標籤:設定檔 軟體
————————————————————————————————————
概覽:
1.環境準備
2.配置主設定檔
3.配置地區檔案
4.啟動服務以及測試
————————————————————————————————————
1.環境準備:
OS:
軟體安裝
~]# yum install bindbind-utils [[email protected] ~]# rpm-qa | grep bindbind-license-9.9.4-18.el7_1.5.noarchbind-utils-9.9.4-18.el7_1.5.x86_64bind-libs-9.9.4-18.el7_1.5.x86_64bind-libs-lite-9.9.4-18.el7_1.5.x86_64bind-9.9.4-18.el7_1.5.x86_64
關閉防火牆和selinux
~]# systemctl stopfirewalld ~]# setenforce 0
類比兩個不同的網段都可以進行主機名稱的解析
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/73/76/wKioL1X-2efhxgUOAAE4GzOEGWA378.jpg" title="未命名圖片.png" alt="wKioL1X-2efhxgUOAAE4GzOEGWA378.jpg" />
兩張網卡IP資訊:
[[email protected] ~]# ip a1: lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eno16777736:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000 link/ether 00:0c:29:ca:24:8e brdff:ff:ff:ff:ff:ff inet 192.168.1.50/24brd 192.168.1.255 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feca:248e/64 scopelink valid_lft forever preferred_lft forever3: eno33554984:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000 link/ether 00:0c:29:ca:24:98 brdff:ff:ff:ff:ff:ff inet 1.1.1.50/24brd 1.1.1.255 scope global dynamic eno33554984 valid_lft 1573sec preferred_lft 1573sec inet6 fe80::20c:29ff:feca:2498/64 scopelink valid_lft forever preferred_lft forever
————————————————————————————————————
2.配置主設定檔
----------
2.1 配置/etc/named.conf 檔案
[[email protected] ~]# vim/etc/named.conf //// named.conf//// Provided by RedHat bind package to configure the ISC BIND named(8) DNS// server as acaching only nameserver (as a localhost DNS resolver only).//// See/usr/share/doc/bind*/sample/ for example named configuration files.// options {// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query { any; }; /* - If you are building an AUTHORITATIVEDNS server, do NOT enable recursion. - If you are building a RECURSIVE(caching) DNS server, you need to enable recursion. - If your recursive DNS server has apublic IP address, you MUST enable access control to limit queries to yourlegitimate users. Failing to do so will cause your server to become part oflarge scale DNS amplification attacks. Implementing BCP38 withinyour network would greatly reduce such attack surface */ recursion yes; // dnssec-enable yes;// dnssec-validation yes;// dnssec-lookaside auto; /* Path to ISC DLV key */// bindkeys-file"/etc/named.iscdlv.key"; // managed-keys-directory"/var/named/dynamic"; pid-file"/run/named/named.pid";// session-keyfile"/run/named/session.key";}; logging { channel default_debug { file"data/named.run"; severity dynamic; };}; include"/etc/named.rfc1912.zones";//include"/etc/named.root.key";
----------
2.2. 配置/etc/named.rfc1912.zones 檔案
[[email protected] ~]# vim/etc/named.rfc1912.zones //named.rfc1912.zones://// Provided by RedHat caching-nameserver package//// ISC BIND namedzone configuration for zones recommended by// RFC 1912 section4.1 : localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c)2007 R WFranks//// See/usr/share/doc/bind*/sample/ for example named configuration files.//view wang_tong { match-clients { 1.1.1.0/24; }; zone "."IN { type hint; file "named.ca";}; zone"localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; };}; zone"localhost" IN { type master; file "named.localhost"; allow-update { none; };}; zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { type master; file "named.loopback"; allow-update { none; };}; zone"1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; };}; zone"0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; };}; zone "zrd.com" IN { type master; file"zrd.com.wang_tong"; };};view dian_xin { match-clients { 192.168.1.0/24; }; zone "zrd.com" IN { type master; file"zrd.com.dian_xin"; };}; view default { match-clients { any; }; zone "zrd.com" IN { type master; file"zrd.com.dian_xin"; };};
————————————————————————————————————
3.配置地區檔案
---------
3.1. 建立zrd.com.dian_xin 地區檔案
[[email protected] ~]# cd/var/named/[[email protected] named]#vim zrd.com.dian_xin $TTL 86400@ IN SOA dns.zrd.com. admin.zrd.com. ( 2015092021 1D 2D 1D 7D) IN NS dns IN MX 10 mailwww IN A 192.168.1.11dns IN A 192.168.1.50mail IN A 192.168.1.12
-----
3.2. 建立zrd.com.wang_tong 檔案
[[email protected] named]#vim zrd.com.wang_tong $TTL 86400@ IN SOA dns.zrd.com. admin.zrd.com. ( 2015092021 1D 2D 1D 7D) IN NS dns IN MX 10 mailwww IN A 1.1.1.11dns IN A 1.1.1.50mail IN A 1.1.1.12
----
3.3. 修改檔案屬性
[[email protected] named]#chown root:named zrd.com.wang_tong zrd.com.dian_xin
————————————————————————————————————
4.啟動服務以及測試
-----
4.1. 啟動服務
[[email protected] ~]#systemctl start named
----
4.2. 查看服務狀態
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/73/79/wKiom1X-19mQ6cKLAAZkZrFfm2g527.jpg" title="未命名圖片.png" alt="wKiom1X-19mQ6cKLAAZkZrFfm2g527.jpg" />
----
4.3. 測試
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/73/79/wKiom1X-1_nB071HAAPdeiPBuNI493.jpg" title="未命名圖片.png" alt="wKiom1X-1_nB071HAAPdeiPBuNI493.jpg" />
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/73/76/wKioL1X-2lHjVz1CAADKiQFRKTg081.jpg" title="未命名圖片.png" alt="wKioL1X-2lHjVz1CAADKiQFRKTg081.jpg" />
-----------------------
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/73/76/wKioL1X-2nTx3HUaAAO8c0gUcWo315.jpg" title="未命名圖片.png" alt="wKioL1X-2nTx3HUaAAO8c0gUcWo315.jpg" />
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/73/79/wKiom1X-2FWwHE_iAACxRpVYbzE052.jpg" title="未命名圖片.png" alt="wKiom1X-2FWwHE_iAACxRpVYbzE052.jpg" />
本文出自 “To live is to die” 部落格,請務必保留此出處http://7431686.blog.51cto.com/7421686/1696605
Centos 7.1 配置DNS view