本文介绍如何在Red Hat Enterprise Linux 7.3中配置DNS服务器和SELinux设置。主要内容包括编辑yum源配置文件、配置DNS服务器参数、定义DNS区域、设置反向解析以及禁用SELinux等。
vim /etc/yum.repos.d/zj.repo
[InstallMedia]
name=Red Hat Enterprise Linux 7.3
mediaid=1476915898.899142
metadata_expire=-1
gpgcheck=1
enable=1
baseurl=file:///mnt/
gpgkey=file:///mnt/RPM-GPG-KEY-redhat-release
cost=500
vim /var/named/chroot/etc/named.conf
/*
Sample named.conf BIND DNS server 'named' configuration file
for the Red Hat BIND distribution.
See the BIND Administrator's Reference Manual (ARM) for details about the
configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
*/
options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
/*
Specify listenning interfaces. You can use list of addresses (';' is
delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 {192.168.5.141;127.0.0.1; };
//listen-on-v6 port 53 { any; };
listen-on-v6 port 53 { ::1; };
allow-query { localhost; };
allow-query-cache { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* In RHEL-7 we use /run/named instead of default /var/run/named
so we have to configure paths properly. */
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "zj.com" IN {
type master;
file "www.zj.com";
};
zone "5.168.192.in-addr.arpa" IN {
type master;
file "192.168.5.arpa";
};
/* Trusted keys
This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
have to configure at least one trusted key.
Note that no key written below is valid. Especially root key because root zone
is not signed yet.
*/
/*
trusted-keys {
// Root Key
"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/
E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3
zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz
MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M
/lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M
iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI
Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3";
// Key for forward zone
example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb
vim /var/named/chroot/var/named/www.zj.com
$TTL 1D
@ IN SOA zj.com. admin.zj.com. (
20180627 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
ns1 IN A 192.168.5.141
www IN A 192.168.5.141
ftp IN A 192.168.5.141
file IN A 192.168.5.141
movie IN A 192.168.5.141
* IN A 192.168.5.141
vim 192.168.5.arpa
$TTL 1D
@ IN SOA zj.com. admin.zj.com. (
20180627 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
141 IN PTR www.zj.com.
141 IN PTR ftp.zj.com.
141 IN PTR movie.zj.com.
141 IN PTR file.zj.com.
141 IN PTR ns1.zj.com.
vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.5.141
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
