DNS子域授权(父域委派)的实现
配置父域服务器
在父域服务器其上,仅需配置区域解析库文件,添加对应解析记录即可
[root@Centos6 ~]# vim /var/named/zhimajihua.cn.zone
[root@Centos6 ~]# cat /var/named/zhimajihua.cn.zone
$TTL 1D
@ IN SOA ns1 mu.zhimajihua.cn. (
20170927; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
NS ns2
xm NS ns3 #该NS记录用于声明所有xm域内的解析工作交由ns3对应IP的DNS解析服务器
MX 5 mx1
ns1 A 192.168.1.19
ns2 A 192.168.1.20
ns3 A 192.168.1.21 #指向xm子域的DNS解析服务器
mx1 A 192.168.1.30
web A 192.168.1.40
image A 192.168.1.50
www CNAME web
xiaomu A 192.168.1.60
[root@Centos6 ~]# rndc reload #重载配置文件
server reload successful配置目标子域服务器
- 安装bind程序并启动named服务
[root@centos7 ~]# yum -y install bind #安装bind
[root@centos7 ~]# systemctl enable named #开机启动
[root@centos7 ~]# systemctl start named #启动named服务- 配置主配置文件
[root@centos7 ~]# vim /etc/named.conf
options {
listen-on port 53 { localhost; }; #监听本机所有IP地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.1.0/24; }; #允许特定网段查询
}- 配置辅助配置文件
[root@centos7 ~]# vim /etc/named.rfc1912.zones
zone "xm.zhimajihua.cn" IN { #添加对xm域的定义信息
type master; #对于xm域来说,本机就是主服务器,因此必须选择类型为master
file "xm.zhimajihua.cn.zone";
allow-update { none; };
};
[root@centos7 ~]# named-checkconf #语法检查- 创建和编辑区域解析库文件
[root@centos7 ~]# cd /var/named
[root@centos7 named]# ll
total 28
drwxrwx--- 2 named named 4096 Sep 27 03:32 data
drwxrwx--- 2 named named 4096 Sep 27 03:33 dynamic
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Nov 11 2016 slaves
[root@centos7 named]# cp -p named.localhost xm.zhimajihua.cn.zone #注意权限问题
[root@centos7 named]# vim xm.zhimajihua.cn.zone
$TTL 1D
@ IN SOA ns1 rname.invalid. (
20170927; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
ns1 A 192.168.1.21
jimei A 192.168.1.77 #定义一条A记录
[root@centos7 named]# named-checkzone 'xm.zhimajihua.cn.zone' xm.zhimajihua.cn.zone #语法检查
zone xm.zhimajihua.cn.zone/IN: loaded serial 20170927
OK
[root@centos7 named]# rndc reload
server reload successful客户端测试
测试能否正确解析
[root@client ~]# dig jimei.xm.zhimajihua.cn @192.168.1.19
; <<>> DiG 9.9.9-P1 <<>> jimei.xm.zhimajihua.cn @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 617
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jimei.xm.zhimajihua.cn. IN A
;; ANSWER SECTION:
jimei.xm.zhimajihua.cn. 86372 IN A 192.168.1.77 #正确解析出我们前面定义的A记录对应IP
;; AUTHORITY SECTION:
xm.zhimajihua.cn. 86372 IN NS ns1.xm.zhimajihua.cn.
;; ADDITIONAL SECTION:
ns1.xm.zhimajihua.cn. 86372 IN A 192.168.1.21
;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Wed Sep 27 11:39:41 DST 2017
;; MSG SIZE rcvd: 101本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2017/09/26,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读