DNS 설치
명령어
yum -y install bind bind-libs bind-utils bind-chroot
etc/named.conf 수정
vi etc/named.conf
수정내용
options {
version "Unknown";
allow-transfer { none; };
allow-recursion { localhost; };
allow-query-cache { localhost; };
//listen-on port 53 { 127.0.0.1; };
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
DNS 실행
명령어
service named start
DNS 등록
명령어
vi /etc/named.rfc1912.zones
아래와 같이 추가
zone "com.wxw" IN {
type master;
file "wxw.com.zone";
allow-update { none; };
};
레코더 추가
vi /etc/named/도메인 (예 wxw.com.zone)
아래와 같이 추가
$TTL 1D
@ IN SOA domain.com. (
6800 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.domain.com.
IN A 192.168.0.1
ns IN A 192.168.0.1
www IN A 192.168.0.1
DNS 재 시작
명령어
service named restart
DNS 서비스 등록
명령어
chkconfig named on
