实验须知:
实验机1:192.168.1.11作为父域服务器
实验机2:192.168.1.12做为子域服务器
实验步骤:
1. 在实验机1上安装bind并编辑配置文件,配置好其为缓存服务器;然后添加区域和添加区域解析库文件,并更改区域解析库文件,完成以后在进行dig测试
[root@node1 ~]# yum install bind –y
[root@node1 ~]#vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
};
[root@node1 ~]# service named restart
Stopping named:. [ OK ]
Starting named: [ OK ]
[root@node1 ~]# ss -tnlp |grep :53
LISTEN 0 3 192.168.1.11:53 *:* users:(("named",4970,21))
LISTEN 0 3 127.0.0.1:53 *:* users:(("named",4970,20))
[root@node1~]# vim /etc/named.rfc1912.zones
….添加区域…….
zone "tanjie.com" IN {
type master;
file "tanjie.com.zone";
};
[root@node1~]# cd /var/named/
[root@node1 named]# vim tanjie.com.zone
$TTL1D
$ORIGIN tanjie.com.
@ IN SOA ns1.tanjie.com.admin.tanjie.com. (
2015081601
2H
5M
3D
2D
)
IN NS ns1
IN NS ns2
ns1 IN A 192.168.1.11
ns2 IN A 192.168.1.18
www IN A 192.168.1.11
* IN A 192.168.1.11
[root@node1 named]# named-checkconf
[root@node1 named]# named-checkzone "tanjie.com" /var/named/tanjie.com.zone
zonetanjie.com/IN: loaded serial 2015081601
OK
[root@node1 named]# rndc reload
serverreload successful
[root@node1 named]# chmod 640 tanjie.com.zone
[root@node1 named]# chown :named tanjie.com.zone
到此我们的父域服务器就完成了,下面对配置好的服务器进行dig测试
[root@node1 named]# dig -t A ns2.tanjie.com @192.168.1.11 …… ;;QUESTION SECTION: ;ns2.tanjie.com. IN A ;;ANSWER SECTION: ns2.tanjie.com. 86400 IN A 192.168.1.18 ……………… 测试发现能解析成功,没有问题!!!
2.子域授权,下面进行子域授权,在主服务器的区域解析库文件中添加即将授予的子域即可:
[root@node1 named]# vim tanjie.com.zone …………………………….. ops IN NS ns1.ops ops IN NS ns2.ops ns1.opsIN A 192.168.1.12 ns2.opsIN A 192.168.1.19 [root@node1 named]# rndc reload server reload successful
3.在子域服务器配置子域服务器,下面转到实验机2上进行操作。添加子域区域和添加子域区域解析库文件,完成以后并进行dig测试
[root@node2 ~]# yum install bind –y
[root@node2~]# vim /etc/named.conf
options{
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
};
………
[root@node2~]# vim /etc/named.rfc1912.zones
zone"ops.tanjie.com" IN {
type master;
file "ops.tanjie.com.zone";
};
创建子域的区域解析库文件
[root@node2~]# vim /var/named/ops.tanjie.com.zone
$TTL1D
$ORIGINops.tanjie.com.
@ IN SOA ns1.ops.tanjie.com. admin.ops.tanjie.com. (
2015081601
1H
5M
3D
3D
)
IN NS ns1
IN NS ns2
ns1 IN A 192.168.1.12 #这里必须与父域定义的子域保持一致
ns2 IN A 192.168.1.19 #这里必须与父域定义的子域保持一致
www IN A 192.168.1.20
* IN A 192.168.1.20
[root@node2~]# named-checkconf
[root@node2~]# named-checkzone "ops.tanjie.com" /var/named/ops.tanjie.com.zone
zoneops.tanjie.com/IN: loaded serial 2015081601
OK
[root@node2~]# chmod 640 /var/named/ops.tanjie.com.zone
[root@node2~]# chown :named /var/named/ops.tanjie.com.zone
[root@node2~]# rndc reload
serverreload successful
测试解析
[root@node2~]# dig -t A www.ops.tanjie.com @192.168.1.12
……………………
;;QUESTION SECTION:
;www.ops.tanjie.com. IN A
;;ANSWER SECTION:
www.ops.tanjie.com. 86400 IN A 192.168.1.20
………………子域能解析子域自己…...............
[root@node2~]# dig -t A www.tanjie.com @192.168.1.12
………..子域不能解析父域的………………
而后再次在父域服务器及实验机1上进行测试,发现父域能解析子域的,如下
[root@node1named]# dig -t A www.ops.tanjie.com @192.168.1.11
;;QUESTION SECTION:
;www.ops.tanjie.com. IN A
;;ANSWER SECTION:
www.ops.tanjie.com. 86141 IN A 192.168.1.20
;;AUTHORITY SECTION:
ops.tanjie.com. 86141 IN NS ns2.ops.tanjie.com.
ops.tanjie.com. 86141 IN NS ns1.ops.tanjie.com.
;;ADDITIONAL SECTION:
ns1.ops.tanjie.com. 86141 IN A 192.168.1.12
ns2.ops.tanjie.com. 86141 IN A 192.168.1.19
………………
4.下面解决子域能解析父域的问题,就需要定义转发器在实验机2里的/etc/named.rfc1912.zone定义区域tanjie.com,仅起转发器的作用,即对tanje.com区域的请求全部转发至forwarders:
[root@node2~]# vim /etc/named.rfc1912.zones
zone"tanjie.com" IN {
type forward;
forward only;
forwarders { 192.168.1.11; };
};
[root@node2~]# rndc reload
serverreload successful
下面进行子域解析父域的dig测试:
[root@node2~]# dig -t A www.tanjie.com @192.168.1.12
………………….
;;QUESTION SECTION:
;www.tanjie.com. IN A
;;ANSWER SECTION:
www.tanjie.com. 86400 IN A 192.168.1.11
;;AUTHORITY SECTION:
tanjie.com. 86400 IN NS ns2.tanjie.com.
tanjie.com. 86400 IN NS ns1.tanjie.com.
;;ADDITIONAL SECTION:
ns2.tanjie.com. 86400 IN A 192.168.1.18
ns1.tanjie.com. 86400 IN A 192.168.1.11
;;Query time: 55 msec
;;SERVER: 192.168.1.12#53(192.168.1.12)
;; WHEN:Thu Aug 13 12:43:21 2015
;;MSG SIZE rcvd: 116可以发现子域解析父域成功!!!!
到这里我们的子域授权、子域解析父域、父域解析子域就完成了!
原文地址:http://jachy.blog.51cto.com/10625380/1684993
