A zone may have primary DNS, from DNS, subdomain DNS, this section with the primary DNS authorization subdomain for example explained.
Subdomain Authorization configuration process:
1. Edit the primary DNS forward zone file
[[email protected] named]# vim dove.com.zone #编辑主DNS正向区域文件 $TTL 600@ IN soa dove.com. admin.dove.com. ( 2015041802 #由于有从DNS服务器, Therefore, each modification of the serial number must be added one                 2H 5M 3D 1D ) IN NS dns &Nbsp; in ns slave IN MX 9 maildns IN a 192.168.8.7mail in A 192.168.8.8www IN A 192.168.8.8web in cname wwwSlave IN A 192.168.8.9 #中间空行表示不继承前面区域名称dep1 in ns dns.dep1 # Add subdomain dns ns records in primary DNS dns.dep1 in a 192.168.8.10 #在主DNS添加子域DNS corresponding a record
2. Install subdomain DNS BIND related package
[Email protected] ~]# yum-y install bind #安装bind包/etc/logrotate.d/named/etc/named.conf #主配置文件/etc/name D.iscdlv.key #bind密钥文件/etc/named.rfc1912.zones #区域配置文件 (included in the main profile with the include Directive)/etc/named.root.key #根区域key文件以实现事务签名/ etc/rndc.conf #rndc (remote name server Controller) configuration file/etc/rndc.key #rndc加密密钥/etc/sysconfig/named #bind进程选项/var/named/name d.ca #全球13个根服务器存放文件/var/named/named.empty/var/named/named.localhost #本地正向解析区域文件/var/named/named.loopback #本地反向解析区 Domain file
3. Edit the Master profile, commenting the relevant options
[[email protected] named]# vim/etc/named.conf #编辑主配置文件, use double slash note below three items
Options {
// listen-on port 53 {127.0.0.1;}; #注释只本地监听端口
// Listen-on-v6 port 53 {:: 1;}; #注释IPV6监听端口
Directory "/var/named";
Dump-file "/var/named/data/cache_dump.db";
Statistics-file "/var/named/data/named_stats.txt";
Memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query {localhost;}; #注释只允许本地请求
4. Edit the subdomain zone configuration file
[[email protected] named]# Vim/etc/named.rfc1912.zoneszone "dep1.dove.com" in {type Master; File "Dep1.dove.com.zone";};
5. Create a Subdomain zone resolution file
[[email protected] named]# vim dep1.dove.com.zone #编辑子域区域解析文件 $TTL 600@ IN SOA dep1.dove.com. admin.dep1.dove.com. ( 2015042101 2H 5M 3D 2H ) IN NS dns #添加子域NS记录dns IN A 192.168.8.10 #添加子域对应A记录www in a 192.168.8.11[[email protected] named]# chmod 640 dep1.dove.com.zone #修改区域文件权限 [[email protected] named]# chown :named dep1.dove.com.zone #修改区域文件属组
[[email protected] named]# setenforce 0 #关闭selinux to prevent synchronization failure [[ email protected] named]# service iptables stop #停止iptables服务 to prevent synchronization failures [[email protected] named]# dig -t a www.dep1.dove.com #使用主DNS解析子域上一台主机成功; <<>> dig 9.8.2rc1-redhat-9.8.2-0.30.rc1.el6 <<>> -t a www.dep1.dove.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35911;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, additional: 1;; QUESTION SECTION:;www.dep1.dove.com.INA;; answer section:
[[email protected] slaves]# cat dove.com.zone #查看从DNS服务器, sync successfully from master server origin . $TTL 600; 10 minutesdove.comIN SOAdove.com. admin.dove.com. ( 2015041802 ; serial7200 ; refresh (2 hours) 300 ; retry (5 minutes) 259200 ; expire (3 days) 86400 ; minimum (1 day)) nsdns.dove.com.nsslave.dove.com.mx9 mail.dove.com. $ORIGIN dove.com.dep1nsdns.dep1$origin dep1.dove.com.dnsA192.168.8.10$ORIGIN dove.com. $ Origin definition Area name dnsa192.168.8.7maila192.168.8.8slavea192.168.8.9webcnamewwwwwwa192.168.8.8
The end! this Linux subdomain authorization configuration is complete.
Linux DNS (BIND) Subdomain authorization