實驗須知:
實驗機1:192.168.1.11作爲父域服務器
實驗機2:192.168.1.12做爲子域服務器
實驗步驟:
1. 在實驗機1上安裝bind並編輯配置文件,配置好其爲緩存服務器;然後添加區域和添加區域解析庫文件,並更改區域解析庫文件,完成以後在進行dig測試
[root@node1 ~]# yum install bind –y [root@node1 ~]#vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no; // dnssec-lookaside auto; /* Path to ISC DLV key */ // bindkeys-file"/etc/named.iscdlv.key"; // managed-keys-directory"/var/named/dynamic"; }; [root@node1 ~]# service named restart Stopping named:. [ OK ] Starting named: [ OK ] [root@node1 ~]# ss -tnlp |grep :53 LISTEN 0 3 192.168.1.11:53 *:* users:(("named",4970,21)) LISTEN 0 3 127.0.0.1:53 *:* users:(("named",4970,20)) [root@node1~]# vim /etc/named.rfc1912.zones ….添加區域……. zone "tanjie.com" IN { type master; file "tanjie.com.zone"; }; [root@node1~]# cd /var/named/ [root@node1 named]# vim tanjie.com.zone $TTL1D $ORIGIN tanjie.com. @ IN SOA ns1.tanjie.com.admin.tanjie.com. ( 2015081601 2H 5M 3D 2D ) IN NS ns1 IN NS ns2 ns1 IN A 192.168.1.11 ns2 IN A 192.168.1.18 www IN A 192.168.1.11 * IN A 192.168.1.11 [root@node1 named]# named-checkconf [root@node1 named]# named-checkzone "tanjie.com" /var/named/tanjie.com.zone zonetanjie.com/IN: loaded serial 2015081601 OK [root@node1 named]# rndc reload serverreload successful [root@node1 named]# chmod 640 tanjie.com.zone [root@node1 named]# chown :named tanjie.com.zone
到此我們的父域服務器就完成了,下面對配置好的服務器進行dig測試
[root@node1 named]# dig -t A ns2.tanjie.com @192.168.1.11 …… ;;QUESTION SECTION: ;ns2.tanjie.com. IN A ;;ANSWER SECTION: ns2.tanjie.com. 86400 IN A 192.168.1.18 ……………… 測試發現能解析成功,沒有問題!!!
2.子域授權,下面進行子域授權,在主服務器的區域解析庫文件中添加即將授予的子域即可:
[root@node1 named]# vim tanjie.com.zone …………………………….. ops IN NS ns1.ops ops IN NS ns2.ops ns1.opsIN A 192.168.1.12 ns2.opsIN A 192.168.1.19 [root@node1 named]# rndc reload server reload successful
3.在子域服務器配置子域服務器,下面轉到實驗機2上進行操作。添加子域區域和添加子域區域解析庫文件,完成以後並進行dig測試
[root@node2 ~]# yum install bind –y [root@node2~]# vim /etc/named.conf options{ // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no; // dnssec-lookaside auto; /* Path to ISC DLV key */ // bindkeys-file"/etc/named.iscdlv.key"; // managed-keys-directory"/var/named/dynamic"; }; ……… [root@node2~]# vim /etc/named.rfc1912.zones zone"ops.tanjie.com" IN { type master; file "ops.tanjie.com.zone"; }; 創建子域的區域解析庫文件 [root@node2~]# vim /var/named/ops.tanjie.com.zone $TTL1D $ORIGINops.tanjie.com. @ IN SOA ns1.ops.tanjie.com. admin.ops.tanjie.com. ( 2015081601 1H 5M 3D 3D ) IN NS ns1 IN NS ns2 ns1 IN A 192.168.1.12 #這裏必須與父域定義的子域保持一致 ns2 IN A 192.168.1.19 #這裏必須與父域定義的子域保持一致 www IN A 192.168.1.20 * IN A 192.168.1.20 [root@node2~]# named-checkconf [root@node2~]# named-checkzone "ops.tanjie.com" /var/named/ops.tanjie.com.zone zoneops.tanjie.com/IN: loaded serial 2015081601 OK [root@node2~]# chmod 640 /var/named/ops.tanjie.com.zone [root@node2~]# chown :named /var/named/ops.tanjie.com.zone [root@node2~]# rndc reload serverreload successful 測試解析 [root@node2~]# dig -t A www.ops.tanjie.com @192.168.1.12 …………………… ;;QUESTION SECTION: ;www.ops.tanjie.com. IN A ;;ANSWER SECTION: www.ops.tanjie.com. 86400 IN A 192.168.1.20 ………………子域能解析子域自己…............... [root@node2~]# dig -t A www.tanjie.com @192.168.1.12 ………..子域不能解析父域的……………… 而後再次在父域服務器及實驗機1上進行測試,發現父域能解析子域的,如下 [root@node1named]# dig -t A www.ops.tanjie.com @192.168.1.11 ;;QUESTION SECTION: ;www.ops.tanjie.com. IN A ;;ANSWER SECTION: www.ops.tanjie.com. 86141 IN A 192.168.1.20 ;;AUTHORITY SECTION: ops.tanjie.com. 86141 IN NS ns2.ops.tanjie.com. ops.tanjie.com. 86141 IN NS ns1.ops.tanjie.com. ;;ADDITIONAL SECTION: ns1.ops.tanjie.com. 86141 IN A 192.168.1.12 ns2.ops.tanjie.com. 86141 IN A 192.168.1.19 ………………
4.下面解決子域能解析父域的問題,就需要定義轉發器在實驗機2裏的/etc/named.rfc1912.zone定義區域tanjie.com,僅起轉發器的作用,即對tanje.com區域的請求全部轉發至forwarders:
[root@node2~]# vim /etc/named.rfc1912.zones zone"tanjie.com" IN { type forward; forward only; forwarders { 192.168.1.11; }; }; [root@node2~]# rndc reload serverreload successful 下面進行子域解析父域的dig測試: [root@node2~]# dig -t A www.tanjie.com @192.168.1.12 …………………. ;;QUESTION SECTION: ;www.tanjie.com. IN A ;;ANSWER SECTION: www.tanjie.com. 86400 IN A 192.168.1.11 ;;AUTHORITY SECTION: tanjie.com. 86400 IN NS ns2.tanjie.com. tanjie.com. 86400 IN NS ns1.tanjie.com. ;;ADDITIONAL SECTION: ns2.tanjie.com. 86400 IN A 192.168.1.18 ns1.tanjie.com. 86400 IN A 192.168.1.11 ;;Query time: 55 msec ;;SERVER: 192.168.1.12#53(192.168.1.12) ;; WHEN:Thu Aug 13 12:43:21 2015 ;;MSG SIZE rcvd: 116
可以發現子域解析父域成功!!!!
到這裏我們的子域授權、子域解析父域、父域解析子域就完成了!