Centos 7.1 配置DNS view
时间:2015-09-21 00:53 来源:51cto.com 作者:IT
~]# yum install bindbind-utils
[root@dns ~]# rpm-qa | grep bind
bind-license-9.9.4-18.el7_1.5.noarch
bind-utils-9.9.4-18.el7_1.5.x86_64
bind-libs-9.9.4-18.el7_1.5.x86_64
bind-libs-lite-9.9.4-18.el7_1.5.x86_64
bind-9.9.4-18.el7_1.5.x86_64
~]# systemctl stopfirewalld
~]# setenforce 0
[root@dns ~]# ip a
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000
link/ether 00:0c:29:ca:24:8e brdff:ff:ff:ff:ff:ff
inet 192.168.1.50/24brd 192.168.1.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feca:248e/64 scopelink
valid_lft forever preferred_lft forever
3: eno33554984:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000
link/ether 00:0c:29:ca:24:98 brdff:ff:ff:ff:ff:ff
inet 1.1.1.50/24brd 1.1.1.255 scope global dynamic eno33554984
valid_lft 1573sec preferred_lft 1573sec
inet6 fe80::20c:29ff:feca:2498/64 scopelink
valid_lft forever preferred_lft forever
[root@dns ~]# vim/etc/named.conf
//
// named.conf
//
// Provided by RedHat bind package to configure the ISC BIND named(8) DNS
// server as acaching only nameserver (as a localhost DNS resolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVEDNS server, do NOT enable recursion.
- If you are building a RECURSIVE(caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has apublic IP address, you MUST enable access
control to limit queries to yourlegitimate users. Failing to do so will
cause your server to become part oflarge scale DNS amplification
attacks. Implementing BCP38 withinyour network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
pid-file"/run/named/named.pid";
// session-keyfile"/run/named/session.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
[root@dns ~]# vim/etc/named.rfc1912.zones
//named.rfc1912.zones:
//
// Provided by RedHat caching-nameserver package
//
// ISC BIND namedzone configuration for zones recommended by
// RFC 1912 section4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R WFranks
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
view wang_tong {
match-clients { 1.1.1.0/24; };
zone "."IN {
type hint;
file "named.ca";
};
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "zrd.com" IN {
type master;
file"zrd.com.wang_tong";
};
};
view dian_xin {
match-clients { 192.168.1.0/24; };
zone "zrd.com" IN {
type master;
file"zrd.com.dian_xin";
};
};
view default {
match-clients { any; };
zone "zrd.com" IN {
type master;
file"zrd.com.dian_xin";
};
};
[root@dns ~]# cd/var/named/
[root@dns named]#vim zrd.com.dian_xin
$TTL 86400
@ IN SOA dns.zrd.com. admin.zrd.com. (
2015092021
1D
2D
1D
7D
)
IN NS dns
IN MX 10 mail
www IN A 192.168.1.11
dns IN A 192.168.1.50
mail IN A 192.168.1.12
[root@dns named]#vim zrd.com.wang_tong
$TTL 86400
@ IN SOA dns.zrd.com. admin.zrd.com. (
2015092021
1D
2D
1D
7D
)
IN NS dns
IN MX 10 mail
www IN A 1.1.1.11
dns IN A 1.1.1.50
mail IN A 1.1.1.12
[root@dns named]#chown root:named zrd.com.wang_tong zrd.com.dian_xin
[root@dns ~]#systemctl start named
(责任编辑:IT)
|
