创建DNS子域及view
author:JevonWei
版权声明:原创作品
子域
子域同父域在同一个服务器上
新建子域jevon.danran.com
-
vim /etc/named.rfc1912.zones
zone "jevon.danran.com" IN {
type master;
file "jevon.danran.zone";
allow-update { none; };
}; -
编辑jevon.danran.com域的数据库文件
-
编辑正向解析文件
cp -p /var/named/danran.zone /var/named/jevon.danran.zone \带权限复制数据库文件
vim /var/named/jevon.danran.zone
$TTL 1D
@ IN SOA ns1.jevon.danaran.com. dnsadmin.jevon.danran.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.jevon.danran.com.
NS ns2ns1 A 192.168.198.134 ns2 A 192.168.198.11 websrv A 192.168.198.51 ftpsrv A 192.168.198.52 www CNAME websrv -
编辑反向解析文件
cp -p /var/named/IP.danran.zone /var/named/IP.jevon.danran.zone
vim /var/named/IP.jevon.danran.zone
$TTL 1D
@ IN SOA ns1.jevon.danran.com. admin.jevon.danran.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @A 192.168.198.134 134 PTR ns1.jevon.danran.com. 131 PTR ns2.jevon.danran.com. 51 PTR websrv.jevon.danran.com. 52 PTR ftpsrv.jevon.danran.com.
-
-
加载配置文件
rndc reload -
访问测试
dig www.jevon.danran.com @192.168.198.134
子域同父域不在同一台服务器上
新建子域zijie.danran.com
-
在主DNS上
-
vim /etc/named.conf
options {
listen-on port 53 { localhost; }; \ 允许主机上的所有IP监听53号端口
allow-query { any; }; \允许所有主机查询此DNS服务器
dnssec-enable no; \与安全相关,设置为no
dnssec-validation no; \与安全相关,设置为no -
vim /var/named/danran.zone
$TTL 1D
@ IN SOA ns1.danran.com. dnsadmin.danran.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.danran.com.zijie NS ns3
ns3 A 192.168.198.11
ns1 A 192.168.198.134dan A 192.168.198.40
websrv A 192.168.198.51
ftpsrv A 192.168.198.52
www CNAME websrv
-
3. rndc reload
-
子域服务端
-
vim /etc/named.rfc1912.zones
zone "zijie.danran.com" IN {
type master;
file "zijie.danran.zone";
}; -
vim /var/named/zijie.danran.zone
@ IN SOA ns1.zijie.danran.com. dnsadmin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1ns1 A 192.168.198.11
dan A 192.168.198.140
websrv A 192.168.198.151
ftpsrv A 192.168.198.152
www CNAME websrv -
vim /var/named/zijie.IP.danran.zone
$TTL 1D
@ IN SOA ns1 admin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @A 192.168.198.1111 PTR ns1
150 PTR websrv
151 PTR websrv
152 PTR ftpsrv110 PTR test.com
-
rndc reload //加载配置文件
-
客户端访问测试
dig www.zijie.danran.com @192.168.198.134
-
view
从不同源地址发出的请求,返回不同的查询结果
-
主DNS服务器
-
创建不同地区的数据库
vim /var/named/danran.zone.bj
$TTL 1D
@ IN SOA ns1 dnsadmin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1ns1 A 192.168.198.134 websrv A 192.168.198.51 www CNAME websrvvim /var/named/danran.zone.bj
$TTL 1D
@ IN SOA ns1 dnsadmin.danran.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.danran.com.ns1 A 192.168.198.134 websrv A 192.168.198.251 www CNAME websrvvim /var/named/danran.zone
@ IN SOA ns1 dnsadmin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1ns1 A 192.168.198.134
websrv A 192.168.198.60
www CNAME websrv -
编辑配置文件
vim /etc/named.conf
acl beijing {
192.168.198.11;
192.168.10.0/24;
}; \beijing的IP访问
acl zhengzhou {192.168.198.131;};\zhengzhou的IP访问
acl other {any;};options { listen-on port 53 { any; }; allow-query { any; }; view beijingview { match-clients {beijing;}; \\同acl beijing {192.168.198.11;};中的北京一致 include "/etc/named.beijingview.zones"; }; view zhengzhouview { match-clients {zhengzhou;}; \\同acl zhengzhou {192.168.198.131;};中的zhengzhou一致 include "/etc/named.zhengzhou.zones"; }; view otherview { match {other;}; \\acl other {any;};的客户端 include "/etc/named.rfc1912.zones"; }; -
vim /etc/named.rfc1912.zones
zone "." IN {
type hint
file "named.ca";
};
zone "danran.com" IN {
type master;
file "danran.zone";
}; -
cat /etc/named.beijingview.zones \编辑beijing地区的区域配置文件,同/etc/named.conf记录一致
zone "danran.com" IN {
type master;
file "danran.zone.bj";
}; -
vim /etc/named.zhengzhouview.zones\编辑zhengzhou的区域配置文件
zone "danran.com" IN {
type master;
file "danran.zone.zz";
}; -
rndc reload
-
