## /etc/named.conf
```
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; }; # 指定 IPv4 監聽端口和 IP
listen-on-v6 port 53 { ::1; }; # 指定 IPv6 監聽的端口和 IP
directory "/var/named"; # 指定 named 數據文件目錄
dump-file "/var/named/data/cache_dump.db"; # 設置域名緩存數據庫文件位置
statistics-file "/var/named/data/named_stats.txt"; # 設置狀態統計文件的位置
memstatistics-file "/var/named/data/named_mem_stats.txt"; # 設置服務器輸出的內存使用統計信息
allow-query { localhost; }; # 設置允許 DNS 查詢的客戶端地址
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes; # 設置遞歸查詢
dnssec-enable yes; # 設置是否啟用 DNSSEC 支持來驗證 DNS 數據的有效性
dnssec-validation yes; # 設置是否啟用 DNSSEC 確認
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; # 設置內置信任的秘鑰文件
managed-keys-directory "/var/named/dynamic"; # 指定目錄中的文件存儲位置,跟蹤管理 DNSSEC 秘鑰
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging { # 配置定義 bind 服務的調試日志消息
channel default_debug { # 定義日志輸出方式
file "data/named.run"; # 輸出到純文本文件
severity dynamic; # 消息的嚴重性等級,有 critical、error、warning、notice、info、debug[level]、dynamic 等,一般設置為 info 級別
};
};
zone "." IN { # 使用 zone 關鍵字來定義一個區域,一個 zone 關鍵字定義一個區域
type hint; # type 類型有三種,分別是 master(主域名服務器)、slave(輔助域名服務器) 和 hint(互聯網中的根域名服務器)
file "named.ca"; # file 用來指定存放 DNS 記錄的數據庫文件名稱
allow-update { none; }; # 是否允許客戶主機或服務器自行更新 DNS 記錄
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
```
### 正向區域
```
zone "example.com" IN {
type master;
file "example.com";
};
```
### 反向區域
```
zone "1.168.192.in-addr.arpa" {
type master;
file "1.168.192.zone";
};
```
- Linux Server
- 實用命令
- services
- Samba
- /etc/samba/smb.conf
- NFS
- Http
- httpd.conf
- lamp
- FTP
- /etc/vsftpd/vsftpd.conf
- ftp實例
- iSCSI
- SElinux
- DNS
- master
- slave
- subdomain
- 相關配置文件
- /etc/hosts
- /etc/resolv.conf
- /etc/named.conf
- /var/named/named.ca
- /var/named/named.localhost&named.loopback
- DHCP
- /etc/dhcp/dhcpd.conf
- mysql
- Redis
- Git
- HAProxy
- haproxy
- openssl
- nodejs