使用BIND进行内网DNS实验-天翼云开发者社区

使用BIND進行內網DNS實驗

準備兩臺VM:

VM1:192.168.164.130 --- 客戶端

VM2:192.168.164.132 --- local dns服務器

VM2配置

修改 /etc/named.conf 文件

options {

listen-on port 53 { 127.0.0.1; 192.168.164.132;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { localhost; any;};

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

forward first;

forwarders {

8.8.8.8;

8.8.4.4;

};

dnssec-enable no;

dnssec-validation no;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

修改/etc/named.rfc1912.zones

zone "ctyun-dns-test.com" IN { type master;

file "example.ctyun-dns-test.zone";

allow-update { none; };

};

新增/var/named/example.ctyun-dns-test.zone文件

$TTL 1D

@ IN SOA servera.ctyun-dns-test.com. root.servera.ctyun-dns-test.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS servera.ctyun-dns-test.com.

servera IN A 192.168.164.132

修改/etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.164.132

#nameserver 8.8.4.4

重啟DNS服務

systemctl restart named.service

關閉防火墻

systemctl stop firewalld

VM1配置

修改/etc/resolv.conf

search localdomain

#nameserver 8.8.8.8

#nameserver 8.8.4.4

nameserver 192.168.164.132

dig servera.ctyun-dns-test.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> servera.ctyun-dns-test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24383

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;servera.ctyun-dns-test.com. IN A

;; ANSWER SECTION:

servera.ctyun-dns-test.com. 86400 IN A 192.168.164.132

;; AUTHORITY SECTION:

ctyun-dns-test.com. 86400 IN NS servera.ctyun-dns-test.com.

;; Query time: 0 msec

;; SERVER: 192.168.164.132#53(192.168.164.132)

;; WHEN: Sun Apr 21 01:53:48 PDT 2024

;; MSG SIZE rcvd: 85

使用BIND進行內網DNS實驗

準備兩臺VM:

VM1:192.168.164.130 --- 客戶端

VM2:192.168.164.132 --- local dns服務器

VM2配置

修改 /etc/named.conf 文件

options {

listen-on port 53 { 127.0.0.1; 192.168.164.132;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { localhost; any;};

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

forward first;

forwarders {

8.8.8.8;

8.8.4.4;

};

dnssec-enable no;

dnssec-validation no;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

修改/etc/named.rfc1912.zones

zone "ctyun-dns-test.com" IN { type master;

file "example.ctyun-dns-test.zone";

allow-update { none; };

};

新增/var/named/example.ctyun-dns-test.zone文件

$TTL 1D

@ IN SOA servera.ctyun-dns-test.com. root.servera.ctyun-dns-test.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS servera.ctyun-dns-test.com.

servera IN A 192.168.164.132

修改/etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.164.132

#nameserver 8.8.4.4

重啟DNS服務

systemctl restart named.service

關閉防火墻

systemctl stop firewalld

VM1配置

修改/etc/resolv.conf

search localdomain

#nameserver 8.8.8.8

#nameserver 8.8.4.4

nameserver 192.168.164.132

dig servera.ctyun-dns-test.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> servera.ctyun-dns-test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24383

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;servera.ctyun-dns-test.com. IN A

;; ANSWER SECTION:

servera.ctyun-dns-test.com. 86400 IN A 192.168.164.132

;; AUTHORITY SECTION:

ctyun-dns-test.com. 86400 IN NS servera.ctyun-dns-test.com.

;; Query time: 0 msec

;; SERVER: 192.168.164.132#53(192.168.164.132)

;; WHEN: Sun Apr 21 01:53:48 PDT 2024

;; MSG SIZE rcvd: 85

亚欧色一区w666天堂,色情一区二区三区免费看,少妇特黄A片一区二区三区,亚洲人成网站999久久久综合,国产av熟女一区二区三区

智算服務

應用商城

定價

合作伙伴

開發者

支持與服務

了解天翼云

使用BIND進行內網DNS實驗

VM2配置

VM1配置

使用BIND進行內網DNS實驗

VM2配置

VM1配置

亚欧色一区w666天堂,色情一区二区三区免费看,少妇特黄A片一区二区三区,亚洲人成网站999久久久综合,国产av熟女一区二区三区

活動

智算服務

應用商城

定價

合作伙伴

開發者

支持與服務

了解天翼云

使用BIND進行內網DNS實驗

VM2配置

VM1配置

使用BIND進行內網DNS實驗

VM2配置

VM1配置