searchusermenu
  • 发布文章
  • 消息中心
点赞
收藏
评论
分享
原创

使用BIND进行内网DNS实验

2024-04-30 02:34:45
15
0

使用BIND进行内网DNS实验

准备两台VM:

VM1:192.168.164.130  --- 客户端

VM2:192.168.164.132  --- local dns服务器

 

VM2配置

修改 /etc/named.conf 文件

options {

listen-on port 53 { 127.0.0.1; 192.168.164.132;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file  "/var/named/data/named.recursing";

secroots-file   "/var/named/data/named.secroots";

allow-query     { localhost; any;};

 

/*

 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

 - If you are building a RECURSIVE (caching) DNS server, you need to enable

   recursion.

 - If your recursive DNS server has a public IP address, you MUST enable access

   control to limit queries to your legitimate users. Failing to do so will

   cause your server to become part of large scale DNS amplification

   attacks. Implementing BCP38 within your network would greatly

   reduce such attack surface

*/

recursion yes;

        forward first;

        forwarders {            

            8.8.8.8;

            8.8.4.4;

        };

 

dnssec-enable no;

dnssec-validation no;

 

/* Path to ISC DLV key */

bindkeys-file "/etc/named.root.key";

 

managed-keys-directory "/var/named/dynamic";

 

pid-file "/run/named/named.pid";

修改/etc/named.rfc1912.zones

zone "ctyun-dns-test.com" IN { type master;

  file "example.ctyun-dns-test.zone";

  allow-update { none; };

};

新增/var/named/example.ctyun-dns-test.zone文件

$TTL  1D

@       IN      SOA     servera.ctyun-dns-test.com.   root.servera.ctyun-dns-test.com. (

                                                                                0       ; serial

                                                                                1D      ; refresh

                                                                                1H      ; retry

                                                                                1W      ; expire

                                                                                3H )    ; minimum

        IN      NS      servera.ctyun-dns-test.com.

servera IN      A       192.168.164.132

修改/etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.164.132

#nameserver 8.8.4.4

重启DNS服务

systemctl restart named.service

 

关闭防火墙

systemctl stop firewalld

 

VM1配置

修改/etc/resolv.conf

search localdomain

#nameserver 8.8.8.8

#nameserver 8.8.4.4

nameserver 192.168.164.132

 dig servera.ctyun-dns-test.com

 

 

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> servera.ctyun-dns-test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24383

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;servera.ctyun-dns-test.com. IN A

 

;; ANSWER SECTION:

servera.ctyun-dns-test.com. 86400 IN A 192.168.164.132

 

;; AUTHORITY SECTION:

ctyun-dns-test.com. 86400 IN NS servera.ctyun-dns-test.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.164.132#53(192.168.164.132)

;; WHEN: Sun Apr 21 01:53:48 PDT 2024

;; MSG SIZE  rcvd: 85

 

 

 

0条评论
0 / 1000
欧****鹏
8文章数
0粉丝数
欧****鹏
8 文章 | 0 粉丝
欧****鹏
8文章数
0粉丝数
欧****鹏
8 文章 | 0 粉丝
原创

使用BIND进行内网DNS实验

2024-04-30 02:34:45
15
0

使用BIND进行内网DNS实验

准备两台VM:

VM1:192.168.164.130  --- 客户端

VM2:192.168.164.132  --- local dns服务器

 

VM2配置

修改 /etc/named.conf 文件

options {

listen-on port 53 { 127.0.0.1; 192.168.164.132;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file  "/var/named/data/named.recursing";

secroots-file   "/var/named/data/named.secroots";

allow-query     { localhost; any;};

 

/*

 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

 - If you are building a RECURSIVE (caching) DNS server, you need to enable

   recursion.

 - If your recursive DNS server has a public IP address, you MUST enable access

   control to limit queries to your legitimate users. Failing to do so will

   cause your server to become part of large scale DNS amplification

   attacks. Implementing BCP38 within your network would greatly

   reduce such attack surface

*/

recursion yes;

        forward first;

        forwarders {            

            8.8.8.8;

            8.8.4.4;

        };

 

dnssec-enable no;

dnssec-validation no;

 

/* Path to ISC DLV key */

bindkeys-file "/etc/named.root.key";

 

managed-keys-directory "/var/named/dynamic";

 

pid-file "/run/named/named.pid";

修改/etc/named.rfc1912.zones

zone "ctyun-dns-test.com" IN { type master;

  file "example.ctyun-dns-test.zone";

  allow-update { none; };

};

新增/var/named/example.ctyun-dns-test.zone文件

$TTL  1D

@       IN      SOA     servera.ctyun-dns-test.com.   root.servera.ctyun-dns-test.com. (

                                                                                0       ; serial

                                                                                1D      ; refresh

                                                                                1H      ; retry

                                                                                1W      ; expire

                                                                                3H )    ; minimum

        IN      NS      servera.ctyun-dns-test.com.

servera IN      A       192.168.164.132

修改/etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.164.132

#nameserver 8.8.4.4

重启DNS服务

systemctl restart named.service

 

关闭防火墙

systemctl stop firewalld

 

VM1配置

修改/etc/resolv.conf

search localdomain

#nameserver 8.8.8.8

#nameserver 8.8.4.4

nameserver 192.168.164.132

 dig servera.ctyun-dns-test.com

 

 

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> servera.ctyun-dns-test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24383

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;servera.ctyun-dns-test.com. IN A

 

;; ANSWER SECTION:

servera.ctyun-dns-test.com. 86400 IN A 192.168.164.132

 

;; AUTHORITY SECTION:

ctyun-dns-test.com. 86400 IN NS servera.ctyun-dns-test.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.164.132#53(192.168.164.132)

;; WHEN: Sun Apr 21 01:53:48 PDT 2024

;; MSG SIZE  rcvd: 85

 

 

 

文章来自个人专栏
DPVS
8 文章 | 1 订阅
0条评论
0 / 1000
请输入你的评论
0
0