当前位置:网站首页>配置dns服务
配置dns服务
2022-08-11 05:33:00 【weixin_45512368】
文章目录
配置dns服务。
1、 在两台master,slave服务器上,分别安装
yum install -y bind bind-chroot bind-libs bind-utils
2、 修改master的allow-transfer和zone部分。修改
slave的zone部分分别拷贝到/etc/named.conf。
Master.conf配置文件
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
any; };
listen-on-v6 port 53 {
any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {
any; }; allow-transfer {
192.168.152.xx(主ip); };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.
- - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface
*/
recursion no;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};
zone "域名" IN {
type master;
file "/var/named/named.(你所写的文件名称)";
allow-transfer {
192.168.xx.xx(ip地址); };
};
zone "XX.168.192(网址前三段倒着写).in-addr.arpa" IN {
type master;
file "/var/named/named.ip段";
allow-transfer {
192.168.162.129; };
};
logging {
channel default_debug {
file "data/named.run"; severity dynamic; };};zone "." IN {
type hint; file "named.ca";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
Slave.conf的配置文件
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
any; };
listen-on-v6 port 53 {
any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {
any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.
- - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface
- */
- recursion no;
- dnssec-enable yes;
- dnssec-validation yes;
- /* Path to ISC DLV key
- */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
zone "域名" IN {
type slave;
file "/var/named/named.域名";
masters {
192.168.152.xx; };
};
zone "152.168.192.in-addr.arpa" IN {
type slave;
file "/var/named/named.192.168.152"; masters {
192.168.152.xx; };
};
logging {
channel default_debug {
file "data/named.run"; severity dynamic; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
3、 到 /var/named 配置正解文件named.域名 和反解文件ip,注意正解文件把yum 和time主, time从写进去。
Ip解析
$TTL 600
@ IN SOA master.域名 root.mail.域名 ( 2016110303 3H 15M 1W 1D )
@ IN NS master.域名
@ IN NS slave.域名
129 IN PTR master.域名
131 IN PTR slave.域名
#其中129为ip最后几位
域名解析
$ORIGIN 域名
$TTL 600@ IN SOA master.域名 root.mail.域名 ( 2016110303 3H 15M 1W 1D )
@ IN NS master.域名
@ IN NS slave.域名
master.域名 IN A 192.168.152.129
slave.域名 IN A 192.168.152.131
aaa IN CNAME master.域名
bbb IN CNAME slave.域名
4、 配置完后检查配置文件看是否有语法错误:
a) named.conf: named-checkconf /etc/named.conf
b) zone文件:
i. named-checkzone 域名 /var/named/named.域名
ii. named-checkzone IP /var/named/named.IP
检查完更正语法错误。
注意文件的属主属组named
5、 启动named服务。主备服务器都启动:
systemctl enable named
systemctl start named
6、 检查dns是否正常:
cat << EOF > /etc/resolv.conf
search 域名
nameserver $dns1
nameserver $dns2
EOF
主从一致
配置hosts文件
添加
Ip 主机名.域名
Ip 主机名.域名
然后nslookup 主机名看看是否能正常解析。nslookup ip 看是否能反解。
dns master 的服务器正常后, 把/etc/resolv.conf的nameserver 改成$dns2的地址。看 dns slave是否解析正常。
调试到都正常为止。
边栏推荐
猜你喜欢
随机推荐
解决8080端口被占用问题
Sturges规则
buildroot setup dhcp
文本三剑客——grep过滤
(二)软件测试理论(*重点用例方法编写)
无胁科技-TVD每日漏洞情报-2022-7-28
MoreFileRename批量文件改名工具
deepin v20.6+cuda+cudnn+anaconda(miniconda)
智能合约 ——— app评分合约
AUTOMATION DAY07 (Ansible Vault, ordinary users use ansible)
解决win10安装portal v13/v15要求反复重启问题。
Threatless Technology-TVD Daily Vulnerability Intelligence-2022-7-18
Solve win10 installed portal v13 / v15 asked repeatedly to restart problem.
无胁科技-TVD每日漏洞情报-2022-7-21
ETCD集群故障应急恢复-本地数据可用
【LeetCode】2034. 股票价格波动(思路+题解)双map
无胁科技-TVD每日漏洞情报-2022-7-31
vulnhub靶机--6Day_Lab-v1.0.1
日志收集分析器(ELK)
CLUSTER DAY02 (Keepalived Hot Standby, Keepalived+LVS, HAProxy Server)