DNS subdomain authorization

Implement DNS subdomain authorization:

Lab environment: primary DNS server, IP Address: 192.168.1.132

Slave DNS, IP: 192.168.1.20.

Mail Server, IP: 192.168.1.135

WWW server, IP: 192.168.1.128

Subdomain DNS server, IP Address: 192.168.1.200

The implementation process is as follows:

First, add "glue record" to the region resolution library of the parent domain, and increase the number of serial numbers by 1;

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/B6/wKioL1PiSaqyYqK4AAEZskcV8ug814.jpg "Title =" 2014-08-06 10_25_08-root @ stu04 _ var_named-xshell 4.jpg" alt = "wkiol1pisaqyyqk4aaezskcv8ug814.jpg"/>

Prepare the subdomain DNS server 192.168.1.200, install the BIND program, and install the main configuration file.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/B5/wKiom1PiSfXxMR8xAAHrlOAWWhw268.jpg "Title =" 2014-08-06 21_02_45-root @ sueking _~ -Xshell 4.jpg" alt = "wkiom1pisfxxmr8xaahrloawwhw268.jpg"/>

Add a forward region to the subdomain server configuration file:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/B6/wKioL1PiS2OhyszNAAB-7eHb5ag841.jpg "Title =" 2014-08-06 10_51_32-root @ localhost _ var_named-xshell 4.jpg" alt = "wKioL1PiS2OhyszNAAB-7eHb5ag841.jpg"/>

Create a region data parsing file, # Vim tech.sueking.com. Zone

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/B6/wKiom1PiS4SQbQ32AADEkWwualQ474.jpg "Title =" 11_05_41-root @ localhost _ var_named-xshell 4.jpg" alt = "wkiom1pis4sqbq32aadekwwualq474.jpg"/>

Modify the attributes of the forward data file, check the Configuration File Syntax, and start the service:

# Chgrp named/var/named/tech.sueking.com. Zone

# Chmod 640/var/named/tech.sueking.com. Zone

# Checkconf

# Service named start

Use the dig command to test whether the DNS resolution service in the subdomain is normal:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/B6/wKiom1PiTEaB_cA0AAKKKoxEDwQ589.jpg "Title =" 2014-08-06 11_09_49-root @ localhost _ var_named-xshell 4.jpg" alt = "alias"/>

Run the dig command on the master server to test:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/B6/wKiom1PiTK7yTCwlAAJqgLYEsF8136.jpg "Title =" 2014-08-06 11_27_46-root @ stu04 _ var_named-xshell 4.jpg" alt = "wkiom1pitk7ytcwlaajqglyesf8136.jpg"/>

Now the parent domain can query the DNS server of the subdomain. Generally, when the subdomain server and the parent domain server are in a physical network, instead of starting from the root node, to implement this function, we can configure a forwarder or a forwarding domain in the DNS server of the subdomain.

Method 1: configure the forwarder and add the forward and forwarders entries in the options field of the configuration file:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/B7/wKioL1PiTt6B_MhrAAE7o9tw7T0378.jpg "Title =" 2014-08-06 15_14_48-root @ localhost _ var_named-xshell 4.jpg" alt = "wkiol1pitt6b_mhraae7o9tw7t0378.jpg"/>

Note: The forward options can be first and only. The only option only accepts the returned results of the parent domain query, and the first option first forwards the query request to the parent domain server, if no results are returned for the parent domain, the subdomain server submits the query request to the root node server when it is connected to the Internet and performs iterative query.

After adding entries in the configuration file, restart the service, # rndc reload

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/B7/wKiom1PiTwzxHrJuAALnX3xI4Fc577.jpg "Title =" 15_18_32-root @ localhost _ var_named-xshell 4.jpg" alt = "wkiom1pitwzxhrjuaalnx3xi4fc577.jpg"/>

This is the information of the parent domain queried in the subdomain and can be normally displayed. In this way, the forwarder is configured and all query requests are directly submitted to the parent domain server, if the subdomain server can connect to the Internet, the forwarding of query requests can be further divided. For example, only the query requests of the parent domain are submitted to the parent domain server, the servers in other domains are submitted to the root node server and then queried step by step. This reduces the pressure on the DNS server in the parent domain. The configuration method is as follows:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/B7/wKiom1PiT8njxAJ5AACUrktTDv0960.jpg "Title =" 2014-08-06 15_27_25-root @ localhost _ var_named-xshell 4.jpg" alt = "wkiom1pit8njxaj5aacurkttdv0960.jpg"/>

After the configuration is complete, restart the service and test in the subdomain:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/B7/wKioL1PiUSXQFv41AAMEWjp426o153.jpg "Title =" 2014-08-06 15_29_52-root @ localhost _ var_named-xshell 4.jpg" alt = "wkiol1piusx1_v41aamewjp426o153.jpg"/>

In this way, the request for querying the parent domain information can also be reached. If the DNS server in the subdomain can be connected to the Internet, this method is recommended.