Linux DNS (BIND) Subdomain authorization

Last Update:2015-04-22 Source: Internet

Author: User

Tags subdomain

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

A zone may have primary DNS, from DNS, subdomain DNS, this section with the primary DNS authorization subdomain for example explained.

Subdomain Authorization configuration process:

1. Edit the primary DNS forward zone file

[[email protected] named]# vim dove.com.zone     #编辑主DNS正向区域文件 $TTL     600@       IN       soa     dove.com.       admin.dove.com.  (            2015041802    #由于有从DNS服务器, Therefore, each modification of the serial number must be added one &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2H                 5M                 3D                 1D )          in      ns       dns         in      ns       slave         IN      MX 9      maildns       IN      A        192.168.8.7mail      IN       A       192.168.8.8www        in      a       192.168.8.8web        IN      CNAME      wwwSlave      IN      A        192.168.8.9                              #中间空行表示不继承前面区域名称dep1        in      ns     dns.dep1   # Add subdomain dns ns records in primary DNS dns.dep1    in      a      192.168.8.10  #在主DNS添加子域DNS   corresponding a record

[[email protected] ~]# yum -y install  bind     #安装bind包/etc/logrotate.d/named        /etc /named.conf         #主配置文件/etc/named.iscdlv.key       #bind密钥文件/etc/named.rfc1912.zones     #区域配置文件 (included in the main profile with the include Directive)/etc/named.root.key        #根区域key文件以实现事务签名/etc/rndc.conf           #rndc (remote name server Controller) configuration file/etc/rndc.key          #rndc加密密钥/ etc/sysconfig/named       #bind进程选项/var/named/named.ca        #全球13个根服务器存放文件/var/named/named.empty/var/named/named.localhost    #本地正向解析区域文件/var/ named/named.loopback    #本地反向解析区域文件

3. Edit the Master profile, commenting the relevant options

[[email protected] named]# vim/etc/named.conf #编辑主配置文件, use double slash note below three items

Options {

// listen-on port 53 {127.0.0.1;}; #注释只本地监听端口

// Listen-on-v6 port 53 {:: 1;}; #注释IPV6监听端口

Directory "/var/named";

Dump-file "/var/named/data/cache_dump.db";

Statistics-file "/var/named/data/named_stats.txt";

Memstatistics-file "/var/named/data/named_mem_stats.txt";

// allow-query {localhost;}; #注释只允许本地请求

4. Edit the subdomain zone configuration file

[[email protected] named]# vim/etc/named.rfc1912.zones #编辑配置文件, add subdomain area Zone "dep1.dove.com" in {type Master; File "Dep1.dove.com.zone";};

5. Create a Subdomain zone resolution file

[[email protected] named]# vim dep1.dove.com.zone      #编辑子域区域解析文件 $TTL     600@       IN       SOA     dep1.dove.com.  admin.dep1.dove.com.  (                 2015042101                 2H                 5M                 3D                 2H )         IN       NS      dns         #添加子域NS记录dns        IN      A        192.168.8.10   #添加子域对应A记录www        IN       A       192.168.8.11[[email protected]  named]# chmod 640 dep1.dove.com.zone      #修改区域文件权限 [[email  protected] named]# chown :named  dep1.dove.com.zone    #修改区域文件属组

6, dig tool test parsing

[[email protected] named]# setenforce 0            #关闭selinux to prevent synchronization failures [[email protected] named]# service iptables stop       #停止iptables服务 to prevent synchronization failures [[email protected] named]# dig -t a  www.dep1.dove.com   #使用主DNS解析子域上一台主机成功; <<>> dig  9.8.2rc1-redhat-9.8.2-0.30.rc1.el6 <<>> -t a www.dep1.dove.com;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52525;;  flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,  additional: 0;;  QUESTION SECTION:;www.dep1.dove.com.INA;;  ANSWER SECTION:www.dep1.dove.com.600INA192.168.8.11;;  AUTHORITY SECTION:dep1.dove.com.600INNSdns.dep1.dove.com.;;  query time: 738 msec;;  server: 192.168.8.7#53 (192.168.8.7);  WHEN: Tue Apr 21 21:08:31 2015;;  msg size  rcvd: 69

[[email protected] slaves]# cat dove.com.zone     #查看从DNS服务器, sync successfully from master server $origin . $TTL  600; 10 minutesdove.comin soadove.com.  admin.dove.com.  (2015041802; serial7200   ; refresh  (2 hours) 300     ; retry  (5 minutes) 259200  ; expire  (3 days) 86400   ; minimum  (1 day)) nsdns.dove.com.nsslave.dove.com.mx   9  mail.dove.com. $ORIGIN  dove.com.dep1nsdns.dep1$origin dep1.dove.com.dnsa192.168.8.10$origin  dove.com.                    $ORIGIN define the area name dnsa192.168.8.7maila192.168.8.8slavea192.168.8.9webcnamewwwwwwa192.168.8.8

The end! This completes the Linux subdomain authorization configuration.

This article is from "Why No!" blog, be sure to keep this source http://dovemy.blog.51cto.com/8487472/1636680

Linux DNS (BIND) Subdomain authorization

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More