Deployment DNS Forward Resolution
- Main configuration file (/etc/named.conf):
Used to define the operation of the bind service program.
- Zone Profile (/etc/named.rfc1912.zones):
The location where the corresponding relationship between domain name and ip address is stored. Similar to the catalogue of books, it corresponds to the specific location of each domain and corresponding ip address. When you need to view or modify, you can find the relevant documents according to this location.
- Data Profile Directory (/var/named): This directory is used to save data profiles whose domain names and ip addresses correspond to each other.
- Main configuration file: / etc/named.conf
- Zone Profile: / etc/named.rfc1912.zones
- Forward parsing template file: / var/named/named.localhost
- Reverse parsing template file: / var/named/named.loopback
- First configure firewall rules
Set the INPU rule chain to allow only the host of the specified network segment to access port 53 of the local machine, and reject traffic from all other hosts:
1 [root@localhost ~]# iptables -I INPUT -s 192.168.127.0/24 -p tcp --dport 53 -j ACCEPT 2 [root@localhost ~]# iptables -A INPUT -p tcp --dport 53 -j REJECT 3 [root@localhost ~]# iptables -L 4 Chain INPUT (policy ACCEPT) 5 target prot opt source destination 6 ACCEPT tcp -- 192.168.127.0/24 anywhere tcp dpt:domain 7 ACCEPT udp -- anywhere anywhere udp dpt:domain 8 ACCEPT tcp -- anywhere anywhere tcp dpt:domain 9 ACCEPT udp -- anywhere anywhere udp dpt:bootps 10 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps 11 REJECT tcp -- anywhere anywhere tcp dpt:domain reject-with icmp-port-unreachable
- Download bind
Bid, the main package that serves DNS
Bid-utils, which is installed by default as a client tool for searching domain name instructions
1 [root@localhost ~]# yum install bind bind-utils -y
- Configure DNS Master Profile
1 [root@localhost ~]# vim /etc/named.conf 2 options { 3 listen-on port 53 { any; }; #Change 127.0.0.1 to any; all IP addresses on the server can provide DNS domain name resolution services 4 listen-on-v6 port 53 { ::1; }; 5 directory "/var/named"; 6 dump-file "/var/named/data/cache_dump.db"; 7 statistics-file "/var/named/data/named_stats.txt"; 8 memstatistics-file "/var/named/data/named_mem_stats.txt"; 9 allow-query { any; }; #Change localhost to any; this means that everyone is allowed to send DNS query requests to this server
- Modify the zone configuration file
1 [root@localhost ~]# vim /etc/named.rfc1912.zones 2 zone "crucis.top" IN { 3 type master; 4 file "named.localhost"; 5 allow-update { none; }; 6 }; 7 8 zone "localhost" IN { 9 type master; 10 file "named.localhost"; 11 allow-update { none; }; 12 };
- Define your own domain file
A forward parsed template file (named.localhost) can be copied from the / var / name directory, and the corresponding data of domain name and ip address can be filled in the data configuration file and saved. When copying again, remember to add the - a parameter, which can retain the original file owner, group, permission attributes and other information, so that the bind service program can read the file content smoothly.
1 [root@localhost ~]# cd /var/named 2 [root@localhost named]# ls 3 data dynamic named.ca named.empty named.localhost named.loopback slaves 4 [root@localhost named]# cp named.localhost crucis.top.zone -a
- Configure your own domain file
1 [root@localhost named]# vim crucis.top.zone 2 $TTL 1D 3 @ IN SOA @ rname.invalid. ( 4 0 ; serial 5 1D ; refresh 6 1H ; retry 7 1W ; expire 8 3H ) ; minimum 9 NS @ 10 A 127.0.0.1 11 www IN A 192.168.127.140 12 lc IN A 192.168.127.140 13 whq IN A 192.168.127.140 14 ~
- Restart service
1 [root@localhost named]# systemctl restart named
- Use your own DNS server
- Restart Network Card
1 [root@localhost network-scripts]# systemctl restart network
- Verification
1 [root@localhost ~]# nslookup 2 > www.crucis.top 3 Server: 192.168.127.140 4 Address: 192.168.127.140#53 5 6 ** server can't find www.crucis.top: NXDOMAIN