配置 DNS 辅助域名服务器和子域名服务器
来源:岁月联盟
时间:2007-08-07
一、规划说明:
主机A: 双网卡
192.168.1.7 --> mydomain.org主域名服务器
192.168.10.7 --> myzone.org主域名服务器,其有两个子域,为market.myzone.org和develog.myzone.org
主机B:双网卡
192.168.1.6 --> mydomain.org辅助域名服务器
192.168.10.6 --> market.myzone.org子域名服务器
两台服务器均有DNS独立的日志,用以记录查询(query_logs)记录和错误(err_logs)记录,以便于DNS后期管理;本文不过多涉及安全方面的问题。
安装过程请参照另一篇文章“Bind 9.4.0rc2安装笔记(一步步学习配置简易DNS)”。
二、主机A:
1. 主配置文件/etc/named.conf
options { directory "/var/named/"; version "0.0.0";};logging { channel dns_errors { file "/var/log/named/err_logs" versions 3 size 10m; severity error; print-category yes; print-severity yes; print-time yes; }; channel dns_queries { file "/var/log/named/query_logs" versions 3 size 10m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { dns_errors; }; category queries { dns_queries; };};zone "." { type hint; file "named.ca";};zone "localhost" { type master; file "named.local";};zone "0.0.127.IN-addr.arpa" { type master; file "named.rev";};zone "mydomain.org" { type master; file "mydomain.org.zone"; allow-transfer { 192.168.1.6/32; };};zone "myzone.org" { type master; file "myzone.org.zone"; allow-transfer { 192.168.10.0/24; };};zone "10.168.192.in-addr.arpa" { type master; file "192.168.10.zone"; allow-transfer { 192.168.10.0/24; };};zone "1.168.192.in-addr.arpa" { type master; file "192.168.1.zone"; allow-transfer { 192.168.1.6/32; };};key "rndc-key" { algorithm hmac-md5; secret "oKLRLl8BolNj883OX1YcxQ==";};controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };};# End of named.conf
2.域mydomain.org的正向解析文件/var/named/mydomain.org.zone
$TTL 1D$ORIGIN mydomain.org.@ 1D IN SOA mydomain.org. root.mail.mydomain.org. ( 20070301 1H 15M 1W 1D ) IN NS ns.mydomain.org. IN MX 10 mail.mydomain.org.mydomain.org. IN A 192.168.1.7 #泛域名解析ns IN A 192.168.1.7mail IN A 192.168.1.100www IN CNAME mailftp IN CNAME mail
3.域mydomain.org的反向解析文件/var/named/192.168.1.zone
$TTL 1D@ 1D IN SOA mydomain.org. root.mail.mydomain.org. ( 20070301 1H 15M 1W 1D ) IN NS ns.mydomain.org.7 IN PTR marion.org.7 IN PTR ns.mydomain.org.100 IN PTR mail.mydomain.org.
4.域myzone.org的正向解析文件/var/named/myzone.org.zone
# more /var/named/myzone.org.zone $TTL 1D$ORIGIN myzone.org.@ 1D IN SOA myzone.org. root.mail.myzone.org. ( 20070301 1H 15M 1W 1D ) IN NS ns.myzone.org. IN MX 10 mail.myzone.org.myzone.org. IN A 192.168.10.7ns IN A 192.168.10.7mail IN A 192.168.10.5www IN CNAME mailftp IN CNAME mailmarket IN NS ns.market #指明授权的子域marketns.market IN A 192.168.10.6$ORIGIN develop.myzone.org. #指明授权的子域develop,和上一种方法稍有不同. IN NS ns.develop.myzone.org. ns IN A 192.168.10.2
5.域myzone.org的反向解析文件/var/named/192.168.10.zone
$TTL 1D@ 1D IN SOA myzone.org. root.mail.myzone.org. ( 20070301 1H 15M 1W 1D ) IN NS ns.myzone.org.6 IN PTR ns.market.myzone.org2 IN PTR ns.develop.myzone.org7 IN PTR ns.myzone.org.5 IN PTR mail.myzone.org. 7 IN PTR myzone.org.
三、主机B:
1.named主配置文件/etc/named.conf
options { directory "/var/named/"; version "unknown"; forwarders { 192.168.1.7; };};logging { channel dns_errors { file "/var/log/named/err_logs" versions 3 size 10m; severity error; print-category yes; print-severity yes; print-time yes; }; channel dns_queries { file "/var/log/named/query_logs" versions 3 size 10m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { dns_errors; }; category queries { dns_queries; };};zone "." { type hint; file "named.ca";};zone "localhost" { type master; file "named.local";};zone "0.0.127.IN-addr.arpa" { type master; file "named.rev";};zone "mydomain.org" { type slave; file "mydomain.org.zone"; masters { 192.168.1.7; };};zone "1.168.192.in-addr.arpa" { type slave; file "192.168.1.zone"; masters { 192.168.1.7; };};zone "market.myzone.org" { type master; file "market.myzone.org.zone";};zone "10.168.192.in-addr.arpa" { type master; file "192.168.10.zone";};key "rndc-key" { algorithm hmac-md5; secret "NiBZCqWP0IsvMPuZpUKdog==";};controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };};# End of named.conf
2.子域market.myzone.org的正向解析文件/var/named/market.myzone.org.zone
$TTL 1D$ORIGIN market.myzone.org.@ 1D IN SOA market.myzone.org. root.mail.market.myzone.org. ( 20070301 1H 15M 1W 1D ) IN NS ns.market.myzone.org. IN MX 10 mail.market.myzone.org.market.myzone.org. IN A 192.168.10.6ns IN A 192.168.10.6mail IN A 192.168.10.100www IN CNAME mail
3.子域market.myzone.org的反向解析文件/var/named/192.168.10.zone
$TTL 1D@ 1D IN SOA myzone.org. root.mail.myzone.org. ( 20070301 1H 15M 1W 1D ) IN NS ns.myzone.org.6 IN PTR ns.myzone.org.100 IN PTR mail.myzone.org.
注:辅助域的解析文件将会由区域传送获得,不需要手动建立。如果你想要反复尝试区域传送的效果,请将TTL值改小。本机的如下所示:
4.域mydomain.org的正向解析文件/var/named/mydomain.org.zone
$ORIGIN .$TTL 86400 ; 1 daymydomain.org IN SOA mydomain.org. root.mail.mydomain.org. ( 20070301 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns.mydomain.org. A 192.168.1.7 MX 10 mail.mydomain.org.$ORIGIN mydomain.org.ftp CNAME mailmail A 192.168.1.100ns A 192.168.1.7www CNAME mail
5.域mydomain.org的反向解析文件/var/named/192.168.1.zone
$ORIGIN .$TTL 86400 ; 1 day1.168.192.in-addr.arpa IN SOA mydomain.org. root.mail.mydomain.org. ( 20070301 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns.mydomain.org.$ORIGIN 1.168.192.in-addr.arpa.100 PTR mail.mydomain.org.7 PTR marion.org. PTR ns.mydomain.org.
四:测试结果
1.主机A:
#nslookup> set type=NS> market.myzone.orgServer: 127.0.0.1Address: 127.0.0.1#53Non-authoritative answer:market.myzone.org nameserver = ns.market.myzone.org.Authoritative answers can be found from:ns.market.myzone.org internet address = 192.168.10.6> myzone.orgServer: 127.0.0.1Address: 127.0.0.1#53myzone.org nameserver = ns.myzone.org.> mydomain.orgServer: 127.0.0.1Address: 127.0.0.1#53mydomain.org nameserver = ns.mydomain.org.>
2.主机B:
#nslookup> set type=NS> mydomain.orgServer: 127.0.0.1Address: 127.0.0.1#53mydomain.org nameserver = ns.mydomain.org.> myzone.orgServer: 127.0.0.1Address: 127.0.0.1#53Non-authoritative answer:myzone.org nameserver = ns.myzone.org.Authoritative answers can be found from:ns.myzone.org internet address = 192.168.10.7> market.myzone.orgServer: 127.0.0.1Address: 127.0.0.1#53market.myzone.org nameserver = ns.market.myzone.org.
