DNS服务器安装与配置（Linux）-阿里云开发者社区

DNS服务器安装与配置（Linux）

2018-01-19 1120

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： 1、yum install -y bind bind-utils bind-chroot bind-libs;2、其中：/etc/named.conf 为主配置文件；/var/named 为解析文件3、客户端的dns查询时的配置文件/etc/hosts 默认优先查询这个/etc/resolv.

1、yum install -y bind bind-utils bind-chroot bind-libs;
2、其中：/etc/named.conf 为主配置文件；/var/named 为解析文件
3、客户端的dns查询时的配置文件
/etc/hosts 默认优先查询这个
/etc/resolv.conf DNS写在这里面
/etc/nsswitch.conf 查询优先级的设在这里
4、vi /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

zone "." IN {
type hint;
file "named.ca";
};

zone "weixin.qq.com" IN {
type master;
file "named.weixin.qq.com";
};
zone "49.61.183.in-addr.arpa" IN{
type master;
file "named.183.61.49";
};
zone "140.215.14.in-addr.arpa" IN{
type master;
file "named.14.215.140";
};
zone "alipay.com" IN {
type master;
file "named.alipay.com";
};
zone "75.110.in-addr.arpa" IN{
type master;
file "named.110.75";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

5、vi /var/named/named.aplipay.com
$TTL 600
@ IN SOA dns.xmrbi.com. dns.xmrbi.com. (2018011901 3H 15M 1W 1D )
@ IN NS dns.xmrbi.com. ; DNS 服务器名称
dns.xmrbi.com. IN A 172.16.50.30 ; DNS 服务器 IP

openapi.alipay.com. IN A 110.75.244.202
mapi.alipay.com. IN A 110.75.231.40

6、vi /var/namd/named.110.75

$TTL 600
@ IN SOA dns.xmrbi.com. dns.xmrbi.com. (2018011901 3H 15M 1W 1D )
@ IN NS dns.xmrbi.com. ; DNS 服务器名称
dns.xmrbi.com. IN A 172.16.50.30 ; DNS 服务器 IP

244.202 IN PTR openapi.alipay.com.
231.40 IN PTR mapi.alipay.com.

DNS服务器安装与配置（Linux）

DNS软件服务

热门文章

最新文章

相关产品

相关课程

相关电子书

相关实验场景

推荐镜像