linux系统中安装bind服务程序
BIND(Berkeley Internet Name Domain,伯克利因特网名称域)服务是全球使用最广泛、最安全且最高效的域名解析服务程序。
1、安装bind域名解析服务:
[root@PC1 ~]# yum install bind-chroot ## 使用chroot,俗称牢笼机制,更加安全
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bind-chroot x86_64 32:9.9.4-14.el7 rhel7 81 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 81 k
Installed size: 3.1 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-chroot-9.9.4-14.el7.x86_64 1/1
Verifying : 32:bind-chroot-9.9.4-14.el7.x86_64 1/1
Installed:
bind-chroot.x86_64 32:9.9.4-14.el7
Complete!
2、三个重要配置文件:
主配置文件:/etc/named.conf,用来定义bind服务的运行
区域配置文件: /etc/named.rfc1912.zones,类似于图书馆的目录大纲,用来指定域名和IP地址对应关系文件所在位置
数据配置文件目录:/var/named/,该目录下具有域名和IP地址对应关系的文件
3、修改主配置文件,保证基本的服务
vim /etc/named.conf ## 修改第11行和第17行
1 //
2 // named.conf
3 //
4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
5 // server as a caching only nameserver (as a localhost DNS resolver only).
6 //
7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
8 //
9
10 options {
11 listen-on port 53 { any; }; ## 此处修改为any,表示服务器上的所有IP地址均可提供DNS域名解析服务
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; }; ## 此处也修改为any,表示允许所有人对本服务器发送DNS查询请求
18
19 /*
20 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
21 - If you are building a RECURSIVE (caching) DNS server, you need to enable
22 recursion.
23 - If your recursive DNS server has a public IP address, you MUST enable access
24 control to limit queries to your legitimate users. Failing to do so will
25 cause your server to become part of large scale DNS amplification
26 attacks. Implementing BCP38 within your network would greatly
27 reduce such attack surface
28 */
29 recursion yes;
………………
分类:
linux shell
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律