# Day91 伺服器應用與安裝 ## DNS安裝及設定(連結) + [網路相關教學連結](https://ithelp.ithome.com.tw/articles/10255408) + 安裝bind + yum install -y bind bind-utils + 修改named.conf + vim /etc/named.conf + ==IP 請替換為自設DNS server IP位址== + ==以下"student15"請替換為自設定名稱== :::info // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { ==10.10.53.211==; 127.0.0.1; }; //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { 10.10.53.0/24; localhost; }; //forwarders { 10.10.2.9; 168.95.1.1; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; geoip-directory "/usr/share/GeoIP"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named/==student15.conf=="; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; ::: + 新增區域檔案/var/named/host.com.zone + vim /var/named/==student15.zone== :::info $TTL 10 ==student15==.example. IN SOA dns.==student15==.example. root ( 1; 2H; 3D; 4W; 10 ) @ IN NS dns.==student15==.example. @ IN MX 10 mail.==student15==.example. dns.==student15==.example. IN A 10.10.53.211 www.==student15==.example. IN A 10.10.53.211 mysql.==student15==.example. IN A 10.10.53.211 mail.==student15==.example. IN A 10.10.53.211 ::: + 設定區域設定(正解/反解) + vim /etc/named/==student15==.conf :::info zone "==student15.example==" IN { type master; file "==student15==.zone"; }; zone "53.10.10.in-addr.arpa" IN { type master; file "==student15==.reverse"; }; ::: + 啟動named + systemctl enable --now named :::danger 在 Linux 系統上，如果使用 ping 命令時遇到「服務未知」（unknown host）的錯誤，通常是因為系統無法解析主機名稱。這可能有幾種原因，以下是一些可能的解決方法： 1. 檢查網絡連接 首先，確保你的網絡連接正常。可以使用以下命令檢查網絡狀態： ip a 或使用 ping 測試 IP 地址來確認網絡連接： ping 8.8.8.8 如果能夠 ping 通 IP 地址，說明網絡是連通的。 2. 檢查 DNS 配置 系統解析主機名稱需要依賴 DNS 服務器，檢查 /etc/resolv.conf 文件中的 DNS 配置： cat /etc/resolv.conf 確認文件中有正確的 DNS 服務器（如 Google 的 8.8.8.8）。如果沒有，則可以手動添加，例如： echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf 3. 檢查主機名拼寫 確認輸入的主機名拼寫無誤。例如，確保你沒有拼錯「www.google.com」。 4. 清理 DNS 緩存 在一些 Linux 發行版上，可能需要清理 DNS 緩存。可以使用以下命令： sudo systemd-resolve --flush-caches 或是重啟 DNS 客戶端服務： sudo systemctl restart systemd-resolved 5. 檢查防火牆設置 確保防火牆沒有阻止 DNS 請求。可以臨時停用防火牆，測試是否為此原因： sudo systemctl stop firewalld 如果解決了問題，可以在防火牆中添加例外規則。 嘗試上述步驟後再使用 ping 測試主機名稱，如果問題依然存在，請提供更多的錯誤訊息以便進一步協助。 ::: + vim /etc/resolv.conf :::info search student15.example nameserver 10.10.53.211 nameserver 10.10.2.8 ::: ## 截圖