ipconfig /flushdns nslookup rancher.51ctf.cn
yum install -y bind-libs bind-utils bind systemctl restart named;systemctl status named
cat /etc/named.conf
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 10.138.20.189; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost { match-clients { 10.138.20.0/24; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; }; view internet { /*match-clients { 10.138.40.0/24; };*/ match-clients { any; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.inter"; }; //include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";cat /etc/named.rfc1912.zones
zone "51ctf.cn" IN { type master; file "51ctf.cn.zone"; allow-update { none; }; }; zone "20.138.10.in-addr.arpa" IN { type master; file "51ctf.cn.local"; allow-update { none; }; };cat /etc/named.rfc1912.inter
zone "51ctf.cn" IN { type master; file "51ctf.cn.inter"; allow-update { none; }; }; zone "20.138.10.in-addr.arpa" IN { type master; file "51ctf.cn.local"; allow-update { none; }; };cat /var/named/51ctf.cn.zone
$TTL 1D @ IN SOA @ root.51ctf.cn. ( 123 1D 1H 1W 3H ) NS ns.51ctf.cn. ns A 10.138.20.189 rancher A 123.58.180.7 gitlab A 123.58.180.8cat /var/named/51ctf.cn.local
$TTL 1D @ IN SOA @ root.51ctf.cn. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.51ctf.cn. 189 PTR ns.51ctf.cn. 188 PTR nessus.51ctf.cn.cat /var/named/51ctf.cn.inter
$TTL 1D @ IN SOA @ root.51ctf.cn. ( 123 1D 1H 1W 3H ) NS ns.51ctf.cn. ns A 10.138.20.189 rancher A 123.58.180.7 gitlab A 123.58.180.8原因为/var/named/下的配置文件 @ IN SOA @ root.51ctf.cn. SOA 后面要加@ 或主域名
Jul 24 17:00:48 test-189 bash: zone 20.138.10.in-addr.arpa/IN: loading from master file 51ctf.cn.local failed: bad dotted quad Jul 24 17:00:48 test-189 bash: zone 20.138.10.in-addr.arpa/IN: not loaded due to errors. Jul 24 17:00:48 test-189 bash: _default/20.138.10.in-addr.arpa/IN: bad dotted quad Jul 24 17:00:48 test-189 systemd: named.service: control process exited, code=exited status=1 Jul 24 17:00:48 test-189 systemd: Failed to start Berkeley Internet Name Domain (DNS). Jul 24 17:00:48 test-189 systemd: Unit named.service entered failed state. Jul 24 17:00:48 test-189 systemd: named.service failed.原因为 /etc/name.conf 引用视图view 所有的zone都应该包含里去 原配置文件的include 删除或/注释掉/
