Linux DNS Server subdomain authorization, forwarder, and forwarding domain configuration instance (iii)

DNS Subdomain Authorization:
Here we only show the subdomain authorization for forward parsing

The parent domain is able to parse the a record of the subdomain (not authoritative, because it is not self-parsing),
The subdomain cannot resolve the A record of the parent domain, if it is not to resolve the address process in the parent domain: first go to the root domain of the internet and look under layers. (But we can set up forwarding in the subdomain so that we can parse the a record of the parent domain)

Instance:

Description The parent domain is: ning.com subdomain 1 is: ning1.ning.com subdomain 2 is: ning2.ning.com

650) this.width=650; "title=" 010.jpg "src=" http://s3.51cto.com/wyfs02/M00/44/B1/ Wkiol1piofhqrj1maaenr2ao1ym106.jpg "alt=" wkiol1piofhqrj1maaenr2ao1ym106.jpg "/> Supplemental Note: The parent domain and subdomain can only communicate, there is no need to be in the same network segment, We are here for convenience operation on a network segment. Little Friends understand!

Instance operations:
Parent domain operation configuration: authorization look carefully!!
[email protected] ~]# Vim/var/named/ning.com.zone

$TTL 3600
$ORIGIN ning.com.
@ in SOA ns.ning.com. Ning.qq.com. (
20140809
2H
10M
7D
7D)
In NS NS
In MX ten Mail
In NS ns2
Ning1 in NS ning1.ning---------------authorization subdomain ning1.ning.com
Ning2 in NS ning2.ning----------------authorization subdomain ning2.ning.com
Ning1.ning in A 172.16.3.20------------Specify the subdomain ning1.ning.com server address:
Ning2.ning in A 172.16.3.21------------Specify the subdomain ning2.ning.com server address:
NS2 in A 172.16.3.10
NS in A 172.16.3.1
Mail in A 172.16.3.3
www in A 172.16.3.4
Ning1 in A 172.16.3.30
Hong in CNAME Mail

We have to develop a habit: Check the Zone profile you know: #named-checkzone "ning.com"/var/named/ning.com.zone

subdomain operations:

1. Modify the configuration file
#vim/etc/named.conf content, as you can with your own DNS host settings,

    2, modify configuration file
    #[[ Email protected] named]# vim/etc/named.rfc1912.zones--Add the following
     zone Ning1.ning.com. " In {--------------Specifies the subdomain
     type master;
     file "Ning1.ning.com.zone";---------------specify subdomain resolution Library name
      allow-transfer {127.0.0.1;}; -------here to add this has always been mainly for testing, can not add, what meaning everyone should understand (only allow 127.0.0.1来 View, also shows that only the specified address to synchronize you understand. )
     };

   3, create a child domain library file manually
     [[email protected] named]# vim/var/named/ning1.ning.com.zone
      $TTL 3600
      $ORIGIN ning1.ning.com. --------Declare sub-domain name: Easy to write below (do not add the default is also specified in the above 2 subdomain, you know!) )
     @       in      SOA      ns.ning1.ning.com. Ning.qq.com. (
         20140806
          1h
         3m
          3d
         1d)

In NS NS---------------add ns.ning1.ning.com. Sub-domain name
In MX ten Mail
NS in A 172.16.3.20----------subdomain Address (subdomain server address)
Mail in A 172.16.3.51
www in A 172.16.3.52
QQ in CNAME NS


Subdomain Authorization: Testing
1, we can from the parent domain: #dig-t A www.ning1.ning.com @172.16.3.1-----This is the address of the parent domain
2, local subdomain test: #dig-t A www.ning1.ning.com @172.16.3.20-----Subdomain Address parsing

The child is authorized to this end!!!
----------------------------------------------------------------------------------
We configure the forwarding mechanism based on the above configuration

subdomain forwarder:
Forward all requests for all zones to a specified DNS server
#vim/etc/named.conf
Options {anywhere in-----can be added
Forward Only|first;-------------only forward recursion only; first, recursive to the specified server can not find, after the iteration to find.
forwarders {IP;} --------------forwarded to that server IP address.
};
Example: If our subdomain does not resolve the a record in the parent domain through the same domain as the Internet, we need to configure forwarders in the subdomain.
We configure forwarders on the basis of the above subdomain authorization:

child domain Forwarder instance:
#vim/etc/named.conf
Options {
Forward only;-----------------subdomain to all the resolution of the parent domain to find their own, subdomains only such as the resolution of the results.
Forwarders {172.16.3.1;}; ---------Specify the parent domain server address
};

Test in the subdomain:
#dig-T Awww.ning.com@172.16.3.20-----Here Specifies the IP address of the subdomain server.

  Forwarding area:
    Forward all non-native-responsible zone requests to a specified DNS server
    Here we introduce, zone access control

Access control:
Zone "Ning.com" in {
Type forward;
Forward Only|first;
forwarders {ip;ip1;..}; -------------Specifies non-native forwarding to the ning.com zone for parsing.
}
Forwarding Region instance:
adds the specified zone to be forwarded in the configuration file in the child domain.
# Vim/etc/named.rfc1912.zones
Zone "ning.com." In {--------Specify the area to be forwarded
Type forward;-----Specify the area types
forward only;------forwarding form
Forwarders {172.16.3.1;}; --------Specifies the forwarding server IP (child domains are forwarded to the parent domain)
};
Forwarder and forwarding area to this end

This article is from the "struggling People" blog, please be sure to keep this source http://wodemeng.blog.51cto.com/1384120/1536638