实验须知:
实验机1:192.168.1.11作为父域服务器
实验机2:192.168.1.12做为子域服务器
实验步骤:
1. 在实验机1上安装bind并编辑配置文件,配置好其为缓存服务器;然后添加区域和添加区域解析库文件,并更改区域解析库文件,完成以后在进行dig测试
[root@node1 ~]# yum install bind –y[root@node1 ~]#vim /etc/named.confoptions {// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt";// allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no;// dnssec-lookaside auto; /* Path to ISC DLV key */// bindkeys-file"/etc/named.iscdlv.key"; // managed-keys-directory"/var/named/dynamic";};[root@node1 ~]# service named restartStopping named:. [ OK ]Starting named: [ OK ][root@node1 ~]# ss -tnlp |grep :53LISTEN 0 3 192.168.1.11:53 *:* users:(("named",4970,21))LISTEN 0 3 127.0.0.1:53 *:* users:(("named",4970,20)) [root@node1~]# vim /etc/named.rfc1912.zones ….添加区域……. zone "tanjie.com" IN { type master; file "tanjie.com.zone";}; [root@node1~]# cd /var/named/[root@node1 named]# vim tanjie.com.zone$TTL1D$ORIGIN tanjie.com.@ IN SOA ns1.tanjie.com.admin.tanjie.com. ( 2015081601 2H 5M 3D 2D) IN NS ns1 IN NS ns2ns1 IN A 192.168.1.11ns2 IN A 192.168.1.18www IN A 192.168.1.11* IN A 192.168.1.11 [root@node1 named]# named-checkconf[root@node1 named]# named-checkzone "tanjie.com" /var/named/tanjie.com.zonezonetanjie.com/IN: loaded serial 2015081601OK[root@node1 named]# rndc reloadserverreload successful[root@node1 named]# chmod 640 tanjie.com.zone[root@node1 named]# chown :named tanjie.com.zone
到此我们的父域服务器就完成了,下面对配置好的服务器进行dig测试
[root@node1 named]# dig -t A ns2.tanjie.com @192.168.1.11……;;QUESTION SECTION:;ns2.tanjie.com. IN A ;;ANSWER SECTION:ns2.tanjie.com. 86400 IN A 192.168.1.18………………测试发现能解析成功,没有问题!!!
2.子域授权,下面进行子域授权,在主服务器的区域解析库文件中添加即将授予的子域即可:
[root@node1 named]# vim tanjie.com.zone……………………………..ops IN NS ns1.opsops IN NS ns2.opsns1.opsIN A 192.168.1.12ns2.opsIN A 192.168.1.19[root@node1 named]# rndc reloadserver reload successful
3.在子域服务器配置子域服务器,下面转到实验机2上进行操作。添加子域区域和添加子域区域解析库文件,完成以后并进行dig测试
[root@node2 ~]# yum install bind –y[root@node2~]# vim /etc/named.confoptions{// listen-on port 53 { 127.0.0.1; };// listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt";// allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no;// dnssec-lookaside auto; /* Path to ISC DLV key */// bindkeys-file"/etc/named.iscdlv.key"; // managed-keys-directory"/var/named/dynamic";};……… [root@node2~]# vim /etc/named.rfc1912.zoneszone"ops.tanjie.com" IN { type master; file "ops.tanjie.com.zone";}; 创建子域的区域解析库文件[root@node2~]# vim /var/named/ops.tanjie.com.zone$TTL1D$ORIGINops.tanjie.com.@ IN SOA ns1.ops.tanjie.com. admin.ops.tanjie.com. ( 2015081601 1H 5M 3D 3D) IN NS ns1 IN NS ns2ns1 IN A 192.168.1.12 #这里必须与父域定义的子域保持一致ns2 IN A 192.168.1.19 #这里必须与父域定义的子域保持一致www IN A 192.168.1.20* IN A 192.168.1.20[root@node2~]# named-checkconf[root@node2~]# named-checkzone "ops.tanjie.com" /var/named/ops.tanjie.com.zonezoneops.tanjie.com/IN: loaded serial 2015081601OK[root@node2~]# chmod 640 /var/named/ops.tanjie.com.zone[root@node2~]# chown :named /var/named/ops.tanjie.com.zone[root@node2~]# rndc reloadserverreload successful测试解析[root@node2~]# dig -t A www.ops.tanjie.com @192.168.1.12……………………;;QUESTION SECTION:;www.ops.tanjie.com. IN A ;;ANSWER SECTION:www.ops.tanjie.com. 86400 IN A 192.168.1.20………………子域能解析子域自己…...............[root@node2~]# dig -t A www.tanjie.com @192.168.1.12………..子域不能解析父域的……………… 而后再次在父域服务器及实验机1上进行测试,发现父域能解析子域的,如下[root@node1named]# dig -t A www.ops.tanjie.com @192.168.1.11 ;;QUESTION SECTION:;www.ops.tanjie.com. IN A ;;ANSWER SECTION:www.ops.tanjie.com. 86141 IN A 192.168.1.20 ;;AUTHORITY SECTION:ops.tanjie.com. 86141 IN NS ns2.ops.tanjie.com.ops.tanjie.com. 86141 IN NS ns1.ops.tanjie.com. ;;ADDITIONAL SECTION:ns1.ops.tanjie.com. 86141 IN A 192.168.1.12ns2.ops.tanjie.com. 86141 IN A 192.168.1.19 ………………
4.下面解决子域能解析父域的问题,就需要定义转发器在实验机2里的/etc/named.rfc1912.zone定义区域tanjie.com,仅起转发器的作用,即对tanje.com区域的请求全部转发至forwarders:
[root@node2~]# vim /etc/named.rfc1912.zoneszone"tanjie.com" IN { type forward; forward only; forwarders { 192.168.1.11; };};[root@node2~]# rndc reloadserverreload successful 下面进行子域解析父域的dig测试:[root@node2~]# dig -t A www.tanjie.com @192.168.1.12………………….;;QUESTION SECTION:;www.tanjie.com. IN A ;;ANSWER SECTION:www.tanjie.com. 86400 IN A 192.168.1.11 ;;AUTHORITY SECTION:tanjie.com. 86400 IN NS ns2.tanjie.com.tanjie.com. 86400 IN NS ns1.tanjie.com. ;;ADDITIONAL SECTION:ns2.tanjie.com. 86400 IN A 192.168.1.18ns1.tanjie.com. 86400 IN A 192.168.1.11 ;;Query time: 55 msec;;SERVER: 192.168.1.12#53(192.168.1.12);; WHEN:Thu Aug 13 12:43:21 2015;;MSG SIZE rcvd: 116 可以发现子域解析父域成功!!!!
到这里我们的子域授权、子域解析父域、父域解析子域就完成了!