標籤:dns子域授權
實驗環境:
-------RHEL5.10(vmnet1)----------REL5.10(vmnet1)
(192.168.100.10主域) (192.168.100.20子域)
【DNS子域授權配置】
kvm_node2(子域)上面操作:
[[email protected] ~]# yum -y install bind bind-chroot caching-nameserver
[[email protected] ~]# cd /var/named/chroot/etc/
[[email protected] etc]# vim named.rfc1912.zones
...
51 zone "sh.tarena.com" IN {
52 type master;
53 file "sh.tarena.com.zone";
54 allow-transfer { none; };
55 };
[[email protected] etc]# cd /var/named/chroot/var/named/
[[email protected] named]# cp -p named.zero sh.tarena.com.zone
[[email protected] named]# cat sh.tarena.com.zone
$TTL 86400
@ IN SOA dns1.sh.tarena.com. root.sh.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.sh.tarena.com.
dns1 IN A 192.168.100.20
www IN A 192.168.100.100
[[email protected] named]# service named restart
kvm_node1(父域)上面操作:
[[email protected] ~]# yum -y install bind bind-chroot caching-nameserver
[[email protected] ~]# cd /var/named/chroot/var/named/
[[email protected] named]# cat tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
sh.tarena.com. IN NS dns1.sh.tarena.com.
dns1.sh.tarena.com. IN A 192.168.100.20
dns1 IN A 192.168.100.10
[[email protected] named]# service named restart
測試:
[[email protected] ~]# host www.sh.tarena.com 192.168.100.10
反過來用戶端dns指向子域,解析父域條目
[[email protected] named]# vim /var/named/chroot/etc/named.conf
21 forwarders { 192.168.100.10; };
[[email protected] named]# service named restart
測試:
[[email protected] ~]# host www.tarena.com 192.168.100.20
Using domain server:
Name: 192.168.100.20
Address: 192.168.100.20#53
Aliases:
www.tarena.com has address 192.168.100.1
【DNS分離解析/視圖】
判斷不同的來源地址訪問相同網域名稱給解析不同結果
[[email protected] ~]# cd /var/named/chroot/etc/
[[email protected] etc]# vim named.conf
...
15 listen-on port 53 { 192.168.100.10; };
16 // listen-on-v6 port 53 { ::1; };
...
27 allow-query { any; };
28 allow-query-cache { any; };
...
36 view lt {
37 match-clients { 192.168.100.20; };
38 match-destinations { any; };
39 recursion yes;
40 include "/etc/named.rfc1912.zones";
41 };
42
43 view yd {
44 match-clients { any; };
45 match-destinations { any; };
46 recursion yes;
47 include "/etc/named.rfc1913.zones";
48 };
[[email protected] etc]# cp -p named.rfc1912.zones named.rfc1913.zones
[[email protected] etc]# vim named.rfc1912.zones
...
51 zone "tarena.com" IN {
52 type master;
53 file "lt.tarena.com.zone";
54 allow-transfer { none; };
55 };
[[email protected] etc]# vim named.rfc1913.zones
51 zone "tarena.com" IN {
52 type master;
53 file "yd.tarena.com.zone";
54 allow-transfer { none; };
55 };
[[email protected] etc]# cd /var/named/chroot/var/named/
[[email protected] named]# cp -p named.zero lt.tarena.com.zone
[[email protected] named]# cp -p named.zero yd.tarena.com.zone
[[email protected] named]# cat lt.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 1.1.1.1
[[email protected] named]# cat yd.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 2.2.2.2
[[email protected] named]# service named restart
測試:
用192.168.100.20和其他客戶機分別測試
本文出自 “周民” 部落格,請務必保留此出處http://zhmin.blog.51cto.com/5402080/1431368
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
