Centos 7 搭建DNS正反向解析

/ 0评 / 0

请注意,本文编写于 216 天前,最后修改于 188 天前,其中某些信息可能已经过时。

0x01 服务安装

yum <span class="token function">install</span> <span class="token builtin class-name">bind</span> -y

0x02 修改named.conf

<span class="token function">vim</span> /etc/named.conf
 //监听端口,默认为127.0.0.1,修改为any,监听所有地址的53端口,或删除此行配置,默认监听所有地址的53端口
 listen-on port <span class="token number">53</span> <span class="token punctuation">{</span> any<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span>,
 //允许查询DNS服务器的来源,默认为localhost,修改为any代表允许所有来源,或删除此行配置,默认允许所有来源
 allow-query     <span class="token punctuation">{</span> any<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span>
<span class="token function">vim</span> /etc/named.rfc1912.zones
<span class="token comment">#编辑named.rfc1912.zone,在末尾添加如下内容</span>
<span class="token comment">#正向解析</span>
zone <span class="token string">"hello.com"</span> IN <span class="token punctuation">{</span>
        <span class="token builtin class-name">type</span> master<span class="token punctuation">;</span>
        <span class="token function">file</span> <span class="token string">"mydomain.com.zone"</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span><span class="token punctuation">;</span>
<span class="token comment">#反向解析</span>
zone <span class="token string">"1.168.192.in-addr.arpa"</span> IN <span class="token punctuation">{</span>
        <span class="token builtin class-name">type</span> master<span class="token punctuation">;</span>
        <span class="token function">file</span> <span class="token string">"mydomain.com.local"</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span><span class="token punctuation">;</span>

0x03 创建正解析文件

<span class="token comment">#复制模板</span>
<span class="token builtin class-name">cd</span> /var/named
<span class="token function">cp</span> -p named.localhost mydomain.com.zone
<span class="token variable">$TTL</span> 1D
@       IN SOA  mydomain.com.  admin.mydomain.com <span class="token punctuation">(</span>
                                        <span class="token number">1</span>       <span class="token punctuation">;</span> serial
                                        1D      <span class="token punctuation">;</span> refresh
                                        1H      <span class="token punctuation">;</span> retry
                                        1W      <span class="token punctuation">;</span> expire
                                        3H <span class="token punctuation">)</span>    <span class="token punctuation">;</span> minimum
@        IN    NS   dns.mydomain.com.
dns     IN     A    <span class="token number">192.168</span>.1.125
@        IN    A     <span class="token number">192.168</span>.1.122

0x04 创建反解析文件

<span class="token comment">#复制模板</span>
<span class="token function">cp</span> -p named.localhost mydomain.com.local
<span class="token variable">$TTL</span> 1D
@       IN SOA  mydomain.com.  admin.mydomain.com <span class="token punctuation">(</span>
                                        <span class="token number">1</span>       <span class="token punctuation">;</span> serial
                                        1D      <span class="token punctuation">;</span> refresh
                                        1H      <span class="token punctuation">;</span> retry
                                        1W      <span class="token punctuation">;</span> expire
                                        3H <span class="token punctuation">)</span>    <span class="token punctuation">;</span> minimum
@        IN    NS     dns.mydomain.com.
<span class="token number">125</span>     IN    PTR   dns.mydomain.com.
<span class="token number">122</span>     IN    PTR   mydomain.com.

0x05 主配置文件语法检查

named-checkconf -z /etc/named.conf

0x06 权限修改

<span class="token comment">#由于文件是在root用户下创建,named无法读取</span>
<span class="token comment">#需要修改文件权限,否则会出现server can't find *: SERVFAIL错误</span>
<span class="token function">chown</span> named mikuac.cn.zone
<span class="token function">chown</span> named mikuac.cn.loacl

0x07 端口开放

<span class="token comment">#开放TCP与UDP 53端口</span>
firewall-cmd --permanent --add-port<span class="token operator">=</span><span class="token number">53</span>/tcp
firewall-cmd --permanent --add-port<span class="token operator">=</span><span class="token number">53</span>/udp
firewall-cmd --reload

0x08 服务启动

systemctl start named

发表评论