# DNS常用的資源記錄及說明
SOA(起始授權機構) 定義了該域中的權威名稱伺服器
NS(名稱伺服器) 表示某區域的權威伺服器和SQA中指定的該區域的主要伺服器和輔助伺服器
A(主機) 列出了區域中的FQDN(完全合格的域名)到IP位址的映射
PTR(指針) IP-->FQDN
MX 郵件交換器記錄,為指定的郵件交換主機提供消息路由
SRV(服務) 列出了正在提供特定服務的伺服器
CNAME(别名) 将多個名稱映射到同一台計算機上,便于使用者通路
主DNS
1 # yum install bind* -y
2 # vim /etc/named.conf
3 option {
4 listen-on port 53 { 127.0.0.1: }; //監聽位址和端口,删除本行預設監聽所有端口的UDP服務
5 listen-on-v6 port 53 { ::1:};
6 directory "var/named"; //區域資料檔案的預設存放位置
7 dump-file "var/named/data/cache_dump.db"; //緩存資料庫檔案位置
8 statistics-file "/var/named/data/named/stats.txt"; //狀态統計檔案的位置
9 memstatistics-file "/var/named/data/named-mem_stats.txt";
10 allow-query { localhost; }; //允許使用本DNS伺服器的網段,删除本行預設響應所有客戶機請求
11 recursion yes;
12
13 dnssec-enable yes;
14 dnssec-validation yes;
15
16 /* Path to ISC DLV key */
17 bindkeys-file "/etc/named.iscdlv.key";
18
19 managed-keys-directory "/var/named/dynamic";
20
21 pid-file "/run/named/named.pid";
22 session-keyfile "/run/named/session.key";
23 }
24
25 zone "example.com" in { //正向解析
26 type master;
27 file "example.com.zone";
28 allow-transfer {172.25.250.250:}; //允許下載下傳的從伺服器位址
29 };
30 zone "250.25.172.in-addr.arpa" in { //反向解析
31 type master;
32 file "172.25.250.arpa";
33 }
34 # cd /var/named
35 # vim example.com.zone
36 //指令行模式下執行如下指令可以導入配置檔案模闆
37 :r /var/named/named.localhost
38 $TTL 1D //有效解析記錄的生存周期
39 @ IN SOA example.com. admin.example.com ( //SOA标記、域名、管理郵箱
40 0 ; serial //更新序列号,可以是10以内的整數(; serial是注釋)
41 1D ; refresh
42 1H ; retry //;後面的字元是注釋資訊
43 1W ; expire //從“1D”到”3H“以此為:書信時間,重新下載下傳位址資料的間隔;重試延時,下載下傳失敗後的重試間隔;失敗時間,超過該時間仍無法下載下傳則放棄下載下傳;無效解析記錄的生存周期
44 3H ) ; minimum
45 @ IN NS content.example.com. //域名伺服器,在下面的主機記錄中必須有本欲名伺服器的對應記錄
46 content IN A 172.25.250.254
47 servera IN A 172.25.250.10
48 serverb IN A 172.25.250.20 //主機記錄
49 # vim 172.25.250.arqa
50 //導入剛才配置的正向解析
51 :r /var/named/example.com.zone
52 $TTL 1D
53 @ IN SOA example.com. admin.example.com (
54 0 ; serial
55 1D ; refresh
56 1H ; retry
57 1W ; expire
58 3H ) ; minimum
59 @ IN NS content.example.com.
60 254 IN PTR content.example.com.
61 10 IN PTR servera.example.com.
62 20 IN PTR serverb.example.com.
63 # named-checkconf -z /etc/named.conf //檢查配置檔案
64 # systemctl start named
65 # systemctl enable named
66 # windows客戶機驗證 nslookup
從DNS
1 # yum install bind* -y
2 # vim /etc/named.conf
3 option {
4 listen-on port 53 { 127.0.0.1: }; //删除本行
5 listen-on-v6 port 53 { ::1:};
6 directory "var/named";
7 dump-file "var/named/data/cache_dump.db";
8 statistics-file "/var/named/data/named/stats.txt";
9 memstatistics-file "/var/named/data/named-mem_stats.txt";
10 allow-query { localhost; }; //删除本行
11 recursion yes;
12
13 dnssec-enable yes;
14 dnssec-validation yes;
15
16 /* Path to ISC DLV key */
17 bindkeys-file "/etc/named.iscdlv.key";
18
19 managed-keys-directory "/var/named/dynamic";
20
21 pid-file "/run/named/named.pid";
22 session-keyfile "/run/named/session.key";
23 }
24
25 zone "example.com" in { //正向解析,類型為從區域
26 type slave;
27 masters { 172.25.250.254; }; //指定主伺服器位址
28 file "slaves/example.com.zone"; //下載下傳的檔案儲存到slaves下
29 };
30 zone "250.25.172.in-addr.arpa" in { //反向解析
31 type slave;
32 masters { 172.25.250.254; };
33 file "slaves/172.25.250.arpa";
34 }
35 # cd /var/named
36 # systemctl start named
37 # systemctl enable named
38 # windows客戶機驗證 nslookup
![網絡空間安全中高職業院校職技能大賽——Telnet弱密碼滲透測試[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)