zoukankan      html  css  js  c++  java

  • 架构师成长之路6.2 DNS配置文件

    点击返回架构师成长之路

    架构师成长之路6.2 DNS 配置文件

    • /etc/hosts  主机的一个文件列表 ,添加记录如:111.13.100.92   www.baidu.com

        对于简单的主机名解析(点分表示法),默认在请求DNS或NIS网络域名服务器前,/etc/named.conf 通常会告诉程序先查看此文件。

    • /etc/resolv.conf 转换程序配置文件

        在配置程序请求BIND域名查询服务查询主机名时,必须告诉程序使用哪个域名服务器和IP地址来完成这个任务

    • /etc/named.conf BIND主文件

        设置一般的name参数,指向该服务器使用的域数据库的信息源

    • /var/named/named.ca  根域名配置服务器指向文件

        指向根域名配置服务器,用于告诉缓存服务器初始化

    • /var/named/localhost.zone    localhost区正向域名解析文件

        用于将本地IP地址(127.0.0.1)转换为本地回送IP地址(127.0.0.1)

    • /var/named/name.local  localhost区反向域名解析文件

        用于将localhost名字转换为本地回送IP地址(127.0.0.1)

    • /etc/named.rfc1912.zones  区块设置文件

     

    //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
    ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17380
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net.     3600000 IN      A       198.41.0.4
a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     3600000 IN      A       192.228.79.201
b.root-servers.net.     3600000 IN      AAAA    2001:500:84::b
c.root-servers.net.     3600000 IN      A       192.33.4.12
c.root-servers.net.     3600000 IN      AAAA    2001:500:2::c
d.root-servers.net.     3600000 IN      A       199.7.91.13
d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
e.root-servers.net.     3600000 IN      A       192.203.230.10
e.root-servers.net.     3600000 IN      AAAA    2001:500:a8::e
f.root-servers.net.     3600000 IN      A       192.5.5.241
f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
g.root-servers.net.     3600000 IN      A       192.112.36.4
g.root-servers.net.     3600000 IN      AAAA    2001:500:12::d0d
h.root-servers.net.     3600000 IN      A       198.97.190.53
h.root-servers.net.     3600000 IN      AAAA    2001:500:1::53
i.root-servers.net.     3600000 IN      A       192.36.148.17
i.root-servers.net.     3600000 IN      AAAA    2001:7fe::53
j.root-servers.net.     3600000 IN      A       192.58.128.30
j.root-servers.net.     3600000 IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     3600000 IN      A       193.0.14.129
k.root-servers.net.     3600000 IN      AAAA    2001:7fd::1
l.root-servers.net.     3600000 IN      A       199.7.83.42
l.root-servers.net.     3600000 IN      AAAA    2001:500:9f::42
m.root-servers.net.     3600000 IN      A       202.12.27.33
m.root-servers.net.     3600000 IN      AAAA    2001:dc3::35

;; Query time: 18 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Po kvě 22 10:14:44 CEST 2017
;; MSG SIZE  rcvd: 811

    ......
  • 相关阅读:
    将centos_yum源更换为阿里云(官方文档)
    JIRA 破解文件研究(Win 7环境)
    告别拖延症,你也可以轻松做到
    VS2015 + EF6连接MYSQL
    start-stop-daemon
    stm32开发板无法正常写入的问题或者写入后无法正常运行的问题
    进制转换
    回文判断程序
    C语言结构体指针的引用问题
    升级/安装主题插件提示权限不足 输入FTP解决办法
  • 原文地址:https://www.cnblogs.com/yaoyaojcy/p/10267340.html
Copyright © 2011-2022 走看看