由於本人水平有限,歡迎大家前來批評指正(^_^) ------那你魔鬼 實驗環境: CentOS 6.6 :兩個節點,IP分別爲172.16.3.1、172.16.3.3 bind-9.8.2 子域授權: 問題: 在某DNS服務器[172.16.3.1]上,有對stu3.com.域的解析權,現在想把ops.stu3.com.域的解析權授予給172.16.3.3主機 解決步驟: 在172.16.3.1上的配置: vim /etc/named.conf # 向裏面添加如下內容 zone "stu3.com" IN { type master; file "stu3.com.zone"; }; # 在/var/named/下面創建stu3.com.zone文件 vim /var/named/stu3.com.zone # 向裏面加入如下語句 $TTL 600 $ORIGIN stu3.com. @ IN SOA ns1.stu3.com. billshuai.163.com. ( 2014121701 1H 5M 1D 3D ) @ IN NS ns1 ops IN NS ns1.ops @ IN MX 10 mx1 ns1 IN A 172.16.3.1 ns1.ops IN A 172.16.3.3 mx1 IN A 172.16.3.18 # 檢測語法 [root@shuai named]# named-checkconf [root@shuai named]# named-checkzone "stu3.com" stu3.com.zone zone stu3.com/IN: ops.stu3.com/NS 'ns.ops.stu3.com' (out of zone) has no addresses records (A or AAAA) zone stu3.com/IN: subdomain1.stu3.com/NS 'ns1.subdomain1.stu3.com.stu3.com' has no address records (A or AAAA) zone stu3.com/IN: subdomain2.stu3.com/NS 'ns2.subdomain2.stu3.com.stu3.com' has no address records (A or AAAA) zone stu3.com/IN: loaded serial 2014121101 OK # 重啓bind service named relod/restart 在172.16.3.3上的配置: # 安裝bind yum -y install bind vim /etc/named.conf # 修改裏面options的內容如下【配置成爲緩存DNS服務器】: options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable no; dnssec-validation no; dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory /"/var/named/dynamic"; */ }; # 向/etc/named.conf裏面加入如下內容 zone "ops.stu3.com" IN { type master; file "ops.stu3.com.zone"; }; # 創建/var/named/ops.stu3.com.zone文件 vim /var/named/ops.stu3.com.zone # 向ops.stu3.com.zone文件加入如下內容 $TTL 600 $ORIGIN ops.stu3.com. @ IN SOA ns1.ops.stu3.com. billshuai.163.com. ( 2014121701 1H 5M 3D 5D ) @ IN NS ns1 @ IN MX 10 mx1 ns1 IN A 172.16.3.3 mx1 IN A 172.16.3.18 www IN A 172.16.3.14 www1 IN A 172.16.3.19 # 檢測語法 # 配置文件語法檢查 [root@localhost named]# named-checkconf [root@localhost named]# named-checkzone "ops.stu3.com" data/ named.ca named.localhost ops.stu3.com.zone dynamic/ named.empty named.loopback slaves/ # 域文件語法檢查 [root@localhost named]# named-checkzone "ops.stu3.com" ops.stu3.com.zone zone ops.stu3.com/IN: loaded serial 2014121701 OK 測試: # 在172.16.3.1上面測試 [root@shuai named]# dig -t A www.ops.stu3.com @172.16.3.1 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.ops.stu3.com @172.16.3.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48586 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.ops.stu3.com. IN A ;; ANSWER SECTION: www.ops.stu3.com. 481 IN A 172.16.3.14 ;; AUTHORITY SECTION: ops.stu3.com. 361 IN NS ns1.ops.stu3.com. ;; ADDITIONAL SECTION: ns1.ops.stu3.com. 481 IN A 172.16.3.3 ;; Query time: 2 msec ;; SERVER: 172.16.3.1#53(172.16.3.1) ;; WHEN: Sun Dec 14 07:30:24 2014 ;; MSG SIZE rcvd: 84 # 重啓bind service named reload/restart # 可以看出已經成功了(^_^)
DNS之子域授權
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.