Cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
Building a DNS server with BIND
1.BIND Server Installation
Yum Install bind*-y
2. Modify the configuration
Vim/etc/named.conf
Named.confProvided by Red Hat bind Configure the ISC bind named (8)DNSServer as a caching only nameserver (as a localhost DNS resolver only).////see/usr/share/doc/bind*/sample/ forExample named configurationFiles.//Options {listen- onPort 53 {192.168.124.129; };listen- on-v6 Port 53 {::1;};Directory "/var/named";Dump-file"/var/named/data/cache_dump.db";Statistics-file"/var/named/data/named_stats.txt";Memstatistics-file"/var/named/data/named_mem_stats.txt";allow-query {localhost; }; /* - IfYou is building an authoritative DNS server, Do notEnable recursion. - IfYou are building a RECURSIVE (caching) DNS server,You need to enable recursion. - IfYour recursive DNS server has a public IP address,You must enable access control to the limit queries to your legitimate users. Failing to DoSo would cause your server to become part of the large scale DNS amplification attacks.implementing BCP38 within your network would greatly reduce such attack surface */recursion Yes;dnssec-enable Yes;dnssec-validation Yes;dnssec-lookaside Auto; /*PathTo ISC DLV key */Bindkeys-file"/etc/named.iscdlv.key";managed-Keys-directory "/var/named/dynamic";Pid-file"/run/named/named.pid";Session-keyfile"/run/named/session.key";};Logging {Channel Default_debug {file"Data/named.run";severity Dynamic; };};Zone"."In {typeHintfile"Named.ca";};zone "nginxtest.com" in {type Master; File "Nginxtest.com.zone"; };include"/etc/named.rfc1912.zones";include"/etc/named.root.key";
CP /var/named/named.localhost/var/named//var/named/nginxtest.com.zone
3. Establishing a forward zone file
$TTL 1d@ In SOA nginxtest.cn rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H) ; minimum NS @@ a 192.168. 124.130www A 192.168. 124.130Mail A 192.168. 124.130
4. Create a reverse zone file
5. Modify Permissions
chmod 777 /var/named/nginxtest.com.zone
6. Test the named.conf master configuration file
7. Test the zone file
8. Configure the DNS client configuration file
Vim/etc/resolv.conf
192.168. 124.129 192.168. 124.2
9. Start the DNS server
Systemctl daemon-Reload systemctl start namedsystemctl status named
10. Test the DNS server
Primary test methods for DNS servers
More comprehensive testing of DNS servers using specialized tools such as Nslookup, Dig, and host
The nslookup command is installed by default on both Linux and Windows systems, and is a more commonly used test tool
Enter the nslookup command Exchange environment
nslookup> Server192.168.124.129test the forward parsing of localhost host domain name>the reverse parsing of localhost testing localhost host domain name>127.0.0.1testing Domain name resolution in the Internet>www.nginxtest.com testing a record in the nginxtest.com domain>mail.nginxtest.comtest the CNAME record in the nginxtest.com domain>www.nginxtest.com Test NS Records in the nginxtest.com domain> Set type=NS (set the domain name query type NS that is the domain name record)>nginxtest.com Testing MX records in the nginxtest.com domain> Set type=MX (set the domain name query type to MX as mail exchange record)>nginxtest.com setting test for a record> Set type=A (Set the domain name query type to be a, address record)>mail.nginxtest.com
To test if DNS resolution was successful
Host Www.nginxtest.com
192.168. 124.130
Configure nginx.conf
Linux Domain Name server configuration