zoukankan      html  css  js  c++  java
  • DNS配置

    CentOS 7配置部署DNS

    [root@vm2 ~]# cat /etc/named.conf
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

    options {

    listen-on port 53 { 127.0.0.1; };

    listen-on-v6 port 53 { ::1; };
    directory 	"/var/named";
    dump-file 	"/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    

    allow-query { localhost; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;
    
    dnssec-enable yes;
    dnssec-validation yes;
    
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";
    
    managed-keys-directory "/var/named/dynamic";
    
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    

    };

    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };

    zone "." IN {
    type hint;
    file "named.ca";
    };

    zone "exam.com" IN {
    type master;
    file "exam.com.zone";
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

    [root@vm2 named]# cat exam.com.zone

    [root@vm2 named]# iptables -I INPUT -p udp --dport 53 -j ACCEPT

    =========================================================================

  • 相关阅读:
    新浪微博OAuth2授权错误 error:redirect_uri_mismatch
    [Eclipse]自动注释功能
    android 官网访问不了
    [转]Java开发中的23种设计模式详解
    [转]JAVA Iterator 的用法
    [转] Java集合类详解
    MySQL(root用户)密码重置
    SpringMVC项目接入Springfox实战遇到的问题集合
    linux中mysql完整卸载命令操作
    linux-centos挂载新硬盘操作
  • 原文地址:https://www.cnblogs.com/yyuuee/p/14553493.html
Copyright © 2011-2022 走看看