Apply for a mageeu.com domain IP network segment on the Internet for 172.16.100.0/24 Class C network
NS Server: 172.16.100.1
www server 172.16.100.1 172.16.100.3
Mail server mail 172.16.100.2
ftp: On www host, is the alias of WWW server
Download the www.isc.org bind package here
The DHCP server is also maintained by ISC
Installation:
DNS: Common bind in Linux configuration
Download the www.isc.org bind package here
Uninstall low version: Rpm-e bind-libs bind-utils
Yum Install bind97 97lib 97utils
###############################################
BIND97: Master configuration file
/etc/named.conf
Primarily used to define the working properties of the bind process
Definition of a region
########################################
Remote Control key file for remote operation of DNS server
/etc/rndc.key key File
/etc/rndc.conf configuration file you can work with one
########################################
Zone data files: Check here to convert the hostname to IP
/var/named
########################################
Start:
A service control script will also be available after the installation is complete:
/etc/rc.d/init.d/named can be used to
{Start|stop|restart|status|reload}
#########################################
Bind binary Program: named
#########################################
Configuration file for named:
etc/named.conf
Etc/rdnc.key
Sbin/named
var/named/
#########################################
Bind-chroot: This is a RPM package
By default, bind runs under the real root, and once someone has hijacked the DNS server, it has the permissions of the named process.
So we can use this to implement a configuration file that puts named under Var and provides it with the required
Var/named/chroot
etc/named.conf
Etc/rdnc.key
Sbin/named
Var/named
The implementation of even if the DNS server is compromised, also does not affect the normal operation of the server, the loss is minimized, the novice does not have to install packages
#########################################################################################
caching-nameserver: Enables our servers to become a cache DNS server at once
In general, it is first configured as a cache server--the primary DNS server--from the DNS server
####################################################################
RPM-QL Bind97 View the files that were installed
BIND97 installed by default caching ....
###########################################################################################
******************************************************************************************
Formally start configuring DNS servers manually!!!!
/usr/sbin/named-checkconf View the configuration file
/usr/sbin/named-checkzone See if there is a syntax error in the zone file
*****************************************************
We only need to provide
Master configuration file:/etc/named.conf
Zone data file:/var/named/....
1, named.ca: Save 13 root node address, this file can be generated manually.
Manual generation Method: Dig-t NS. Querying the root domain
Just change your DNS server to the first row of servers
vim/etc/resolv.conf nameserver 172.16.0.1
2, Named.localhost: specifically to interpret localhost as 127.0.0.1
3, Named.loopback: specifically to interpret 127.0.0.1 as localhost
*****************************************************
Start up named: 32.37
#############################################################
vim/etc/named.conf editing the configuration corpus of bind that
#########################################
NETSTAT-TUNLP View
DNS: Listening protocols and ports
53/udp
53/tcp
953/TCP,RNDC remote Domain Name server controller
#########################################
Scoket: Socket
ip+ Port = socket
The process on both hosts wants to communicate, and a port on the server side waits for the client's request, and this location is called a socket
The listener cannot accept requests from the remote host on the 127.0.0.1:53 port
Listening on the 0.0.0.0:53 port can accept requests from all hosts
###########################################################
Back up the original/etc/named.conf and manually edit the/etc/name.conf
###########################################################
Create a cache DNS server
Options {
Directory "/var/named";
};
Root zone:
Zone "." in {
Type hint;
File "named.ca"; Named.ca: The address of 13 root nodes is saved, this file can be generated manually.
};
Zone "localhost" in {
Type master;
File "Named.localhost"; Named.localhost: specifically to interpret localhost as 127.0.0.1
};
# # #: Reverse address must write address in turn # # # #
Zone "0.0.127.in-addr.arpa" in {
Type master; See various areas
File "Named.loopback"; Named.loopback: specifically interprets 127.0.0.1 as localhost
};
Modifying the owner of an array
Chown root:named/etc/named.conf
Modify Permissions
chmod 640/etc/named.conf
Check for errors, no information is the best information
Named-checkconf
Specify who the zone is, and the files under the zone
Named-checkzone "."/var/named/named.ca
Error but not wrong
localhost where localhost is in the specified area
Named-checkzone "localhost"/var/named/named.localhost
Lookback in the specified area
Named-checkzone "0.0.127.in-addr.arpa"/var/named/named.loopback
Start: Service named start
Chown root:named/etc/named.conf
chmod 640/etc/named.conf
Named-checkconf Check not to report information is the best information
Named-checkzone "."/var/named/named.ca
The information reported at the time of launch is kept in the Tail/var/log/message
To temporarily close the SELinux
Getenforce if show enforcing will turn him off, if permissive is not started;
Setenforce 0 off
Setenforce 1 Open
Permanently closed: Vim/etc/selinux/config will selinux=permissive
Modify the DNS of your own host to point to
Vim/etc/resolv.conf
Point DNS to yourself 192.168.9.9
Test if you can find the root
Set power on Start:
View Chkconfig--list named
Setting: Chkconfig named on
the cache DNS server is ready! the cache DNS server is ready! The cache DNS server is ready for the cache DNS server.
###########################################################################################******************** ***********************************************************************
Various areas:
Zone "Zone NAME" in {
type {Master|slave|hint|forward};
};
############################################################################ #333
The cache server, made into a DNS server!!! will cache server, make DNS server!!
Vim/etc/named.conf Adding a set of information
Zone "Mageedu.com" in {
Type master; # # # #代表是主的
File "Magedu.com.zone";
};
Save exit, go to create magedu.com.zone this file
Cd/var/named/vim Magedu.com.zone
Write: TTL 600 @@##¥¥##: Basic Course SOA
$TTL 600
Mageedu.com. In SOA ns1.mageedu.com. Admin. Mageedu.com. (
20150924
1H
5M
The
6H)
Mageedu.com. In NS ns1.mageedu.com.
Mageedu.com. In MX ten mail.mageedu.com.
NS1 in A 192.168.9.250
Mail in A 192.168.9.251
WWW in A 192.168.9.252
WWW in A 192.168.9.253
FTP in CNAME WWW
Save Chown root:named Mageedu.com.zone; chmod 640 Mageedu.com.zone
vim/etc/resolv.conf Edit Search Localdomain nameserver 192.168.9.247
Start Services: Service named restart
Dig-t A www.mageedu.com
Dig-x IP: Check hostname according to IP
HOST-T RT Name: Parse result of query name
Example: Host-a A www.mageedu.com
Nslookup: Interactive (in Windows command-line mode)
Nslookup>server Dnsip
Set Q=a/ns ... Querying resource record types
Www.mageedu.com
###############################################################
We have just configured the forward zone, so let's take a look at how the reverse zone is configured:
Vim/etc/named.conf
Add a Zone "9.168.192.in-addr.arpa" in {
Type master;
File "192.168.9.zone";
};
Cd/var/named copy forward to reverse
CP Mageedu.com.zone 192.168.9.zone-p to retain permissions after replication
Vim 192.168.9.zone
$TTL 600
@ in SOA ns1.mageedu.com. Admin.mageedu.com. (
2013040101
1H
5M
The
6H)
In NS ns1.mageedu.com.
In PTR ns1.mageedu.com.
252 in PTR www.mageedu.com.
253 in PTR www.mageedu.com.
251 in PTR mail.mageedu.com
Wq
Check named-checkconf
Check Named-checkzone "9.168.192.in-addr.arpa" 192.168.9.zone no errors can be restarted
Restart Service named restart
Open cmd command line nslookup
Set Q=ptr
192.168.9.247 View 9.247 name of this machine
9.168.192.in-addr.arpa, check the hostname of the reverse zone.
Parsing in Linux
Dig-x 192.168.9.247 resolves the hostname of this IP
Cache DNS forward parsing reverse parsing