Centos работает на virtualbox. Виртуалка имеет два адаптера: виртуальный адаптер хоста и NAT. Ip адрес виртуалки 192.168.56.107. Содержание файла /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1;192.168.56.107; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; any; };
#allow-transfer { localhost; 192.168.56.102;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recurs ion.
- If you are building a RECURSIVE (caching) DNS server, you need to ena ble
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so w ill
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.local" IN {
type master;
file "forward.example.local";
allow-update {none; };
};
zone "56.168.192.in-addr.arpa" IN {
type master;
file "reverse.example.local";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Содержание /var/named/forward.example.local
$TTL 1D
@ IN SOA server.example.local. root.example.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS server.example.local.
@ IN A 192.168.56.107
server IN A 192.168.56.107
host IN A 192.168.56.107
desktop IN A 192.168.56.10
client IN A 192.168.56.10
Содержание /var/named/reverse.example.local
$TTL 1D
@ IN SOA server.example.local. root.example.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS server.example.local.
@ IN PTR example.local.
server IN A 192.168.56.107
host IN A 192.168.56.107
desktop IN A 192.168.56.10
client IN A 192.168.56.10
107 IN PTR server.example.local.
10 IN PTR desktop.example.local.
Команда nslookup example.local
выдает
Server: 10.200.1.254
Address: 10.200.1.254#53
** server can't find example.local: NXDOMAIN
В фаерволе 53 TCP и UDP порты разрешены. Файлы ‘forward.example.local’ и ‘reverse.example.local’ принадлежат группе named.