Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to configure DNS service in Oracle Linux 7.1. the editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Oracle Linux 7.1Configuring DNS Services

one。 Install the software packages required by DNS

# yum install bind-libs bind bind-utils

two。 Edit the named.conf file

Copy a named.conf file before editing

[root@jytest1 ~] # cp / etc/named.conf/ etc/named.conf.backup [root@jytest1 ~] # vi / etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named (8) DNS// server as a caching only nameserver (as a localhost DNS resolver only). / See / usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 {any;} -- modify 127.0.0.1 to any listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any };-- modify 127.0.0.1 to any / *-If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. -If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. -If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface * / recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; / * Path to ISC DLV key * / bindkeys-file "/ etc/named.iscdlv.key"; managed-keys-directory "/ var/named/dynamic"; pid-file "/ run/named/named.pid" Session-keyfile "/ run/named/session.key";}; logging {channel default_debug {file "data/named.run"; severity dynamic;};}; zone "." IN {type hint; file "named.ca";}; include "/ etc/named.rfc1912.zones"; include "/ etc/named.root.key"

three。 Configure host.conf

[root@jytest1 ~] # cat / etc/host.confmulti on

This file specifies how the hostname is resolved. Linux obtains the IP address corresponding to the hostname through the parser library. Here is an example of "/ etc/host.conf":

Order bind,hosts

Multi on

Nospoof on

"order bind,hosts" specifies the order in which the hostname is queried, which specifies that DNS is used to resolve the domain name before querying the "/ etc/hosts" file (or vice versa).

"multi on" specifies whether the host specified in the "/ etc/hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally called multi-hole hosts.

"nospoof on" means that IP address spoofing on this server is not allowed. IP spoofing is a means to attack system security by disguising the IP address as another computer to gain the trust of other computers.

four。 Modify / etc/named.rfc1912.zones

[root@jytest1 ~] # cp / etc/named.rfc1912.zones/ etc/named.rfc1912.zones.backup [root@jytest1 ~] # vi / etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1: localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02. Txt// (c) 2007 R W Franks//// See / usr/share/doc/bind*/sample/ for example named configuration files.//zone "localhost.localdomain" IN {type master File "named.localhost"; allow-update {none;};} zone "localhost" IN {type master; file "named.localhost"; allow-update {none;};} Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master; file "named.loopback"; allow-update {none;};}; zone "1.0.0.127.in-addr.arpa" IN {type master File "named.loopback"; allow-update {none;};}; zone "0.in-addr.arpa" IN {type master; file "named.empty"; allow-update {none;};};-- the following is the addition, jybd.net.forward is forward parsing, jydba.net.reverse is reverse parsing zone "jydba.net" IN {type master; file "jydba.net.forward" Allow-update {none;};}; zone "130.138.10.in-addr.arpa" IN {type master; file "jydba.net.reverse"; allow-update {none;};}; "/ etc/named.rfc1912.zones" 54L, 1171C written

five。 Modify the specific zone configuration file

[root@jytest1 named] # cd / var/named [root@jytest1 named] # cp named.localhost jydba.net.forward [root@jytest1 named] # cp named.loopback jydba.net.reverse [root@jytest1 named] # vi jydba.net.forward$TTL 1D @ IN SOA @ root.jydba.net. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 10.138.130.171 AAAA:: 1jytest1 A 10.138.130.171jytest2 A 10.138.130.172jytest1-vip A 10.138.130.175jytest2-vip A 10.138.130.176jytest-scan A. 10.138.130.177jytest-scan A 10.138.130.178jytest-scan A 10.138.130.179 [root@jytest1 named] # vi jydba.net.reverse$TTL 1D @ root.jydba.net. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 10.138.130.171 AAAA:: 1 PTR localhost.171 PTR jytest1172 PTR jytest2175 PTR jytest1-vip176 PTR jytest2-vip177 PTR jytest-scan178 PTR jytest-scan179 PTR jytest-scan

six。 Configure resolv.conf

[root@jytest1 named] # cat / etc/resolv.conf# Generated by NetworkManagersearch jydba.net# No nameservers found; try putting DNS servers into your# ifcfg files in / etc/sysconfig/network-scripts like so:## DNS1=xxx.xxx.xxx.xxx# DNS2=xxx.xxx.xxx.xxx# DOMAIN=lab.foo.com bar.foo.comsearch jydba.netnameserver 10.138.130.171

seven。 test

[root@jytest1 named] # dig-x 10.138.130.172

DiG 9.9.4-RedHat-9.9.4-18.el7

-x 10.138.130.172; global options: + cmd;; Got answer:;;-> > HEADER

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.