首页 > 代码库 > DNS子域授权和DNS分离解析
DNS子域授权和DNS分离解析
实验环境:
-------RHEL5.10(vmnet1)----------REL5.10(vmnet1)
(192.168.100.10主域) (192.168.100.20子域)
【DNS子域授权配置】
kvm_node2(子域)上面操作:
[root@dns2 ~]# yum -y install bind bind-chroot caching-nameserver
[root@dns2 ~]# cd /var/named/chroot/etc/
[root@dns2 etc]# vim named.rfc1912.zones
...
51 zone "sh.tarena.com" IN {
52 type master;
53 file "sh.tarena.com.zone";
54 allow-transfer { none; };
55 };
[root@dns2 etc]# cd /var/named/chroot/var/named/
[root@dns2 named]# cp -p named.zero sh.tarena.com.zone
[root@dns2 named]# cat sh.tarena.com.zone
$TTL 86400
@ IN SOA dns1.sh.tarena.com. root.sh.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.sh.tarena.com.
dns1 IN A 192.168.100.20
www IN A 192.168.100.100
[root@dns2 named]# service named restart
kvm_node1(父域)上面操作:
[root@dns1 ~]# yum -y install bind bind-chroot caching-nameserver
[root@dns1 ~]# cd /var/named/chroot/var/named/
[root@dns1 named]# cat tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
sh.tarena.com. IN NS dns1.sh.tarena.com.
dns1.sh.tarena.com. IN A 192.168.100.20
dns1 IN A 192.168.100.10
[root@dns1 named]# service named restart
测试:
[root@localhost ~]# host www.sh.tarena.com 192.168.100.10
反过来客户端dns指向子域,解析父域条目
[root@dns2 named]# vim /var/named/chroot/etc/named.conf
21 forwarders { 192.168.100.10; };
[root@dns2 named]# service named restart
测试:
[root@localhost ~]# host www.tarena.com 192.168.100.20
Using domain server:
Name: 192.168.100.20
Address: 192.168.100.20#53
Aliases:
www.tarena.com has address 192.168.100.1
【DNS分离解析/视图】
判断不同的来源地址访问相同域名给解析不同结果
[root@dns1 ~]# cd /var/named/chroot/etc/
[root@dns1 etc]# vim named.conf
...
15 listen-on port 53 { 192.168.100.10; };
16 // listen-on-v6 port 53 { ::1; };
...
27 allow-query { any; };
28 allow-query-cache { any; };
...
36 view lt {
37 match-clients { 192.168.100.20; };
38 match-destinations { any; };
39 recursion yes;
40 include "/etc/named.rfc1912.zones";
41 };
42
43 view yd {
44 match-clients { any; };
45 match-destinations { any; };
46 recursion yes;
47 include "/etc/named.rfc1913.zones";
48 };
[root@dns1 etc]# cp -p named.rfc1912.zones named.rfc1913.zones
[root@dns1 etc]# vim named.rfc1912.zones
...
51 zone "tarena.com" IN {
52 type master;
53 file "lt.tarena.com.zone";
54 allow-transfer { none; };
55 };
[root@dns1 etc]# vim named.rfc1913.zones
51 zone "tarena.com" IN {
52 type master;
53 file "yd.tarena.com.zone";
54 allow-transfer { none; };
55 };
[root@dns1 etc]# cd /var/named/chroot/var/named/
[root@dns1 named]# cp -p named.zero lt.tarena.com.zone
[root@dns1 named]# cp -p named.zero yd.tarena.com.zone
[root@dns1 named]# cat lt.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 1.1.1.1
[root@dns1 named]# cat yd.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 2.2.2.2
[root@dns1 named]# service named restart
测试:
用192.168.100.20和其他客户机分别测试
本文出自 “周民” 博客,请务必保留此出处http://zhmin.blog.51cto.com/5402080/1431368