溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇“在Linux下怎么搭建DNS服務器”文章的知識點大部分人都不太理解,所以小編給大家總結了以下內容,內容詳細,步驟清晰,具有一定的借鑒價值,希望大家閱讀完這篇文章能有所收獲,下面我們一起來看看這篇“在Linux下怎么搭建DNS服務器”文章吧。
操作系統:CentOS 7
IP地址:10.27.106.201
測試域名:aec.testuc.com
作用:主要提供解析aec.testuc.com域名的服務
yum -y install bind
vim /etc/named.conf
主要修改以下兩個地方
listen-on port 53 { any; };
allow-query { any; };//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
# listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
# allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";vim /etc/named.rfc1912.zones
末尾添加如下配置:
zone "aec.starnetuc.com" IN { #正向解析為"aec.starnetuc.com"
type master; #類型:主緩存為master
file "aec.starnetuc.com.zone"; #指定區域數據文件為aec.starnetuc.com.zone
allow-update { none; };
};拷貝其他區域數據文件,保留源文件的權限和屬主的屬性復制
cp -a /var/named/named.localhost /var/named/aec.starnetuc.com.zone
修改該文件,結果如下:
$TTL 1D #有效解析記錄的生成周期 @ IN SOA aec.starnetuc.com. root.aec.starnetuc.com. ( #@表示當前的DNS區域名表示這個域名 #SOA表示授權信息開啟 # 后面表示郵件地址因為@有特殊含義 所以使用.代替 0 ; serial #更新序列號,可以是10以內的整數 1D ; refresh #刷新時間,重新下載地址數據的間隔 1H ; retry #重試延遲,下載失敗后的重試延遲 1W ; expire #失效時間,超過該時間仍無法下載則放棄 3H ) ; minimum #無效解析記錄的生存周期 IN NS aec.starnetuc.com. #記錄當前區域DNS服務器的名稱 IN MX 10 aec.starnetuc.com. #MX為郵件服務器 10表示優先級 數字越大優先級越低 IN A 10.27.106.214 #記錄正向解析域名對應的IP,即將域名與IP綁捆
檢查配置是否正確
named-checkconf -z /etc/named.conf
僅檢查語法不檢查邏輯關系。當顯示的全為0時表示沒有語法錯誤
zone localhost.localdomain/IN: loaded serial 0 zone localhost/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 zone 0.in-addr.arpa/IN: loaded serial 0 zone aec.starnetuc.com/IN: loaded serial 0
啟動前,檢查防火墻、SELINUX安全模式是否是關閉或允許狀態
啟動
systemctl start named systemctl enable named
查看53號監聽端口是否開啟
將測試系統的DNS改為10.27.106.201,然后去
ping aec.starnetuc.com PING aec.starnetuc.com (10.27.106.214) 56(84) bytes of data. 64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=1 ttl=64 time=1024 ms 64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=2 ttl=64 time=4.31 ms 64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=3 ttl=64 time=5.53 ms
表明配置成功。
以上就是關于“在Linux下怎么搭建DNS服務器”這篇文章的內容,相信大家都有了一定的了解,希望小編分享的內容對大家有幫助,若想了解更多相關的知識內容,請關注億速云行業資訊頻道。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
