###jie.com服务器的主配置文件###########options {// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; };directory “/var/named”;dump-file “/var/named/data/cache_dump.db”;statistics-file “/var/named/data/named_stats.txt”;memstatistics-file “/var/named/data/named_mem_stats.txt”;// allow-query{ localhost; };recursion yes;forward only;//只允许转发forwarders { 172.16.122.4; }; //转发到ltt.com服务上// dnssec-enable yes;//关于安全的文件都注释掉// dnssec-validation yes;// dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file “/etc/named.iscdlv.key”;// managed-keys-directory “/var/named/dynamic”;};logging {channel default_debug {file “data/named.run”;severity dynamic;};};zone “.” IN {type hint;file “named.ca”;};include “/etc/named.rfc1912.zones”;//include “/etc/named.root.key”;######区域文件和区域解析文件还是之前的文件内容##############
##########ltt.com服务器的主配置文件######################options {// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; };directory “/var/named”;dump-file “/var/named/data/cache_dump.db”;statistics-file “/var/named/data/named_stats.txt”;memstatistics-file “/var/named/data/named_mem_stats.txt”;// allow-query{ localhost; };// recursion yes;allow-recursion { 172.16.22.2; }; //只为jie.com服务器进行递归查询// dnssec-enable yes;// dnssec-validation yes;// dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file “/etc/named.iscdlv.key”;// managed-keys-directory “/var/named/dynamic”;};logging {channel default_debug {file “data/named.run”;severity dynamic;};};zone “.” IN {type hint;file “named.ca”;};include “/etc/named.rfc1912.zones”;//include “/etc/named.root.key”;##############ltt.com服务器的区域配置文件的部门内容###################zone “ltt.com” IN {type master;file “ltt.com.zone”;};#################ltt.com服务器的区域解析文件的内容###################cat /var/named/ltt.com.zone$TTL 1D@ IN SOA dns.ltt.com. admin.ltt.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumIN NS dns.ltt.com.dnsIN A 172.16.122.4wwwIN A 172.16.122.40wwwIN A 172.16.122.140wwwIN A 172.16.122.240ftpIN A 172.16.122.200mail IN A 172.16.122.250###注意文件的属组和权限######################3
[root@PC ~]# grep -v "^#" /etc/resolv.conf | grep -v "^$"
search com
nameserver 172.16.22.2
[root@PC ~]# host -t A
has address 172.16.122.240
has address 172.16.122.40
has address 172.16.122.140
小结:实际工作中,你的转发的IP一般设置为运营商的DNS服务器的IP地址,香港虚拟主机,运营商的DNS服务器可以接受你的转发
六、DNS的子域授权
#######父域的主配置文件和区域配置文件还是之前的不需要改动###############修改区域解析库文件vim /var/named/jie.com.zone#########$TTL 6400@ IN SOA dns.jie.com. admin.jie.com. (2013081401 ;serial numbel2h;refresh time5m;retry time7d;expire time1d;minimum)IN NS dns.jie.com.dns.jie.com. IN A 172.16.22.2wwwIN A 172.16.22.2wwwIN A 172.16.22.20wwwIN A 172.16.22.200ftpIN A 172.16.22.220sonIN A 172.16.122.4 #添加子域的A记录IN NS son.jie.com. #添加子域的NS记录dnsIN A 172.16.122.4
###子域的主配置文件/etc/named.conf#########options {// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; };directory “/var/named”;dump-file “/var/named/data/cache_dump.db”;statistics-file “/var/named/data/named_stats.txt”;memstatistics-file “/var/named/data/named_mem_stats.txt”;// allow-query{ localhost; };recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file “/etc/named.iscdlv.key”;managed-keys-directory “/var/named/dynamic”;};logging {channel default_debug {file “data/named.run”;severity dynamic;};};zone “.” IN {type hint;file “named.ca”;};include “/etc/named.rfc1912.zones”;include “/etc/named.root.key”;#####子域的区域配置文件/etc/named.rfc1912.com添加一点内容########zone “son.jie.com” IN {type master;file “son.jie.com.zone”;};########子域的区域解析库文件/var/named/son.jie.com.zone添加一点内容####$TTL 1D@ IN SOA dns.son.jie.com. admin.son.jie.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumIN NS dns.son.jie.com.dnsIN A 172.16.122.4wwwIN A 172.16.122.40wwwIN A 172.16.122.140wwwIN A 172.16.122.240ftpIN A 172.16.122.200mailIN A 172.16.122.250
父域的测试:父域是直接可以解析子域的,子域默认是不能解析父域
[root@jie2 named]# host -t A
has address 172.16.122.240
has address 172.16.122.40
has address 172.16.122.140
子域也能解析父域,①可以把子域的DNS指向父域,服务器空间,②在子域上面做转发,父域接收子域的转发请求
七、DNS的acl规则和view视图
人之所以能,是相信能。
