常规DNS的安全和配置1、安装DNSyum -y install bind bind-utils安装后生成的文件,我们主要配置下面几个/etc/named.conf/var/named/xx这个xx是在named.conf中指定的正向和反向的文件名字,为什么是在/var/named下呢,因为named.conf中配置指定到/var/named下去读取,为了避免源配置文件干扰,我删除了named.conf,然后重新写,注意named.conf,/var/named/xx xx正反向解析文件的权限都是root用户,named组,组只可读,也就是-rw-r-----权限。场景说明:域名为itox.com.cn,对下面的IP建立正反向解析,正向解析文件名itox.com.cn.zone,反向解析文件名192.168.100.zone,因此,我们需要改的文件有3个/etc/named.conf/var/named/itox.com.cn.zone/var/named/192.168.100.zone对应表如下:kali2.itox.com.cn 192.168.100.22kali3.itox.com.cn 192.168.100.23mail.itox.com.cn 192.168.100.24ftp.itox.com.cn 192.168.100.25www.itox.com.cn 192.168.100.26samba.itox.com.cn 192.168.100.27nfs.itox.com.cn 192.168.100.28radius Alias ftp 这个是别名
其他一切itox.com.cn的主机名全部解析到192.168.100.3上去
/etc/named.conf配置文件如下:options { directory "/var/named";
allow-recursion { 192.168.100.0/24; };};
zone "." IN { type hint; file "named.ca";};
zone "localhost" IN { type master; file "named.localhost";};
zone "0.0.127" IN { type master; file "named.loopback";};
zone "itox.com.cn" IN { type master; file "itox.com.cn.zone";};
zone "100.168.192.in-addr.arpa" IN { type master; file "192.168.100.zone";};
/var/named/itox.com.cn.zone配置文件如下:$TTL 600@ IN SOA ns1.itox.com.cn. admin.itox.com.cn. (2019040701 2H 9M 3D 10H ) IN NS ns1 IN MX 10 mailns1 IN A 192.168.100.3kali2 IN A 192.168.100.22 kali3 IN A 192.168.100.23 mail IN A 192.168.100.24 ftp IN A 192.168.100.25 www IN A 192.168.100.26 samba IN A 192.168.100.27 nfs IN A 192.168.100.28 radius IN CNAME ftp
* IN A 192.168.100.3
/var/named/192.168.100.zone配置文件如下:$TTL 600@ IN SOA ns1.itox.com.cn. admin.itox.com.cn. (2019040701 2H 9M 3D 10H ) IN NS ns1.itox.com.c.22 IN PTR kali2.itox.com.cn.23 IN PTR kali3.itox.com.cn.24 IN PTR mail.itox.com.cn.25 IN PTR ftp.itox.com.cn.26 IN PTR www.itox.com.cn.27 IN PTR samba.itox.com.cn.28 IN PTR nfs.itox.com.cn.
基础配置操作完成,验证MX记录[root@localhost named]# dig -t MX itox.com.cn
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t MX itox.com.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11011;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:;itox.com.cn. IN MX
;; ANSWER SECTION:itox.com.cn. 600 IN MX 10 mail.itox.com.cn.
;; AUTHORITY SECTION:itox.com.cn. 600 IN NS ns1.itox.com.cn.
;; ADDITIONAL SECTION:mail.itox.com.cn. 600 IN A 192.168.100.24ns1.itox.com.cn. 600 IN A 192.168.100.3
;; Query time: 0 msec;; SERVER: 192.168.100.3#53(192.168.100.3);; WHEN: Mon Apr 8 02:28:31 2019;; MSG SIZE rcvd: 100
欢迎加入QQ技术群聊:70539804
转载于:https://www.cnblogs.com/boltkiller/p/10666342.html
