Subdomain-forward-view of DNS

Source: Internet
Author: User
Tags domain server subdomain
1. subdomain authorization and forwarding if a company applies for the next luowei.com domain name, but considering that there are too many departments in the company, it is necessary to create a separate domain name in a separate department, for example, we now have www.luowei.com, bbs.luowei.com, and tech.luowei.com...

I. subdomain authorization and forwarding
If a company applies for the next luowei.com domain name
Too many domain names need to be set up in separate departments. for example, we have
Www.luowei.com,
Bbs.luowei.com,
Tech.luowei.com,
Now we want to separate tech.luowei.com into a subdomain, which is the same
Www.tech.luowei.com is also available.
Bbs.tech.luowei.com ....
According to the working principle of DNS resolution, the parent domain knows the subdomain, but the subdomain does not know the parent domain at the upper level,
In this case, if you want to find the parent domain, you need to first find the root, and then find the root step by step.
Sub-domain authorization must be implemented in the parent domain, and the glue records connection records
Forward authorization:
Add the following records to the parent domain:
Tech.luowei.com. in ns ns1.tech.luowei.com.
Ns1.tech.luowei.com. in a 192.168.1.104
If I use 192.168.1.103 as the parent domain server and 192.168.1.107 as the subdomain server
192.168.1.100 for testing
The configuration is as follows:
The main configuration file on 192.168.1.103 is as follows:
# Vim/etc/named. conf
Options {
Directory "/var/named ";
};
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "localhost" IN {
Type master;
File "localhost. zone ";
};
Zone "0.0.127.in-addr. arpa" IN {
Type master;
File "named. local ";
};
Zone "luowei.com" IN {
Type master;
File "luowei.com. zone ";
};
Zone "1.168.192.in-addr. arpa" IN {
Type master;
File "192.168.zone ";
};
Two major data configuration files:/var/named/luowei.com and/var/named/192.168.zone
# Vim/var/named/luowei.com. zone
$ TTL 86400
@ 600 in soa ns.luowei.com. admin.luowei.com .(
2011082701
1 H
10 M
7D
1D)
In ns ns.luowei.com.
Ns.luowei.com. in a 192.168.1.103
Www.luowei.com. in a 192.168.1.103
Tech.luowei.com. in ns ns1.tech.luowei.com.
Ns1.tech.luowei.com. in a 192.168.1.107
# Vim/var/named/192.168.zone
$ TTL 86400
@ 600 in soa ns.luowei.com. admin.luowei.com .(
2011082701
1 H
10 M
7D
1D)
In ns ns.luowei.com.
103 in ptr ns.luowei.com.
103 in ptr www.luowei.com.
Because I do forward subdomain authorization, there is no reverse write.
The main configuration file/etc/named. conf on 192.168.1.107
# Vim/etc/named. conf
Options {
Directory "/var/named ";
};
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "localhost" IN {
Type master;
File "localhost. zone ";
};
Zone "0.0.127.in-addr. arpa" IN {
Type master;
File "named. local ";
};
Zone "tech.luowei.com" IN {
Type master;
File "tech.luowei.com. zone ";
};
The main data configuration files of the subdomain in/var/named/are as follows:
# Vim/var/named/tech.luowei.com. zone
$ TTL 86400
@ 600 in soa ns.tech.luowei.com. admin.tech.luowei.com .(
2011082701
1 H
10 M
7D
1D)
In ns ns1.tech.luowei.com.
Ns1.tech.luowei.com. in a 192.168.1.107
Www.tech.luowei.com. in a 192.168.1.107
Other configurations are normal DNS configurations.
Next we use 192.168.1.100 to test
# Dig-t A www.tech.luowei.com @ 192.168.1.107 can be parsed
# Dig-t A www.luowei.com @ 192.168.1.107 cannot be parsed
# Dig-t A www.luowei.com @ 192.168.1.103 can be parsed
# Dig-t A www.tech.luowei.com @ 192.168.1.103 can be parsed
Therefore, we can parse the subdomain on the parent domain, but the subdomain cannot parse the parent domain.
In this case, the solution is to forward
Forwarding configuration:
Complete forwarding:
Options {
Forward only | first; // if the DNS resolution fails, it is forwarded to the specified host until the host responds.
First go to the specified host for recursion. If no response is returned, go to the root to find the result.
Forwarders {ip ;};
};
Partial forwarding:
Zone "xxx" IN {
Type forward;
Forwarders {ip ;};
};
 
 
Next, the above experiment:
We configure the sub-domain name server in the main configuration file
Method 1:
# Vim/etc/named. conf
Options {
Directory "/var/named ";
Forward first;
Forwarders {192.168.1.103 ;};
};
Method 2:
Zone "luowei.com" IN {
Type forward;
Forwarders {192.168.1.103 ;};
};
The above two methods can be used. The first method is global settings, the second method is partial settings, and then in
Test on 192.168.1.107.
# Dig-t A www.luowei.com @ 192.168.1.107
Can be parsed.
 
II. View
Before the view, let's talk about the dns acl.
The format is as follows:
Acl myclients {
192.168.1.0/24;
172.16.1.0/24;
};
The view is based on the original DNS to implement self-built DNS.
The acl provides different resolution results.
The format is as follows:
View NAME {
Match-clients {};
Zone1
Zone2
...

};
View NAME {
Match-clients {};
Zone1
Zone2
...
};
Next, I will use an example to verify this experiment.
# Vim/etc/named. conf
Acl nei {
192.168.0.0/24;
127.0.0.0/8;
}; // Define the intranet acl list
Acl wai {
172.16.0.0/24;
}; // Define the Internet acl list
Options {
Directory "/var/named ";
};
View nei {
Match-clients {nei ;};
Recursion yes;
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "a.org" IN {
Type master;
File "a.org. nei ";
};
}; // Intranet view and corresponding region
View wai {
Match-clients {wai ;};
Recursion no;
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "a.org" IN {
Type master;
File "a.org. wai ";
};
}; // Internet View and corresponding area
Then create the corresponding data files under/var/named/respectively.
Test with addresses of different CIDR blocks respectively. you can view the resolved addresses respectively.
Is the DNS address specified in the data file.
 
This article is from the "IT dream-Qi-sharing" blog

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.