從零開始部署bind9伺服器之五: 配置192.168.1.103
在192.168.1.103上配置ops.test.com.子域,配置轉發,使它可以解析test.com.父域以及1.168.192反向域
一、安裝bind9:
yum install -y bind
二、修改配置檔案:
cp /etc/named.conf{,.back} //先做備份
vim /etc/named.conf
chkconfig --level 35 named on
service named start
三、配置ops.test.com.子域:
cp /etc/named.rfc1912.zones{,.back} //先做備份
vim /etc/named.rfc1912.zones
vim /var/named/ops.test.com.zone
chown :named /var/named/ops.test.com.zone
chmod 640 /var/named/ops.test.com.zone //修改檔案許可權
rndc reload
驗證:
dig -t A www.ops.test.com @192.168.1.103 //任意主機上執行
dig -t MX ops.test.com @192.168.1.103 //任意主機上執行
dig -t A ftp.ops.test.com @192.168.1.101 //192.168.1.0/24網段的主機上執行
dig -t A ftp.ops.test.com @192.168.1.101 //在非192.168.1.0/24網段的主機上執行
四、配置轉發域:
cp /etc/named.rfc1912.zones{,.back} //先做備份
vim /etc/named.rfc1912.zones
驗證:
dig -t A ftp.test.com @192.168.1.103 //192.168.1.0/24主機上執行
dig -t A ftp.test.com @192.168.1.103 //非192.168.1.0/24主機上執行
進一步測試:
關閉192.168.1.101
rndc flush //在192.168.1.103上執行,清除dns查詢快取
dig -t A ftp.test.com @192.168.1.103 //192.168.1.0/24主機上執行
繼續關閉192.168.1.102
dig -t A mx.test.com @192.168.1.103 //192.168.1.0/24主機上執行
開啟192.168.1.101
rndc flush //在192.168.1.103上執行,清除dns查詢快取
dig -t A www.test.com @192.168.1.103 //192.168.1.0/24主機上執行
五、解決父域轉發的問題:
為了使101伺服器和102伺服器可以直接把子域的查詢請求轉發到103上,需要在101和102伺服器上配置區域轉發
在101和102伺服器上操作
cp /etc/named.rfc1912.zones{,.back} //先做備份
vim /etc/named.rfc1912.zones
rndc reload
驗證:
dig -t A www.ops.test.com @192.168.1.101 //192.168.1.0/24主機上執行
dig -t A mx.ops.test.com @192.168.1.102
附:
/etc/named.conf
//
//named.conf
//
//ProvidedbyRedHatbindpackagetoconfiguretheISCBINDnamed(8)DNS
//serverasacachingonlynameserver(asalocalhostDNSresolveronly).
//
//See/usr/share/doc/bind*/sample/forexamplenamedconfigurationfiles.
//
aclmyNet{
192.168.1.0/24;
};
options{
listen-onport53{192.168.1.103;127.0.0.1;};
//listen-on-v6port53{::1;};
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{any;};
recursionyes;
allow-recursion{myNet;};
dnssec-enableno;
dnssec-validationno;
forwardfirst;
forwarders{192.168.1.104;};
/*PathtoISCDLVkey*/
//bindkeys-file"/etc/named.iscdlv.key";
//managed-keys-directory"/var/named/dynamic";
};
logging{
channeldefault_debug{
file"data/named.run";
severitydynamic;
};
};
zone"."IN{
typehint;
file"named.ca";
};
include"/etc/named.rfc1912.zones";
include"/etc/named.root.key";/etc/named.rfc1912.zones
//named.rfc1912.zones:
//
//ProvidedbyRedHatcaching-nameserverpackage
//
//ISCBINDnamedzoneconfigurationforzonesrecommendedby
//RFC1912section4.1:localhostTLDsandaddresszones
//andhttp://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
//(c)2007RWFranks
//
//See/usr/share/doc/bind*/sample/forexamplenamedconfigurationfiles.
//
zone"localhost.localdomain"IN{
typemaster;
file"named.localhost";
allow-update{none;};
};
zone"localhost"IN{
typemaster;
file"named.localhost";
allow-update{none;};
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN{
typemaster;
file"named.loopback";
allow-update{none;};
};
zone"1.0.0.127.in-addr.arpa"IN{
typemaster;
file"named.loopback";
allow-update{none;};
};
zone"0.in-addr.arpa"IN{
typemaster;
file"named.empty";
allow-update{none;};
};
zone"ops.test.com"IN{
typemaster;
file"ops.test.com.zone";
allow-update{none;};
};
zone"test.com"IN{
typeforward;
forwardfirst;
forwarders{192.168.1.101;192.168.1.102;};
};
zone"1.168.192.in-addr.arpa"IN{
typeforward;
forwardfirst;
forwarders{192.168.1.101;192.168.1.102;};
};/var/named/ops.test.com.zone
$TTL86400 $ORIGINops.test.com. @INSOAops.test.com.admin( 2016122002 1H 5M 7D 1D) INNSns1 INMX10mx ns1INA192.168.1.103 mxINA192.168.1.222 wwwINA192.168.1.22 ftpINCNAMEwww
轉載於:https://blog.51cto.com/362475097/1888388