标签:dns子域授权
DNS子域授权
正向区域:
SUB_ZONE_NAME IN NS NSSERVER_SUB_ZONE_NAME
NSSERVER_SUB_ZONE_NAME IN A IP
.com
mylinux.com. IN NS ns1.mylinux.com.
IN NS ns2.mylinux.com.
ns1.mylinux.com. IN A 192.168.10.2
ns2.mylinux.com. IN A 192.168.10.3
--------------------------------------------
在mylinux.com 下添加2个子域类容如下
mylinux.com.
fin.mylinux.com. IN NS ns1.fin.mylinux.com.
ns1.fin.mylinux.com. IN A 192.168.10.4
1.在主服务器上定义。vim /var/named/mylinux.com.zone(子域和父域可以不再同一个网络中)
[root@localhost ~]# vim /var/named/mylinux.com.zone
$TTL 600
@ IN SOA ns1.mylinux.com. admin.mylinux.com. (
20170709
1H
5M
2D
6H)
IN NS ns2
IN NS ns1
IN MX 10 mail
ns2 IN A 192.168.10.3
ns1 IN A 192.168.10.2
mail IN A 192.168.10.4
www IN A 192.168.10.2
www IN A 192.168.10.3
ftp IN CNAME www
mylinux.com. IN A 192.168.10.3
*.mylinux.com. IN A 192.168.10.3
fin IN NS ns1.fin
fin IN NS ns2.fin
ns1.fin IN A 192.168.10.8
ns2.fin IN A 192.168.10.9
market IN NS ns1.market
ns1.market IN A 192.168.10.20
[root@localhost ~]# rndc reload 让服务器重读一下
server reload successful
在查看从服务器得到配置没有。从服务器得到配置后表面工作正常
2.下一步安装子域名服务器
和从服务器安装过程一样
[root@localhost yum.repos.d]# yum list all |grep bind
[root@localhost yum.repos.d]# yum remove bind-libs
[root@localhost yum.repos.d]# yum remove bind-utils
yum install bind.i686
网络配置
DNS指向自己
子域:fin.mylinux.com
关闭selinux
清空防火墙规则 iptables -F
[root@localhost yum.repos.d]# mv /etc/named.conf /etc/named.conf.back
[root@localhost yum.repos.d]# scp root@192.168.10.3:/etc/named.conf /etc
[root@localhost yum.repos.d]# chgrp named /etc/named.conf
[root@localhost yum.repos.d]# vi /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "fin.mylinux.com" {
type master;
file "fin.mylinux.com";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.loopback";
allow-transfer { none; };
};
[root@localhost named]# scp root@192.168.10.2:/var/named/mylinux.com.zone /var/named 从主服务器上复制过来进行修改
[root@localhost named]# chgrp named mylinux.com.zone
[root@localhost named]# mv mylinux.com.zone fin.mylinux.com
[root@localhost named]# vim fin.mylinux.com
$TTL 600
@ IN SOA ns1.fin.mylinx.com. admin.fin.mylinux.com. (
2016071001
1H
3M
1D
1H
)
IN NS ns1
IN MX 9 mail
ns1 IN A 192.168.10.4
mail IN A 192.168.10.100
www IN A 192.168.10.101
----------------------------------------------------
搭建完成:
默认清空下子域是不知道父域的。
forward {only解析不了后转发给制定的服务器|firest先转发,不返回答案就找根}
设置子域服务器,让其转发给父域
[root@localhost named]# vim /etc/named.conf
options {
directory "/var/named";
forward first;
forwarders { 192.168.10.2; }; (全局转发,除了fin.mylinux.com域意外全部转发给主服务器)
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "fin.mylinux.com" {
type master;
file "fin.mylinux.com";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.loopback";
allow-transfer { none; };
};
--------------------------------------------------------------------------------------------
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "fin.mylinux.com" {
type master;
file "fin.mylinux.com";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "mylinux.com" IN {
type forward; (单独定义一个区域,仅转发此区域)
forward first;
forwarders { 192.168.10.2; };
};
本文出自 “linux运维” 博客,谢绝转载!
标签:dns子域授权
原文地址:http://coolcl.blog.51cto.com/4514424/1813961
