Topology diagram:
Code:
#!/bin/bash#2017-12-3#by-duwentaodomain_name= "hetian.com" rip= ' ifconfig eth0|grep mask|awk -f ":" ' {print $2} ' |awk -f " " ' {print $1} ' |awk -f "." ' {print $3 '. " $ "." $ ' ip= ' ifconfig eth0|grep mask|awk -f ': ' ' {print $2} ' |awk -f ' ' ' {print $1} ' ip_last= ' ifconfig eth0|grep mask|awk -f ': ' ' {print $2} ' |awk -f ' ' ' {print $1} ' |awk -f '. " ' {print $4} ' named= '/etc/named.conf ' #主配文件Forward_parsing_file = "/var/named/$domain _name.zone" #正向解析文件Reverse_parsing_file = "/var/named/$ Rip.in-addr.arpa.zone " #反向解析文件 #check&nbSp;the yum allocation of right and wrong function check_yum ( ) {yum clean all>/dev/null 2>&1 #判断yum配置文件的格式是否正确if [ $? -ne ' 0 ' ];thenecho -e ' \033[31m yum allocation is wrong \ 033[0m " repair_ yumelse# define variables to see how many packages Yum has installed yum_num= ' yum repolist all|grep repolist|awk -f ': ' ' { print $2} ' |sed s '/,//' g|sed s '/ //' G ' if [ $Yum _num -eq 0 ]; thenecho -e "\033[31m yum allocation is wrong \033[0m" Repair_Yumelse echo -e "\033[32m yum allocation is right \033[0m" fifi } #repair yumfunction repair_yum ( ) { dvd_file= "/etc/yum.repos.d/dvd.repo" read -p "do you want to repair yum y/n: " check if [ " $ Check = y -o $check = "yes" -o "$check" = "y" ]; thenmount /dev/cdrom /mnt 1>/dev/null 2>&1 if [ -f $ dvd_file ];then rm -rf $dvd _file touch $dvd _ filecat >> $dvd _file << +end+[dvd]name=dvdbaseurl=file:///mntgpgcheck=0+end+ else touch $dvd _filecat >> $dvd _file << +end+[dvd]name=dvdbaseurl=file:///mntgpgcheck=0+end+echo -e "\033 [31m please run it again and see the repair results \033[0m] exit 0 fi elif [ "$check" = "n" -o "$chEck " = " N " -o " $check " = " no " ];thenecho -e " \033[31m yum allocation is wrong,please configure it manually \033[0m "exit 0 elsewhile [[ 1 < 2 ]]doecho -e "\033[31m your input is wrong,please try again \033[0m "Repair_yumdone fi &NBSP;&NBSP;&NBSP,} #install dns serverfunction install_dns_server ( ) {#把原有的卸载干净yum remove bind* -yrm -rf /var/named/*rm -rf /etc/named.conf.rpm* #开始安全dns服务yum install bind bind-libs bind-utils -y/etc/init.d/named restart > / dev/null 2>&1if [ $? -eq 0 ];thenecho -e "\033[32m DNS server install sucessful \033[0m "elseecho -e " \033[31m DNS server install failed try again \033[0m "fi} #Edit named configuration filefunction Edit_Conf ( ) {#修改sed -i '/^include/d ' $named sed -i s '/127.0.0.1/any/' g $namedsed -i s '/ localhost/any/' g $named sed -i '/recursion/i version ' i do not Tell you ";" $named #隐藏版本号sed -i s '/recursion yes/recursion no/' g $ named #关闭rescursion功能 to prevent spoofigsed -i '/recursion/i fetch-glue no; ' $named #关闭glue fetching Features # #Edit named configuration filecat >> $named << +END+zone "$domain _name" in{ type master; file "$Forward _parsing_file"; }; zone "$rip. In-addr.arpa" IN{ type master; file "$Reverse _parsing_file"; }; include "/etc/named.rfc1912.zones";include "/etc/named.root.key"; +end+ #Edit forward and reverse configuration file#edit forward configuration fileif [ ! -f $Forward _parsing_file ];then touch $Forward _parsing_fileelse rm -rf $Forward _parsing_file touch $Forward _parsing_fileficat >> $Forward _parsing_file << +end+\ $TTL 1d@ in soa $domain _name. root. $domain _name. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum@ IN NS dns.smile.com.dns IN A $ipmail IN A $ipwww IN A $ip +end+#edit reverse configuration fileif [ ! -f $Reverse _parsing_file ] ;then touch $Reverse _parsing_fileelse rm -rf $Reverse _parsing_file touch $Reverse _parsing_filefi cat >> $Reverse _parsing_file << +end+ \ $TTL 86400@ IN SOA $rip in-addr.arpa. root. $domain _name . ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum@ in ns dns. $domain _name. $ip _last in ptr www. $domain _name. $ip _last in ptr mail. $domain _name. +end+ #修改权限chgrp named $named chgrp named $Reverse _parsing_ filechgrp named $Forward _parsing_fileecho "nameserver $ip" >> /etc/ Resolv.conf/etc/init.d/named restart} #copyfunction copy ( ) {&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;SCP -r /root/shell/dns_server_masters.sh [email protected]:/root if [ $? -ne ' 0 ' ];then echo -e "\033[31m copy failed \033[0m" else echo -e "\033[32m Copy success \033[0m" fi ssh -l root 172.24.10.106 '/bin/bash /root/dns_server_masters.sh '} #chenge_DNS_slavefunction chenge_dns_ slave ( ) {#修改sed -i '/^include/d ' $namedsed -i s '/127.0.0.1/any/' g $ Namedsed -i s '/localhost/any/' g $namedsed -i '/recursion/i version ' i Do not tell you ";" $named #隐藏版本号sed -i s '/recursion yes/recursion no/' g $named # Turn off rescursion function to prevent spoofigsed -i '/recursion/i fetch-glue no; ' $named #关闭glue fetching Features # #Edit named configuration filecat >> $named << +END+zone "$domain _name" IN{ type slave; file "$Forward _parsing_file"; masters {172.24.10.105;};}; zone "$rip. In-addr.arpa" IN{ type slave; file "$Reverse _parsing_file"; masters {172.24.10.105;};}; include "/etc/named.rfc1912.zones";include "/etc/named.root.key"; +end+chmod g+w /var/named/echo "nameserver $ip" >> /etc/resolv.conFservice named restart} #echo menufunction menu ( ) { echo -e "\033[32m 1. Check if Yum is configured correctly \033[0m" echo -e "\033[32m 2. Install DNS service \033[0m" echo -e "\033[32m 3. Modify the configuration file for the Dns-master service \033[0m" echo -e "\033[32m 4. Copy the file to the target host and go to the target host \033[0m "echo -e " \033[32m 5. Modify the target machine's master file \033[0m " echo -e "\033[32m exit. Enter exit or CTRL + C to exit \033[0m" echo -e "\033[32m help. Please enter 1|2|3|help|exit \033[0m" read -p "Please select your menu:" menu case $menu in1) check_ yum ;; 2) Install_DNS_Server ;; 3) if [ ' rpm -qa |grep bind-9.8| Wc -l ' -ne 1 ];then echo -e \033[31m make sure the DNS service is installed \ 033[0m " fi Edit_Conf ;; 4) copy ;; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;5) chenge _dns_slave ;; Help) echo -e "\033[32m help. Please enter 1|2|3|4 \033[0m" menu ;; Exit) exit 0;; *) echo -e "\033[31m input error, please re-enter \033[0m" menu ;; esac}while [[ 1 < 2 ]]dohostname= ' Hostname ' if [ "$hostname" = "dns_server_1" ];then echo "Current device is dns_server_1: Please select your menu:" menu else echo "Current device is $hostname: Please select your menu:" menu Fidone
Execution Result:
Youku Video
Public Number:
Enhancing the security of Linux operating system DNS services