接上篇: DNS-实验2_TSIG主从加密传输实现
四、 委派配置(神马委派,就是子域授权),以及实现转发域
注:这里仅做子域的正向授权
主服务器(ns.mos.com 172.16.35.1)配置如下:
vim /var/named/mos.zone
; 注意,仅在最下面,开辟新行,添加需要授权的子域资源记录,记得修改完,如果需要从服务器同步,需要修改序列号:
- tech.mos.com. IN NS dns.tech.mos.com.
- dns.tech.mos.com. IN A 172.16.37.1
主DNS完成
子域服务器(dns.tech.mos.com 172.16.37.1)配置如下:
- vim /etc/named.conf
- options {
- directory "/var/named";
- forward only; //如果此服务器查询不到,则向父目标进行转发
- forwarders { 172.16.35.2; 172.16.35.1; }; //具体转发给谁
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "localhost" IN {
- type master;
- file "mos.localhost.zone";
- allow-transfer { none; };
- };
- zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "127.0.0.zone";
- allow-transfer { none; };
- };
- zone "tech.mos.com" IN {
- type master;
- file "tech.mos.zone";
- };
- zone "37.16.172.in-addr.arpa" IN {
- type master;
- file "172.16.zone";
- };
- zone "mos.com" IN { //定义如果要查询mos.com这个域
- type forward; //类型为转发
- forward only; //这个域的都转发给下面俩DNS服务器
- forwarders { 172.16.35.1; 172.16.35.2; };
- };
- # /var/named/mos.localhost.zone和/var/named/127.0.0.zone复制主服务器即可,记得复制后检查权限
- vim /var/named/tech.mos.zone
- $TTL 86400
- $ORIGIN tech.mos.com.
- @ IN SOA ns.tech.mos.com. root.tech.mos.com. (
- 21 ; serial
- 1H ; refresh
- 5M ; retry
- 7D ; expire
- 1D ) ; minimum
- IN NS ns
- IN NS ns2
- IN MX 10 mail
- ns IN A 172.16.37.1
- ns2 IN A 172.16.37.2
- ns3 IN A 172.16.37.1
- mail IN A 172.16.37.1
- www IN A 172.16.37.2
- pop3 IN A 172.16.37.5
- ldap IN A 172.16.37.6
- ftp IN CNAME ns
- vim /var/named/172.16.zone
- $TTL 86400 ; 1 day
- $ORIGIN 37.16.172.in-addr.arpa.
- @ IN SOA ns.tech.mos.com. root.tech.mos.com. (
- 3 ; serial
- 3600 ; refresh (1 hour)
- 300 ; retry (5 minutes)
- 604800 ; expire (1 week)
- 86400 ; minimum (1 day)
- )
- NS ns.tech.mos.com.
- NS ns2.tech.mos.com.
- $ORIGIN 37.16.172.in-addr.arpa.
- 1 PTR ns.tech.mos.com.
- PTR mail.tech.mos.com.
- 2 PTR ns2.tech.mos.com.
- PTR www.tech.mos.com.
- 5 PTR pop3.tech.mos.com.
- 6 PTR ldap.tech.mos.com.
保存退出,检查权限,并重启服务即可,然后在三台服务器之间做测试,检查是服务是否正常。
