基于bind实现子域授权(DNS连载三)


1子域授权原理:

         为了实现分层,减轻dns服务器的压力,因此设计了子域授权这个功能,需要在夫域中配置

      ns服务器和对应的A记录

2配置实例

父域配置


父域主配置文件

cat /etc/named.conf
options {
          directory "/var/named";       
 };
zone "." IN {
           type hint;
           file "amed.ca";
};
zone "localhost" IN {
            type master;
            file "localhost.zone";
};
zone  "limeizhi.com" IN {
             type master;
             file "limeizhi.com.zone";
};
zone "2.168.192.in-addr.arpa" IN {
              type master;
              file "192.168.2.zone";
};

 反向区域配置文件

$TTL    600;
@   IN SOA  ns1.limeizhi.com.   ns1admin.limeizhi.com. (
                            20130313    ;serial
                            1D  ;refresh
                            1H  ;retry
                            1W  ;expire
                            3H) ;mininum
    IN  NS  ns1.limeizhi.com.
    IN  NS  ns2.limeizhi.com.
7   IN  PTR ns2.limeizhi.com.
5   IN  PTR www.limeizhi.com.

   正向区域配置文件

$TTL 600;
$ORIGIN limeizhi.com.
@   IN  SOA  @  nsadmin. (
        2014031301
        3H
        15M
        1W
        1D)
@   IN  NS  ns1.limeizhi.com.
@   IN  NS  ns2.limeizhi.com.
ns1 IN  A   192.168.2.3
ns2 IN  A   192.168.2.7
www IN  A   192.168.2.12
test    IN      NS      dns.test.limeizhi.com.
dns.test.limeizhi.com.  IN  A   192.168.2.7


子域配置


子域区域主配置

options {
          directory "/var/named";
          forward first;
          forwarders { 192.168.2.3; };
 };
zone "." IN {
           type hint;
           file "named.ca";
};
zone "localhost" IN {
            type master;
            file "named.localhost";
};
zone "test.limeizhi.com" {
        type master;
        file "test.limeizhi.com.zone";
};

options {
          directory "/var/named";
          forward first;
          forwarders { 192.168.2.3; };
 };
zone "." IN {
           type hint;
           file "named.ca";
};
zone "localhost" IN {
            type master;
            file "named.localhost";
};
zone "test.limeizhi.com" {
        type master;
        file "test.limeizhi.com.zone";
};

      子域正向区域配置文件

$TTL 600
@       IN      SOA     dns.test.limeizhi.com.         admindns.test.limeizhi.com. (
                        2014031102
                        1H
                        5M
                        3D
                        1D )
        IN      NS      dns
        IN      NS      ns2
ns2     IN      A       192.168.2.7
dns     IN      A       192.168.2.3
www     IN      A       192.168.2.11

  验证子域授权是否配置正确

                           在夫域中测试

                           dig -t A www.test.limeizhi.com @192.168.2.3

                           在子域中测试

                            dig -t A www.limeizhi.com @192.168.2.7

你可能感兴趣的:(DNS子域授权)