碼上快樂

相關內容    簡體    繁體

CentOS8配置本地DNS

本文轉載自   查看原文   2021-12-14 11:00   1635    redhat命令

為了完成VCSA的完整安裝。需要在本地配置一台RedHat8的vm來作為本地的DNS

1.安裝DNS服務

查詢bind

[root@vm2 ~]# yum info bind

 

安裝bind

[root@vm2 ~]# yum -y install bind
[root@vm2 ~]# rpm -ql bind

 查看13個根域服務器文件:

[root@vm2 ~]# cat /var/named/named.ca

 

 開啟DNS服務,並添加防火牆端口:

[root@vm2 ~]# systemctl start named
[root@vm2 ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@vm2 ~]# firewall-cmd --permanent --add-service=dns
success
[root@vm2 ~]# firewall-cmd --permanent --add-port=53/tcp
success
[root@vm2 ~]# firewall-cmd --permanent --add-port=53/udp
success

[root@vm2 ~]# firewall-cmd --reload
success
[root@vm2 ~]# ss -untl

 

查看修改網卡信息:

[root@vm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens192

PEERDNS= "no"

 

 電腦重啟后 /etc/resolv.conf 的namespace不會恢復至系統默認

[root@vm2 ~]# systemctl restart network-online.target

編輯DNS配置文件/etc/named.conf文件:

[root@vm2 etc]# cp -p /etc/named.conf{,.back}

[root@vm2 etc]# ll |grep named.conf
-rw-r-----.  1 root named     1705 Feb 18  2021 named.conf
-rw-r-----.  1 root named     1705 Feb 18  2021 named.conf.back

[root@vm2 etc]# vim named.conf

 

[root@vm2 etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file    "/var/named/data/named.secroots";
    recursing-file    "/var/named/data/named.recursing";
    allow-query     { localhost; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "example.com" IN {
        type master;
        file "example.com.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

 

[root@vm2 etc]# systemctl reload named
[root@vm2 etc]# ss -ntul

[root@vm2 etc]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 OS: CentOS8本地源配置過程 CentOS8掛載本地ISO 配置本地YUM源 Centos7 編輯本地DNS解析配置文件 Centos7 編輯本地DNS解析配置文件 CentOS7安裝並配置本地DNS服務器 本地文件上傳至centos8 centos8本地yum設置 CentOS8安裝本地yum CentOS8 網絡配置 Centos8安全配置
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM