Linux 使用Shell連線VMware安裝DNS服務
阿新 • • 發佈:2020-12-09
配置實驗環境
使用Shell連線VMware安裝DNS服務
1.yum install bind.x86_64 -y 利用yum將DNS服務下載下來
2.firewall-config 開啟防火牆圖形設定開啟dns服務,將Configuration旁下拉勾選Permanent,然後勾選dns 然後點選Options下的Reload Firewalld重新載入防火牆
3.firewall-cmd --list-all 檢視是否修改成功dns服務
[[email protected] ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client dns ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
4.systemctl restart named 重新啟動dns服務
5.netstat -antlpe | grep named 檢視53介面是否開啟
[[email protected] ~]# netstat -antlpe | grep named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 44341 2893/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 44346 2893/named tcp6 0 0 ::1:53 :::* LISTEN 25 44343 2893/named tcp6 0 0 ::1:953 :::* LISTEN 25 44347 2893/named
6.vim /etc/named.conf 編輯dns配置檔案,將介面開啟:
[[email protected] ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders {172.25.254.250; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders {172.25.254.250; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
7.systemctl restart named 重啟服務讓修改生效
8.netstat -antlpe | grep named 檢視53介面是否被開啟
[[email protected] ~]# netstat -antlpe | grep named
tcp 0 0 192.168.40.131:53 0.0.0.0:* LISTEN 25 49366 3094/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 49364 3094/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 49373 3094/named
tcp6 0 0 ::1:53 :::* LISTEN 25 49370 3094/named
tcp6 0 0 ::1:953 :::* LISTEN 25 49374 3094/named
9.vim /etc/resolv.conf 將dns設定為本機ip
# Generated by NetworkManager
search example.com
nameserver 192.168.40.131
dns服務安裝配置完成