Lab Notes:
test Machine 1:192.168.1.11 as the parent domain server
test Machine 2:192.168.1.12 as a subdomain server
Experimental steps:
1. On the lab machine 1 and edit the configuration file, configure it as a cache server, then add zones and add Zone resolution library files, and change the Zone resolution library file to complete the dig
[[email protected] ~]# yum install bind –y[[email protected] ~] #vim /etc/named.confoptions {// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; }; directory "/ Var/named "; dump-file "/var/ Named/data/cache_dump.db "; statistics-file"/var/named/data/ Named_stats.txt "; memstatistics-file"/var/named/data/named_mem_ Stats.txt ";// allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no;// dnssec-lookaside auto; /* Path to isc dlv key */// bindkeys-file "/etc/ Named.iscdlv.key "; // managed-keys-directory"/var/named/dynamic ";}; [[email protected] ~]# service named restartstopping named:. [ OK ]Starting named: &nBsp; [ ok ][[email protected] ~]# ss -tnlp |grep :53LISTEN 0 3 192.168.1.11:53 *:* users: (("named", 4970,21)) LISTEN 0 3 127.0.0.1:53 *:* users: (("named", 4970,20) [[email protected]~] # vim /etc/named.rfc1912.zones  . Add Zone ....... zone " Tanjie.com " IN { type master; file "Tanjie.com.zone";}; [[email protected]~]# cd /var/named/[[email protected] named]# vim tanjie.com.zone$TTL1D$ORIGIN tanjie.com.@ IN SOA ns1.tanjie.com.admin.tanjie.com. ( 2015081601 2H 5m 3D 2d) IN NS ns1 IN NS ns2ns1 IN A 192.168.1.11ns2 in a 192.168.1.18www IN A 192.168.1.11* in a 192.168.1.11 [[email protected] named]# named-checkconf[[email protected] named]# named-checkzone "Tanjie.com" /var/named/ Tanjie.com.zonezonetanjie.com/in: loaded serial 2015081601ok[[email protected] named] # rndc reloadserverreload successful[[email protected] named]# chmod 640 tanjie.com.zone[[email protected] named]# chown :named tanjie.com.zone
Our Parent domain server is complete, and the configured server is dig Test
[Email protected] named]# dig-t A ns2.tanjie.com @192.168.1.11 ...; QUESTION section:;ns2.tanjie.com. in A;; ANSWER SECTION:ns2.tanjie.com. 86400 in A 192.168.1.18 ........ ..... Test findings can be resolved successfully, no problem!!!
2. subdomain Authorization, the following sub-domain authorization, in the primary server's Zone resolution library file to add the sub-domain will be granted:
[[email protected] named]# vim tanjie.com.zone...................................ops in NS ns1.opsops in NS NS2.OPSNS1 . opsin a 192.168.1.12ns2.opsin a 192.168.1.19[[email protected] named]# RNDC reloadserver Reload suc Cessful
3. on the subdomain server, configure the subdomain server, and proceed to Lab 2 . Add subdomain zone and add Subdomain Zone Resolution library file, complete and dig test
[[Email protected] ~]# yum install bind –y[[email protected]~]# vim /etc/named.confoptions{// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; } ; directory "/var/ Named "; dump-file "/var/ Named/data/cache_dump.db "; statistics-file"/var/named/data/ Named_stats.txt "; memstatistics-file"/var/named/data/named_mem_ Stats.txt ";// allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no;// dnssec-lookaside auto; /* path to isc dlv key */// bindkeys-file "/etc/ Named.iscdlv.key "; // managed-keys-directory"/var/named/dynamic ";}; ..... [[email protected]~]# vim /etc/named.rfc1912.zoneszone "Ops.tanjie.com" IN { type master; file "Ops.tanjie.com.zone";}; Create a Zone resolution library file for a subdomain [[email protected]~]# vim /var/named/ops.tanjie.com.zone$ttl1d$ originops.tanjie.com.@ in soa ns1.ops.tanjie.com. admin.ops.tanjie.com. ( 2015081601 1H 5m 3D             3D) IN NS ns1 in ns ns2ns1 in a 192.168.1.12 # This must be consistent with the subdomain defined by the parent domain ns2 in a 192.168.1.19 #这里必须与父域定义的子域保持一致www in a 192.168.1.20* IN A 192.168.1.20[[email protected]~]# named-checkconf[[email protected]~]# named-checkzone "Ops.tanjie.com" /var/named/ops.tanjie.com.zonezoneops.tanjie.com/IN: loaded serial 2015081601ok[[email protected]~]# chmod 640 /var/named/ops.tanjie.com.zone[[email Protected]~]# chown :named /var/named/ops.tanjie.com.zone[[email protected]~]# rndc reloadserverreload successful TestParsing [[email protected]~]# dig -t a www.ops.tanjie.com @192.168.1.12........................;; question section:;www.ops.tanjie.com. IN A ;; answer section:www.ops.tanjie.com. 86400 in a 192.168.1.20 ..... ......... Sub-domains can parse the subdomain itself ..... ..... [[email protected]~]# dig -t a www.tanjie.com @192.168.1.12 ...] the subdomain cannot resolve the parent domain ................ and then again on the parent domain server and the test machine 1, found that the parent domain can parse the subdomain, as follows [[email protected]]# dig -t a www.ops.tanjie.com @192.168.1.11 ;; question section:;www.ops.tanjie.com. IN A ;; Answer section:www.ops.tanjie.com. 86141 in a 192.168.1.20 ;; authority section:ops.tanjie.com. 86141 in ns ns2.ops.tanjie.com.ops.tanjie.com. 86141 IN NS ns1.ops.tanjie.com. ;; additional section:ns1.ops.tanjie.com. 86141 IN A 192.168.1.12ns2.ops.tanjie.com. 86141 IN A  192.168.1.19&NBSP, ............
4. to resolve the problem that the subdomain can resolve the parent domain, we need to define the /etc/named.rfc1912.zone of the repeater in Lab 2. Defines the area tanjie.com, which actsonly as a forwarder, i.e. all requests to the tanje.com Zone are forwarded to forwarders :
[[Email protected]~]# vim /etc/named.rfc1912.zoneszone "tanjie.com" IN { type forward; forward only; forwarders { 192.168.1.11; };}; [[email protected]~]# rndc reloadserverreload successful the dig test for the parent domain under the subdomain resolution: [Email protected]~]# dig -t A www.tanjie.com @192.168.1.12......................;; question section:;www.tanjie.com. IN A ;; answer section:www.tanjie.com. 86400 IN A 192.168.1.11 ;; Authority section:tanjie.com. 86400 IN NS ns2.tanjie.com.tanjie.com. 86400 IN NS ns1.tanjie.com. ;; additional section:ns2.tanjie.com. 86400 in a 192.168.1.18ns1.tanjie.com. 86400 IN A 192.168.1.11 ;; query time: 55 msec;; SERVER: 192.168.1.12#53 (192.168.1.12); WHEN:Thu Aug 13 12:43:21 2015;; msg size rcvd: 116
You can find that the subdomain resolves the parent domain success!!!!
Here our subdomain authorization, subdomain resolution parent domain, parent domain resolution subdomain is complete!
DNS subdomain authorization based on BIND tool and mutual parsing of subdomain parent domain