#!/bin/bash##################################################################### auto install BIND#&NBSP;CREATE&NBSP;DATE&NBSP;:&NBSP;&NBSP;2018-05-31#&NBSP;WRITTEN&NBSP;BY&NBSP: Wind Flower # organization: hbgslz.com################################################################### #DOMAIN_NAME = ' hostname| awk -f. ' {print $2 '. " $ ' hostname= ' hostname|awk -f. ' {print $1} ' in_face= ' route -n |awk ' {if ($4~/UG/ {print $8}} ' |head -n 1 ' local_ip= ' nmcli device show "$IN _face" | grep ip4. address | awk ' {print $2} ' | awk -F/ ' {print $1} ' ip_arp_01= ' echo $Local _ip | awk -f. ' {print $3} ' ip_arp_02= ' echo $Local _ip | awk -F. ' {print $2} ' ip_arp_03= ' echo $Local _ip | awk -f. ' {print $1} ' Cd /tmp/yum -y install bind-utils bind >>/tmp/init_sn.log -y | | exit 1 # ***config /etc/named.conf***cat << named_conf > /etc/named.confoptions { //listen-on port 53 { 192.168.100.27; }; #指定监听IP和端口, you can specify multiple ip //listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; #允许查询的客户端列表 //allow-recursion { localhost;192.168.100.0/24;192.168.200.0/24; }; #运行通过本服务器递归查询的客户端列表 //forward first; #转发模式, The first option represents querying the DNS server in forwarders and, if the query fails, starts a recursive query from the root server (you need to define zone ".") region), the only option is to query the service > in forwarders only, and will not continue to query recursively from the root server if the query fails forwarders { 114.114.114.114;8.8.8.8; }; /* - if you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - if you are building a recursive (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you must enable access control to limit queries to your legitimate users. failing to do so will cause your server to become part of large scale dns amplification attacks. implementing bcp38 within your network would greatly reduce such attack surface */ recursion yes; # Recursive queries are allowed, and if the row is deleted, it is an iterative query dnssec-enable yes; #DNSSEC相关选项, the domestic DNS server is basically not configured DNSSEC, so shut down, leave it on by default dnssec-validation yes; /* path to isc DLV key */ bindkeys-file "/etc/ Named.iscdlv.key "; managed-keys-directory "/var/named/ Dynamic "; pid-file "/run/named/named.pid "; session-keyfile "/run/named/session.key";}; Logging { channel default_debug { file "/var/log/named/named.log" versions 55 size 10m; severity dynamic; print-time yes; print-severity yes; print-category yes; }; category queries { default_debug; };}; zone "." IN { type hint; file "named.ca";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key"; named_conf# ***config / etc/named.rfc1912.zones***cat << named_rfc1912_zones > /etc/ named.rfc1912.zoneszone "Localhost.localdomain" IN { type master; file "Named.localhost"; allow-update { none; };}; zone "localhost" IN { type master; file "Named.localhost"; allow-update { none; };}; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "NAMED.LOOPBACK "; allow-update { none; };}; zone "1.0.0.127.in-addr.arpa" IN { type master; file "Named.loopback"; allow-update { none; };}; zone "0.in-addr.arpa" IN { type master; file "Named.empty"; allow-update { none; };};/ /forward parsing zone "$DOMAIN _name" IN { type master; #主服务器 file "$DOMAIN _name.zone"; #区域解析文件, located in chroot-path/var/named/ notify yes; #定时通知从服务器刷新区域信息, the interval is the refresh value in the zone resolution file};//reverse parse zone "$IP _arp_01. $IP _arp_02. $IP _arp_03.in-addr.arpa " IN { type master; file "$IP _arp_01. $IP _arp_02. $IP _arp_03.in-addr.arpa.zone"; notify yes;}; Named_rfc1912_zones# ***config /var/named/hbgsyl.com.zone***cat << domain_com_ Zone > /var/named/hbgsyl.com.zone\ $TTL 1D@ IN SOA @ $DOMAIN _name. ( 0 ; serial 1D ; refresh 1h ; retry 1W ; expire 3h ) ; minimum NS @ A $Local _ipdomain_com_zone# ***config /var/named/' $IP _arp_01 '. ' $IP _arp_02 '. ' $IP _arp_03 ' .in-addr.arpa.zone***cat < < arpa_zone > /var/named/$IP _arp_01. $IP _arp_02. $IP _arp_03.in-addr.arpa.zone\$ ttl 1d@ in soa @ $DOMAIN _name. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3h ) ; minimum NS @ A $Local _ip PTR $HOSTNAME . arpa_zoneif [ ! -d "/ Var/log/named " ]; then mkdir / Var/log/namedelse breakfichown -r named.named /var/log/namedchown -r named.named /var/namedsystemctl enable named.servicesystemctl start named.service #check install status.check_cmd= ' nslookup "$DOMAIN _name" | echo $ ' if [ "${check_cmd}" == "0" ];then echo "<OK!> install bind successful! " /etc/init.d/network restart exit 5else echo "<error! > please install bind again! " Fi
CentOS7 automatically install BIND server shell script
