# /etc/init.d/iptables save 存檔
# /etc/init.d/iptables stop 停止
開機時停用防火牆
# chkconfig iptables off
====================================
輸入下方指令安裝 DNS(BIND) Server
# yum install -y bind*
啟動 DNS(BIND) Server
# service named start
設定開機自動啟動DNS(BIND) Server
#chkconfig named on
====================================
裝好之後輸入指令編輯配置檔案:(先安裝Master DNS)
# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
127.0.0.1;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //允許任何IP都可以過來查詢。
/* 防止 DDos攻擊*/
version "Don't DDos My DNS Server OK";
recursion yes;
/*內部允許查詢的IP*/
allow-recursion {
192.168.0.0/16;
};
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
/*正解*/
zone "edu.tw" IN {
type master;
file "forware.net";
};
/*反解*/
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reverse.net";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
=========================================
正解設定
#vi /var/named/forware.net
@ IN SOA dns1.edu.tw. root.dns1.edu.tw. (
2017081901
86400
3600
604800
259200 )
IN NS dns1.edu.tw. //Master DNS
IN NS dns2.edu.tw. //Slave DNS
localhost IN A 127.0.0.1
dns1.edu.tw. IN A 192.168.100.1
dns2.edu.tw. IN A 192.168.100.2
www.edu.tw. IN A 192.168.100.3
mail.edu.tw IN A 192.168.100.4
www.edu.tw. IN CNAME web.edu.tw.
edu.tw. IN MX 10 mail.edu.tw
===================================================
反解設定
#vi /var/named/reverse.net
@ IN SOA dns1.edu.tw. root.dns1.edu.tw. (
2017081901
86400
3600
604800
259200 )
IN NS dns1.edu.tw. //Master DNS
IN NS dns2.edu.tw. //Slave DNS
localhost IN A 127.0.0.1
www.edu.tw. IN CNAME web.edu.tw.
edu.tw. IN MX 10 mail.edu.tw
1.100.168.192.in-addr.arpa. IN PTR dns1.edu.tw.
2.100.168.192.in-addr.arpa. IN PTR dns2.edu.tw.
3.100.168.192.in-addr.arpa. IN PTR www.edu.tw.
4.100.168.192.in-addr.arpa. IN PTR mail.edu.tw.
=============================================
=============================================
如果 Master DNS 裝好後,再來要裝第二台 CentOS 系統
一樣要輸入下方指令安裝 DNS(BIND) Server
# yum install -y bind*
啟動 DNS(BIND) Server
# service named start
設定開機自動啟動DNS(BIND) Server
#chkconfig named on
=============================================
裝好之後輸入指令編輯配置檔案:(安裝Slave DNS)
# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
127.0.0.1;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //允許任何IP都可以過來查詢。
/* 防止 DDos攻擊*/
version "Don't DDos My DNS Server OK";
recursion yes;
/*內部允許查詢的IP*/
allow-recursion {
192.168.0.0/16;
};
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
/*正解*/
zone "edu.tw" IN {
type slave;
file "slaves/forware.net";
masters { 192.168.100.1; };
};
/*反解*/
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/reverse.net";
masters { 192.168.100.1; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
沒有留言:
張貼留言