DNS服务器(简)

服务端:192.168.182.187

客户端:192.168.182.16

windows客户端:192.168.182.17

 

1.安装相关服务

yum -y install bind bind-chroot bind-utils

2.配置文件在/etc下,以named开头的文件.修改named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { any; };    #修改为any
listen-on-v6 port 53 { any; };  #修改为any
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };  #修改为any

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

#dnssec-enable yes;   #关闭此选项
#dnssec-validation yes;   #关闭此选项

/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders { 8.8.8.8; };  #指定转发查询请求的DNS服务器列表。可以注释因为你在内网
};

logging {
  channel default_debug {
  file "data/named.run";
  severity dynamic;
};
};

zone "." IN {
  type hint;
f    ile "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

3.加入相关配置到/etc/named.rfc1912.zones

zone "jx.com" IN {
  type master;
    file "jx.com.zone";
};

zone "jw.com" IN {
  type master;
    file "jw.com.zone";
};

4.在/var/named加入zone配置,并赋值权限

 cp named.localhost jx.come.zone

 cp named.localhost jw.come.zone

chown named:named jx.come.zone

chown named:named jw.come.zone

 

5.写入配置vim  jx.come.zone

$TTL 1D
@ IN SOA @ rname.invalid. (
          0 ; serial
          1D ; refresh
          1H ; retry
          1W ; expire
          3H ) ; minimum
    NS @
    A 127.0.0.1
    AAAA ::1
www   IN A      192.168.182.16

@  IN A192.168.182.16

 

6. systemctl start named 启动服务,关闭selinux  firewalld   iptables -F  iptables -tnat -F

 

7.客服端操作,修改客户端DNS1,也可以修改vim /etc/resolv.conf加入

  # Generated by NetworkManager
  nameserver 192.168.182.187  # 服务端地址

8.windows在网络选项加入首选DNS服务器  192.168.182.187

 

9.验证服务在linux客户端(192.168.182.16)启动相关httpd服务,  在windows客户端(192.168.182.17)网页用域名浏览网页.(测试关闭外网)

 

10.验证配置方法

dig @127.0.0.1 www.jx.com

dig @127.0.0.1 www.jw.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.2 <<>> @127.0.0.1 www.jx.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22121
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jx.com. IN A

;; ANSWER SECTION:
www.jx.com. 86400 IN A 192.168.182.16  (此处为客户端地址)

;; AUTHORITY SECTION:
jx.com. 86400 IN NS qq.com.

;; ADDITIONAL SECTION:
jx.com. 86400 IN A 127.0.0.1
jx.com. 86400 IN AAAA ::1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 二 12月 01 10:55:42 CST 2020
;; MSG SIZE rcvd: 113

#检查主要配置

named-checkconf /etc/named.conf

#检查zone配值

named-checkzone jx.com /var/named/jx.com.zone

zone jx.com/IN: loaded serial 0
OK

 

笔记仅供参考

posted @ 2020-12-01 10:53  升级打怪之路  阅读(252)  评论(0编辑  收藏  举报