进行子域授权

如何进行子域授权:

现在有一个域 magedu.com,它授权给了ns1.magedu.com这台服务器
希望划分出来两个子域  
tech.magedu.com     他授权给了ns.tech.magedu.com这台域名服务器                              192.168.0.183
    www.tech.magedu.com
    ftp.tech.magedu.com
market.magedu.com   它授权给了na.market.magedu.com这台域名服务器
                              192.168.0.184
    www.market.magedu.com
    ftp.market.magedu.com

先在主域名服务器上完成授权:
#hostname ns1.magedu.com
#vim /etc/sysconfig/network   设置的主机名永久有效
#cd named
#ls
#vim magedu.com.zone        在正向解析的区域文件当中做修改
$TTL 600
$ORIGIN magedu.com.
@        IN          SOA         ns1.magedu.com. (
                      2011112401
                      1H
                      10M
                      7D
                      1H )
          IN          NS          ns1
          IN          NS          ns2
          IN          MX       10 mail
          IN          MX       20 mail2
ns1       IN          A           192.168.0.181
ns2       IN          A           192.168.0.182
mail      IN          A           192.168.0.254
mail2     IN          A           192.168.0.1
www       IN          A           192.168.0.1
www       IN          A           192.168.0.2        
pop3      IN     A           192.168.0.254
ftp       IN          A           192.168.0.254

tech.magedu.com.        IN         NS       ns.tech.magedu.com
ns.tech.magedu.com.     IN         A        192.168.0.183
market.magedu.com.      IN         NS       ns.market.magedu.com
ns.market.magedu.com.   IN         A        192.168.0.184
#rndc reload
#dig -t NS tech.magedu.com
#dig -t NS tech.magedu.com @192.168.0.181

开始配置192.168.0.183这个子域:

#ls         查看bind软件已经装好
#netstat -tnlp
#rndc-confgen > /etc/rndc.conf
#cat /etc/rndc.conf

#vim /etc/named.conf
options {
         directory "/var/named";
};
 
zone "." IN {
         type hint;
         file "named.ca";
};

zone "localhost" IN {
         type master;
         file "localhost.zone";
};    

zone "0.0.127.in-addr.arpa" IN {
         type master;
         file "named.loacal";
};

key "rndckey" {
         algorithm hmac-md5;
         secret "4HkEGKVmpXQKwIN3214PVQ==";
};

contorls {
         inet 127.0.0.1 port 953
                  allow { 127.0.0.1; } keys { "rndckey"; };
};   
#cd /var/named/
#ls
#ll
#service named start
#tail /var/log/messages
#rndc status
#vim /etc/named.conf
options {
         directory "/var/named";
};
 
zone "." IN {
         type hint;
         file "named.ca";
};

zone "localhost" IN {
         type master;
         file "localhost.zone";
};    

zone "0.0.127.in-addr.arpa" IN {
         type master;
         file "named.loacal";
};

zone "tech.magedu.com" IN {
         type master;
         file "tech.magedu.com.zone";
};

key "rndckey" {
         algorithm hmac-md5;
         secret "4HkEGKVmpXQKwIN3214PVQ==";
};

contorls {
         inet 127.0.0.1 port 953
                  allow { 127.0.0.1; } keys { "rndckey"; };
};   
#vim tech.magedu.com.zone
$TTL 600
@      IN       SOA      ns.tech.magedu.com.  admin.tech.magedu.com. (
                      2011112401
                      1H
                      10M
                      7D
                      1H )
          IN          NS          ns
          IN          MX       10 mail
ns1       IN          A           192.168.0.183
mail      IN          A           192.168.0.183
www       IN          A           192.168.0.1

#named-checkzone "tech.magedu.com" tech.magedu.com.zone
#rndc reload
#cat /etc/resolv.conf
#vim /etc/resolv.conf        配置服务器IP为本机IP
#dig -t NS tech.magedu.com
#dig -t A www.tech.magedu.com     查询子域能够查出来
#dig -t A www.magedu.com          在子域上查父域,查不出来
为了能在子域上解析出父域,就要用到forward这个转发域
#vim /etc/named.conf
options {
         directory "/var/named";
};
 
zone "." IN {
         type hint;
         file "named.ca";
};

zone "localhost" IN {
         type master;
         file "localhost.zone";
};    

zone "0.0.127.in-addr.arpa" IN {
         type master;
         file "named.loacal";
};

zone "magedu.com" IN {
         type master;
         file "tech.magedu.com.zone";
};

zone "magedu.com" IN {
         type forward;
         forwarders { 192.168.0.181; };     建立了一个转发域
         forward only;
};

key "rndckey" {
         algorithm hmac-md5;
         secret "4HkEGKVmpXQKwIN3214PVQ==";
};

contorls {
         inet 127.0.0.1 port 953
                  allow { 127.0.0.1; } keys { "rndckey"; };
};   
#named-checkconf
#rndc reload
#rndc status
#dig -t A www.magedu.com          此时就能够找到父域了
#dig -t A www.baidu.com           此时也不能解析,怎么办呢?
#ping 192.168.0.254               能ping通,
#dig -t A www.baidu.com @192.168.0.254       通过254这台主机解析到了
另一个办法
#vim /etc/named.conf
options {
         directory "/var/named";          在options中建立转发域,用于全局的
         forward only;                   转发定义
         forwarders { 192.168.0.254; };
};
 
zone "." IN {
         type hint;
         file "named.ca";
};

zone "localhost" IN {
         type master;
         file "localhost.zone";
};    

zone "0.0.127.in-addr.arpa" IN {
         type master;
         file "named.loacal";
};

zone "magedu.com" IN {
         type master;
         file "tech.magedu.com.zone";
};

zone "magedu.com" IN {
         type forward;
         forwarders { 192.168.0.181; };     建立了一个转发域
         forward only;
};

key "rndckey" {
         algorithm hmac-md5;
         secret "4HkEGKVmpXQKwIN3214PVQ==";
};

contorls {
         inet 127.0.0.1 port 953
                  allow { 127.0.0.1; } keys { "rndckey"; };
};   
#named-checkconf
#rndc reload
#dig -t A www.baidu.com             此时就可以解析了
在options中建立转发域,这使得在互联网中允许随意转发,这样就不安全了。因此传送的时候就只允许从域名服务器传送数据。如果有多台从域名服务器的话,就用到实现。
#vim /etc/named.conf
acl "slaves" {
         192.168.0.182;      只允许这两台主机传送
         192.168.0.188;
};

acl "ourclients" {
         192.168.0.0/24;
         172.16.0.0/16;       只允许这两台主机访问
};

options {
         directory "/var/named";
         forward only;
         forward { 192.168.0.254; };
         recursion no;      谁的不允许递归
};
 
zone "." IN {
         type hint;
         file "named.ca";
};

zone "localhost" IN {
         type master;
         file "localhost.zone";
};    

zone "0.0.127.in-addr.arpa" IN {
         type master;
         file "named.loacal";
};

zone "tech.magedu.com" IN {
         type master;
         file "tech.magedu.com.zone";
         allow-transfer { slaves; };      只允许slaves定义的主机传送
};

zone "magedu.com" IN {
         type forward;
         forwarders { 192.168.0.181; };     建立了一个转发域
         forward only;
         allow-query { ourclients; };       允许ourclients中定义的主机访问
};

key "rndckey" {
         algorithm hmac-md5;
         secret "4HkEGKVmpXQKwIN3214PVQ==";
};

contorls {
         inet 127.0.0.1 port 953
                  allow { 127.0.0.1; } keys { "rndckey"; };
};   
#named-checkconf

你可能感兴趣的:(服务器,职场,休闲,域名服务器)