配置DNS的正反向解析
先关闭防火墙,下载bind DNS的正向解析配置: [root@localhost ~]# vim /etc/named.conf options { listen-on port 53 {any; }; #定义监听端口 directory "/var/named"; #定义数据文件目录 }; zone "openlab.com" IN { #定义一个区域 type master; file "named.openlab.com"; #定义区域服务器配置文件名 }; [root@localhost named]# touch named.openlab.com [root@localhost named]# vim named.openlab.com [root@localhost named]# [root@localhost named]# cat named.openlab.com @ IN SOA @ admin.openlab.com. ( 0 1D 1H 1W 3H ) IN NS ns.openlab.com. IN MX 10 mail.openlab.com. ns IN A 10.10.122.225 mail IN A 10.10.122.225 www IN A 10.10.122.225 ftp IN CNAME www
DNS的反向解析配置: [root@localhost ~]# vim /etc/named.conf options { listen-on port 53 {any; }; directory "/var/named"; }; zone "openlab.com" IN { type master; file "named.openlab.com"; allow-transfer {192.168.226.60;}; }; zone "122.10.10.in-addr.arpa" IN { #定义区域服务器 type master; file "named.arpa"; #定义区域服务器配置文件名 }; #再进入区域服务器配置文件 $TTL 1D @ IN SOA ns.openlab.com. admin.openlab.com. (2023329 1D 1H 1W 3H) IN NS ns.openlab.com. 182 IN PTR ns.openlab.com. #反向解析 182 IN PTR www.openlab.com. 182 IN PTR mail.openlab.com. 182 IN PTR ftp.openlab.com.
#重启服务之后,配置需要使用的HTTP服务用于验证DNS服务器 [root@localhost ~]# systemctl restart named [root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf <VirtualHost 10.10.122.225:80> ServerName www.openlab.com DocumentRoot /www/openlab Alias /student /www/student Alias /data /www/data </VirtualHost> <VirtualHost 10.10.122.225:443> ServerName www.openlab.com DocumentRoot /www/money Alias /money /www/money sslengine on SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key </VirtualHost> <directory /www/student> authtype basic authname "please login:" authuserfile /etc/httpd/openlab require user song tian </directory> <directory /www> allowoverride none require all granted </directory>
验证(采用本地验证): [root@localhost ~]nslookup www.openlab.com 10.10.122.225 Server: 10.10.122.225 Address: 10.10.122.225 Name: www.openlab.com #正向DNS解析 Address: 10.10.112.182 [root@localhost ~]nslookup 10.10.122.225 10.10.122.226 182.112.10.10.in-addr.arpa name = www.openlab.com. #反向DNS解析 192.122.10.10.in-addr.arpa name = ns.openlab.com. 192.122.10.10.in-addr.arpa name = ftp.openlab.com. 192.122.10.10.in-addr.arpa name = mail.openlab.com.
0 ; serial --更新序列号,可以是 10 位以内的整数
1D ; refresh --刷新时间,重新下载地址数据的间隔 1H ; retry --重试延时,下载失败后的重试间隔 3D ; expire --失效时间,超过该时间仍无法下载则放弃
1D ) ; minimum 无效解析记录的生存周期
- @代表zone的意思,现在@代表test.com.;
- SOA代表资源记录的名称为起始授权记录;
- admin.test.com.表示有问题找该管理员;
- 0代表序列号;
- 1D代表更新频率为1天;
- 1H代表失败重新尝试时间为1小时;
- 3D代表失效时间为1周;
- 1D代表缓存时间为3小时
