實驗須知:
實驗機1:192.168.1.11作爲父域服務器
實驗機2:192.168.1.12做爲子域服務器
實驗步驟:
1. 在實驗機1上安裝bind並編輯配置文件,配置好其爲緩存服務器;然後添加區域和添加區域解析庫文件,並更改區域解析庫文件,完成以後在進行dig測試
[root@node1 ~]# yum install bind –y
[root@node1 ~]#vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
};
[root@node1 ~]# service named restart
Stopping named:. [ OK ]
Starting named: [ OK ]
[root@node1 ~]# ss -tnlp |grep :53
LISTEN 0 3 192.168.1.11:53 *:* users:(("named",4970,21))
LISTEN 0 3 127.0.0.1:53 *:* users:(("named",4970,20))
[root@node1~]# vim /etc/named.rfc1912.zones
….添加區域…….
zone "tanjie.com" IN {
type master;
file "tanjie.com.zone";
};
[root@node1~]# cd /var/named/
[root@node1 named]# vim tanjie.com.zone
$TTL1D
$ORIGIN tanjie.com.
@ IN SOA ns1.tanjie.com.admin.tanjie.com. (
2015081601
2H
5M
3D
2D
)
IN NS ns1
IN NS ns2
ns1 IN A 192.168.1.11
ns2 IN A 192.168.1.18
www IN A 192.168.1.11
* IN A 192.168.1.11
[root@node1 named]# named-checkconf
[root@node1 named]# named-checkzone "tanjie.com" /var/named/tanjie.com.zone
zonetanjie.com/IN: loaded serial 2015081601
OK
[root@node1 named]# rndc reload
serverreload successful
[root@node1 named]# chmod 640 tanjie.com.zone
[root@node1 named]# chown :named tanjie.com.zone
到此我們的父域服務器就完成了,下面對配置好的服務器進行dig測試
[root@node1 named]# dig -t A ns2.tanjie.com @192.168.1.11 …… ;;QUESTION SECTION: ;ns2.tanjie.com. IN A ;;ANSWER SECTION: ns2.tanjie.com. 86400 IN A 192.168.1.18 ……………… 測試發現能解析成功,沒有問題!!!
2.子域授權,下面進行子域授權,在主服務器的區域解析庫文件中添加即將授予的子域即可:
[root@node1 named]# vim tanjie.com.zone …………………………….. ops IN NS ns1.ops ops IN NS ns2.ops ns1.opsIN A 192.168.1.12 ns2.opsIN A 192.168.1.19 [root@node1 named]# rndc reload server reload successful
3.在子域服務器配置子域服務器,下面轉到實驗機2上進行操作。添加子域區域和添加子域區域解析庫文件,完成以後並進行dig測試
[root@node2 ~]# yum install bind –y
[root@node2~]# vim /etc/named.conf
options{
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
};
………
[root@node2~]# vim /etc/named.rfc1912.zones
zone"ops.tanjie.com" IN {
type master;
file "ops.tanjie.com.zone";
};
創建子域的區域解析庫文件
[root@node2~]# vim /var/named/ops.tanjie.com.zone
$TTL1D
$ORIGINops.tanjie.com.
@ IN SOA ns1.ops.tanjie.com. admin.ops.tanjie.com. (
2015081601
1H
5M
3D
3D
)
IN NS ns1
IN NS ns2
ns1 IN A 192.168.1.12 #這裏必須與父域定義的子域保持一致
ns2 IN A 192.168.1.19 #這裏必須與父域定義的子域保持一致
www IN A 192.168.1.20
* IN A 192.168.1.20
[root@node2~]# named-checkconf
[root@node2~]# named-checkzone "ops.tanjie.com" /var/named/ops.tanjie.com.zone
zoneops.tanjie.com/IN: loaded serial 2015081601
OK
[root@node2~]# chmod 640 /var/named/ops.tanjie.com.zone
[root@node2~]# chown :named /var/named/ops.tanjie.com.zone
[root@node2~]# rndc reload
serverreload successful
測試解析
[root@node2~]# dig -t A www.ops.tanjie.com @192.168.1.12
……………………
;;QUESTION SECTION:
;www.ops.tanjie.com. IN A
;;ANSWER SECTION:
www.ops.tanjie.com. 86400 IN A 192.168.1.20
………………子域能解析子域自己…...............
[root@node2~]# dig -t A www.tanjie.com @192.168.1.12
………..子域不能解析父域的………………
而後再次在父域服務器及實驗機1上進行測試,發現父域能解析子域的,如下
[root@node1named]# dig -t A www.ops.tanjie.com @192.168.1.11
;;QUESTION SECTION:
;www.ops.tanjie.com. IN A
;;ANSWER SECTION:
www.ops.tanjie.com. 86141 IN A 192.168.1.20
;;AUTHORITY SECTION:
ops.tanjie.com. 86141 IN NS ns2.ops.tanjie.com.
ops.tanjie.com. 86141 IN NS ns1.ops.tanjie.com.
;;ADDITIONAL SECTION:
ns1.ops.tanjie.com. 86141 IN A 192.168.1.12
ns2.ops.tanjie.com. 86141 IN A 192.168.1.19
………………
4.下面解決子域能解析父域的問題,就需要定義轉發器在實驗機2裏的/etc/named.rfc1912.zone定義區域tanjie.com,僅起轉發器的作用,即對tanje.com區域的請求全部轉發至forwarders:
[root@node2~]# vim /etc/named.rfc1912.zones
zone"tanjie.com" IN {
type forward;
forward only;
forwarders { 192.168.1.11; };
};
[root@node2~]# rndc reload
serverreload successful
下面進行子域解析父域的dig測試:
[root@node2~]# dig -t A www.tanjie.com @192.168.1.12
………………….
;;QUESTION SECTION:
;www.tanjie.com. IN A
;;ANSWER SECTION:
www.tanjie.com. 86400 IN A 192.168.1.11
;;AUTHORITY SECTION:
tanjie.com. 86400 IN NS ns2.tanjie.com.
tanjie.com. 86400 IN NS ns1.tanjie.com.
;;ADDITIONAL SECTION:
ns2.tanjie.com. 86400 IN A 192.168.1.18
ns1.tanjie.com. 86400 IN A 192.168.1.11
;;Query time: 55 msec
;;SERVER: 192.168.1.12#53(192.168.1.12)
;; WHEN:Thu Aug 13 12:43:21 2015
;;MSG SIZE rcvd: 116可以發現子域解析父域成功!!!!
到這裏我們的子域授權、子域解析父域、父域解析子域就完成了!