当前位置:网站首页>DNS域名解析协议

DNS域名解析协议

2022-07-28 14:39:00 不会调制解调的猫

目录

原理

配置

原理

DNS域名解析的过程:DNS域名解析的过程_不会调制解调的猫的博客-CSDN博客

 

配置

检查是否有bind工具,没有则直接yum安装

yum install -y bind

 查看配置文件位置

rpm -qc bind

 修改区域配置文件,添加正向区域配置

vim  /etc/named.conf
options {
        listen-on port 53 { 192.168.150.30; };    #监听端口
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { 192.168.150.0/24; };    允许通过的网段

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface

 继续

 vim  /etc/named.rfc1912.zones

其中:

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN

相当于分界线,往上是正向解析,往下是反向解析

复制“分界线”上面的样例进行配置:

zone "van.com" IN {
        type master;
        file "van.com.zone";
        allow-update { none; };
};

 配置正向区域数据文件

touch  /var/named/van.com.zone 
cp -p named.localhost ./van.com.zone
vim   /var/named/van.com.zone   
$TTL 1D
@	IN SOA	van.com.  admin.van.com. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	van.com.
	A	192.168.150.30
	AAAA	::1
IN MX 10                      mail.vam.com.
WWW IN  A                     192.168.150.30
mail IN  A                    192.168.150.222
ftp     IN CNAME   www       
*       IN   A                192.168.150.200

关闭防火墙

systemctl stop firewalld

启动服务

systemctl start named

查看服务状态

systemctl status named

原网站

版权声明
本文为[不会调制解调的猫]所创,转载请带上原文链接,感谢
https://blog.csdn.net/Trollz/article/details/125987200

边栏推荐

猜你喜欢

随机推荐