address that can communicate with an external hostConfiguration of the cache name server:The external address can be monitored;DNSSEC: It is recommended to turn DNSSEC off, set to NoConfiguring the Primary DNS serverPrimary DNS name servers:(1) Define a zone in the master configuration fileZone "Zone_name" in {type {Master|slave|hint|forward};File "Zone_name.zone";};(2) define the Zone resolution library f
/named.conf//named.conf//Provided by Red Hat bind package To configure the ISC bind named (8) DNSServer as a caching only nameserver (as a localhost, DNS resolver only).//See/usr/share/doc/bind*/sample/for example named configuration files.//Options {Listen-on Port 53 {127.0.0.1; 192.168.1.100;}; # # # Primary DNS IP address # # #Listen-on-v6 Port 53 {:: 1;};Directory "/var/named";Dump-file "/var/named/data/cache_dump.db";Statistics-file "/var/named/data/named_stats.txt";Memstatistics-file "/var
Lab Notes:test Machine 1:192.168.1.11 as the parent domain servertest Machine 2:192.168.1.12 as a subdomain serverExperimental steps: 1. On the lab machine 1 install bind Span style= " font-size:24px;font-family: ' the song body ';> and edit the configuration file, configure it as a cache server, then add zones and add Zone resolution library files, and change the Zone resolution library file to complete the dig [[emailprotected]~]#yuminstallbind–y[[emailprotected]~] #vim /etc/nam
Prepare for work (assuming name is bigcloud.local)
1234567891011121314151617
#更改主机名称#vi/etc/sysconfig/network#CreatedbyanacondaNETWORKING=yesHOSTNAME=bigcloud.local#修改文件/etc/hosts,内容如下:127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6192.168.188.135bigcloudbigcloud.localdomain#修改DNS配置#vi/etc/resolv.conf添加如下DNS1=192.168.188.11DNS2=192.168.188.12DOMAIN=bigclou
Preparations (assuming the name is bigcloud. Local)
# Change host name # vi/etc/sysconfig/Network # Created by anacondanetworking = yeshostname = bigcloud. local # modify the file/etc/hosts with the following content: 127.0.0.1 localhost. localdomain localhost4 localhost4.localdomain4: 1 localhost. localdomain localhost6 localhost6.localdomain6192.168.188.135 bigcloud. localdomain # modify DNS configuration # vi/etc/resolv. add the following dns1 = 192.168.188.11dns2 = 192.168.188.12dom
,dump-file "/var/ Named/data/cache_dump.db "; #dump data File path, statistics-file "/var/named/data/named_stats.txt";# static file path, memstatistics-file "/var/named/data/named_mem_ Stats.txt ";#allow-query{ any;};# allows the client to query the IP address, any for any, for example: 192.168.1.0/24;172.16.0.0/18, etc., recursionyes;# recursive query, root server to open as far as possible, dnssec-enableyes;# whether
Install the DNS server on CentOS7
Preparations (assuming the name is bigcloud. local)# Change host name # vi/etc/sysconfig/network # CreatedbyanacondaNETWORKING = yesHOSTNAME = bigcloud. local # modify the file/etc/hosts with the following content: 127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4: 1localhostlocalhost. localdomainlocalhost6localhost6. localdomain6192.168.188.135bigcloudbigcloud. localdomain # modify DNS configuration # vi/etc/resolv. add the following DNS1
I have set up a server on Linux in four steps:
Install
Configuration
Start the service
Use
For centos, I Like Yum and Yum, which can automatically parse dependencies. Therefore, installation is generally normal and it is easy to start the service. Generally, service XX start is used, it is easier to use, and the trouble is complicated in the configuration file.
The Configuration File. at the end of conf, most of them are in the/etc directory. For the DNS server, I installed bind and
searched for 114. As a result, when we access this website in a browser, we can see the web page searched for 114.
If you need to solve the DNS hijacking problem, you can change your domain name resolution server to a foreign one, such as OpenDNS. (For details, refer to "use OpenDNS to solve DNS domain hijacking" in the moonlight blog.) or Google DNS (For details, refer to the moonlight blog "Google launch
218.83.175.155, but the region of their own 114 Search server IP address), This IP is 114 search IP, causing us to visit this website in the browser is 114 search page.If you need to solve the problem of DNS hijacking, you can transfer your own domain name resolution server to foreign countries, such as OpenDNS (see Moonlight Blog "Use OpenDNS to resolve DNS domain name hijacking") or Google DNS (see Moonl
NetScaler system can block unwanted requests and reduce the risk of attacks on the server. This feature can also parse http GET and POST requests and filter out known error signatures to better protect against HTTP -based server attacks such as Nimda and Code A variant of the Red virus. Application Firewall: Citrix Application firewall prevents applications from being abused by hackers and malicious software by filtering traffic between the server and the end user. The application firewall can
saved to the specified file.
Statistics-file "/var/named/data/named_stats.txt"; // After the command rndcstats is executed, the statistical data is saved to the specified file.
Memstatistics-file "/var/named/data/named_mem_stats.txt"; // file path for recording memory usage data
Allow-query {172.31.0.0/16;}; // specifies that DNS query (authoritative data) can be performed only on hosts with intranet network segments)
Recursion yes; // This option controls whether the recursive query function
Step 1: [start]
Step 2: [Control Panel]> [network]
Step 3: [Local Area Connection]
Step 4: [properties]
Step 5: select [Internet Protocol] and click [properties]
Part 6: [general] Click [use the following DNS server addresss] and set it.
In Protocol DNS Server Settings: 208.67.222.222
In alternate DNS Server Settings: 208.67.220.220
Then click [OK]
Finally, restart your computer. (Remember)
Set your DNS in six steps and use the free service provided by
Dnscrypt is a tool released by OpenDNS that ensures security between the client and the DNS server. Dnscrypt, which runs as a DNS proxy, focuses on communication security between the client and the first-level DNS server, and can cache DNS resolution. In short, the Dnscrypt is able to encrypt the DNS query communication process before the native to the DNS server, thereby preventing DNS hijacking by the network service provider.
DNS requests and retu
controltolimitqueriestoyourlegitimateusers. Failingtodosowillcauseyourservertobecome partoflargescaleDNSamplificationattacks. Implementingbcp38withinyournetworkwouldgreatlyreduce suchattacksurface*/recursionyes;dnssec-enableno;dnssec-validationno; After the grammar check is correct, start the named service; [[emailprotected]named] $systemctl startnamed client DNS needs to point to this DNS server ; This is
server is disabled, it is started. If/etc/resolv is enabled. check the conf file and you will be surprised to find that the content of this file has been cleared, so you cannot go to the Internet and need to reconfigure it.
To avoid the above problems, you can use the following methods:
Add DNS to/etc/resolvconf/resolv. conf. d/base and/etc/resolv. conf respectively.
If you do not have a public IP address or try to use an external IP address of the current network, you can use the following two
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.