首页 > 代码库 > CentOS下dns服务器之授权

CentOS下dns服务器之授权

dns授权

dns授权分为两步

1】父域dns对子域dns实现授权,

2】子域对父域

1.改变根提示,把父域dns视为根

2.转发器

dns服务器的搭建请看dns服务器搭建

一、修改父域实现对子域的授权

修改dns服务器配置文件注释最后一行

[root@localhost chroot]# vim etc/named.conf


options {

       listen-on port 53 { any; };

       listen-on-v6 port 53 { ::1; };

       directory       "/var/named";

       dump-file       "/var/named/data/cache_dump.db";

       statistics-file "/var/named/data/named_stats.txt";

       memstatistics-file "/var/named/data/named_mem_stats.txt";

       allow-query     { any; };

       recursion yes;


//      dnssec-enable yes;

//      dnssec-validation yes;

//      dnssec-lookaside auto;


       /* Path to ISC DLV key */

//      bindkeys-file "/etc/named.iscdlv.key";


//      managed-keys-directory "/var/named/dynamic";

};


logging {

       channel default_debug {

               file "data/named.run";

               severity dynamic;

       };

};


zone "." IN {

       type hint;

       file "named.ca";

};


include "/etc/named.rfc1912.zones";

//include "/etc/named.root.key";


wKioL1NtYmqje6K7AAG2YOhG-6Q567.jpg

声明两个区域b.com和bj.b.com

[root@localhost chroot]# vim etc/named.rfc1912.zones

19 zone "localhost" IN {

20         type master;

21         file "named.localhost";

22         allow-update { none; };

23 };

24 zone "b.com" IN {

25         type master;

26         file "b.com.zone";

27         allow-update { none; };

28 };

29 zone "bj.b.com" IN {

30         type master;

31         file "bj.b.com.zone";

32         allow-update { none; };

创建b.com.zone和sh.b.com.zone文件

[root@localhost chroot]# cd var/named

[root@localhost named]# cp named.localhost b.com

[root@localhost named]# cp named.localhost bj.b.com


[root@localhost named]# vim bj.b.com.zone


$TTL 1D

@       IN SOA  ns.bj.b.com. rname.invalid. (

                                       1       ; serial

                                       1D      ; refresh

                                       1H      ; retry

                                       1W      ; expire

                                       3H )    ; minimum

@       IN      NS ns.bj.b.com.

ns      IN      A 192.168.3.120

www     IN      A 2.2.2.2


给子域sh.b.com授权

[root@localhost named]# vim b.com.zone

$TTL 1D

@       IN SOA  ns.b.com.  rname.invalid. (

                                       1       ; serial

                                       1D      ; refresh

                                       1H      ; retry

                                       1W      ; expire

                                       3H )    ; minimum

@       IN NS   ns.b.com.

ns      IN A    192.168.3.120

www     IN A    1.1.1.1

sh.b.com. IN NS ns.sh.b.com.

ns.sh.b.com. IN A 192.168.3.122


编辑完后保存退出,然后重新加载区域

[root@localhost named]# rndc reload


二、子域设置转发

1、登录到要设置为子域的dns服务器的主机

[root@localhost ~]# cd /var/named/chroot

编辑配置文件设置转发

[root@localhost chroot]# vim etc/named.conf

10 options {

11         listen-on port 53 { any; };

12         listen-on-v6 port 53 { ::1; };

13         directory       "/var/named";

14         dump-file       "/var/named/data/cache_dump.db";

15         statistics-file "/var/named/data/named_stats.txt";

16         memstatistics-file "/var/named/data/named_mem_stats.txt";

17         allow-query     { any; };

18         recursion yes;

19

20         dnssec-enable yes;

21         dnssec-validation yes;

22         dnssec-lookaside auto;

//23行为设置转发

23         forwarders     { 192.168.3.120; };

24         /* Path to ISC DLV key */

25         bindkeys-file "/etc/named.iscdlv.key";

26

27         managed-keys-directory "/var/named/dynamic";

28 };

29

30 logging {

31         channel default_debug {

32                 file "data/named.run";

33                 severity dynamic;

34         };

35 };

36

37 zone "." IN {

38         type hint;

39         file "named.ca";

40 };

41

42 include "/etc/named.rfc1912.zones";

//注释43行

43 //include "/etc/named.root.key";


wKiom1NtYruCopX-AAEd4sQCM6k458.jpg


声明sh.b.com

[root@localhost chroot]# vim etc/named.rfc1912.zones

24 zone "sh.b.com" IN {

25         type master;

26         file "sh.b.com.zone";

27         allow-update { none; };

28 };  



wKioL1NtYyHwRbldAABCasKwRNo707.jpg

创建并编辑sh.b.com.zone

[root@localhost chroot]# cd var/named

[root@localhost named]# cp named.localhost sh.b.com.zone

[root@localhost named]# vim sh.b.com.zone

 1 $TTL 1D

 2 @       IN SOA  sh.b.com.   rname.invalid. (

 3                                         1       ; serial

 4                                         1D      ; refresh

 5                                         1H      ; retry

 6                                         1W      ; expire

 7                                         3H )    ; minimum

 8 @       IN NS   ns.sh.b.com.

 9 ns      IN A    192.168.3.122

10 www     IN A    3.3.3.3


wKiom1NtY26AvyjqAACcA5Fh6jI199.jpg


编辑完后保存退出,然后重新加载区域

[root@localhost named]# rndc reload


[root@localhost named]# vim /etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.3.122

wKiom1NtY3qBr9f_AABB2EEPcQQ789.jpg


测试


[root@localhost chroot]# dig www.b.com


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> www.b.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10870

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; QUESTION SECTION:

;www.b.com.INA


;; ANSWER SECTION:

www.b.com.86400INA 1.1.1.1


;; AUTHORITY SECTION:

b.com.86400INNSns.b.com.


;; ADDITIONAL SECTION:

ns.b.com.86400INA192.168.3.120


;; Query time: 1 msec

;; SERVER: 192.168.3.122#53(192.168.3.122)

;; WHEN: Sat May 10 07:07:58 2014

;; MSG SIZE  rcvd: 77
















本文出自 “泡沫” 博客,谢绝转载!