1子域授权原理:
为了实现分层,减轻dns服务器的压力,因此设计了子域授权这个功能,需要在夫域中配置
ns服务器和对应的A记录
2配置实例
父域配置
父域主配置文件
cat /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "amed.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "limeizhi.com" IN {
type master;
file "limeizhi.com.zone";
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "192.168.2.zone";
};反向区域配置文件
$TTL 600;
@ IN SOA ns1.limeizhi.com. ns1admin.limeizhi.com. (
20130313 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H) ;mininum
IN NS ns1.limeizhi.com.
IN NS ns2.limeizhi.com.
7 IN PTR ns2.limeizhi.com.
5 IN PTR www.limeizhi.com. 正向区域配置文件
$TTL 600;
$ORIGIN limeizhi.com.
@ IN SOA @ nsadmin. (
2014031301
3H
15M
1W
1D)
@ IN NS ns1.limeizhi.com.
@ IN NS ns2.limeizhi.com.
ns1 IN A 192.168.2.3
ns2 IN A 192.168.2.7
www IN A 192.168.2.12
test IN NS dns.test.limeizhi.com.
dns.test.limeizhi.com. IN A 192.168.2.7子域配置
子域区域主配置
options {
directory "/var/named";
forward first;
forwarders { 192.168.2.3; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "test.limeizhi.com" {
type master;
file "test.limeizhi.com.zone";
};
options {
directory "/var/named";
forward first;
forwarders { 192.168.2.3; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "test.limeizhi.com" {
type master;
file "test.limeizhi.com.zone";
};子域正向区域配置文件
$TTL 600
@ IN SOA dns.test.limeizhi.com. admindns.test.limeizhi.com. (
2014031102
1H
5M
3D
1D )
IN NS dns
IN NS ns2
ns2 IN A 192.168.2.7
dns IN A 192.168.2.3
www IN A 192.168.2.11验证子域授权是否配置正确
在夫域中测试
dig -t A www.test.limeizhi.com @192.168.2.3
在子域中测试
dig -t A www.limeizhi.com @192.168.2.7
基于bind实现子域授权(DNS连载三),布布扣,bubuko.com
原文:http://limeizhi.blog.51cto.com/2267772/1379324