zoukankan      html  css  js  c++  java
  • linux系统中安装bind服务程序

    BIND(Berkeley Internet Name Domain,伯克利因特网名称域)服务是全球使用最广泛、最安全且最高效的域名解析服务程序

    1、安装bind域名解析服务:

    [root@PC1 ~]# yum install bind-chroot   ## 使用chroot,俗称牢笼机制,更加安全
    Loaded plugins: langpacks, product-id, subscription-manager
    This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    Resolving Dependencies
    --> Running transaction check
    ---> Package bind-chroot.x86_64 32:9.9.4-14.el7 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
     Package             Arch           Version                 Repository     Size
    ================================================================================
    Installing:
     bind-chroot         x86_64         32:9.9.4-14.el7         rhel7          81 k
    
    Transaction Summary
    ================================================================================
    Install  1 Package
    
    Total download size: 81 k
    Installed size: 3.1 k
    Is this ok [y/d/N]: y
    Downloading packages:
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : 32:bind-chroot-9.9.4-14.el7.x86_64                           1/1 
      Verifying  : 32:bind-chroot-9.9.4-14.el7.x86_64                           1/1 
    
    Installed:
      bind-chroot.x86_64 32:9.9.4-14.el7                                            
    
    Complete!

    2、三个重要配置文件:

    主配置文件:/etc/named.conf,用来定义bind服务的运行

    区域配置文件: /etc/named.rfc1912.zones,类似于图书馆的目录大纲,用来指定域名和IP地址对应关系文件所在位置

    数据配置文件目录:/var/named/,该目录下具有域名和IP地址对应关系的文件

    3、修改主配置文件,保证基本的服务

    vim /etc/named.conf  ## 修改第11行和第17行
      1 //
      2 // named.conf
      3 //
      4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
      5 // server as a caching only nameserver (as a localhost DNS resolver only).
      6 //
      7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
      8 //
      9 
     10 options {
     11         listen-on port 53 { any; };   ## 此处修改为any,表示服务器上的所有IP地址均可提供DNS域名解析服务
     12         listen-on-v6 port 53 { ::1; };
     13         directory       "/var/named";
     14         dump-file       "/var/named/data/cache_dump.db";
     15         statistics-file "/var/named/data/named_stats.txt";
     16         memstatistics-file "/var/named/data/named_mem_stats.txt";
     17         allow-query     { any; };  ## 此处也修改为any,表示允许所有人对本服务器发送DNS查询请求
     18 
     19         /* 
     20          - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     21          - If you are building a RECURSIVE (caching) DNS server, you need to enable 
     22            recursion. 
     23          - If your recursive DNS server has a public IP address, you MUST enable access 
     24            control to limit queries to your legitimate users. Failing to do so will
     25            cause your server to become part of large scale DNS amplification 
     26            attacks. Implementing BCP38 within your network would greatly
     27            reduce such attack surface 
     28         */
     29         recursion yes;
    ………………
  • 相关阅读:
    0108 创建表约束
    Mybatis 将数据库中查出的记录,一对多返回,即分组,然后返回每个组的所有数据
    SQL主表、从表
    MySQL中添加、删除字段,使用SQL语句操作
    git 将远程工作分支合并到本地dev分支
    MySQL inner join 和 left join 的区别
    Mysql union 和 order by 同时使用需要注意的问题
    The used SELECT statements have a different number of columns
    Every derived table must have its own alias(MySQL报错:每个派生表都必须有自己的别名)
    MySQL 日期格式化及字符串、date、毫秒互相转化
  • 原文地址:https://www.cnblogs.com/liujiaxin2018/p/14123465.html
Copyright © 2011-2022 走看看