Linux DNS (BIND) Subdomain authorization

Source: Internet
Author: User
Tags subdomain

A zone may have primary DNS, from DNS, subdomain DNS, this section with the primary DNS authorization subdomain for example explained.

Subdomain Authorization configuration process:

1. Edit the primary DNS forward zone file

[[email protected] named]# vim dove.com.zone     #编辑主DNS正向区域文件 $TTL     600@       IN       soa     dove.com.       admin.dove.com.  (            2015041802    #由于有从DNS服务器, Therefore, each modification of the serial number must be added one                 2H                 5M                 3D                 1D )          in      ns       dns         in      ns       slave         IN      MX 9      maildns       IN      A        192.168.8.7mail      IN       A       192.168.8.8www        in      a       192.168.8.8web        IN      CNAME      wwwSlave      IN      A        192.168.8.9                              #中间空行表示不继承前面区域名称dep1        in      ns     dns.dep1   # Add subdomain dns ns records in primary DNS dns.dep1    in      a      192.168.8.10  #在主DNS添加子域DNS   corresponding a record

[[email protected] ~]# yum -y install  bind     #安装bind包/etc/logrotate.d/named        /etc /named.conf         #主配置文件/etc/named.iscdlv.key       #bind密钥文件/etc/named.rfc1912.zones     #区域配置文件 (included in the main profile with the include Directive)/etc/named.root.key        #根区域key文件以实现事务签名/etc/rndc.conf           #rndc (remote name server Controller) configuration file/etc/rndc.key          #rndc加密密钥/ etc/sysconfig/named       #bind进程选项/var/named/named.ca        #全球13个根服务器存放文件/var/named/named.empty/var/named/named.localhost    #本地正向解析区域文件/var/ named/named.loopback    #本地反向解析区域文件 

3. Edit the Master profile, commenting the relevant options

[[email protected] named]# vim/etc/named.conf #编辑主配置文件, use double slash note below three items

Options {

// listen-on port 53 {127.0.0.1;}; #注释只本地监听端口

// Listen-on-v6 port 53 {:: 1;}; #注释IPV6监听端口

Directory "/var/named";

Dump-file "/var/named/data/cache_dump.db";

Statistics-file "/var/named/data/named_stats.txt";

Memstatistics-file "/var/named/data/named_mem_stats.txt";

// allow-query {localhost;}; #注释只允许本地请求

4. Edit the subdomain zone configuration file

[[email protected] named]# vim/etc/named.rfc1912.zones #编辑配置文件, add subdomain area Zone "dep1.dove.com" in {type Master; File "Dep1.dove.com.zone";};

5. Create a Subdomain zone resolution file

[[email protected] named]# vim dep1.dove.com.zone      #编辑子域区域解析文件 $TTL     600@       IN       SOA     dep1.dove.com.  admin.dep1.dove.com.  (                 2015042101                 2H                 5M                 3D                 2H )         IN       NS      dns         #添加子域NS记录dns        IN      A        192.168.8.10   #添加子域对应A记录www        IN       A       192.168.8.11[[email protected]  named]# chmod 640 dep1.dove.com.zone      #修改区域文件权限 [[email  protected] named]# chown :named  dep1.dove.com.zone    #修改区域文件属组

6, dig tool test parsing

[[email protected] named]# setenforce 0            #关闭selinux to prevent synchronization failures [[email protected] named]# service iptables stop       #停止iptables服务 to prevent synchronization failures [[email protected] named]# dig -t a  www.dep1.dove.com   #使用主DNS解析子域上一台主机成功; <<>> dig  9.8.2rc1-redhat-9.8.2-0.30.rc1.el6 <<>> -t a www.dep1.dove.com;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52525;;  flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,  additional: 0;;  QUESTION SECTION:;www.dep1.dove.com.INA;;  ANSWER SECTION:www.dep1.dove.com.600INA192.168.8.11;;  AUTHORITY SECTION:dep1.dove.com.600INNSdns.dep1.dove.com.;;  query time: 738 msec;;  server: 192.168.8.7#53 (192.168.8.7);  WHEN: Tue Apr 21 21:08:31 2015;;  msg size  rcvd: 69
[[email protected] slaves]# cat dove.com.zone     #查看从DNS服务器, sync successfully from master server $origin . $TTL  600; 10 minutesdove.comin soadove.com.  admin.dove.com.  (2015041802; serial7200   ; refresh  (2 hours) 300     ; retry  (5 minutes) 259200  ; expire  (3 days) 86400   ; minimum  (1 day)) nsdns.dove.com.nsslave.dove.com.mx   9  mail.dove.com. $ORIGIN  dove.com.dep1nsdns.dep1$origin dep1.dove.com.dnsa192.168.8.10$origin  dove.com.                    $ORIGIN define the area name dnsa192.168.8.7maila192.168.8.8slavea192.168.8.9webcnamewwwwwwa192.168.8.8 

The end! This completes the Linux subdomain authorization configuration.


This article is from "Why No!" blog, be sure to keep this source http://dovemy.blog.51cto.com/8487472/1636680

Linux DNS (BIND) Subdomain authorization

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.