DNS之自语授权和转发，view

jilk · 发表于 2014-8-7 08:40:58

1 实验准备：A主机作为主DNS解析服务器并且需要实现分离解析，ip地址为：192.168.10.10，B作为子域DNS服务器，ip地址为192.168.10.12，win7主机作为客户机测试，ip地址为：192.168.10.99；域名地址：single.com

2,查看父域主机软件是否安装

[iyunv@ser1 ~]# rpm -q bind bind-chrootcaching-nameserver

package bind is not installed

package bind-chroot is not installed

package caching-nameserver is not installed 软件未安装

3,安装所需软件

[iyunv@ser1 ~]# yum install -y bind

4,创建并编辑父域服务器主配置文件

(1)配置监听端口及网络有关限制

[iyunv@ser1 ~]# cd /var/named/chroot/etc/

[iyunv@ser1 etc]# cp –p named.caching-nameserver.conf named.conf

[iyunv@ser1 etc]# vim named.conf

options {

listen-on port 53 { 192.168.10.10; };

listen-on-v6 port 53 { ::1; };

allow-query { any; };

allow-query-cache{ any; };

view lt_resolver {

match-clients { any; };

match-destinations { any; };

(2)配置分离解析

接(1)

view localhost_resolver {

match-clients { 192.168.10.99; };

match-destinations { any; };

include"/etc/named.rfc1912.zones";

};

view yd_resolver {

match-clients { any; };

match-destinations { any; };

include"/etc/named.rfc1913.zones";

};

~

[iyunv@ser1 etc]# vim named.rfc1912.zones

zone "single.com" IN {

typemaster;

file"single.com.zone";

};

zone "10.168.192.in-addr.arpa" IN {

typemaster;

file"192.168.10.arpa";

};

5, 创建named.rfc1913.zones文件并编辑

[iyunv@ser1 etc]# cp -p named.rfc1912.zones named.rfc1913.zones

[iyunv@ser1 etc]# vimnamed.rfc1913.zones

zone "single.com" IN {

typemaster;

file"single1.com.zone";

};

zone "10.168.192.in-addr.arpa" IN {

typemaster;

file"192.168.101.arpa";

};

6,配置区域配置文件

(1)配置子域授权正反向解析文件

[iyunv@ser1 named]# cp -p named.local single.com.zone

[iyunv@ser1 named]# vim single.com.zone

$TTL 86400

@ IN SOA single.com. root.single.com. (

2014030801 ;

28800 ;

14400 ;

3600000 ;

86400 ) ;

IN NS dns1.single.com.

bg.single.com. IN NS dns1.bg.single.com.

dns1.bg.single.com. IN A 192.168.10.12

dns1 IN A 192.168.10.10

www IN A 192.168.10.11

[iyunv@ser1 named]# cp -p single.com.zone192.168.10.arpa

[iyunv@ser1 named]# vim 192.168.10.arpa

$TTL 86400

@ IN SOA single.com. root.single.com. (

2014030801; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400) ; Minimum

IN NS dns1.single.com.

10 IN PTR dns1.single.com.

11 IN PTR www.single.com.

(2)配置分离解析正反向解析文件

[iyunv@ser1 named]# cp -psingle.com.zonesingle1.com.zone

[iyunv@ser1 named]# vim single1.com.zone

$TTL 86400

@ IN SOA single.com. root.single.com. (

2014030801 ;

28800 ;

14400 ;

3600000 ;

86400) ;

IN NS dns1.single.com.

bg.single.com. IN NS dns1.bg.single.com.

dns1.bg.single.com. IN A 192.168.10.12

dns1 IN A 192.168.10.10

www IN A 192.168.10.13

[iyunv@ser1 named]# cp -p 192.168.10.arpa192.168.101.arpa

[iyunv@ser1 named]# vim 192.168.101.arpa

$TTL 86400

@ IN SOA single.com. root.single.com. (

2014030801 ;

28800 ;

14400 ;

3600000 ;

86400) ;

IN NS dns1.single.com.

10 IN PTR dns1.single.com.

13 IN PTR www.single.com.

7,开启父域服务器

[iyunv@ser1 named]# servicenamed start

启动named： [确定]

[iyunv@ser1 named]# chkconfignamed on

8,配置子域服务器

(1)安装软件

[iyunv@localhost ~]# yuminstall -y bind bind-chroot caching-nameserver

(2)创建编辑主配置文件

[iyunv@localhost ~]# cd /var/named/chroot/etc/

[iyunv@localhost etc]# cp -pnamed.caching-nameserver.conf named.conf

[iyunv@localhost etc]# vimnamed.conf

options {

listen-on port 53 { 192.168.10.12; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";,

forwarders {192.168.10.10; }……[如果让子域服务器解析到父域里的主机则需要添加此条授权]

view localhost_resolver {

match-clients { any; };

match-destinations { any; };

[iyunv@localhost etc]# vim named.rfc1912.zones

zone "bg.single.com" IN {

typemaster;

file"bg.single.com.zone";

};

zone "192.168.10.in-addr.arpa" IN {

typemaster;

file"192.168.10.arpa";

};

(3)创建并编辑区域配置文件

[iyunv@localhost named]# vimbg.single.com.zone

$TTL 86400

@ IN SOA bg.single.com. root.bg.single.com. (

2014030801 ;

28800 ;

14400 ;

3600000 ;

86400);

IN NS dns1.bg.single.com.

dns1 IN A 192.168.10.12

www IN A 192.168.10.15

[iyunv@localhost named]# vim 192.168.10.arpa

$TTL 86400

@ IN SOA bg.single.com. root.bg.single.com. (

2014030801 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400) ; Minimum

IN NS dns1.bg.single.com.

12 IN PTR dns1.bg.single.com.

15 IN PTR www.bg.single.com.

(4)开启子域服务器

[iyunv@localhost named]# servicenamed start

启动named： [确定]

[iyunv@localhost named]# chkconfignamed on

账号		自动登录	找回密码
密码			立即注册

大疆运维招人啦，

C++ :try 语句块和异常处理

C++的多态

Red Hat RHCE 8 (EX294) Cert Guide

Java/C++ 区别：看完这一篇，就够用！

别再用过时库了！这 13 个顶级 C++ 库才是

c++ size_t 和 int 的区别

[经验分享] DNS之自语授权和转发，view

浏览过的版块

扫码加入运维网微信交流群