Linux DNS Server subdomain authorization, forwarder, and forwarding domain configuration instance (iii)

Source: Internet
Author: User
Tags domain server subdomain

DNS Subdomain Authorization:
Here we only show the subdomain authorization for forward parsing

The parent domain is able to parse the a record of the subdomain (not authoritative, because it is not self-parsing),
The subdomain cannot resolve the A record of the parent domain, if it is not to resolve the address process in the parent domain: first go to the root domain of the internet and look under layers. (But we can set up forwarding in the subdomain so that we can parse the a record of the parent domain)


Description The parent domain is: subdomain 1 is: subdomain 2 is:

650) this.width=650; "title=" 010.jpg "src=" Wkiol1piofhqrj1maaenr2ao1ym106.jpg "alt=" wkiol1piofhqrj1maaenr2ao1ym106.jpg "/> Supplemental Note: The parent domain and subdomain can only communicate, there is no need to be in the same network segment, We are here for convenience operation on a network segment. Little Friends understand!

Instance operations:
Parent domain operation configuration: authorization look carefully!!
[email protected] ~]# Vim/var/named/

$TTL 3600
@ in SOA (
In MX ten Mail
In NS ns2
Ning1 in NS ning1.ning---------------authorization subdomain
Ning2 in NS ning2.ning----------------authorization subdomain
Ning1.ning in A the subdomain server address:
Ning2.ning in A the subdomain server address:
NS2 in A
NS in A
Mail in A
www in A
Ning1 in A
Hong in CNAME Mail

We have to develop a habit: Check the Zone profile you know: #named-checkzone ""/var/named/

subdomain operations:

1. Modify the configuration file
#vim/etc/named.conf content, as you can with your own DNS host settings,

    2, modify configuration file
    #[[ Email protected] named]# vim/etc/named.rfc1912.zones--Add the following
     zone " In {--------------Specifies the subdomain
     type master;
     file "";---------------specify subdomain resolution Library name
      allow-transfer {;}; -------here to add this has always been mainly for testing, can not add, what meaning everyone should understand (only allow来 View, also shows that only the specified address to synchronize you understand. )

   3, create a child domain library file manually
     [[email protected] named]# vim/var/named/
      $TTL 3600
      $ORIGIN --------Declare sub-domain name: Easy to write below (do not add the default is also specified in the above 2 subdomain, you know!) )
     @       in      SOA (

In NS NS---------------add Sub-domain name
In MX ten Mail
NS in A Address (subdomain server address)
Mail in A
www in A

Subdomain Authorization: Testing
1, we can from the parent domain: #dig-t A @ is the address of the parent domain
2, local subdomain test: #dig-t A @ Address parsing

The child is authorized to this end!!!
We configure the forwarding mechanism based on the above configuration

subdomain forwarder:
Forward all requests for all zones to a specified DNS server
Options {anywhere in-----can be added
Forward Only|first;-------------only forward recursion only; first, recursive to the specified server can not find, after the iteration to find.
forwarders {IP;} --------------forwarded to that server IP address.
Example: If our subdomain does not resolve the a record in the parent domain through the same domain as the Internet, we need to configure forwarders in the subdomain.
We configure forwarders on the basis of the above subdomain authorization:

child domain Forwarder instance:
Options {
Forward only;-----------------subdomain to all the resolution of the parent domain to find their own, subdomains only such as the resolution of the results.
Forwarders {;}; ---------Specify the parent domain server address

Test in the subdomain:
#dig-T Specifies the IP address of the subdomain server.

  Forwarding area:
    Forward all non-native-responsible zone requests to a specified DNS server
    Here we introduce, zone access control

Access control:
Zone "" in {
Type forward;
Forward Only|first;
forwarders {ip;ip1;..}; -------------Specifies non-native forwarding to the zone for parsing.
Forwarding Region instance:
adds the specified zone to be forwarded in the configuration file in the child domain.
# Vim/etc/named.rfc1912.zones
Zone "" In {--------Specify the area to be forwarded
Type forward;-----Specify the area types
forward only;------forwarding form
Forwarders {;}; --------Specifies the forwarding server IP (child domains are forwarded to the parent domain)
Forwarder and forwarding area to this end

This article is from the "struggling People" blog, please be sure to keep this source

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.