分类: LINUX
2009-11-03 01:46:12
DELEGATION实验
Remember that one of the main goals of the design of the Domain Name System was to decentralize administration? This is achieved through .
(转载)
实验环境:
父域:
server1:eth0:192.168.10.50 eth1:192.168.20.50
子域:
server.bj:eth0:192.168.10.80
server.sh:在192.168.20。0/24网段
实验步骤:
父域server1:
[root@server1 named]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:7B:49:A8
inet addr:192.168.10.50 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe7b:49a8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4130 errors:0 dropped:0 overruns:0 frame:0
TX packets:5028 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:453678 (443.0 KiB) TX bytes:592310 (578.4 KiB)
Interrupt:67 Base address:0x2024
eth1 Link encap:Ethernet HWaddr 00:0C:29:7B:49:B2
inet addr:192.168.20.50 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe7b:49b2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6769 errors:0 dropped:0 overruns:0 frame:0
TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:685504 (669.4 KiB) TX bytes:21337 (20.8 KiB)
Interrupt:67 Base address:0x20a4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:556 errors:0 dropped:0 overruns:0 frame:0
TX packets:556 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:41062 (40.0 KiB) TX bytes:41062 (40.0 KiB)
[root@server1 named]# vi /etc/named.caching-nameserver.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
acl bj { 192.168.10.0/24; };
acl sh { 192.168.20.0/24; };
options {
listen-on port 53 { 127.0.0.1;bj;sh; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost;bj;sh; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost;bj;sh; };
match-destinations { localhost;bj;sh; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@server1 named]# vi /etc/named.rfc1912.zones
加上为example.com域指定正反向zone文件
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "example.com.local10";
allow-update { none; };
};
zone "20.168.192.in-addr.arpa" IN {
type master;
file "example.com.local20";
allow-update { none; };
};
@@注意:要将不再同一网段的两个子域的反解分别写在两个文件中。
[root@server1 named]# cd /var/named/chroot/var/named/
[root@server1 named]# touch example.com.zone example.com.local10 example.com.local20
[root@server1 named# chown root.named example.com.zone example.com.local10 example.com.local20
[root@server1 named]# vi example.com.zone
$TTL 86400
@ IN SOA server1.example.com. root@example.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server1.example.com.
server1 IN A 192.168.10.50
server1 IN A 192.168.20.50
server.bj IN A 192.168.10.80
server.sh IN A 192.168.20.80
bj IN NS server.bj.example.com.
sh IN NS server.sh.example.com.
~
@@注意:可在vi 命令模式下加载模板:r localhost.zone
参数解析:ZONE文件中必要的资源记录:
SOA 起始资源记录,标记去数据的开始,定义影响整个区的参数(如更新时间,查询时间,缓存失效时间)
NS 一个区的域名服务器
~~
正向解析:A 记录 转换从主机名到IP 格式:hostname IN A IP
CNAME 定义主机别名(同一个IP) 格式:IN CNAME
MX 指定该域的邮件服务器 格式ex:IN MX 5 mail1.sina.com.cn
%5 指定优先级,必须指定优先级
反向解析:PTR 转换从IP到主机
[root@server1 named]# vi example.com.local10
$TTL 86400
@ IN SOA server1.example.com. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.example.com.
50 IN PTR server1.example.com.
80 IN NS server.bj.example.com.
@@注意:可在vi 命令模式下加载模板:r named.local
[root@server1 named]# vi example.com.local20
$TTL 86400
@ IN SOA server1.example.com. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.example.com.
50 IN PTR server1.example.com.
80 IN NS server.sh.example.com.
~
[root@server1 named]# service named restart
在子域server.bj的主机上:
[root@server named]# vi /etc/named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;192.168.10.80; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost;192.168.10.0/24; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost;192.168.10.0/24; };
match-destinations { localhost;192.168.10.0/24; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
~
@@注意:监听端口指向自己
[root@server named]# vi /etc/named.rfc1912.zones
加上 为本域指定的正反向zone文件
zone "bj.example.com" IN {
type master;
file "bj.example.com.zone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "bj.example.com.local";
allow-update { none; };
};
[root@server named]# vi bj.example.com.zone
$TTL 86400
@ IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server.bj.example.com.
server IN A 192.168.10.80
server1 IN A 192.168.10.55
hello IN A 192.168.10.10
[root@server named]# vi bj.example.com.local
$TTL 86400
@ IN SOA server1.example.com. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server.bj.example.com.
10 IN PTR hello.bj.example.com.
80 IN PTR server.bj.example.com.
~
@@注意:.DNS服务器要关闭防火墙!!!
#service iptables stop