由於本人水平有限,歡迎大家前來批評指正(^_^)
------那你魔鬼
實驗環境:
CentOS 6.6 :兩個節點,IP分別爲172.16.3.1、172.16.3.3
bind-9.8.2
子域授權:
問題:
在某DNS服務器[172.16.3.1]上,有對stu3.com.域的解析權,現在想把ops.stu3.com.域的解析權授予給172.16.3.3主機
解決步驟:
在172.16.3.1上的配置:
vim /etc/named.conf
# 向裏面添加如下內容
zone "stu3.com" IN {
type master;
file "stu3.com.zone";
};
# 在/var/named/下面創建stu3.com.zone文件
vim /var/named/stu3.com.zone
# 向裏面加入如下語句
$TTL 600
$ORIGIN stu3.com.
@ IN SOA ns1.stu3.com. billshuai.163.com. (
2014121701
1H
5M
1D
3D )
@ IN NS ns1
ops IN NS ns1.ops
@ IN MX 10 mx1
ns1 IN A 172.16.3.1
ns1.ops IN A 172.16.3.3
mx1 IN A 172.16.3.18
# 檢測語法
[root@shuai named]# named-checkconf
[root@shuai named]# named-checkzone "stu3.com" stu3.com.zone
zone stu3.com/IN: ops.stu3.com/NS 'ns.ops.stu3.com' (out of zone) has no addresses records (A or AAAA)
zone stu3.com/IN: subdomain1.stu3.com/NS 'ns1.subdomain1.stu3.com.stu3.com' has no address records (A or AAAA)
zone stu3.com/IN: subdomain2.stu3.com/NS 'ns2.subdomain2.stu3.com.stu3.com' has no address records (A or AAAA)
zone stu3.com/IN: loaded serial 2014121101
OK
# 重啓bind
service named relod/restart
在172.16.3.3上的配置:
# 安裝bind
yum -y install bind
vim /etc/named.conf
# 修改裏面options的內容如下【配置成爲緩存DNS服務器】:
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
/* Path to ISC DLV key
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory /"/var/named/dynamic";
*/
};
# 向/etc/named.conf裏面加入如下內容
zone "ops.stu3.com" IN {
type master;
file "ops.stu3.com.zone";
};
# 創建/var/named/ops.stu3.com.zone文件
vim /var/named/ops.stu3.com.zone
# 向ops.stu3.com.zone文件加入如下內容
$TTL 600
$ORIGIN ops.stu3.com.
@ IN SOA ns1.ops.stu3.com. billshuai.163.com. (
2014121701
1H
5M
3D
5D )
@ IN NS ns1
@ IN MX 10 mx1
ns1 IN A 172.16.3.3
mx1 IN A 172.16.3.18
www IN A 172.16.3.14
www1 IN A 172.16.3.19
# 檢測語法
# 配置文件語法檢查
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone "ops.stu3.com"
data/ named.ca named.localhost ops.stu3.com.zone
dynamic/ named.empty named.loopback slaves/
# 域文件語法檢查
[root@localhost named]# named-checkzone "ops.stu3.com" ops.stu3.com.zone
zone ops.stu3.com/IN: loaded serial 2014121701
OK
測試:
# 在172.16.3.1上面測試
[root@shuai named]# dig -t A www.ops.stu3.com @172.16.3.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.ops.stu3.com @172.16.3.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48586
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.ops.stu3.com. IN A
;; ANSWER SECTION:
www.ops.stu3.com. 481 IN A 172.16.3.14
;; AUTHORITY SECTION:
ops.stu3.com. 361 IN NS ns1.ops.stu3.com.
;; ADDITIONAL SECTION:
ns1.ops.stu3.com. 481 IN A 172.16.3.3
;; Query time: 2 msec
;; SERVER: 172.16.3.1#53(172.16.3.1)
;; WHEN: Sun Dec 14 07:30:24 2014
;; MSG SIZE rcvd: 84
# 重啓bind
service named reload/restart
# 可以看出已經成功了(^_^)DNS之子域授權
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.