. (
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H ;minimum
)
@ IN NS ns.a.com.
240 IN PTR ns.a.com.
:wq保存退出
9、开启开机启动
/usr/libexec/setup-named-chroot.sh /var/named/chroot
on
systemctl
stop named
systemctl
disable named
systemctl
start named-chroot
systemctl enable named-chroot
10、修改防火墙iptables,添加53端口
-A
INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
11、服务器的dns改成本机IP,修改/etc/resolv.conf文件
12、在文件/etc/hostname中修改服务器名字,最好对应做解析用的域名,比如ns.a.com
配置一下试试!
1、在centos上安装bind,命令yum install bind-chroot
bind -y
2、拷贝bind相关文件,准备bind chroot
环境。[root@centos7 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/*
/var/named/chroot/var/named/
3、在bind
chroot 的目录中创建相关文件
[root@centos7 ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named.run
[root@centos7 ~]# mkdir /var/named/chroot/var/named/dynamic
[root@centos7 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind
4、将
Bind 锁定文件设置为可写
[root@centos7 ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@centos7 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic
5、 将 /etc/named.conf 拷贝到 bind chroot目录
[root@centos7 ~]# cp -p /etc/named.conf /var/named/chroot/etc/named.conf
6、配置named.conf文件
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { none; }; /*防止抓取*/
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no; /*递归的开关*/
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ns.a.com" IN {
type master;
file "a.com";
};
zone "b.com" IN {
type master;
file "b.com";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-transfer {192.168.1.2;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
7、配置正向解析文件
文件放在var/named目录下,要是不行一份到/var/named/chroot/var/named/
vi
a.com
$TTL 1D
$TTL 600
@ IN SOA ns.a.com admin.a.com (
0 ;serial
1D ;refresh
1H ;retry
1w ;expire
3H ) ;minimum
@ IN NS ns
ns IN A 192.168.1.2
:wq保存退出
vi b.com$TTL 1D
$TTL 600
@ IN SOA b.com admin.b.com (
0 ;serial
1D ;refresh
1H ;retry
1w ;expire
3H ) ;minimum
@ IN NS ns.a.com.
www IN A 192.168.1.3
:wq保存退出
8、反向解析文件
vi 192.168.1.zone
$TTL
1D
$TTL
600
@ IN SOA 1.168.192.in-addr.arpa. admin.a.com. (
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H ;minimum
)
@ IN NS ns.a.com.
240 IN PTR ns.a.com.
:wq保存退出
9、开启开机启动
/usr/libexec/setup-named-chroot.sh /var/named/chroot
on
systemctl
stop named
systemctl
disable named
systemctl
start named-chroot
systemctl enable named-chroot
10、修改防火墙iptables,添加53端口
-A
INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
11、服务器的dns改成本机IP,修改/etc/resolv.conf文件
12、在文件/etc/hostname中修改服务器名字,最好对应做解析用的域名,比如ns.a.com
配置一下试试!
相关文章推荐
- Linux socket 初步
- 小心服务器内存居高不下的元凶--WebAPI服务
- 10 篇对初学者和专家都有用的 Linux 命令教程
- Linux 与 Windows 对UNICODE 的处理方式
- Ubuntu12.04下QQ完美走起啊!走起啊!有木有啊!
- 解決Linux下Android开发真机调试设备不被识别问题
- 运维入门
- 运维提升
- Linux 自检和 SystemTap
- Ubuntu Linux使用体验
- c语言实现hashmap(转载)
- Linux 信号signal处理机制
- linux下mysql添加用户
- 黑客攻破域名注册商 Web.com 安全防线,客户私密信息或被泄露
- Scientific Linux 5.5 图形安装教程
- 基于 Linux 集群环境上 GPFS 的问题诊断
- 谁是桌面王者?Win PK Linux三大镇山之宝