使用BIND进行内网DNS实验-天翼云开发者社区

使用BIND进行内网DNS实验

准备两台VM:

VM1:192.168.164.130 --- 客户端

VM2:192.168.164.132 --- local dns服务器

VM2配置

修改 /etc/named.conf 文件

options {

listen-on port 53 { 127.0.0.1; 192.168.164.132;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { localhost; any;};

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

forward first;

forwarders {

8.8.8.8;

8.8.4.4;

};

dnssec-enable no;

dnssec-validation no;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

修改/etc/named.rfc1912.zones

zone "ctyun-dns-test.com" IN { type master;

file "example.ctyun-dns-test.zone";

allow-update { none; };

};

新增/var/named/example.ctyun-dns-test.zone文件

$TTL 1D

@ IN SOA servera.ctyun-dns-test.com. root.servera.ctyun-dns-test.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS servera.ctyun-dns-test.com.

servera IN A 192.168.164.132

修改/etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.164.132

#nameserver 8.8.4.4

重启DNS服务

systemctl restart named.service

关闭防火墙

systemctl stop firewalld

VM1配置

修改/etc/resolv.conf

search localdomain

#nameserver 8.8.8.8

#nameserver 8.8.4.4

nameserver 192.168.164.132

dig servera.ctyun-dns-test.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> servera.ctyun-dns-test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24383

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;servera.ctyun-dns-test.com. IN A

;; ANSWER SECTION:

servera.ctyun-dns-test.com. 86400 IN A 192.168.164.132

;; AUTHORITY SECTION:

ctyun-dns-test.com. 86400 IN NS servera.ctyun-dns-test.com.

;; Query time: 0 msec

;; SERVER: 192.168.164.132#53(192.168.164.132)

;; WHEN: Sun Apr 21 01:53:48 PDT 2024

;; MSG SIZE rcvd: 85

使用BIND进行内网DNS实验

准备两台VM:

VM1:192.168.164.130 --- 客户端

VM2:192.168.164.132 --- local dns服务器

VM2配置

修改 /etc/named.conf 文件

options {

listen-on port 53 { 127.0.0.1; 192.168.164.132;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { localhost; any;};

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

forward first;

forwarders {

8.8.8.8;

8.8.4.4;

};

dnssec-enable no;

dnssec-validation no;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

修改/etc/named.rfc1912.zones

zone "ctyun-dns-test.com" IN { type master;

file "example.ctyun-dns-test.zone";

allow-update { none; };

};

新增/var/named/example.ctyun-dns-test.zone文件

$TTL 1D

@ IN SOA servera.ctyun-dns-test.com. root.servera.ctyun-dns-test.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS servera.ctyun-dns-test.com.

servera IN A 192.168.164.132

修改/etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.164.132

#nameserver 8.8.4.4

重启DNS服务

systemctl restart named.service

关闭防火墙

systemctl stop firewalld

VM1配置

修改/etc/resolv.conf

search localdomain

#nameserver 8.8.8.8

#nameserver 8.8.4.4

nameserver 192.168.164.132

dig servera.ctyun-dns-test.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> servera.ctyun-dns-test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24383

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;servera.ctyun-dns-test.com. IN A

;; ANSWER SECTION:

servera.ctyun-dns-test.com. 86400 IN A 192.168.164.132

;; AUTHORITY SECTION:

ctyun-dns-test.com. 86400 IN NS servera.ctyun-dns-test.com.

;; Query time: 0 msec

;; SERVER: 192.168.164.132#53(192.168.164.132)

;; WHEN: Sun Apr 21 01:53:48 PDT 2024

;; MSG SIZE rcvd: 85

应用商城

合作伙伴

开发者

支持与服务

了解天翼云

使用BIND进行内网DNS实验

VM2配置

VM1配置

使用BIND进行内网DNS实验

VM2配置

VM1配置

活动

应用商城

合作伙伴

开发者

支持与服务

了解天翼云

使用BIND进行内网DNS实验

VM2配置

VM1配置

使用BIND进行内网DNS实验

VM2配置

VM1配置