CentOS7自动安装Bind服务器shell脚本

时间：2018-05-31 12:21:36 阅读：235 评论：0 收藏：0 [点我收藏+]

#!/bin/bash #################################################################### # Auto install bind # Create Date : 2018-05-31 # Written by :风花 # Organization: hbgslz.com #################################################################### DOMAIN_NAME=`hostname| awk -F. '{print $2"."$3}'` HOSTNAME=`hostname|awk -F. '{print $1}'` IN_Face=`route -n |awk '{if($4~/UG/){print $8}}'|head -n 1` Local_IP=`nmcli device show "$IN_Face" | grep IP4.ADDRESS | awk '{print $2}' | awk -F/ '{print $1}'` IP_Arp_01=`echo $Local_IP | awk -F. '{print $3}'` IP_Arp_02=`echo $Local_IP | awk -F. '{print $2}'` IP_Arp_03=`echo $Local_IP | awk -F. '{print $1}'` cd /tmp/ yum -y install bind-utils bind >>/tmp/init_sn.log -y || exit 1 # ***config /etc/named.conf*** cat << named_conf > /etc/named.conf options { //listen-on port 53 { 192.168.100.27; }; #指定监听IP和端口，可以指定多个IP //listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; #允许查询的客户端列表 //allow-recursion { localhost;192.168.100.0/24;192.168.200.0/24; }; #运行通过本服务器递归查询的客户端列表 //forward first; #转发模式，first选项代表首先查询forwarders中的DNS服务器，如果查询失败，则从根服务器开始递归查询（需要定义zone "."区域），only选项代表只查询forwarders中的服务>器，如果查询失败也不会继续从根服务器进行递归查询 forwarders { 114.114.114.114;8.8.8.8; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; #允许递归查询,如果删除该行，即为迭代查询 dnssec-enable yes; #DNSSEC相关选项，国内的DNS服务器基本没有配置DNSSEC，因此关闭，保持默认开启也没影响 dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "/var/log/named/named.log" versions 55 size 10m; severity dynamic; print-time yes; print-severity yes; print-category yes; }; category queries { default_debug; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; named_conf # ***config /etc/named.rfc1912.zones*** cat << named_rfc1912_zones > /etc/named.rfc1912.zones zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; //正向解析 zone "$DOMAIN_NAME" IN { type master; #主服务器 file "$DOMAIN_NAME.zone"; #区域解析文件，位于CHROOT-PATH/var/named/ notify yes; #定时通知从服务器刷新区域信息，时间间隔为区域解析文件中的refresh值 }; //反向解析 zone "$IP_Arp_01.$IP_Arp_02.$IP_Arp_03.in-addr.arpa" IN { type master; file "$IP_Arp_01.$IP_Arp_02.$IP_Arp_03.in-addr.arpa.zone"; notify yes; }; named_rfc1912_zones # ***config /var/named/hbgsyl.com.zone*** cat << domain_com_zone > /var/named/hbgsyl.com.zone \$TTL 1D @ IN SOA @ $DOMAIN_NAME. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A $Local_IP domain_com_zone # ***config /var/named/`$IP_Arp_01`.`$IP_Arp_02`.`$IP_Arp_03`.in-addr.arpa.zone*** cat << arpa_zone > /var/named/$IP_Arp_01.$IP_Arp_02.$IP_Arp_03.in-addr.arpa.zone \$TTL 1D @ IN SOA @ $DOMAIN_NAME. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A $Local_IP PTR $HOSTNAME. arpa_zone if [ ! -d "/var/log/named" ]; then mkdir /var/log/named else break fi chown -R named.named /var/log/named chown -R named.named /var/named systemctl enable named.service systemctl start named.service #check install status. check_cmd=`nslookup "$DOMAIN_NAME" | echo $?` if [ "${check_cmd}" == "0" ]; then echo "<OK!> install bind successful!" /etc/init.d/network restart exit 5 else echo "<ERROR!> Please install bind again!" fi

标签：CentOS7 Shell DNS Bind 脚本

原文地址：http://blog.51cto.com/hbgslz/2122383

踩

(0)

评论一句话评论（0）

分享档案

更多>

2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)

周排行