当前位置:网站首页>配置dns服务
配置dns服务
2022-08-11 05:33:00 【weixin_45512368】
文章目录
配置dns服务。
1、 在两台master,slave服务器上,分别安装
yum install -y bind bind-chroot bind-libs bind-utils
2、 修改master的allow-transfer和zone部分。修改
slave的zone部分分别拷贝到/etc/named.conf。
Master.conf配置文件
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
any; };
listen-on-v6 port 53 {
any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {
any; }; allow-transfer {
192.168.152.xx(主ip); };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.
- - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface
*/
recursion no;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};
zone "域名" IN {
type master;
file "/var/named/named.(你所写的文件名称)";
allow-transfer {
192.168.xx.xx(ip地址); };
};
zone "XX.168.192(网址前三段倒着写).in-addr.arpa" IN {
type master;
file "/var/named/named.ip段";
allow-transfer {
192.168.162.129; };
};
logging {
channel default_debug {
file "data/named.run"; severity dynamic; };};zone "." IN {
type hint; file "named.ca";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
Slave.conf的配置文件
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
any; };
listen-on-v6 port 53 {
any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {
any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.
- - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface
- */
- recursion no;
- dnssec-enable yes;
- dnssec-validation yes;
- /* Path to ISC DLV key
- */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
zone "域名" IN {
type slave;
file "/var/named/named.域名";
masters {
192.168.152.xx; };
};
zone "152.168.192.in-addr.arpa" IN {
type slave;
file "/var/named/named.192.168.152"; masters {
192.168.152.xx; };
};
logging {
channel default_debug {
file "data/named.run"; severity dynamic; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
3、 到 /var/named 配置正解文件named.域名 和反解文件ip,注意正解文件把yum 和time主, time从写进去。
Ip解析
$TTL 600
@ IN SOA master.域名 root.mail.域名 ( 2016110303 3H 15M 1W 1D )
@ IN NS master.域名
@ IN NS slave.域名
129 IN PTR master.域名
131 IN PTR slave.域名
#其中129为ip最后几位
域名解析
$ORIGIN 域名
$TTL 600@ IN SOA master.域名 root.mail.域名 ( 2016110303 3H 15M 1W 1D )
@ IN NS master.域名
@ IN NS slave.域名
master.域名 IN A 192.168.152.129
slave.域名 IN A 192.168.152.131
aaa IN CNAME master.域名
bbb IN CNAME slave.域名
4、 配置完后检查配置文件看是否有语法错误:
a) named.conf: named-checkconf /etc/named.conf
b) zone文件:
i. named-checkzone 域名 /var/named/named.域名
ii. named-checkzone IP /var/named/named.IP
检查完更正语法错误。
注意文件的属主属组named
5、 启动named服务。主备服务器都启动:
systemctl enable named
systemctl start named
6、 检查dns是否正常:
cat << EOF > /etc/resolv.conf
search 域名
nameserver $dns1
nameserver $dns2
EOF
主从一致
配置hosts文件
添加
Ip 主机名.域名
Ip 主机名.域名
然后nslookup 主机名看看是否能正常解析。nslookup ip 看是否能反解。
dns master 的服务器正常后, 把/etc/resolv.conf的nameserver 改成$dns2的地址。看 dns slave是否解析正常。
调试到都正常为止。
边栏推荐
- What should I do if I forget the user password in MySQL?
- SECURITY DAY02 (Zabbix alarm mechanism, Zabbix advanced operation and monitoring case)
- 本地yum源搭建
- Sturges规则
- Record a Makefile just written
- ETCD容器化搭建集群
- deepin v20.6+cuda+cudnn+anaconda(miniconda)
- AUTOMATION DAY06( Ansible进阶 、 Ansible Role)
- 消息中间件
- SECURITY DAY05(Kali系统 、 扫描与抓包 、 SSH基本防护、服务安全 )
猜你喜欢
pytorch下tensorboard可视化深坑
web网络安全笔记
mysql数据库安装教程(超级超级详细)
(1) Software testing theory (0 basic understanding of basic knowledge)
View the library ldd that the executable depends on
MoreFileRename批量文件改名工具
MySQl进阶之索引结构
ETCD cluster fault emergency recovery - local data is available
CLUSTER DAY03 (Ceph overview, the deployment of Ceph CLUSTER, Ceph block storage)
文本三剑客——awk 截取+过滤+统计
随机推荐
VMware workstation 16 安装与配置
日志收集分析器(ELK)
文本三剑客——grep过滤
CLUSTER DAY03( Ceph概述 、 部署Ceph集群 、 Ceph块存储)
Threatless Technology-TVD Daily Vulnerability Intelligence-2022-8-3
无胁科技-TVD每日漏洞情报-2022-7-25
cloudreve使用体验
无胁科技-TVD每日漏洞情报-2022-7-22
升级到Window11体验
查看CPU和其他硬件温度的软件
What should I do if I forget the user password in MySQL?
查看可执行文件依赖的库ldd
内存调试工具Electric Fence
CLUSTER DAY01(集群及LVS简介 、 LVS-NAT集群 、 LVS-DR集群)
无胁科技-TVD每日漏洞情报-2022-7-20
buildroot setup dhcp
China Mobile Communications Group Co., Ltd.: Business Power of Attorney
AUTOMATION DAY06 (Ansible Advanced, Ansible Role)
项目笔记——随记
SECURITY DAY03 (one-click deployment of zabbix)