DNS正向解析
1.yum install bind* -y
2./etc/init.d/named restart
3 cd /var/named/chroot/etc/
4.vim named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; }; 打开53端口
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN { 添加的自己要解析的域
type master;
file "luoning.cn.zone";
};
include "/etc/named.rfc1912.zones";
5 cd /var/named/chroot/var/named
cp -p named.localhost luoning.cn.zone
5.vim luoning.cn.zone
$ORIGIN .
$TTL 86400 ; 1 day 解析的域名 邮件的所有人
luoning.cn IN SOA luoning.cn. root. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS luoning.cn.
A 192.168.0.132 A记录
AAAA ::1
$ORIGIN luoning.cn.
$TTL 600 ; 10 minutes
www A 192.168.0.119 usdate添加的A记录
DNS update
1.使用不安全的ip地址
vim /etc/named.conf
最后的添加域名的地方
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {192.168.0.132;};
};
2.rndc reload
3.cd /var/named/chroot/var/
4chmod 77 named
5getsebool -a|grep named
5setebool -p named_wirte_master_zones on
6nsudate
>(server 192.168.0.132
>zone luoning.cn
>update add www.luoning.cn 500 A 192.168.0.119)远程添加A记录
>send
>quit
2.使用安全的加密key
cd /var/namedchroot/etc
dnssec-keygen -a HMAC-MDS -B 2 -N HOST westos 加密算法以及公钥私钥
vim /var/named/chroot/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
key westos{
algorithm hmac-md5; 加密的算法
secret 6Q==; key
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {key westos;}; 允许升级的类型,和名字
};
include "/etc/named.rfc1912.zones";
rndc reload
update -k Kwestos.+ 157+37219.key
>server 192.168.0.113
>zone luoning.cn
>update add ftp.luoning.cn 600 A 192.168.0.11
>send
>quit
Rhel6 DNS配置全过程
原创
©著作权归作者所有:来自51CTO博客作者luoning504的原创作品,谢绝转载,否则将追究法律责任
下一篇:lv扩建
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
RHEL6中DNS配置
RHEL6的DNS配置简介
linux DNS 休闲 RHEL6 redhat6 -
rhel6 dhcp dns配置小贴士
rhel6 dhcp dns配置小贴士
rhel6 dhcp dns配置 -
DNS解析全过程
DNS解析全过程
DNS 解析 -
DNS域名解析全过程
面试题: DNS寻址过程或者DNS解析过程二种方式解析1 递归
域名 网络 DNS 域名服务器 ip地址