DNS server configuration

linux build dns The server

Requirements are as follows ： Configure the domain name :test.com—>192.168.114.2

Modify the following documents ：
/etc/named.conf
/var/named/named.domain.zones
/var/named/named. Custom domain name .zone, Such as ：/var/named/named.test.com.zone

First step ： edit /var/named/named.test.com.zone, The contents are as follows

$TTL 1D
@       IN SOA  @ rname.invalid. (
                     0       ; serial
                     1D      ; refresh
                     1H      ; retry
                     1W      ; expire
                     3H      ; minimum
)
    NS @
    A 192.168.114.2
www A 192.168.114.2

The second step ： edit /var/named/named.domain.zones, The contents are as follows

zone "test.com" IN {
    
    type master;
    file "named.test.com.zone";
};

The third step ： Set up dns port , Modify the following contents in the file ：/etc/named.conf

//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    
        listen-on port 53 {
     any; };
        listen-on-v6 port 53 {
     any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     {
     any; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
        include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
    
        channel default_debug {
    
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

include "/var/named/named.domain.zones";

Step four ： restart dns service
systemctl restart named

Step five ：linux Specify domain name server

[[email protected] ~]# cat /etc/resolv.conf
# Generated by NetworkManager
# nameserver 200.200.10.199
nameserver 192.168.114.2

Step six ： test

[[email protected] ~]# nslookup test.com
Server:         192.168.114.2
Address:        192.168.114.2#53

Name:   test.com
Address: 192.168.114.2

[[email protected] ~]# nslookup www.test.com
Server:         192.168.114.2
Address:        192.168.114.2#53

Name:   www.test.com
Address: 192.168.114.2

[[email protected] ~]#

Reference material ：https://www.cnblogs.com/reader/p/5616181.html

Learn knowledge

"sed -i 's/port\s+\d+\s*{/port hash[:port]{/g' /etc/named.conf"
"sed -i '/named.domain.zones/d' /etc/named.conf"    # Delete include named.domain.zones Line of string 
"echo 'include \"#{domain_zones_file}\";' >> /etc/named.conf"
"sed 's/::1;/any;/g' -i #{named_conf_file}"         # Replace a string