导航：首页 > 网络安全 >

DNS设定（一）

发表于：2025-01-21 作者：千家信息网编辑

千家信息网最后更新 2025年01月21日，###dns设定####在开始之前先设定好网络服务环境client设定vim /etc/resolv.conf ##编辑配置文件nameserver 172.25.254.109 ##添加服务端ser

千家信息网最后更新 2025年01月21日DNS设定（一）

###dns设定###
#在开始之前先设定好网络服务环境
client设定
vim /etc/resolv.conf ##编辑配置文件
nameserver 172.25.254.109 ##添加服务端
server设定
yum install bind -y ##安装bind服务
systemctl status named ##查看
rpm -qc bind
systemctl enable named ##开机自启
systemctl start named ##开启服务
firewall-cmd --permanent --add-service=dns ##永久添加dns服务
firewall-cmd --reload
netstat -antulpe | grep named ##查看开放端口
vim /etc/name.conf
listen-on port 53 { any; }; ##设定开放端口。any表示对所有的interface都开放
allow-query { any; }; ##回答所有人提问
forwarders {172.25.254.250;};
dnssec-validation no;
systemctl restart named

####正向解析####
##正向解析就是将域名解析为ip
vim /etc/name.conf
##删除forwarders {172.25.254.250;};
vim /etc/named.rfc1912.zones ##进入配置文件
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
cd /var/named/
cp -p named.localhost westos.com.zone ##带权限复制
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.109
www A 172.25.254.251
~
##@表示的是zone 如果不加.表示自动补充域名。
systemctl restart named ##重启服务

####反向解析####
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr";
allow-update { none; };
};

cd /var/named/
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
A 172.25.254.109
109 PTR www.westos.com.
110 PTR www.hello.com.
~
####双向解析####
cd /var/named
cp -p westos.com.zone westos.com.inter ##加权限复制文件
vim westos.com.inter ##编辑外网配置文件
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.0.109
www A 172.25.0.251
www A 172.25.0.252
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.0.109
~ ##将所有的网段改为0网段
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
vim /etc/named.conf ##编辑主配置文件
/*
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/ ##注销
view localnet{
match-clients {172.25.254.109; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
}; ##添加内网客户端（可以man 5 named.conf）
view internet{
match-clients {any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones.inter";
}; ##添加外网客户端
systemctl restart named ##重启服务