192.168.139.2 node1 主
192.168.139.4 node2 从
192.168.139.8 node4 子域服务器
[root@node1 bind]# vim /var/named/fade.com.zone 在主服务器上进行子域授权,添加下划线标记的两行;并修改版本号
$TTL 600
fade.com. IN SOA ns1.fade.com admin.fade.com. (
2017022103
1H
5M
1D
6H)
fade.com. IN NS ns1.fade.com.
fade.com. IN NS ns2.fade.com.
market IN NS ns1.market.fade.com.
IN MX 10 mail
ns1 IN A 192.168.139.2
ns2 IN A 192.168.139.4
ns1.market IN A 192.168.139.8
mail IN A 192.168.139.14
www IN A 192.168.139.12
www IN A 192.168.139.13
ftp IN CNAME www
node1 IN A 192.168.139.15
node2 IN A 192.168.139.16
[root@node1 bind]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@node1 bind]# tail /var/log/messages
Feb 21 20:56:31 node1 named[3375]: zone fade.com/IN: sending notifies (serial 2017022103)
Feb 21 20:56:32 node1 named[3375]: client 192.168.139.4#50199: transfer of 'fade.com/IN': AXFR-style IXFR started
Feb 21 20:56:32 node1 named[3375]: client 192.168.139.4#50199: transfer of 'fade.com/IN': AXFR-style IXFR ended
Feb 21 20:56:32 node1 named[3375]: client 192.168.139.4#35361: received notify for zone 'fade.com'
[root@node2 slaves]# vim /var/named/slaves/fade.com.zone
可以看到从服务器已经进行了同步
$ORIGIN .
$TTL 600 ; 10 minutes
fade.com IN SOA ns1.fade.com.fade.com. admin.fade.com. (
2017022103 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
86400 ; expire (1 day)
21600 ; minimum (6 hours)
)
NS ns1.fade.com.
NS ns2.fade.com.
$ORIGIN fade.com.
fin NS ns1.market
MX 10 mail
$ORIGIN market.fade.com.
ns1 A 192.168.139.8
$ORIGIN fade.com.
ftp CNAME www
mail A 192.168.139.14
node1 A 192.168.139.15
node2 A 192.168.139.16
ns1 A 192.168.139.2
ns2 A 192.168.139.4
www A 192.168.139.12
A 192.168.139.13
加一个market.fade.com 子域,并且让其单独进行管理
[root@node4 ~]# yum install -y bind bind-libs bind-utils
[root@node4 ~]# scp node1:/etc/named.conf /etc/named.conf
[root@node4 ~]# vim /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer {none;};
};
zone "market.fade.com" IN {
type master;
file "market.fade.com.zone";
};
[root@node4 ~]# vim /var/named/market.fade.com.zone
$TTL 600
market.fade.com. IN SOA ns1.market.fade.com. admin.market.fade.com. (
2017022103
1H
5M
1D
6H)
market.fade.com. IN NS ns1.market.fade.com.
ns1 IN A 192.168.139.8
www IN A 192.168.139.20
node4 IN A 192.168.139.21
[root@node4 ~]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@node4 ~]# dig -t A www.market.fade.com @192.168.139.8
;; QUESTION SECTION:
;www.market.fade.com. IN A
;; ANSWER SECTION:
www.market.fade.com. 600 IN A 192.168.139.20
;; AUTHORITY SECTION:
market.fade.com. 600 IN NS ns1.market.fade.com.
;; ADDITIONAL SECTION:
ns1.market.fade.com. 600 IN A 192.168.139.8
[root@node4 ~]# dig -t NS market.fade.com @192.168.139.8
;; QUESTION SECTION:
;market.fade.com. IN NS
;; ANSWER SECTION:
market.fade.com. 600 IN NS ns1.market.fade.com.
;; ADDITIONAL SECTION:
ns1.market.fade.com. 600 IN A 192.168.139.8
可以看出在主服务器上也能解析子域中的资源(node4.market.fade.com),但主服务器必须与子域服务器联通且解析的为非权威答案
[root@node1 bind]# dig -t A node4.market.fade.com @192.168.139.2
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;node4.market.fade.com. IN A
;; ANSWER SECTION:
node4.market.fade.com. 600 IN A 192.168.139.21
;; AUTHORITY SECTION:
market.fade.com. 600 IN NS ns1.market.fade.com.
;; ADDITIONAL SECTION:
ns1.market.fade.com. 600 IN A 192.168.139.8
让子域也能解析父域的,则必须定义转发(将子域不能解析的全部转发给父域解析)
而转发的定义有以下两种
forward only|first
only:子域服务器解析不了的,就转发给主服务器,主服务器能不能解析它不管
first:子域服务器解析不了的,就转发给主服务器,主服务器如果解析不了,则自己去找根
[root@node4 ~]# vim /etc/named.conf
options {
directory "/var/named";
forward first;
forwarders {192.168.139.2;};
};
[root@node4 ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@node4 ~]# dig -t A www.fade.com @192.168.139.8
;; QUESTION SECTION:
;www.fade.com. IN A
;; ANSWER SECTION:
www.fade.com. 600 IN A 192.168.139.12
www.fade.com. 600 IN A 192.168.139.13
;; AUTHORITY SECTION:
fade.com. 600 IN NS ns2.fade.com.
fade.com. 600 IN NS ns1.fade.com.
;; ADDITIONAL SECTION:
ns1.fade.com. 600 IN A 192.168.139.2
ns2.fade.com. 600 IN A 192.168.139.4
[root@node4 ~]# dig -t A mail.fade.com @192.168.139.8
;; QUESTION SECTION:
;mail.fade.com. IN A
;; ANSWER SECTION:
mail.fade.com. 600 IN A 192.168.139.14
;; AUTHORITY SECTION:
fade.com. 592 IN NS ns1.fade.com.
fade.com. 592 IN NS ns2.fade.com.
可以看到子域服务器将自己解析不了的转发到了192.168.139.2(主),然后进行了解析
也可以定义子域只转发属于父域的让主服务器解析,其他的解析不了自己回去找根
[root@node4 ~]# vim /etc/named.conf
options {
directory "/var/named";
};
..........
..........
..........
zone "fade.com" IN { 定义只对fade.com域的解析进行转发给主(192.168.139.2)
type forward;
forward first;
forwarders {192.168.139.2;};
};
而对既不属于主服务器解析的,也不属于子域解析的,子域服务器会直接去找根(.)
~