linux-13th Lesson Note-[dns from the domain name server]-[04]

Last Update:2017-09-07 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Dns from the domain name server

Host Name:ns2.dns.com ip:192.168.200.102

Nameserver 192.168.200.102

Nameserver 192.168.200.101

Configuration :

[Email protected] packages]# vim/etc/named.conf

Options {

Listen-on Port 53 {192.168.200.102;};

Listen-on-v6 Port 53 {:: 1;};

Directory "/var/named";

Dump-file "/var/named/data/cache_dump.db";

Statistics-file "/var/named/data/named_stats.txt";

Memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query {any;};

-If You are building a authoritative DNS server, do not enable recursion.

-If You is building a RECURSIVE (caching) DNS server, you need to enable

Recursion.

-If your recursive DNS server has a public IP address, you must enable access

Control to limit queries to your legitimate users. Failing to doing so would

Cause your server to become part of the large scale DNS amplification

Attacks. Implementing BCP38 within your network would greatly

Reduce such attack surface

recursion Yes;

Dnssec-enable Yes;

Dnssec-validation Yes;

Dnssec-lookaside Auto;

/* Path to ISC DLV key */

Bindkeys-file "/etc/named.iscdlv.key";

Managed-keys-directory "/var/named/dynamic";

Pid-file "/run/named/named.pid";

Session-keyfile "/run/named/session.key";

};

Logging {

Channel Default_debug {

File "Data/named.run";

Severity dynamic;

};

Zone "." in {

Type hint;

File "named.ca";

//};

Include "/etc/named.rfc1912.zones";

Include "/etc/named.root.key";

Zone "Dns.com" in {

Type slave;

Masters {192.168.200.101;};

File "Slaves/dns.com.zone";

};

Zone "200.168.192.in-addr.arpa" in {

Type slave;

Masters {192.168.200.101;};

File "Slaves/192.168.200.arpa";

};

To check the configuration file:

[Email protected] packages]# named-checkconf/etc/named.conf

To start the service view the results:

[[email protected] packages]#/usr/sbin/named-u named # because it's centos7 under

[Email protected] packages]#

[Email protected] packages]# ll/var/named/slaves/

Total 8

-rw-r--r--. 1 named named 534 Sep 7 17:53 192.168.200.arpa

-rw-r--r--. 1 named named 444 Sep 7 17:53 Dns.com.zone

[Email protected] packages]#

To Modify client DNS:

[Email protected] ~]# vim/etc/resolv.conf

# Generated by NetworkManager

NameServer 192.168.200.102

NameServer 192.168.200. 101

Results:

Domain Update Date Modified +1 reboot will sync!

linux-13th Lesson Note-[dns from the domain name server]-[04]

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

linux-13th Lesson Note-[dns from the domain name server]-[04]

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support