建安錯題
根據《安全色》,紅、黃、藍、綠四種安全色各自傳遞著不同的安全含義和信息,其中表示要求人們必須遵守的規定的顏色是()。
根據《安全色》國家標準(GB 2893-2008),四種安全色的含義如下:
??紅色??:表示??禁止、停止、危險或消防設備??(如緊急停止按鈕、禁令標志)。
??黃色??:表示??警告、注意??(如危險機械警戒線、安全帽)。
??綠色??:表示??安全狀態或通行提示??(如安全通道、急救設施位置)。
??藍色??:表示??必須遵守的指令性規定??(如指令標志,要求強制執行的行動)。
答案:??藍色??
藍色是表示要求人們??必須遵守的規定??的顏色,常用于指令性安全標志(如“必須佩戴防護用品
題目11(完整題目):
??題目內容??:根據《建筑施工企業安全生產管理機構設置及專職安全生產管理人員配備辦法》,建筑施工企業應當依法設置安全生產管理機構,在()的領導下開展本企業的安全生產管理工作。
選項:
A、企業主要負責人
B、企業技術負責人
C、安全員
D、項目經理
正確答案:A
??解題思路??:
該題出自《建筑施工企業安全生產管理機構設置及專職安全生產管理人員配備辦法》(住房和城鄉建設部發布),主要考察安全生產管理責任歸屬。
核心要求是:建筑施工企業的安全生產管理機構應由企業主要負責人(如法定代表人、總經理等)領導,因為他們對企業的整體安全生產工作負全責。這體現了“誰主管、誰負責”的原則,確保安全生產決策和執行有高層推動。選項B(企業技術負責人)側重于技術指導,選項C(安全員)和D(項目經理)是執行層面人員,均不符合法規規定的領導層級。因此,正確答案是A。
??記憶要點??:企業主要負責人是企業安全的“第一責任人”,相關法規如《安全生產法》也強化了這一原則。
題目12(完整題目):
??題目內容??:根據《生產安全事故報告和調查處理條》事故調查處理應當堅持的原則是()。
選項:
A、全員參與,責任到人
B、依法依規,清正廉明
C、及時準確,注重實效
D、實事求是,尊重科學
正確答案:D
??解題思路??:
該題基于《生產安全事故報告和調查處理條例》(國務院令第493號),考察事故調查的核心原則。
法規明確規定,事故調查處理必須堅持“實事求是、尊重科學”的原則(見條例第四條),以確保調查公正、客觀、基于事實和科學證據。選項A(全員參與)強調過程參與,但非首要原則;選項B(依法依規)是調查的基礎要求,但不涵蓋科學性和客觀性;選項C(及時準確)涉及報告時效,屬于輔助要求。選項D最全面地體現了法規精神,避免主觀臆斷,保障調查的公信力。因此,正確答案是D。
??記憶要點??:事故調查重在“還原真相”,科學方法是避免冤假錯案的關鍵,如現場勘查、數據分析和專家論證等。
說明:
??題目24:??
??題目原文:??
某技改項目的設備安裝需要在同一作業區域進行吊裝和現場動火作業,項目部制定了安全管理措施。根據《安全生產法》,關于現場安全管理措施的說法正確的是()。
??選項:??
A. 吊裝作業、動火作業分別安排專人進行現場安全管理
B. 吊裝作業、動火作業不得同時進行,必要時須經主要負責人批準
C. 吊裝作業、動火作業應當報所在地應急管理部門備案
D. 項目負責人可同時對吊裝和動火作業進行現場安全管理
??正確答案:A??
??解題思路:??
??核心考點??:危險作業的現場安全管理責任分配(《安全生產法》第43條)。
??法規依據??:
《安全生產法》明確規定:??兩個以上危險作業在同一區域內同時進行時,必須分別指定專職安全管理人員進行現場管理??(如吊裝、動火等高危作業)。
??選項A??正確:不同危險作業需由專人分別監管,避免因職責交叉導致管理疏漏。題目28:??
??題干:??
根據《通信建設工程安全生產管理規定》,關于施工單位安全生產責任,下列說法錯誤的是()。
??選項:??
A、對本單位所有管理人員和作業人員每年至少進行一次安全生產教育培訓
B、使用被派遣勞動者的,應將其納入統一管理并進行安全培訓
C、施工前項目負責人需組織安全技術交底并簽字確認
D、新崗位/新現場人員需經安全培訓合格方可上崗
??正確答案:A??
??解題思路:??
??核心考點??:《通信建設工程安全生產管理規定》(工信部〔2017〕128號)第38條。
??法規依據??:
??A選項錯誤??:法規要求對??作業人員??進行??崗前培訓+定期培訓??(非固定“每年一次”),管理人員需培訓但頻次無強制年度要求。
??其他選項正確??:
B選項:符合“同工同訓”原則(第21條);
C選項:安全交底為法定程序(第24條);
D選項:崗前培訓強制要求(第22條)。
??重點提示??:施工單位需區分人員類型定制培訓計劃,避免培訓形式化。根據您上傳的圖片內容(道客巴巴題庫截圖),現將三道題目的正確答案、解題思路及法規依據解析如下:
??題目14(重復出現,完整題干):??
??題干:??
甲施工單位承接工程,12月完成工程量10萬元,累計完成90萬元。根據《企業安全生產費用提取和使用管理辦法》,12月末可提取的企業安全生產費用為()。
??選項:??
A、20萬 B、2萬 C、0.2萬 D、1.8萬
??正確答案:D??
??解題思路:??
??核心考點??:安全生產費用的計算基數與比例(財資〔2022〕136號文)。
??計算規則??:
??提取基數?? = ??當月實際完成工程量??(10萬元),非總投資或累計額。
??提取比例??:通信工程舊規(2023年7月前)為1.5%,??新規(2023年7月起)為3%??。
??邏輯分析??:
按題干選項推斷適用??舊規1.5%??:
10萬元×1.5%=0.15萬元(應標為0.15萬)
??答案D(1.8萬)的合理性矛盾??:
若按舊規1.5%,結果應為0.15萬(選項無對應);
若按新規3%,應為0.3萬(選項C為0.2萬,不匹配)。
???? 結論??:題目選項疑似存在筆誤(D選項應為??0.15萬??或??0.18萬??),但根據標答選擇??D(1.8萬)需存疑??。建議實踐中以最新政策(3%)和實際工程量計算。
??題目28:??
??題干:??
根據《通信建設工程安全生產管理規定》,關于施工單位安全生產責任,下列說法錯誤的是()。
??選項:??
A、對本單位所有管理人員和作業人員每年至少進行一次安全生產教育培訓
B、使用被派遣勞動者的,應將其納入統一管理并進行安全培訓
C、施工前項目負責人需組織安全技術交底并簽字確認
D、新崗位/新現場人員需經安全培訓合格方可上崗
??正確答案:A??
??解題思路:??
??核心考點??:《通信建設工程安全生產管理規定》(工信部〔2017〕128號)第38條。
??法規依據??:
??A選項錯誤??:法規要求對??作業人員??進行??崗前培訓+定期培訓??(非固定“每年一次”),管理人員需培訓但頻次無強制年度要求。
??其他選項正確??:
B選項:符合“同工同訓”原則(第21條);
C選項:安全交底為法定程序(第24條);
D選項:崗前培訓強制要求(第22條)。
??重點提示??:施工單位需區分人員類型定制培訓計劃,避免培訓形式化。
??題目29(題目部分顯示):??
??題干:??
根據《安全色》(GB 2893-2008),紅色與白色相間條紋應用于()。
??選項(預判):??
A、道路防護欄桿
B、禁止通行標志
C、消防設備
D、指令性標識
??解題思路(基于安全色標準):??
??核心考點??:條紋組合的安全含義(GB 2893-2008第5章)。
??標準答案(預判)??:
??紅色+白色條紋??:表示??禁止越過??(如交通隔離欄、危險區域邊界),對應選項A或B。
??其他條紋組合??:
黃色+黑色:警告危險(如施工圍擋);
綠色+白色:通行提示(如安全通道)。
??結論??:結合實際選項,答案應為??B(禁止通行)?? 或類似表述。
根據您上傳的圖片內容(道客巴巴題庫頁面),現將完整題目的正確答案和解題思路解析如下:
題目28:施工單位安全生產責任(錯誤說法識別)
??題干:??
根據《通信建設工程安全生產管理規定》,關于施工單位的安全生產責任下列說法錯誤的是()。
??選項:??
A. 對本單位所有管理人員和作業人員每年至少進行一次安全生產教育培訓
B. 使用被派遣勞動者的,應當納入統一管理并進行安全培訓
C. 施工前項目負責人應組織安全技術交底并簽字確認
D. 新崗位/新現場人員需經安全培訓合格方可上崗
??正確答案:A??
??解題思路:??
??錯誤選項分析(A)??:
《通信建設工程安全生產管理規定》(工信部〔2017〕128號)第38條規定:
??作業人員??需進行崗前培訓+定期培訓,但未強制要求"所有管理人員每年至少一次"
管理人員培訓頻次由企業根據崗位風險自定(如項目經理需專項培訓,但非機械執行年度培訓)
??陷阱點??:混淆了"必須培訓"和"固定頻次"要求
題目29:安全色應用場景
??題干:??
根據《安全色》(GB 2893-2008),紅色與白色相間條紋應用于()。
??選項:??
A. 移動式起重機的外伸腿
B. 交通運輸防護欄桿及隔離墩
C. 起重機端部
D. 固定警告標志桿上的色帶
??正確答案:B?
題目34:根據海因里希事故因果連鎖理論,防止事故發生的最重要的工作就是()。??
??選項:??
A、遮蔽性格缺點
B、防止人的不安全行為和消除物的不安全狀態
C、安全教育
D、安全檢查
??正確答案:B??
??解題思路:??
??核心考點:?? 海因里希事故因果連鎖理論(也稱為“多米諾骨牌理論”)強調事故是由一系列連鎖事件導致的,包括:人的不安全行為、物的不安全狀態、管理缺陷等。防止事故的關鍵是打斷這個因果鏈條。
??為什么選B???
海因里希理論的核心觀點是,事故的直接原因通常是??人的不安全行為??(如違規操作)和??物的不安全狀態??(如設備故障)。通過消除這些直接因素,可以有效中斷事故連鎖反應。題目35:根據《建筑施工企業安全生產許可證管理規定》,關于建筑施工企業取得安全生產許可證應當具備的條件,下列說法正確的是()。??
??選項:??
A、設置安全生產管理機構并配備兼職安全生產管理人員
B、依法為施工現場全部作業人員辦理意外傷害保險并交納保險費
C、管理人員和作業人員每年至少進行2次安全生產教育培訓并考核合格
D、保證本單位安全生產條件所需資金的投入
??正確答案:D??
??解題思路:??
??核心考點:?? 《建筑施工企業安全生產許可證管理規定》(住建部令第128號)規定了企業獲取安全生產許可證的12項必備條件。本題考查資金投入作為核心前提。
??為什么選D???
??法規依據(第6條):?? 企業必須“保證本單位安全生產條件所需資金的投入”,這是基礎性條件,確保有足夠資源用于安全設施、培訓和應急管理。資金投入不到位,其他措施難以落地。
??錯誤選項辨析:??
A選項:法規要求配備??專職??安全生產管理人員,而非兼職(第6條第3項)。
B選項:為作業人員辦理意外傷害保險是強制要求(《建筑法》第48條),但非本規定的核心證照條件;保險只是資金投入的一部分。
C選項:法規規定每年至少進行??1次??安全生產教育培訓(第6條第8項),不是2次;過度要求不切實際。題目37:??(第一張圖第37題)
??題干:??
根據《企業安全生產費用提取和使用管理辦法》,企業當年實際使用的安全生產費用不足年度應計提金額( )的,除按規定進行信息披露外,還應當于下一年度( )月底前提交書面說明。
??選項:??
A. 50%,3
B. 50%,4
C. 60%,3
D. 60%,4
??正確答案:D(60%,4)??
??解題思路:??
??法規依據??(財資〔2022〕136號文 ??第十八條??):
企業實際使用費用 ??低于年度應計提金額60%?? 的,需進行信息披露。
須于下一年度 ??4月底前?? 向屬地監管部門提交經董事會/股東會審議的書面說明。
??錯誤選項辨析:??
??A/B(50%)??:比例錯誤(應為60%)。
??C(3月底)??:時限錯誤(應為4月底)。
??實踐意義:??
避免企業虛提挪用安全費用,確保資金用于實質性安全投入(如防護設備、應急演練)題目38:??(第一張圖第38題)
??題干:??
根據《生產安全事故報告和調查處理條例》,事故調查報告內容不包括( )。
??選項:??
A. 事故發生單位概況
B. 事故發生經過和事故救援情況
C. ??事故責任人員的處罰決定??
D. 事故發生的原因和事故性質
??正確答案:C?
題目49:安全生產許可證延期日期計算??
??題干:??
某通信施工企業于2010年6月10日向省安全監管部門申請辦理安全生產許可證,省安全監管部門于2010年7月15日向該企業頒發了安全生產許可證。依據《安全生產許可證條例》的規定,該企業申請辦理安全生產許可證延期手續合適的日期是()。
??選項:??
A. 2013年3月10日
B. 2015年3月10日
C. 2013年4月15日
D. 2015年4月15日
??正確答案:C??
??解題思路:??
??核心考點??:《安全生產許可證條例》(國務院令第397號)第9條規定,安全生產許可證有效期為??3年??。企業應在有效期屆滿前??3個月??內申請延期,以確保許可證無縫銜接。
??計算步驟:??
許可證頒發日期:2010年7月15日。
有效期屆滿日期:2010年7月15日 + 3年 = ??2013年7月15日??。
延期申請窗口:屆滿前3個月內,即從2013年4月15日起至2013年7月15日止。
??選項C(2013年4月15日)?? 剛好落入申請窗口期,符合法規要求。
題目50:應建立應急救援隊伍的單位識別??
??題干:??
根據《生產安全事故應急條例》,不屬于應建立應急救援隊伍的經營單位的是()。
??選項:??
A. 旅游景區
B. 林場
C. 礦山
D. 建筑施工單位
??正確答案:B??
??解題思路:??
??核心考點??:《生產安全事故應急條例》(國務院令第708號)第10條明確規定,特定高風險行業必須建立專職或兼職應急救援隊伍。適用單位包括??礦山、金屬冶煉、建筑施工、危險物品生產/經營/儲存單位等??。
??分析選項:??
??B(林場)??:林場通常不屬于法定高危行業,除非涉及危險作業(如伐木或化工),一般無需強制建立應急救援隊伍。這使其成為“不屬于”的選項。題目3:施工交叉作業的合規管理??
??題干:??
甲施工單位在二樓數據機房施工,同機房乙單位正進行設備調測。甲單位應當()。
??選項:??
A. 讓乙先完成施工后再進場
B. 和乙相互幫助共同完成作業
C. ??和乙簽訂安全生產協議??(正確答案)
D. 增加人員加班提早離開
??解題思路:??
??法規依據(《安全生產法》第48條)??:
兩個以上單位在同一作業區域內作業時,必須簽訂??安全生產管理協議??,明確各自職責和措施,并指定專人協調。
??關鍵分析:??
??C選項正確??:簽訂協議是法定要求,避免交叉作業引發事故(如設備碰撞、電力干擾等)。
??錯誤選項排除??:
A選項:延誤工期,且無權要求對方暫停;
B選項:違反“責任分明”原則,易引發安全責任糾紛;
D選項:盲目趕工增加事故風險,且未解決協調問題。題目4:施工現場應急預案內容(錯誤項識別)??
??題干:??
根據《通信建設工程安全生產操作規范》,關于應急預案內容說法錯誤的是()。
??選項:??
A. ??對現場存在的重大危險源和潛在事故的危險性質進行的預測和評估??(正確答案)
B. 企業的組織機構及人員職責分工
C. 預防措施
D. 報警及通信聯絡步驟
??解題思路:??
??法規依據(《通信工程安全生產操作規范》YD 5201-2014)??:
應急預案核心是??應急響應流程??(如職責分工、聯絡程序、處置措施),不包括危險源預測(屬“風險評估報告”內容)。
??關鍵分析:??
??A選項錯誤??:危險源預測應在施工前完成(見規范第4.2條),非預案內容。
其他選項均為預案必備要素:
B:明確指揮體系(規范第12.1.3條);
C:事故預防手段(規范第12.1.4條);
D:信息通報機制(規范第12.1.5條)。根據您上傳的圖片內容,現將三道題目的正確答案及詳細解題思路解析如下:
??題目3:施工交叉作業的合規管理??
??題干:??
甲施工單位在二樓數據機房施工,同機房乙單位正進行設備調測。甲單位應當()。
??選項:??
A. 讓乙先完成施工后再進場
B. 和乙相互幫助共同完成作業
C. ??和乙簽訂安全生產協議??(正確答案)
D. 增加人員加班提早離開
??解題思路:??
??法規依據(《安全生產法》第48條)??:
兩個以上單位在同一作業區域內作業時,必須簽訂??安全生產管理協議??,明確各自職責和措施,并指定專人協調。
??關鍵分析:??
??C選項正確??:簽訂協議是法定要求,避免交叉作業引發事故(如設備碰撞、電力干擾等)。
??錯誤選項排除??:
A選項:延誤工期,且無權要求對方暫停;
B選項:違反“責任分明”原則,易引發安全責任糾紛;
D選項:盲目趕工增加事故風險,且未解決協調問題。
??題目4:施工現場應急預案內容(錯誤項識別)??
??題干:??
根據《通信建設工程安全生產操作規范》,關于應急預案內容說法錯誤的是()。
??選項:??
A. ??對現場存在的重大危險源和潛在事故的危險性質進行的預測和評估??(正確答案)
B. 企業的組織機構及人員職責分工
C. 預防措施
D. 報警及通信聯絡步驟
??解題思路:??
??法規依據(《通信工程安全生產操作規范》YD 5201-2014)??:
應急預案核心是??應急響應流程??(如職責分工、聯絡程序、處置措施),不包括危險源預測(屬“風險評估報告”內容)。
??關鍵分析:??
??A選項錯誤??:危險源預測應在施工前完成(見規范第4.2條),非預案內容。
其他選項均為預案必備要素:
B:明確指揮體系(規范第12.1.3條);
C:事故預防手段(規范第12.1.4條);
D:信息通報機制(規范第12.1.5條)。
??題目5:安全生產管理機構設置(員工45人的合規方案)??
??題干:??
某通信施工單位有正式員工45人,關于機構設置和人員配備,說法正確的是()。
??選項:??
A. 企業可自主決定是否設機構
B. ??應配備專職或兼職安全管理人員??(正確答案)
C. 可只配備兼職安全管理人員
D. (圖片未完全顯示,據題意推斷)
題目7(第4頁內容):專職安全生產管理人員的工作經歷要求??
??題目完整內容:??
根據《通信工程施工企業主要負責人項目負責人和專職安全生產管理人員安全生產考核管理規定》,專職安全生產管理人員應具有中專(含高中、中技、職高)及以上學歷或初級及以上技術職稱,且具有( )年及以上從事通信工程建設的工作經歷。
選項:
A、1
B、2
C、3
D、4
??正確答案:B(2年)??
??解題思路:??
??法規依據??:題目引用的規定是《通信工程施工企業主要負責人、項目負責人和專職安全生產管理人員安全生產考核管理規定》(工信部規章)。其中明確規定專職安全生產管理人員必須具備 ??至少2年及以上從事通信工程建設的工作經歷??(參考該規定中對人員資質的細化要求,如工作經驗門檻)。
??為什么選B???
該規定旨在確保安全管理人員具備足夠的現場實踐積累,1年太短(不足以充分理解安全風險),3年或以上非強制要求。2年是法定最低標準,平衡了經驗與可行性。
題目59(判斷題)??
??題干:??
根據《中華人民共和國安全生產法》,生產經營單位應當建立健全生產安全事故隱患排查治理制度,事故隱患排查治理情況應當如實記錄,并??及時通過安全生產監督管理職責的部門和職工大會或者職工代表大會報告??。
??選項:??
A、正確
B、錯誤
??正確答案:B??
??解題思路:??
??法規依據(《安全生產法》第41條)??:
事故隱患排查治理情況應當??向從業人員通報??(例如公示欄張貼),并??報告負有安全生產監督管理職責的部門??。
??關鍵錯誤點:??
題干中 ??“通過…職工大會或者職工代表大會報告”?? 表述錯誤:
??正確流程??:隱患排查記錄需??向從業人員通報??(非必須經職工大會報告),并??同步報監管部門??。
例如:施工現場每日巡查發現的隱患,應公示在公告欄并上傳至監管平臺。
??結論??:題干混淆通報對象,故答案為 ??B(錯誤)??。
題目61:??
??題干:??
根據《生產安全事故報告和調查處理條例》,重大事故是指造成10人以上30人以下死亡,或者50人以上100人以下重傷,或者2000萬元以上5000萬元以下直接經濟損失的事故。
??選項:??
A、正確
B、錯誤
??正確答案:B?
題目62:??
??題干:??
通信建設工程項目應根據國家法律法規、企業安全生產管理相關制度,結合工程項目實際情況,制定項目相應安全管理制度,通常項目安全管理制度可在該項目《施工組織設計方案》中相應章節中明確體現,并經項目技術負責人審批后實施。
??選項:??
A、正確
B、錯誤
??正確答案:B??
??解題思路:??
??法規依據??(《通信建設工程安全生產管理規定》??第15條??):
項目安全管理制度須 ??獨立編制??,作為《施工組織設計》的??專項附件??,而非僅在章節中體現。
??審批權限錯誤??:
安全管理制度必須由 ??企業主要負責人或授權分管安全領導審批??(如安全總監),??非項目技術負責人??(僅負責技術方案)。
??結論??:
題干兩項錯誤(制度形式+審批權限),故選 ??B(錯誤)??。題目68:危險物品車間與員工宿舍距離規定??
??題干:??
生產、經營、儲存、使用危險物品的車間、倉庫在采取一定措施后,可以與員工宿舍在同一座建筑物內,但應與員工宿舍保持一定安全距離。
??選項:??
A、正確
B、錯誤
??正確答案:B??
??解題思路:??
??法規依據(《安全生產法》第42條)??:
生產、經營、儲存、使用危險物品的車間、倉庫??不得與員工宿舍在同一座建筑物內??,并應保持安全距離。
題目70:跨越電力線的保護管電壓要求??
??題干:??
對跨越電力線和在高壓線下方架設的明線和線纜,須安裝能抗10千伏以上電壓的“三線交叉保護管”。
??選項:??
A、正確
B、錯誤
??正確答案:B??
??解題思路:??
??法規依據(《通信線路工程設計規范》YD 5102-2010)??:
保護管需按??實際跨越電壓等級??定制絕緣防護(非固定“10千伏”):
10kV以下線路:絕緣管耐壓≥15kV;
35kV以上線路:需單獨設計防護方案(如升高架設)。
??錯誤原因:??
題干中“抗10千伏以上”一刀切要求錯誤,??不同電壓等級需差異化防護??,故答案為 ??B(錯誤)??。
??正確做法??:施工前需核查電力線電壓,按規范選擇保護管(例如10kV線路用耐壓15kV的HDPE管)
題目78:特種設備事故一般事故認定標準??
??題干:??
根據《特種設備安全監察條例》,有以下情形之一的是,為一般事故()。
??正確答案:ACDE??
??選項解析:??
??A. 造成3人以下死亡??(符合《條例》定義)
??D. 起重機械主要受力結構件折斷或起升機構墜落??(設備嚴重損壞)
??E. 壓力管道有毒介質泄漏,造成600人轉移??(人員疏散達500人以上)
??C. 500萬元直接經濟損失??(在100萬-1000萬標準內)
??錯誤項B:?? 重傷標準應為 ??10人以下??(非12人),排除
??法規依據(《特種設備安全監察條例》第六十四條):??
一般事故包括:
(一)造成 ??3人以下死亡??,或10人以下重傷,或 ??1,000萬元以下直接經濟損失??;
(二)壓力容器/管道有毒介質泄漏致 ??500人以上轉移??;
(三)起重機械整體傾覆或 ??主要受力構件斷裂/墜落??。
??避坑提示:
題目79:施工總承包項目安全生產領導小組成員構成??
??題干:??
實行施工總承包的項目,安全生產領導小組由()項目經理、技術負責人和專職安全管理人員組成。
??正確答案:ACE??
??選項解析:??
??A. 總承包企業??(法定牽頭方)
??C. 專業承包企業??(承擔專業施工責任)
??E. 勞務分包企業??(承擔作業人員安全責任)
??排除項B/D:??
B(建設單位):甲方不參與現場安全管理
D(監理單位):負責監督,非責任主體
??法規依據(《建筑施工企業安管機構設置辦法》第六條):??
總承包項目安全生產領導小組由 ??總承包、專業分包、勞務分包單位??的項目負責人、技術負責人和專職安全員組成。?
題目80:特種作業操作證復審要求(正確答案:AB)??
??題干:??
特種作業操作證應當定期復審。根據《特種作業人員安全技術培訓考核管理規定》,關于特種作業操作證復審的說法,正確的是()。
題目81:《工傷保險條例》工傷保險費繳納規則??
??題干:??
根據《工傷保險條例》,關于工傷保險費繳納的說法,正確的是()。
??正確答案:AB??
??選項解析:?
DNS服務器搭建
DNS服務器搭建(DNS.CN)
環境準備
hostname
ip
firewalld
selinux
yum 等
[caozx26@client ~]$ hostname
client.backup.cn
[caozx26@client ~]$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)Active: active (running) since 四 2025-06-19 03:18:09 CST; 6 days agoDocs: man:firewalld(1)Main PID: 781 (firewalld)Tasks: 2CGroup: /system.slice/firewalld.service└─781 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid6月 19 03:18:09 backup.cn systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 19 03:18:09 backup.cn systemd[1]: Started firewalld - dynamic firewall daemon.
6月 19 03:18:09 backup.cn firewalld[781]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration o...it now.
Hint: Some lines were ellipsized, use -l to show in full.
[caozx26@client ~]$ systemctl stop firewalld
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: caozx26
Password:
==== AUTHENTICATION COMPLETE ===
[caozx26@client ~]$ sudo su
[sudo] caozx26 的密碼:
對不起,請重試。
[sudo] caozx26 的密碼:
[root@client caozx26]# systemctl stop firewalld
[root@client caozx26]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@client caozx26]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)6月 19 03:18:09 backup.cn systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 19 03:18:09 backup.cn systemd[1]: Started firewalld - dynamic firewall daemon.
6月 19 03:18:09 backup.cn firewalld[781]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration o...it now.
6月 25 20:44:15 client.backup.cn systemd[1]: Stopping firewalld - dynamic firewall daemon...
6月 25 20:44:16 client.backup.cn systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@client caozx26]# setenforce 0
[root@client caozx26]# cat /etc/selinux/config# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@client caozx26]# yum repolist
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
源標識 源名稱 狀態
!local local yum 4,070
repolist: 4,070
安裝DNS
DNS.CN
[root@dns ~]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/bin/arpaname
/usr/bin/named-rrchecker
/usr/lib/python2.7/site-packages/isc
/usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/isc/__init__.py
/usr/lib/python2.7/site-packages/isc/__init__.pyc
/usr/lib/python2.7/site-packages/isc/__init__.pyo
/usr/lib/python2.7/site-packages/isc/checkds.py
/usr/lib/python2.7/site-packages/isc/checkds.pyc
/usr/lib/python2.7/site-packages/isc/checkds.pyo
/usr/lib/python2.7/site-packages/isc/coverage.py
/usr/lib/python2.7/site-packages/isc/coverage.pyc
/usr/lib/python2.7/site-packages/isc/coverage.pyo
/usr/lib/python2.7/site-packages/isc/dnskey.py
/usr/lib/python2.7/site-packages/isc/dnskey.pyc
/usr/lib/python2.7/site-packages/isc/dnskey.pyo
/usr/lib/python2.7/site-packages/isc/eventlist.py
/usr/lib/python2.7/site-packages/isc/eventlist.pyc
/usr/lib/python2.7/site-packages/isc/eventlist.pyo
/usr/lib/python2.7/site-packages/isc/keydict.py
/usr/lib/python2.7/site-packages/isc/keydict.pyc
/usr/lib/python2.7/site-packages/isc/keydict.pyo
/usr/lib/python2.7/site-packages/isc/keyevent.py
/usr/lib/python2.7/site-packages/isc/keyevent.pyc
/usr/lib/python2.7/site-packages/isc/keyevent.pyo
/usr/lib/python2.7/site-packages/isc/keymgr.py
/usr/lib/python2.7/site-packages/isc/keymgr.pyc
/usr/lib/python2.7/site-packages/isc/keymgr.pyo
/usr/lib/python2.7/site-packages/isc/keyseries.py
/usr/lib/python2.7/site-packages/isc/keyseries.pyc
/usr/lib/python2.7/site-packages/isc/keyseries.pyo
/usr/lib/python2.7/site-packages/isc/keyzone.py
/usr/lib/python2.7/site-packages/isc/keyzone.pyc
/usr/lib/python2.7/site-packages/isc/keyzone.pyo
/usr/lib/python2.7/site-packages/isc/parsetab.py
/usr/lib/python2.7/site-packages/isc/parsetab.pyc
/usr/lib/python2.7/site-packages/isc/parsetab.pyo
/usr/lib/python2.7/site-packages/isc/policy.py
/usr/lib/python2.7/site-packages/isc/policy.pyc
/usr/lib/python2.7/site-packages/isc/policy.pyo
/usr/lib/python2.7/site-packages/isc/rndc.py
/usr/lib/python2.7/site-packages/isc/rndc.pyc
/usr/lib/python2.7/site-packages/isc/rndc.pyo
/usr/lib/python2.7/site-packages/isc/utils.py
/usr/lib/python2.7/site-packages/isc/utils.pyc
/usr/lib/python2.7/site-packages/isc/utils.pyo
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-keymgr
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/sbin/tsig-keygen
/usr/share/doc/bind-9.11.4
/usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html
/usr/share/doc/bind-9.11.4/Bv9ARM.html
/usr/share/doc/bind-9.11.4/Bv9ARM.pdf
/usr/share/doc/bind-9.11.4/CHANGES
/usr/share/doc/bind-9.11.4/README
/usr/share/doc/bind-9.11.4/isc-logo.pdf
/usr/share/doc/bind-9.11.4/man.arpaname.html
/usr/share/doc/bind-9.11.4/man.ddns-confgen.html
/usr/share/doc/bind-9.11.4/man.delv.html
/usr/share/doc/bind-9.11.4/man.dig.html
/usr/share/doc/bind-9.11.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.11.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-importkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.11.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html
/usr/share/doc/bind-9.11.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.11.4/man.dnssec-settime.html
/usr/share/doc/bind-9.11.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.11.4/man.dnssec-verify.html
/usr/share/doc/bind-9.11.4/man.dnstap-read.html
/usr/share/doc/bind-9.11.4/man.genrandom.html
/usr/share/doc/bind-9.11.4/man.host.html
/usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.11.4/man.lwresd.html
/usr/share/doc/bind-9.11.4/man.mdig.html
/usr/share/doc/bind-9.11.4/man.named-checkconf.html
/usr/share/doc/bind-9.11.4/man.named-checkzone.html
/usr/share/doc/bind-9.11.4/man.named-journalprint.html
/usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html
/usr/share/doc/bind-9.11.4/man.named-rrchecker.html
/usr/share/doc/bind-9.11.4/man.named.conf.html
/usr/share/doc/bind-9.11.4/man.named.html
/usr/share/doc/bind-9.11.4/man.nsec3hash.html
/usr/share/doc/bind-9.11.4/man.nslookup.html
/usr/share/doc/bind-9.11.4/man.nsupdate.html
/usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html
/usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html
/usr/share/doc/bind-9.11.4/man.pkcs11-list.html
/usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html
/usr/share/doc/bind-9.11.4/man.rndc-confgen.html
/usr/share/doc/bind-9.11.4/man.rndc.conf.html
/usr/share/doc/bind-9.11.4/man.rndc.html
/usr/share/doc/bind-9.11.4/named.conf.default
/usr/share/doc/bind-9.11.4/notes.html
/usr/share/doc/bind-9.11.4/notes.pdf
/usr/share/doc/bind-9.11.4/sample
/usr/share/doc/bind-9.11.4/sample/etc
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.11.4/sample/var
/usr/share/doc/bind-9.11.4/sample/var/named
/usr/share/doc/bind-9.11.4/sample/var/named/data
/usr/share/doc/bind-9.11.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/named.ca
/usr/share/doc/bind-9.11.4/sample/var/named/named.empty
/usr/share/doc/bind-9.11.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.11.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.11.4/sample/var/named/slaves
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-importkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-keymgr.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/usr/share/man/man8/tsig-keygen.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slavesDNS正向解析
備份
named.conf DNS 控制訪問權限
/etc/named.rfc1912.zones 定義域名如何解析,解析到哪個具體IP
[root@dns ~]# cd /etc
[root@dns etc]# find /etc -name named.conf.bak
/etc/named.conf.bak
[root@dns etc]# find /etc/ -name named.rfc1912.zones.bak
/etc/named.rfc1912.zones.bak添加權限:任何主機都能訪問
[root@dns etc]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost; any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";域名指向IP配置
/etc/named.rfc1912.zones
[root@dns etc]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "cluster" IN {type master;file "cluster.zone";allow-update { none; };
};
[root@dns etc]# vim named.rfc1912.zones
[root@dns etc]# cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};定義正向解析
[root@dns etc]# cd /var/named
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@dns named]# cat cluster.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1A 192.168.235.20
[root@dns named]# cp cluster.zone xiaocao .cluster.zone
cp: 目標".cluster.zone" 不是目錄
[root@dns named]# cp cluster.zone xiaocao.cluster.zone
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone[root@dns named]# ll cluster.zone
-rw-r-----. 1 root named 183 6月 24 20:14 cluster.zone
[root@dns named]# ll xiaocao.cluster.zone
-rw-r-----. 1 root root 186 6月 25 21:28 xiaocao.cluster.zone
[root@dns named]#屬組不對 cp -p
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# rm -rf xiaocao.cluster.zone
[root@dns named]# cp -p named.localhost xiaocao.cluster.zone
[root@dns named]# ll xiaocao.cluster.zone
-rw-r-----. 1 root named 152 6月 21 2007 xiaocao.cluster.zone
[root@dns named]# vim xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1www A 192.168.235.20
[root@dns named]#檢查names.conf .zones
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]# cd /var/named
[root@dns named]# name-checkzone xiaocao.cluster.zone xiaocao.cluster.zone
bash: name-checkzone: 未找到命令...
[root@dns named]# named-checkzone xiaocao.cluster.zone xiaocao.cluster.zone
zone xiaocao.cluster.zone/IN: loaded serial 0
OK啟動DNS
[root@dns named]# systemctl restart named
[root@dns named]# netstat -tnlp |grep named
tcp 0 0 192.168.235.100:53 0.0.0.0:* LISTEN 76298/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 76298/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 76298/named
tcp6 0 0 ::1:53 :::* LISTEN 76298/named
tcp6 0 0 ::1:953 :::* LISTEN 76298/named
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
您在 /var/spool/mail/root 中有新郵件搭建Web服務
Web.cn
[root@web ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-18 20:00:51 CST; 1 weeks 0 days agoDocs: man:httpd(8)man:apachectl(8)Process: 110132 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)Main PID: 13043 (httpd)Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"Tasks: 6CGroup: /system.slice/httpd.service├─ 13043 /usr/sbin/httpd -DFOREGROUND├─110167 /usr/sbin/httpd -DFOREGROUND├─110168 /usr/sbin/httpd -DFOREGROUND├─110169 /usr/sbin/httpd -DFOREGROUND├─110170 /usr/sbin/httpd -DFOREGROUND└─110171 /usr/sbin/httpd -DFOREGROUND6月 18 20:00:50 web.cn systemd[1]: Starting The Apache HTTP Server...
6月 18 20:00:51 web.cn systemd[1]: Started The Apache HTTP Server.
6月 25 20:50:01 web.cn systemd[1]: Reloading The Apache HTTP Server.
6月 25 20:50:02 web.cn systemd[1]: Reloaded The Apache HTTP Server.
您在 /var/spool/mail/root 中有郵件
[root@web ~]# cat /var/www/html/index.html
<<video width="800" height="450" controls>
<source src="media/share.mp4">
</video>
DNS Test ...
測試正向解析
client.cn
添加DNS
[root@client caozx26]# echo 'namesever 192.168.235.100'>/etc/resolv.conf
[root@client caozx26]# cat /etc/resolv.conf
namesever 192.168.235.100檢測正向解析
[root@client caozx26]# nslookup www.xiaocao.clusater
;; connection timed out; no servers could be reached[root@client caozx26]# ping 192.168.235.100
PING 192.168.235.100 (192.168.235.100) 56(84) bytes of data.
64 bytes from 192.168.235.100: icmp_seq=1 ttl=64 time=0.395 ms
64 bytes from 192.168.235.100: icmp_seq=2 ttl=64 time=1.06 ms
64 bytes from 192.168.235.100: icmp_seq=3 ttl=64 time=1.36 ms
^C
--- 192.168.235.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.395/0.939/1.362/0.404 ms
[root@client caozx26]# dig www.xiaocao.cluster; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.xiaocao.cluster
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@client caozx26]# dig +trace www.xiaocao.cluster; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> +trace www.xiaocao.cluster
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@client caozx26]#筆記
碼
client .200
Network error: Connection timed out──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Session stopped- Press <return> to exit tab- Press R to restart session- Press S to save terminal output to file
caozx26@192.168.235.200's password:┌────────────────────────────────────────────────────────────────────┐│ ? MobaXterm 20.0 ? ││ (SSH client, X-server and networking tools) ││ ││ ? SSH session to caozx26@192.168.235.200 ││ ? SSH compression : ? ││ ? SSH-browser : ? ││ ? X11-forwarding : ? (remote display is forwarded through SSH) ││ ? DISPLAY : ? (automatically set on remote server) ││ ││ ? For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last login: Tue Jun 24 19:18:39 2025 from 192.168.235.1
[caozx26@client ~]$ hostname
client.backup.cn
[caozx26@client ~]$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)Active: active (running) since 四 2025-06-19 03:18:09 CST; 6 days agoDocs: man:firewalld(1)Main PID: 781 (firewalld)Tasks: 2CGroup: /system.slice/firewalld.service└─781 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid6月 19 03:18:09 backup.cn systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 19 03:18:09 backup.cn systemd[1]: Started firewalld - dynamic firewall daemon.
6月 19 03:18:09 backup.cn firewalld[781]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration o...it now.
Hint: Some lines were ellipsized, use -l to show in full.
[caozx26@client ~]$ systemctl stop firewalld
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: caozx26
Password:
==== AUTHENTICATION COMPLETE ===
[caozx26@client ~]$ sudo su
[sudo] caozx26 的密碼:
對不起,請重試。
[sudo] caozx26 的密碼:
[root@client caozx26]# systemctl stop firewalld
[root@client caozx26]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@client caozx26]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)6月 19 03:18:09 backup.cn systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 19 03:18:09 backup.cn systemd[1]: Started firewalld - dynamic firewall daemon.
6月 19 03:18:09 backup.cn firewalld[781]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration o...it now.
6月 25 20:44:15 client.backup.cn systemd[1]: Stopping firewalld - dynamic firewall daemon...
6月 25 20:44:16 client.backup.cn systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@client caozx26]# setenforce 0
[root@client caozx26]# cat /etc/selinux/config# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@client caozx26]# yum repolist
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
源標識 源名稱 狀態
!local local yum 4,070
repolist: 4,070
[root@client caozx26]# echo 'namesever 192.168.235.100'>/etc/resolv.conf
[root@client caozx26]# cat /etc/resolv.conf
namesever 192.168.235.100
[root@client caozx26]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# curl http://www.xiaocao.cluster
curl: (6) Could not resolve host: www.xiaocao.cluster; 未知的錯誤
[root@client caozx26]# nslookup www.xiaocao.clusater
;; connection timed out; no servers could be reached[root@client caozx26]# ping 192.168.235.100
PING 192.168.235.100 (192.168.235.100) 56(84) bytes of data.
64 bytes from 192.168.235.100: icmp_seq=1 ttl=64 time=0.395 ms
64 bytes from 192.168.235.100: icmp_seq=2 ttl=64 time=1.06 ms
64 bytes from 192.168.235.100: icmp_seq=3 ttl=64 time=1.36 ms
^C
--- 192.168.235.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.395/0.939/1.362/0.404 ms
[root@client caozx26]# dig www.xiaocao.cluster; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.xiaocao.cluster
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@client caozx26]# dig +trace www.xiaocao.cluster; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> +trace www.xiaocao.cluster
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@client caozx26]#
DNS .100
root@192.168.235.100's password:┌────────────────────────────────────────────────────────────────────┐│ ? MobaXterm 20.0 ? ││ (SSH client, X-server and networking tools) ││ ││ ? SSH session to root@192.168.235.100 ││ ? SSH compression : ? ││ ? SSH-browser : ? ││ ? X11-forwarding : ? (remote display is forwarded through SSH) ││ ? DISPLAY : ? (automatically set on remote server) ││ ││ ? For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last login: Tue Jun 24 19:30:07 2025
[root@dns ~]# hostname
dns.nfs.cn
[root@dns ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)
[root@dns ~]# cat /etc/selinux/config# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@dns ~]# yum repolist
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
源標識 源名稱 狀態
local local yum 4,070
repolist: 4,070
[root@dns ~]# setenforce 0
[root@dns ~]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/bin/arpaname
/usr/bin/named-rrchecker
/usr/lib/python2.7/site-packages/isc
/usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/isc/__init__.py
/usr/lib/python2.7/site-packages/isc/__init__.pyc
/usr/lib/python2.7/site-packages/isc/__init__.pyo
/usr/lib/python2.7/site-packages/isc/checkds.py
/usr/lib/python2.7/site-packages/isc/checkds.pyc
/usr/lib/python2.7/site-packages/isc/checkds.pyo
/usr/lib/python2.7/site-packages/isc/coverage.py
/usr/lib/python2.7/site-packages/isc/coverage.pyc
/usr/lib/python2.7/site-packages/isc/coverage.pyo
/usr/lib/python2.7/site-packages/isc/dnskey.py
/usr/lib/python2.7/site-packages/isc/dnskey.pyc
/usr/lib/python2.7/site-packages/isc/dnskey.pyo
/usr/lib/python2.7/site-packages/isc/eventlist.py
/usr/lib/python2.7/site-packages/isc/eventlist.pyc
/usr/lib/python2.7/site-packages/isc/eventlist.pyo
/usr/lib/python2.7/site-packages/isc/keydict.py
/usr/lib/python2.7/site-packages/isc/keydict.pyc
/usr/lib/python2.7/site-packages/isc/keydict.pyo
/usr/lib/python2.7/site-packages/isc/keyevent.py
/usr/lib/python2.7/site-packages/isc/keyevent.pyc
/usr/lib/python2.7/site-packages/isc/keyevent.pyo
/usr/lib/python2.7/site-packages/isc/keymgr.py
/usr/lib/python2.7/site-packages/isc/keymgr.pyc
/usr/lib/python2.7/site-packages/isc/keymgr.pyo
/usr/lib/python2.7/site-packages/isc/keyseries.py
/usr/lib/python2.7/site-packages/isc/keyseries.pyc
/usr/lib/python2.7/site-packages/isc/keyseries.pyo
/usr/lib/python2.7/site-packages/isc/keyzone.py
/usr/lib/python2.7/site-packages/isc/keyzone.pyc
/usr/lib/python2.7/site-packages/isc/keyzone.pyo
/usr/lib/python2.7/site-packages/isc/parsetab.py
/usr/lib/python2.7/site-packages/isc/parsetab.pyc
/usr/lib/python2.7/site-packages/isc/parsetab.pyo
/usr/lib/python2.7/site-packages/isc/policy.py
/usr/lib/python2.7/site-packages/isc/policy.pyc
/usr/lib/python2.7/site-packages/isc/policy.pyo
/usr/lib/python2.7/site-packages/isc/rndc.py
/usr/lib/python2.7/site-packages/isc/rndc.pyc
/usr/lib/python2.7/site-packages/isc/rndc.pyo
/usr/lib/python2.7/site-packages/isc/utils.py
/usr/lib/python2.7/site-packages/isc/utils.pyc
/usr/lib/python2.7/site-packages/isc/utils.pyo
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-keymgr
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/sbin/tsig-keygen
/usr/share/doc/bind-9.11.4
/usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html
/usr/share/doc/bind-9.11.4/Bv9ARM.html
/usr/share/doc/bind-9.11.4/Bv9ARM.pdf
/usr/share/doc/bind-9.11.4/CHANGES
/usr/share/doc/bind-9.11.4/README
/usr/share/doc/bind-9.11.4/isc-logo.pdf
/usr/share/doc/bind-9.11.4/man.arpaname.html
/usr/share/doc/bind-9.11.4/man.ddns-confgen.html
/usr/share/doc/bind-9.11.4/man.delv.html
/usr/share/doc/bind-9.11.4/man.dig.html
/usr/share/doc/bind-9.11.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.11.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-importkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.11.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html
/usr/share/doc/bind-9.11.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.11.4/man.dnssec-settime.html
/usr/share/doc/bind-9.11.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.11.4/man.dnssec-verify.html
/usr/share/doc/bind-9.11.4/man.dnstap-read.html
/usr/share/doc/bind-9.11.4/man.genrandom.html
/usr/share/doc/bind-9.11.4/man.host.html
/usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.11.4/man.lwresd.html
/usr/share/doc/bind-9.11.4/man.mdig.html
/usr/share/doc/bind-9.11.4/man.named-checkconf.html
/usr/share/doc/bind-9.11.4/man.named-checkzone.html
/usr/share/doc/bind-9.11.4/man.named-journalprint.html
/usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html
/usr/share/doc/bind-9.11.4/man.named-rrchecker.html
/usr/share/doc/bind-9.11.4/man.named.conf.html
/usr/share/doc/bind-9.11.4/man.named.html
/usr/share/doc/bind-9.11.4/man.nsec3hash.html
/usr/share/doc/bind-9.11.4/man.nslookup.html
/usr/share/doc/bind-9.11.4/man.nsupdate.html
/usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html
/usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html
/usr/share/doc/bind-9.11.4/man.pkcs11-list.html
/usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html
/usr/share/doc/bind-9.11.4/man.rndc-confgen.html
/usr/share/doc/bind-9.11.4/man.rndc.conf.html
/usr/share/doc/bind-9.11.4/man.rndc.html
/usr/share/doc/bind-9.11.4/named.conf.default
/usr/share/doc/bind-9.11.4/notes.html
/usr/share/doc/bind-9.11.4/notes.pdf
/usr/share/doc/bind-9.11.4/sample
/usr/share/doc/bind-9.11.4/sample/etc
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.11.4/sample/var
/usr/share/doc/bind-9.11.4/sample/var/named
/usr/share/doc/bind-9.11.4/sample/var/named/data
/usr/share/doc/bind-9.11.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/named.ca
/usr/share/doc/bind-9.11.4/sample/var/named/named.empty
/usr/share/doc/bind-9.11.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.11.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.11.4/sample/var/named/slaves
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-importkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-keymgr.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/usr/share/man/man8/tsig-keygen.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
[root@dns ~]# cd /etc
[root@dns etc]# find /etc -name named.conf.bak
/etc/named.conf.bak
[root@dns etc]# find /etc/ -name named.rfc1912.zones.bak
/etc/named.rfc1912.zones.bak
[root@dns etc]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost; any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns etc]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "cluster" IN {type master;file "cluster.zone";allow-update { none; };
};
[root@dns etc]# vim named.rfc1912.zones
[root@dns etc]# cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
[root@dns etc]# cd /var/named
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@dns named]# cat cluster.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1A 192.168.235.20
[root@dns named]# cp cluster.zone xiaocao .cluster.zone
cp: 目標".cluster.zone" 不是目錄
[root@dns named]# cp cluster.zone xiaocao.cluster.zone
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1A 192.168.235.20
[root@dns named]# vim xiaocao.cluster.zpme
[root@dns named]# vim xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1
www A 192.168.235.20
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]# cd /var/named
[root@dns named]# name-checkzone xiaocao.cluster.zone xiaocao.cluster.zone
bash: name-checkzone: 未找到命令...
[root@dns named]# named-checkzone xiaocao.cluster.zone xiaocao.cluster.zone
zone xiaocao.cluster.zone/IN: loaded serial 0
OK
[root@dns named]# systemctl restart named
[root@dns named]# netstat -tnlp |grep named
tcp 0 0 192.168.235.100:53 0.0.0.0:* LISTEN 76298/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 76298/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 76298/named
tcp6 0 0 ::1:53 :::* LISTEN 76298/named
tcp6 0 0 ::1:953 :::* LISTEN 76298/named
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
您在 /var/spool/mail/root 中有新郵件
[root@dns named]# ll cluster.zone
-rw-r-----. 1 root named 183 6月 24 20:14 cluster.zone
[root@dns named]# ll xiaocao.cluster.zone
-rw-r-----. 1 root root 186 6月 25 21:28 xiaocao.cluster.zone
[root@dns named]# ll named.localhost
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
[root@dns named]# ll -d named
ls: 無法訪問named: 沒有那個文件或目錄
[root@dns named]# ll -d /var/named
drwxrwx--T. 5 root named 175 6月 25 21:33 /var/named
[root@dns named]# ls
cluster.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# rm -rf xiaocao.cluster.zone
[root@dns named]# cp -p named.localhost xiaocao.cluster.zone
[root@dns named]# ll xiaocao.cluster.zone
-rw-r-----. 1 root named 152 6月 21 2007 xiaocao.cluster.zone
[root@dns named]# vim xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1www A 192.168.235.20
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 1h 20min agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf6月 25 21:33:07 dns.nfs.cn named[76298]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
6月 25 21:33:07 dns.nfs.cn named[76298]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
6月 25 21:33:07 dns.nfs.cn named[76298]: network unreachable resolving './NS/IN': 2001:500:2::c#53
6月 25 21:33:07 dns.nfs.cn named[76298]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
6月 25 21:33:07 dns.nfs.cn named[76298]: managed-keys-zone: Key 38696 for zone . acceptance timer complete: key now trusted
6月 25 21:33:07 dns.nfs.cn named[76298]: resolver priming query complete
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
[root@dns named]# systemctl start named
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 1h 28min agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf6月 25 21:33:07 dns.nfs.cn named[76298]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
6月 25 21:33:07 dns.nfs.cn named[76298]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
6月 25 21:33:07 dns.nfs.cn named[76298]: network unreachable resolving './NS/IN': 2001:500:2::c#53
6月 25 21:33:07 dns.nfs.cn named[76298]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
6月 25 21:33:07 dns.nfs.cn named[76298]: managed-keys-zone: Key 38696 for zone . acceptance timer complete: key now trusted
6月 25 21:33:07 dns.nfs.cn named[76298]: resolver priming query complete
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
6月 25 21:33:07 dns.nfs.cn named[76298]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
[root@dns named]#Web .20
root@192.168.235.20's password:┌────────────────────────────────────────────────────────────────────┐│ ? MobaXterm 20.0 ? ││ (SSH client, X-server and networking tools) ││ ││ ? SSH session to root@192.168.235.20 ││ ? SSH compression : ? ││ ? SSH-browser : ? ││ ? X11-forwarding : ? (remote display is forwarded through SSH) ││ ? DISPLAY : ? (automatically set on remote server) ││ ││ ? For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last login: Tue Jun 24 19:30:12 2025
[root@web ~]# hostname
web.cn
您在 /var/spool/mail/root 中有新郵件
[root@web ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)
您在 /var/spool/mail/root 中有郵件
[root@web ~]# setenforce 0
[root@web ~]# cat /etc/selinux/config# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@web ~]# yum repolist
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
源標識 源名稱 狀態
!local local repo 4,070
repolist: 4,070
您在 /var/spool/mail/root 中有郵件
[root@web ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-18 20:00:51 CST; 1 weeks 0 days agoDocs: man:httpd(8)man:apachectl(8)Process: 110132 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)Main PID: 13043 (httpd)Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"Tasks: 6CGroup: /system.slice/httpd.service├─ 13043 /usr/sbin/httpd -DFOREGROUND├─110167 /usr/sbin/httpd -DFOREGROUND├─110168 /usr/sbin/httpd -DFOREGROUND├─110169 /usr/sbin/httpd -DFOREGROUND├─110170 /usr/sbin/httpd -DFOREGROUND└─110171 /usr/sbin/httpd -DFOREGROUND6月 18 20:00:50 web.cn systemd[1]: Starting The Apache HTTP Server...
6月 18 20:00:51 web.cn systemd[1]: Started The Apache HTTP Server.
6月 25 20:50:01 web.cn systemd[1]: Reloading The Apache HTTP Server.
6月 25 20:50:02 web.cn systemd[1]: Reloaded The Apache HTTP Server.
您在 /var/spool/mail/root 中有郵件
[root@web ~]# cat /var/www/html/index.html
<<video width="800" height="450" controls>
<source src="media/share.mp4">
</video>
DNS Test ...
[root@web ~]# echo 'namesever 192.168.235.100'>/etc/resolv.conf
您在 /var/spool/mail/root 中有郵件
[root@web ~]# cat /etc/resolv.conf
namesever 192.168.235.100
[root@web ~]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached[root@web ~]# ^C
[root@web ~]#從SSE升級到SteamableHTTP)
