分类: LINUX
2013-04-17 15:44:38
原文地址:Centos Bind域名服务器的授权实战 作者:飞鸿无痕
Centos Bind域名服务器的授权实战
一、
实验环境:
System OS:CentOS release 5.4
主 DNS:192.168.1.103
授权域名dns:192.168.1.104/192.168.1.105(在同一主机上启用了子接口)
二、
软件包的安装
yum -y install bind*
yum -y install caching-nameserver
三、
详细配置
(一)、配置192.168.1.103的/var/named/chroot/etc/named.conf文件
1、cp /var/named/chroot/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf
2、编辑/var/named/chroot/etc/named.conf添加如下内容到最前面:
vi /var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
allow-query { any; };
};
include "/etc/rndc.key";
3、配置192.168.1.103的/var/named/chroot/etc/named.conf添加如下内容到最后面:
vi /var/named/chroot/etc/named.conf
zone "zhang.com" IN {
type master;
file "zhang.zone";
allow-update { none; };
};
###反向解析文件就不创建了!
#zone "1.168.192.in-addr.arpa" IN {
# type master;
# file "zhang.local";
# allow-update { none; };
#};
4、创建192.168.1.103正向解析文件name.zome
vi /var/named/chroot/var/named/zhang.zone
$TTL
86400
@
IN SOA zhang.com.
root.zhang.com. (
1997022700 ; Serial
28800
; Refresh
14400
; Retry
3600000
; Expire
86400 )
; Minimum
zhang.com. IN
NS zhang.com.
www
IN A 192.168.1.103
aa.zhang.com. IN
NS ns.aa.zhang.com.
ns.aa.zhang.com. IN
A 192.168.1.105
aa.zhang.com. IN
NS ns1.aa.zhang.com.
ns1.aa.zhang.com. IN A 192.168.1.104
####上面几行的意思是将子域aa.zhang.com授权给ns.aa.zhang.com和ns1.aa.zhang.com ,ip分别为192.168.1.105和192.168.1.104
5、创建192.168.1.104/192.168.1.105的配置文件named.conf,和步骤1,2一样,
6、配置192.168.1.104/192.168.1.105的/var/named/chroot/etc/named.conf添加如下内容到最后面:
zone "aa.zhang.com" IN {
type master;
file "aa.zhang.zone";
};
#zone "1.168.192.in-addr.arpa"
IN {
#
type master;
#
file "aa.zhang.local";
#};
7、创建192.168.1.104/192.168.1.105正向解析文件aa.name.zome
vi /var/named/chroot/var/named/aa.zhang.zone
$TTL 14400
@
2009120701 ; serial, todays date+todays
86400 ; refresh, seconds
7200 ; retry, seconds
3600000 ; expire, seconds
86400 ) ; minimum, seconds
aa.zhang.com.
aa.zhang.com.
aa.zhang.com. IN A
192.168.1.104
localhost.aa.zhang.com.
IN A 127.0.0.1
aa.zhang.com. IN MX 0
aa.zhang.com.
mail IN CNAME
aa.zhang.com.
www IN CNAME
aa.zhang.com.
ftp IN CNAME
aa.zhang.com.
hehe.aa.zhang.com. IN A 192.168.1.104
gay.aa.zhang.com. IN A 192.168.1.8
四、Test
注意:在test之前,请将dns指向自己!
在192.168.1.103上测试成功!
[root@zhang1 named]# nslookup
Server: 192.168.1.103
Address: 192.168.1.103#53
Non-authoritative
answer:
canonical name = aa.zhang.com.
Name: aa.zhang.com
Address: 192.168.1.104
[root@zhang1 named]#
nslookup hehe.aa.zhang.com
Server: 192.168.1.103
Address: 192.168.1.103#53
Non-authoritative
answer:
Name: hehe.aa.zhang.com
Address: 192.168.1.104