1.CentOS6.5下的基础DNS配置

常规DNS的安全和配置
1、安装DNS
yum -y install bind bind-utils
安装后生成的文件，我们主要配置下面几个
/etc/named.conf
/var/named/xx
这个xx是在named.conf中指定的正向和反向的文件名字，为什么是在/var/named下呢，因为named.conf中配置指定到/var/named下去读取，为了避免源配置文件干扰，我删除了named.conf，然后重新写，注意named.conf，/var/named/xx xx正反向解析文件的权限都是root用户，named组，组只可读，也就是-rw-r-----权限。
场景说明：
域名为itox.com.cn，对下面的IP建立正反向解析，正向解析文件名itox.com.cn.zone，反向解析文件名192.168.100.zone，因此，我们需要改的文件有3个
/etc/named.conf
/var/named/itox.com.cn.zone
/var/named/192.168.100.zone
对应表如下：
kali2.itox.com.cn 192.168.100.22
kali3.itox.com.cn 192.168.100.23
mail.itox.com.cn 192.168.100.24
ftp.itox.com.cn 192.168.100.25
www.itox.com.cn 192.168.100.26
samba.itox.com.cn 192.168.100.27
nfs.itox.com.cn 192.168.100.28
radius Alias ftp 这个是别名

其他一切itox.com.cn的主机名全部解析到192.168.100.3上去

/etc/named.conf配置文件如下：
options {
　　directory "/var/named";

　　allow-recursion { 192.168.100.0/24; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "named.localhost";
};

zone "0.0.127" IN {
type master;
file "named.loopback";
};

zone "itox.com.cn" IN {
type master;
file "itox.com.cn.zone";
};

zone "100.168.192.in-addr.arpa" IN {
type master;
file "192.168.100.zone";
};

/var/named/itox.com.cn.zone配置文件如下：
$TTL 600
@ IN SOA ns1.itox.com.cn. admin.itox.com.cn. (2019040701 2H 9M 3D 10H )
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.100.3
kali2 IN A 192.168.100.22
kali3 IN A 192.168.100.23
mail IN A 192.168.100.24
ftp IN A 192.168.100.25
www IN A 192.168.100.26
samba IN A 192.168.100.27
nfs IN A 192.168.100.28
radius IN CNAME ftp

* IN A 192.168.100.3

/var/named/192.168.100.zone配置文件如下：
$TTL 600
@ IN SOA ns1.itox.com.cn. admin.itox.com.cn. (2019040701 2H 9M 3D 10H )
IN NS ns1.itox.com.c.
22 IN PTR kali2.itox.com.cn.
23 IN PTR kali3.itox.com.cn.
24 IN PTR mail.itox.com.cn.
25 IN PTR ftp.itox.com.cn.
26 IN PTR www.itox.com.cn.
27 IN PTR samba.itox.com.cn.
28 IN PTR nfs.itox.com.cn.

基础配置操作完成，验证MX记录
[root@localhost named]# dig -t MX itox.com.cn

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t MX itox.com.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11011
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;itox.com.cn. IN MX

;; ANSWER SECTION:
itox.com.cn. 600 IN MX 10 mail.itox.com.cn.

;; AUTHORITY SECTION:
itox.com.cn. 600 IN NS ns1.itox.com.cn.

;; ADDITIONAL SECTION:
mail.itox.com.cn. 600 IN A 192.168.100.24
ns1.itox.com.cn. 600 IN A 192.168.100.3

;; Query time: 0 msec
;; SERVER: 192.168.100.3#53(192.168.100.3)
;; WHEN: Mon Apr 8 02:28:31 2019
;; MSG SIZE rcvd: 100

欢迎加入QQ技术群聊：70539804