标签:ttl stat 防火墙规则 can table tin refresh 网卡 地址
用来定义bind服务程序的运行。
用来保存域名和ip地址对应关系的所在位置。类似于图书的目录,对应着每个域和相应ip地址所在的具体位置,当需要查看或修改时,可根据这个位置找到相关文件。
将INPU规则链设置为只允许指定网段的主机访问本机的53端口,拒绝来自其他所有主机的流量:
1 [root@localhost ~]# iptables -I INPUT -s 192.168.127.0/24 -p tcp --dport 53 -j ACCEPT 2 [root@localhost ~]# iptables -A INPUT -p tcp --dport 53 -j REJECT 3 [root@localhost ~]# iptables -L 4 Chain INPUT (policy ACCEPT) 5 target prot opt source destination 6 ACCEPT tcp -- 192.168.127.0/24 anywhere tcp dpt:domain 7 ACCEPT udp -- anywhere anywhere udp dpt:domain 8 ACCEPT tcp -- anywhere anywhere tcp dpt:domain 9 ACCEPT udp -- anywhere anywhere udp dpt:bootps 10 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps 11 REJECT tcp -- anywhere anywhere tcp dpt:domain reject-with icmp-port-unreachable
bind,该包为DNS服务的主程序包
bind-utils,该报为客户端工具,默认安装,用于搜索域名指令
1 [root@localhost ~]# yum install bind bind-utils -y
1 [root@localhost ~]# vim /etc/named.conf 2 options { 3 listen-on port 53 { any; }; #127.0.0.1改成any;表示服务器上的所有IP地址均可提供DNS域名解析服务 4 listen-on-v6 port 53 { ::1; }; 5 directory "/var/named"; 6 dump-file "/var/named/data/cache_dump.db"; 7 statistics-file "/var/named/data/named_stats.txt"; 8 memstatistics-file "/var/named/data/named_mem_stats.txt"; 9 allow-query { any; }; #把localhost改为any;表示允许所有人对本服务器发送DNS查询请求
1 [root@localhost ~]# vim /etc/named.rfc1912.zones 2 zone "crucis.top" IN { 3 type master; 4 file "named.localhost"; 5 allow-update { none; }; 6 }; 7 8 zone "localhost" IN { 9 type master; 10 file "named.localhost"; 11 allow-update { none; }; 12 };
可以从/var/named目录中复制一份正向解析的模板文件(named.localhost),然后把域名和和ip地址的对应数据填写数据配置文件中并保存。再复制时记得加上-a参数,这可以保留原始文件的所有者、所属组、权限属性等信息,以便让bind服务程序顺利读取文件内容
1 [root@localhost ~]# cd /var/named 2 [root@localhost named]# ls 3 data dynamic named.ca named.empty named.localhost named.loopback slaves 4 [root@localhost named]# cp named.localhost crucis.top.zone -a
1 [root@localhost named]# vim crucis.top.zone 2 $TTL 1D 3 @ IN SOA @ rname.invalid. ( 4 0 ; serial 5 1D ; refresh 6 1H ; retry 7 1W ; expire 8 3H ) ; minimum 9 NS @ 10 A 127.0.0.1 11 www IN A 192.168.127.140 12 lc IN A 192.168.127.140 13 whq IN A 192.168.127.140 14 ~
1 [root@localhost named]# systemctl restart named
1 [root@localhost network-scripts]# systemctl restart network
1 [root@localhost ~]# nslookup 2 > www.crucis.top 3 Server: 192.168.127.140 4 Address: 192.168.127.140#53 5 6 ** server can‘t find www.crucis.top: NXDOMAIN
标签:ttl stat 防火墙规则 can table tin refresh 网卡 地址
原文地址:https://www.cnblogs.com/CruxAustralis/p/11255994.html
