天黑的時候，星星就會出現!: Domain Name Server 設定(BIND DNS)

有時為了減少硬體設備或其他原因,將 DNS Service 內、外 ZONE 都放在同一台 DNS 主機上。

這個時候可利用 VIEW 的功能,讓內網和外網網域在同一台 DNS 伺服器上提供解析網域。

yum install bind bind-chroot bind-utils

named.conf 內容:

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { none; };

version "None"; //當別人查詢您的BIND版本時顯示的內容
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { localhost; 192.168.1.0/24; };
forwarders { 8.8.4.4; 8.8.8.8; 168.95.192.1; 168.95.1.1; };
notify yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

};

logging {
category lame-servers { null; };
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity dynamic;
print-time yes;
};
category security {
security_file;
};
};

acl "lan" { 192.168.1.0/24; localhost; };

view "internal" {

match-clients { lan; };

zone "." {
type hint;
file "/etc/named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "example.com" {
type master;
file "/var/named/internal/zone_example.com";
allow-transfer { none; };

};

zone "1.168.192.in-addr.arpa" {

type master;
file "/var/named/internal/192.168.1.rev";

allow-transfer { none; };

};

view "external" {
match-clients { any; };

zone "." {
type hint;
file "/etc/named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "example.com" {
type master;
file "/var/named/zone_example.com";
allow-transfer { none; };

};

依內、外網域 IP 修改:

zone_example.com 內容:
$TTL 38400
@ IN SOA dns.example.com. root.example.com. (
2017010101
600
3600
604800
86400 )
@ IN NS dns.example.com.

@ IN MX 5 mail.example.com.

dns.example.com. IN A 192.168.1.1

example.com. IN TXT "v=spf1 a mx include:mail.example.com ~all"

mail.example.com. IN A 192.168.1.2
www.example.com. IN A 192.168.1.3

192.168.1.rev 內容:
$TTL 38400
@ IN SOA dns.example.com. root.example.com. (
2017010101
1800
3600
604800
38400 )
@ IN NS dns.example.com.

3 IN PTR www.example.com.

修改後重啟 dns service:

systemctl restart named-chroot.service

systemctl enable named-chroot.service

天黑的時候，星星就會出現!

2017年1月17日星期二

Domain Name Server 設定(BIND DNS)

沒有留言:

張貼留言

ManageEngine EventLog Analyzer版本更新步驟

檢舉濫用情形

2017年1月17日 星期二

Domain Name Server 設定(BIND DNS)

沒有留言:

張貼留言

ManageEngine EventLog Analyzer版本更新步驟

2017年1月17日星期二