A zone may have primary DNS, from DNS, subdomain DNS, this section with the primary DNS authorization subdomain for example explained.
Subdomain Authorization configuration process:
1. Edit the primary DNS forward zone file
[[email protected] named]# vim dove.com.zone #编辑主DNS正向区域文件 $TTL 600@ IN soa dove.com. admin.dove.com. ( 2015041802 #由于有从DNS服务器, Therefore, each modification of the serial number must be added one                 2H 5M 3D 1D ) in ns dns in ns slave IN MX 9 maildns IN A 192.168.8.7mail IN A 192.168.8.8www in a 192.168.8.8web IN CNAME wwwSlave IN A 192.168.8.9 #中间空行表示不继承前面区域名称dep1 in ns dns.dep1 # Add subdomain dns ns records in primary DNS dns.dep1 in a 192.168.8.10 #在主DNS添加子域DNS corresponding a record
[[email protected] ~]# yum -y install bind #安装bind包/etc/logrotate.d/named /etc /named.conf #主配置文件/etc/named.iscdlv.key #bind密钥文件/etc/named.rfc1912.zones #区域配置文件 (included in the main profile with the include Directive)/etc/named.root.key #根区域key文件以实现事务签名/etc/rndc.conf #rndc (remote name server Controller) configuration file/etc/rndc.key #rndc加密密钥/ etc/sysconfig/named #bind进程选项/var/named/named.ca #全球13个根服务器存放文件/var/named/named.empty/var/named/named.localhost #本地正向解析区域文件/var/ named/named.loopback #本地反向解析区域文件
3. Edit the Master profile, commenting the relevant options
[[email protected] named]# vim/etc/named.conf #编辑主配置文件, use double slash note below three items
Options {
// listen-on port 53 {127.0.0.1;}; #注释只本地监听端口
// Listen-on-v6 port 53 {:: 1;}; #注释IPV6监听端口
Directory "/var/named";
Dump-file "/var/named/data/cache_dump.db";
Statistics-file "/var/named/data/named_stats.txt";
Memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query {localhost;}; #注释只允许本地请求
4. Edit the subdomain zone configuration file
[[email protected] named]# vim/etc/named.rfc1912.zones #编辑配置文件, add subdomain area Zone "dep1.dove.com" in {type Master; File "Dep1.dove.com.zone";};
5. Create a Subdomain zone resolution file
[[email protected] named]# vim dep1.dove.com.zone #编辑子域区域解析文件 $TTL 600@ IN SOA dep1.dove.com. admin.dep1.dove.com. ( 2015042101 2H 5M 3D 2H ) IN NS dns #添加子域NS记录dns IN A 192.168.8.10 #添加子域对应A记录www IN A 192.168.8.11[[email protected] named]# chmod 640 dep1.dove.com.zone #修改区域文件权限 [[email protected] named]# chown :named dep1.dove.com.zone #修改区域文件属组
6, dig tool test parsing
[[email protected] named]# setenforce 0 #关闭selinux to prevent synchronization failures [[email protected] named]# service iptables stop #停止iptables服务 to prevent synchronization failures [[email protected] named]# dig -t a www.dep1.dove.com #使用主DNS解析子域上一台主机成功; <<>> dig 9.8.2rc1-redhat-9.8.2-0.30.rc1.el6 <<>> -t a www.dep1.dove.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52525;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, additional: 0;; QUESTION SECTION:;www.dep1.dove.com.INA;; ANSWER SECTION:www.dep1.dove.com.600INA192.168.8.11;; AUTHORITY SECTION:dep1.dove.com.600INNSdns.dep1.dove.com.;; query time: 738 msec;; server: 192.168.8.7#53 (192.168.8.7); WHEN: Tue Apr 21 21:08:31 2015;; msg size rcvd: 69
[[email protected] slaves]# cat dove.com.zone #查看从DNS服务器, sync successfully from master server $origin . $TTL 600; 10 minutesdove.comin soadove.com. admin.dove.com. (2015041802; serial7200 ; refresh (2 hours) 300 ; retry (5 minutes) 259200 ; expire (3 days) 86400 ; minimum (1 day)) nsdns.dove.com.nsslave.dove.com.mx 9 mail.dove.com. $ORIGIN dove.com.dep1nsdns.dep1$origin dep1.dove.com.dnsa192.168.8.10$origin dove.com. $ORIGIN define the area name dnsa192.168.8.7maila192.168.8.8slavea192.168.8.9webcnamewwwwwwa192.168.8.8
The end! This completes the Linux subdomain authorization configuration.
This article is from "Why No!" blog, be sure to keep this source http://dovemy.blog.51cto.com/8487472/1636680
Linux DNS (BIND) Subdomain authorization