一、相关包与环境
bind-libs.x86_64 #提供库文件
bind-utils.x86_64 #提供套件
bind.x86_64 #提供主包
实验环境:
192.168.147.129父域DNS服务器
192.168.147.128如何实现子域测试服务器:
1、将子域作为a记录添加到父域的DNS解析库中
这个方法只适合小环境
[ root @ centos7named ] # vimmagedu.com.zone $ TTL1dmagedu.com.inso ans.mag edu.com.ns admin.mag edu.com.3; 串行1d; 刷新1h; retry 1W; expire 3H; minimum @ nsns.mag edu.com.nsns2. mag edu.com.wwcnamewebsrvns2a 192.168.147.131 websrva 192.168.147.128 websrva . 129 mailsrv2a 192.168.147.131 www.hza 192.168.147.128/128
/etc/named.RFC 1912.zones [ root @ centos7named ] # vim/etc/named.RFC 1912.zones zone ' mag edu.com ' in { type } //allow-update { 192.168.147/24; (; (; zone 'hz.magedu.com' IN { //本机独立子域type master; file 'hz.magedu.com.zone '; 全部更新{ none; (; allow-transfer { 192.168.147.131; (; (; 子域分析库文件[ root @ centos7named ] # VI MHz.mag edu.com.zone $ TTL1dhz.mag edu.com.inso ans.Hz.mag edu.com 刷新1h; retry 1W; expire 3H; minimum @ nsns.Hz.mag edu.com.nsns2. Hz.mag edu.com.wwcnamewebsrvns2a 192.168.147.131 websrva 192.168.147 dig9.9.4- red hat-9.9.4-50.El7www.Hz.mag edu.com @ 192.168。
147.129;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57750;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.hz.magedu.com.INA;; ANSWER SECTION:www.hz.magedu.com.86400INCNAMEwebsrv.hz.magedu.com.websrv.hz.magedu.com.86400INA192.168.147.128websrv.hz.magedu.com.86400INA192.168.147.129;; AUTHORITY SECTION:hz.magedu.com.86400INNSns.hz.magedu.com.hz.magedu.com.86400INNSns2.hz.magedu.com.;; ADDITIONAL SECTION:ns.hz.magedu.com.86400INA192.168.147.129ns2.hz.magedu.com.86400INA192.168.147.131;; Query time: 1 msec;; SERVER: 192.168.147.129#53(192.168.147.129);; WHEN: Fri Jun 28 10:35:36 CST 2019;; MSG SIZE rcvd: 1663、子域单独一台主机管理,和父域分开,在父域中添加一条特殊的NS记录用于说明管理子域的主机IP地址,同时父域的关闭dnssec功能。
编辑主域bind主配置文件,主域主机192.168.147.129[root@centos7 named]# vim /etc/named.confoptions {listen-on port 53 { localhost; };listen-on-v6 port 53 { ::1; };directory "/犹豫的西装/named";dump-file "/犹豫的西装/named/data/cache_dump.db";statistics-file "/犹豫的西装/named/data/named_stats.txt";memstatistics-file "/犹豫的西装/named/data/named_mem_stats.txt";allow-query { localhost;any; };//allow-transfer {192.168.147.131; };recursion yes;dnssec-enable no; //关闭dnssec功能dnssec-validation no;//关闭dnssec功能......在父域中加上hz NS ns3.hz.magedu.com.这条NS记录,并把它解析成A记录[root@centos7 named]# vim magedu.com.zone $TTL 1Dmagedu.com. IN SOA ns.magedu.com. nsadmin.magedu.com. ( 3 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum@ NS ns.magedu.com. NS ns2.magedu.com.hz NS ns3.hz.magedu.com. //加上这条NS记录www CNAME websrvns3.hz A 192.168.147.128 //把子域的DNS服务器解析成IP地址ns2 A 192.168.147.131websrv A 192.168.147.128websrv A 192.168.147.129ns A 192.168.147.129@ MX 10 mailsrv1@ MX 20 mailsrv2mailsrv1 A 192.168.147.129mailsrv2 A 192.168.147.131编辑子域的DNS服务器,子域主机为192.168.147.128[root@centos6 ~]# vim /etc/named.conf options { //listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/犹豫的西装/named"; dump-file "/犹豫的西装/named/data/cache_dump.db"; statistics-file "/犹豫的西装/named/data/named_stats.txt"; memstatistics-file "/犹豫的西装/named/data/named_mem_stats.txt"; //allow-query { localhost; }; recursion yes; allow-transfer { none; }; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/犹豫的西装/named/dynamic";};编辑/etc/named.rfc1912.zones,添加"hz.magedu.com"域[root@centos6 ~]# vim /etc/named.rfc1912.zones zone "hz.magedu.com" IN { type master; file "hz.magedu.com.zone";};在/犹豫的西装/named/目录下生成hz.magedu.com.zone文件[root@centos6 ~]# cat /犹豫的西装/named/hz.magedu.com.zone $TTL 1Dhz.magedu.com.IN SOAns.hz.magedu.com. nsadmin.hz.magedu.com. (3; serial1D; refresh1H; retry1W; expire3H ); minimum@ NS ns.hz.magedu.com.www CNAME websrvwebsrv A 192.168.147.128websrv A 192.168.147.129ns A 192.168.147.128 完成后重启或重新加载服务即可测试[root@centos7 ~]# dig www.hz.magedu.com @192.168.147.129; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> www.hz.magedu.com @192.168.147.129;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59465;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.hz.magedu.com.INA;; ANSWER SECTION:www.hz.magedu.com.86229INCNAMEwebsrv.hz.magedu.com.websrv.hz.magedu.com.86229INA192.168.147.129websrv.hz.magedu.com.86229INA192.168.147.128;; AUTHORITY SECTION:hz.magedu.com.86229INNSns.hz.magedu.com.;; ADDITIONAL SECTION:ns.hz.magedu.com.86229INA192.168.147.128;; Query time: 1 msec;; SERVER: 192.168.147.129#53(192.168.147.129);; WHEN: Fri Jun 28 13:13:39 CST 2019;; MSG SIZE rcvd: 132由此我们三种搭建DNS子域的方法都实现了。