標籤:linux 子域授權 地區 $origin
一個地區內可能有主DNS、從DNS、子域DNS,本節以主DNS授權子域為例講解.
子域授權配置過程:
1、編輯主DNS正向地區檔案
[[email protected] named]# vim dove.com.zone #編輯主DNS正向地區檔案$TTL 600@ IN SOA dove.com. admin.dove.com. ( 2015041802 #由於有從DNS伺服器,所以序號每次修改須加一 2H 5M 3D 1D ) IN NS dns IN NS Slave IN MX 9 maildns IN A 192.168.8.7mail IN A 192.168.8.8www IN A 192.168.8.8web IN CNAME wwwSlave IN A 192.168.8.9 #中間空行表示不繼承前面地區名稱dep1 IN NS dns.dep1 #在主DNS添加子域DNS NS記錄dns.dep1 IN A 192.168.8.10 #在主DNS添加子域DNS 對應A記錄
2、安裝子域DNS bind相關包
[[email protected] ~]# yum -y install bind #安裝bind包/etc/logrotate.d/named /etc/named.conf #主設定檔/etc/named.iscdlv.key #bind密鑰檔案/etc/named.rfc1912.zones #地區設定檔(用include指令包含在主設定檔)/etc/named.root.key #根地區key檔案以實現事務簽名/etc/rndc.conf #rndc(遠程名稱伺服器控制器)設定檔/etc/rndc.key #rndc加密金鑰/etc/sysconfig/named #bind進程選項/var/named/named.ca #全球13個根伺服器存放檔案/var/named/named.empty/var/named/named.localhost #本地正向解析地區檔案/var/named/named.loopback #本地反向解析地區檔案
3、編輯主設定檔,注釋相關選項
[[email protected] named]# vim /etc/named.conf #編輯主設定檔,使用雙斜線注釋如下三項
options {
// listen-on port 53 { 127.0.0.1; }; #注釋只本地監聽連接埠
// listen-on-v6 port 53 { ::1; }; #注釋IPV6監聽連接埠
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; #注釋只允許本地請求
4、編輯子域地區設定檔
[[email protected] named]# vim /etc/named.rfc1912.zones #編輯設定檔,添加子域地區zone "dep1.dove.com" IN { type master; file "dep1.dove.com.zone";};
5、建立子域地區解析檔案
[[email protected] named]# vim dep1.dove.com.zone #編輯子域地區解析檔案$TTL 600@ IN SOA dep1.dove.com. admin.dep1.dove.com. ( 2015042101 2H 5M 3D 2H ) IN NS dns #添加子域NS記錄dns IN A 192.168.8.10 #添加子域對應A記錄www IN A 192.168.8.11[[email protected] named]# chmod 640 dep1.dove.com.zone #修改地區檔案許可權[[email protected] named]# chown :named dep1.dove.com.zone #修改地區檔案屬組
6、dig工具測試解析
[[email protected] named]# setenforce 0 #關閉selinux,防止同步失敗[[email protected] named]# service iptables stop #停止iptables服務,防止同步失敗[[email protected] named]# dig -t A www.dep1.dove.com #使用主DNS解析子域上一台主機成功; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.dep1.dove.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52525;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;www.dep1.dove.com.INA;; ANSWER SECTION:www.dep1.dove.com.600INA192.168.8.11;; AUTHORITY SECTION:dep1.dove.com.600INNSdns.dep1.dove.com.;; Query time: 738 msec;; SERVER: 192.168.8.7#53(192.168.8.7);; WHEN: Tue Apr 21 21:08:31 2015;; MSG SIZE rcvd: 69
[[email protected] slaves]# cat dove.com.zone #查看從DNS伺服器,從主伺服器同步成功$ORIGIN .$TTL 600; 10 minutesdove.comIN SOAdove.com. admin.dove.com. (2015041802; serial7200 ; refresh (2 hours)300 ; retry (5 minutes)259200 ; expire (3 days)86400 ; minimum (1 day))NSdns.dove.com.NSSlave.dove.com.MX 9 mail.dove.com.$ORIGIN dove.com.dep1NSdns.dep1$ORIGIN dep1.dove.com.dnsA192.168.8.10$ORIGIN dove.com. $ORIGIN定義地區名dnsA192.168.8.7mailA192.168.8.8SlaveA192.168.8.9webCNAMEwwwwwwA192.168.8.8
The End! 至此Linux子域授權配置完成.
Linux DNS 子域授權
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
