课程第15次:2020-03-09星期一
1.BIND# yum list "bind*"Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:54:24 ago on Mon 09 Mar 2020 08:07:13 PM CST.
Installed Packages
bind.x86_64 32:9.11.4-16.P2.el8 @AppStream
bind-dyndb-ldap.x86_64 11.1-13.module+el8+2555+b334d87b @AppStream
bind-export-libs.x86_64 32:9.11.4-16.P2.el8 @anaconda
bind-libs.x86_64 32:9.11.4-16.P2.el8 @AppStream
bind-libs-lite.x86_64 32:9.11.4-16.P2.el8 @AppStream
bind-license.noarch 32:9.11.4-16.P2.el8 @AppStream
bind-pkcs11.x86_64 32:9.11.4-16.P2.el8 @AppStream
bind-pkcs11-libs.x86_64 32:9.11.4-16.P2.el8 @AppStream
bind-pkcs11-utils.x86_64 32:9.11.4-16.P2.el8 @AppStream
bind-utils.x86_64 32:9.11.4-16.P2.el8 @AppStream
Available Packages
bind-chroot.x86_64 32:9.11.4-16.P2.el8 AppStream
bind-devel.i686 32:9.11.4-16.P2.el8 AppStream
bind-devel.x86_64 32:9.11.4-16.P2.el8 AppStream
bind-export-devel.i686 32:9.11.4-16.P2.el8 BaseOS
bind-export-devel.x86_64 32:9.11.4-16.P2.el8 BaseOS
bind-export-libs.i686 32:9.11.4-16.P2.el8 BaseOS
bind-libs.i686 32:9.11.4-16.P2.el8 AppStream
bind-libs-lite.i686 32:9.11.4-16.P2.el8 AppStream
bind-lite-devel.i686 32:9.11.4-16.P2.el8 AppStream
bind-lite-devel.x86_64 32:9.11.4-16.P2.el8 AppStream
bind-pkcs11-devel.i686 32:9.11.4-16.P2.el8 AppStream
bind-pkcs11-devel.x86_64 32:9.11.4-16.P2.el8 AppStream
bind-pkcs11-libs.i686 32:9.11.4-16.P2.el8 AppStream
bind-sdb.x86_64 32:9.11.4-16.P2.el8 AppStream
bind-sdb-chroot.x86_64 32:9.11.4-16.P2.el8 AppStream
1.1/etc/named.conf:
acl exampleNetwork { 192.168.0.0/24; };
acl crackerNetwork { 192.168.1.0/24; };
acl internal { 127.0.0.1; 192.168.0.0/24; 192.168.1.0/24; };
acl bogusNets { 0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
10.0.0.0/8;
172.16.0.0/12;
};
options {
// Where do our zone files live?
directory "/var/named";
cleaning-interval 1440;
// Use the ACL to say who can query us
allow-query { internal; };
// Allow recursion for localnets( not really needed becauses of above )
allow-recursion { internal; };
// Allow zone transfers only to exampleNetwork ACL
allow-transfer { exampleNetwork; };RFC 1033:
zone "localhost" {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.zone";
};
########################################################################
#
# Provide a hint to the root nameservers
#
########################################################################
zone "." {
type hint;
file "named.ca";
};
zone "." {
type hint;
file "named.ca";
};
named.ca:从IETF那里下载,格式千年不变。
---------------------------------------------------------------------
localhost.zone 可以作为正向域模版:
$TTL 86400
@ IN SOA@ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1改成:
; Specify the time-to-live( TTL ) for the zone
$TTL 86400; 1 Day ( we could have used 1D )
; Begin Start Of Authority resource record
<span id="kM0.68121787631263">@</span> INSOA classroom.example.com. root.classroom.example.com. (
2003040100 ; serial number
1H ; refresh slave
5M ; retry query
1W ; expire
1M ; negative TTL
)
; Specify our name servers
; !!WARNING: You can not use CNAMEs for RDATA here !!
; owner TTL CLtype RDATA
@ INNS classroom.example.com.
; Specify our mail exchangers
; !!WARNING: You can not use CNAMEs for RDATA here !!
; owner TTL CLtype RDATA
@ INMX 10classroom.example.com.
; This is broken and against RFC but must be done to placate the masses
; owner TTL CLtype RDATA
<span id="kM0.5938425035902726">@</span> INA 192.168.0.254
classroom.example.com. INA 192.168.0.254关于@为什么是example.com. :
zone "example.com" {
type master;
file "example.com.zone";
// The forwarders line below turns off forwarding, if specified
// above, for delegated subdomains (domainXX.example.com, etc).
// (So we talk directly to the server for the zone we delegated,
// rather than asking the forwarder to do it for us.)
forwarders {};
};
zone "0.168.192.in-addr.arpa" {
type master;
file "192.168.0.zone";
forwarders {};
};
上面每个file里面的@ 就是指zone的名字。
HOMEWOEK : 配置SCAN:scan4 0 INA 192.168.0.204
scan4 0 INA 192.168.0.154
scan4 0 INA 192.168.0.54
127.0.0.zone作为模版:$TTL 86400
@ INSOA localhost. root.localhost. ( 2001101100 28800 14400 604800 0 )
INNSlocalhost.
1.0.0.127.IN-ADDR.ARPA. INPTR localhost.
改成:
; Specify the time-to-live( TTL ) for the zone
$TTL 86400; 1 Day ( we could have used 1D )
; Begin Start Of Authority resource record
0.168.192.IN-ADDR.ARPA. INSOA classroom.example.com. root.classroom.example.com.(
2003040100 ; serial number
1H ; refresh slave
5M ; retry query
1W ; expire
1M ; negative TTL
)
; Specify our name servers
; !!WARNING: You can not use CNAMEs for RDATA here !!
; owner TTL CLtype RDATA
@ INNS classroom.example.com.
; List our PTR records ( rev lookup ) here
; owner TTL CLtype RDATA
1.0.168.192.IN-ADDR.ARPA. INPTR desktop1.example.com.
2 INPTR desktop2.example.com.
3 INPTR desktop3.example.com.
4 INPTR desktop4.example.com.
5 INPTR desktop5.example.com.
6 INPTR desktop6.example.com.
7 INPTR desktop7.example.com.
8 INPTR desktop8.example.com.
9 INPTR desktop9.example.com.
10 INPTR desktop10.example.com.
11 INPTR desktop11.example.com.
12 INPTR desktop12.example.com.
13 INPTR desktop13.example.com.
14 INPTR desktop14.example.com.
页:
[1]