You are here
马哥 20_02 _DNS子域授权 有大用
rndc:
正向区域:
SUB_ZONE_NAME IN NS NSSERVER_SUB_ZONE_NAME
NSSERVER_SUB_ZONE_NAME IN A IP
任何一个ns记录都有对应的A记录
在购买域名页面 建几个NS 和 A 记录
.com 子域中有几个名称服务器,父域中就应该有几条记录
mageedu.com. IN NS ns1.mageedu.com.
IN NS ns2.mageedu.com.
ns1.mageedu.com. IN A 172.16.100.1
ns2.mageedu.com. IN A 172.16.100.2
dig -t A www.baidu.com @172.16.100.1
.
.com
mageedu.com.
mageedu.com.
(子域的IP不一定要与父域的IP在同一个网段中,但是它们肯定要能够通过路由器彼此之间相互通信)
(假设子域只有一个名称服务器 fin.mageedu.com. 但是添加了两个记录,是不行的,因为一旦互联网上客户端请求时,mageedu.com.返回了第二个记录,就无法提供解析了,就会出麻烦了)
fin.mageedu.com. IN NS ns1.fin.mageedu.com.
fin.mageedu.com. IN NS ns2.fin.mageedu.com.
ns1.fin.mageedu.com. IN A 172.16.100.8
ns2.fin.mageedu.com. IN A 172.16.100.9
market.mageedu.com. IN NS ns1.market.mageedu.com.
ns1.market.mageedu.com. IN A 172.16.100.108
编辑父域主的dns服务器 ( 192.168.1.45 )
[root@localhost named]# pwd
/var/named
[root@localhost named]# vim mageedu.com.zone
$TTL 600
mageedu.com. IN SOA ns1.mageedu.com. admin.mageedu.com. (
2013040206 #序列号加1
1H
5M
2D
6H )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 192.168.1.45
ns2 IN A 192.168.1.15
mail IN A 192.168.1.15
www IN A 192.168.1.45
www IN A 192.168.1.25
ftp IN CNAME www
mageedu.com. IN A 192.168.1.45
pop IN A 192.168.1.45
*.mageedu.com. IN A 192.168.1.25
imap IN A 192.168.1.45
hello IN A 192.168.1.45
fin IN NS ns1.fin # 记录子域的dns
ns1.fin IN A 192.168.1.25
market IN NS ns1.market # 记录子域的dns
ns1.market IN A 192.168.1.35
[root@localhost named]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
rndc: connect failed: 127.0.0.1#953: connection refused
[root@localhost named]# rndc -c /etc/rndc.conf reload
rndc: connect failed: 127.0.0.1#953: connection refused
上面的rndc 命令不起作了 ,算了重启吧
[root@localhost named]# service named restart
Stopping named: . [确定]
Starting named: [确定]
[root@localhost named]#
看日志 已经通知传送了 父域主的dns服务器 ( 192.168.1.45 )
[root@localhost named]# tail /var/log/messages
Feb 11 18:53:03 localhost named[5372]: command channel listening on 192.168.1.45#953
Feb 11 18:53:03 localhost named[5372]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Feb 11 18:53:03 localhost named[5372]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2013040105
Feb 11 18:53:03 localhost named[5372]: zone mageedu.com/IN: loaded serial 2013040206
Feb 11 18:53:03 localhost named[5372]: zone localhost/IN: loaded serial 0
Feb 11 18:53:03 localhost named[5372]: running
Feb 11 18:53:03 localhost named[5372]: zone mageedu.com/IN: sending notifies (serial 2013040206)
Feb 11 18:53:03 localhost named[5372]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2013040105)
Feb 11 18:53:03 localhost named[5372]: client 192.168.1.15#34167: transfer of 'mageedu.com/IN': AXFR-style IXFR started
Feb 11 18:53:03 localhost named[5372]: client 192.168.1.15#34167: transfer of 'mageedu.com/IN': AXFR-style IXFR ended
[root@localhost named]#
父域从的dns服务器 ( 192.168.1.15 )
[root@localhost ~]# cd /var/named/slaves/
[root@localhost slaves]# ls
192.168.1.zone mageedu.com.zone
[root@localhost slaves]# cat mageedu.com.zone
$ORIGIN .
$TTL 600 ; 10 minutes
mageedu.com IN SOA ns1.mageedu.com. admin.mageedu.com. (
2013040206 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
172800 ; expire (2 days)
21600 ; minimum (6 hours)
)
NS ns1.mageedu.com.
NS ns2.mageedu.com.
A 192.168.1.45
MX 10 mail.mageedu.com.
$ORIGIN mageedu.com.
* A 192.168.1.25
fin NS ns1.fin
$ORIGIN fin.mageedu.com.
ns1 A 192.168.1.25
$ORIGIN mageedu.com.
ftp CNAME www
hello A 192.168.1.45
imap A 192.168.1.45
mail A 192.168.1.15
market NS ns1.market
$ORIGIN market.mageedu.com.
ns1 A 192.168.1.35
$ORIGIN mageedu.com.
ns1 A 192.168.1.45
ns2 A 192.168.1.15
pop A 192.168.1.45
www A 192.168.1.25
A 192.168.1.45
[root@localhost slaves]#
父域主的dns服务器 ( 192.168.1.15 )
看看 fin 这个子域的 ns 记录有没有
fin.mageedu.com 这个服务器 fin.mageedu.com 虽然不存在,但是ns记录 fin.mageedu.com 已经建立起来了
[root@localhost named]# dig -t NS fin.mageedu.com ( 或者 dig -t NS fin.mageedu.com @192.168.1.45 )
(fin.mageedu.com 对应的ip 192.168.1.25 ) 记录已经建立好了,但是如果 192.168.1.25 不在线就联系不上子域服务器 ;;;;;;;;;;;;;; 所以在父域上建立了这样的条目,它仍然是需要与子域通信
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.2 <<>> -t NS fin.mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4568
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;fin.mageedu.com. IN NS
;; Query time: 8 msec
;; SERVER: 192.168.1.45#53(192.168.1.45)
;; WHEN: Mon Feb 11 22:32:34 2019
;; MSG SIZE rcvd: 33
[root@localhost named]#
[root@localhost named]# dig -t A ns1.fin.mageedu.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.2 <<>> -t A ns1.fin.mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34212
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.fin.mageedu.com. IN A
;; Query time: 4 msec
;; SERVER: 192.168.1.45#53(192.168.1.45)
;; WHEN: Mon Feb 11 22:42:39 2019
;; MSG SIZE rcvd: 37
[root@localhost named]#
配置一下子域 (192.168.1.25)dns服务器 与正常安装dns服务器的过程是一样的
马哥的作法 配置ip地址
# setup
马哥的做法 改 dns配置
我本来就是这个 子域 (192.168.1.25)地址
,只需配置dns就可以了
# setup
这个 子域 (192.168.1.25)地址
重启下网络吧
[root@localhost ~]# service network restart
防火墙关掉吧
[root@localhost ~]# iptables -P INPUT ACCEPT
[root@localhost ~]# iptables -P OUTPUT ACCEPT
[root@localhost ~]# iptables -P FORWARD ACCEPT
[root@localhost ~]# iptables -F
[root@localhost ~]#
这个 子域 (192.168.1.25)地址
[root@localhost ~]# ping 192.168.0.55 可以ping通父域主dns服务器
[root@localhost ~]# ping 192.168.0.15 可以ping通父域从dns服务器
这个 子域 (192.168.1.25)地址 卸载 bind-libs 和 bind-utils
[root@localhost ~]# rpm -e bind-libs bind-utils
[root@localhost ~]#
[root@localhost ~]# yum install -y bind97 bind97-libs bind97-utils 安装bind97,共三个
:.,$d vim 末行模式,删除从当前行到最后一行
这个 子域 (192.168.1.25)地址 我们只做正向的 不做反向的吧
[root@localhost ~]# vim /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "fin.mageedu.com" IN {
type master;
file "fin.mageedu.com.zone";
};
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls -la
总计 76
drwxr-x--- 5 root named 4096 02-15 20:37 .
drwxr-xr-x 22 root root 4096 02-15 20:13 ..
drwxrwx--- 2 named named 4096 2014-03-24 data
drwxrwx--- 2 named named 4096 2014-03-24 dynamic
-rw-r--r-- 1 root root 0 02-15 20:37 fin.mageedu.com.zone
-rw-r----- 1 root named 1892 2008-02-18 named.ca
-rw-r----- 1 root named 152 2009-12-15 named.empty
-rw-r----- 1 root named 152 2007-06-21 named.localhost
-rw-r----- 1 root named 168 2009-12-15 named.loopback
drwxrwx--- 2 named named 4096 2014-03-24 slaves
[root@localhost named]# chgrp named fin.mageedu.com.zone
[root@localhost named]# ls -la
总计 76
drwxr-x--- 5 root named 4096 02-15 20:37 .
drwxr-xr-x 22 root root 4096 02-15 20:13 ..
drwxrwx--- 2 named named 4096 2014-03-24 data
drwxrwx--- 2 named named 4096 2014-03-24 dynamic
-rw-r--r-- 1 root named 0 02-15 20:37 fin.mageedu.com.zone
-rw-r----- 1 root named 1892 2008-02-18 named.ca
-rw-r----- 1 root named 152 2009-12-15 named.empty
-rw-r----- 1 root named 152 2007-06-21 named.localhost
-rw-r----- 1 root named 168 2009-12-15 named.loopback
drwxrwx--- 2 named named 4096 2014-03-24 slaves
[root@localhost named]#
[root@localhost named]# chmod 640 fin.mageedu.com.zone
[root@localhost named]# ls -la
总计 76
drwxr-x--- 5 root named 4096 02-15 20:37 .
drwxr-xr-x 22 root root 4096 02-15 20:13 ..
drwxrwx--- 2 named named 4096 2014-03-24 data
drwxrwx--- 2 named named 4096 2014-03-24 dynamic
-rw-r----- 1 root named 0 02-15 20:37 fin.mageedu.com.zone
-rw-r----- 1 root named 1892 2008-02-18 named.ca
-rw-r----- 1 root named 152 2009-12-15 named.empty
-rw-r----- 1 root named 152 2007-06-21 named.localhost
-rw-r----- 1 root named 168 2009-12-15 named.loopback
drwxrwx--- 2 named named 4096 2014-03-24 slaves
[root@localhost named]#
这个 子域 (192.168.1.25)地址
[root@localhost named]# vim fin.mageedu.com.zone
$TTL 600
fin.mageedu.com. IN SOA ns1.fin.mageedu.com. admin.fin.mageedu.com. (
2013040101
1H
5M
2D
6H )
IN NS ns1
IN MX 10 mail
ns1 IN: A 192.168.0.25
mail IN A 192.168.0.35
www IN A 192.168.0.25
[root@localhost named]# service named restart
Stopping named: [确定]
Starting named: [确定]
[root@localhost named]#
这个 子域 (192.168.1.25)地址 查A记录
[root@localhost named]# dig -t A www.fin.mageedu.com @192.168.0.25
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A www.fin.mageedu.com @192.168.0.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24858
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.fin.mageedu.com. IN A
;; ANSWER SECTION:
www.fin.mageedu.com. 600 IN A 192.168.0.25
;; AUTHORITY SECTION:
fin.mageedu.com. 600 IN NS ns1.fin.mageedu.com.
;; ADDITIONAL SECTION:
ns1.fin.mageedu.com. 600 IN A 192.168.0.25
;; Query time: 5 msec
;; SERVER: 192.168.0.25#53(192.168.0.25)
;; WHEN: Fri Feb 15 21:10:15 2019
;; MSG SIZE rcvd: 87
[root@localhost named]#
这个 子域 (192.168.1.25)地址 查NS记录
[root@localhost named]# dig -t NS fin.mageedu.com @192.168.0.25
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t NS fin.mageedu.com @192.168.0.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39557
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 (有aa)
;; QUESTION SECTION:
;fin.mageedu.com. IN NS
;; ANSWER SECTION:
fin.mageedu.com. 600 IN NS ns1.fin.mageedu.com.
;; ADDITIONAL SECTION:
ns1.fin.mageedu.com. 600 IN A 192.168.0.25
;; Query time: 2 msec
;; SERVER: 192.168.0.25#53(192.168.0.25)
;; WHEN: Fri Feb 15 21:11:18 2019
;; MSG SIZE rcvd: 67
[root@localhost named]#
到父域主dns (192.168.0.55) 上看看
( 需要提供 ns1.fin.mageedu.com子域,即子域要存在,让子域提供信息 ? 是吗)
[root@localhost named]# dig -t A ns1.fin.mageedu.com @192.168.0.55
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.2 <<>> -t A ns1.fin.mageedu.com @19 2.168.0.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44857
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 (没有aa)
;; QUESTION SECTION:
;ns1.fin.mageedu.com. IN A
;; ANSWER SECTION:
ns1.fin.mageedu.com. 600 IN A 192.168.0.25
;; AUTHORITY SECTION:
fin.mageedu.com. 600 IN NS ns1.fin.mageedu.com.
;; Query time: 38 msec
;; SERVER: 192.168.0.55#53(192.168.0.55)
;; WHEN: Fri Feb 15 21:16:00 2019
;; MSG SIZE rcvd: 67
[root@localhost named]#
到父域主dns (192.168.0.55) 上看看
[root@localhost named]# dig -t NS fin.mageedu.com @192.168.0.55
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.2 <<>> -t NS fin.mageedu.com @192.168.0.55 (是通过父域自己解析的)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61136
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 (没有aa)
(因为这是通过父域自己找,它自己没有 fin.mageedu.com 的答案,是间接通过子域找的)
;; QUESTION SECTION:
;fin.mageedu.com. IN NS
;; ANSWER SECTION:
fin.mageedu.com. 319 IN NS ns1.fin.mageedu.com.
;; ADDITIONAL SECTION:
ns1.fin.mageedu.com. 319 IN A 192.168.0.25
;; Query time: 3 msec
;; SERVER: 192.168.0.55#53(192.168.0.55)
;; WHEN: Fri Feb 15 21:20:41 2019
;; MSG SIZE rcvd: 67
到父域主dns (192.168.0.55) 上看看
[root@localhost named]#
dig -t 这里 t 为 type 就是后面指定解析的类型
[root@localhost named]# dig -t NS fin.mageedu.com @192.168.0.25
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.2 <<>> -t NS fin.mageedu.com @192.168.0.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49816
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
(有aa ,因为是用子域@192.168.0.25解析 fin.mageedu.com 的 )
;; QUESTION SECTION:
;fin.mageedu.com. IN NS
;; ANSWER SECTION:
fin.mageedu.com. 600 IN NS ns1.fin.mageedu.com.
;; ADDITIONAL SECTION:
ns1.fin.mageedu.com. 600 IN A 192.168.0.25
;; Query time: 13 msec
;; SERVER: 192.168.0.25#53(192.168.0.25)
;; WHEN: Fri Feb 15 21:25:09 2019
;; MSG SIZE rcvd: 67
[root@localhost named]#
用windows 测试下 nslookup 看看
设置dns服务器为 父域的主dns 192.168.0.55
下面得到权威答案
set q=A 设置 查询( q query )的类型为A记录
其实可以不用多次 set q=A
此时能解析出子域管理的域名,但是 是 非权威答案
直接把dns服务解析 指向子域 192.168.0.25
能解析 子域管理的域名 www.fin.mageedu.com 并且是权威答案
看能不能解析父域管理的域名,事实上是不能的
因为 子域不知道父域在哪里,因为不知道,所以先找根,根找com,com找mageedu.com
此时找到的 并不是我们自己的配置的 www.mageedu.com 而是互联网上马哥在网上注册的域名 , 它是非权威答案 (子域找不到父域 切记)
我们可以告诉子域 ,父域在哪里 (定义转发即可)
我们能够将子域所有的请求都转发给父域,而不是自己来解析,当然父域跟子域能够做递归才行
forward {only|first}
两个取值
only 如果解析不了,都转发给指定的服务器,如果那台服务器不给我们解析,就是必须要它给我们结果,不给我们结果就算了,
first 如果解析不了,首先转发给指定的服务器,如果那台服务器不给我们解析,我自己去找根
子域 dns 192.168.1.25
[root@localhost named]# vim /etc/named.conf
options {
directory "/var/named";
forward first;
forwarders { 192.168.1.45; }; #定义转发给谁,我们应该转发给父域 192.168.1.45
#这是全局配置,如果请求的是子域 fin.mageedu.com 自己解析,否则其它的域,都会转发出去
# 如果仅仅期望转发某一个域 (比如仅对父域 mageedu.com 转发,等下再说,暂时不动)
};
zone "." IN {
type hint;
file "named.ca";
#allow-transfer { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "fin.mageedu.com" IN {
type master;
file "fin.mageedu.com.zone";
};
子域 192.168.1.25
[root@localhost named]# service named restart
Stopping named: . [确定]
Starting named: [确定]
[root@localhost named]#
windows 上测试 nslookup
看看设置解析的dns为 子域 192.168.1.25
查子域 www.fin.mageedu.com 权威答案
查父域 www.mageedu.com 非权威答案
子域 dns 192.168.1.25
[root@localhost named]# dig +trace -t A www.baidu.com
事实上是转发给父域 192.168.1.45 找答案的,但是这里没有显示出来父域处理的过程
父域其实是不负责 www.baidu.com 的权威答案,所以转发出去意义不大
事实上对于子域而言,我们可以只转发对于父域的请求到父域,剩下的都自己来处理,只要自己能够上互联网就可以
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> +trace -t A www.baidu.com
;; global options: +cmd
. 518268 IN NS i.root-servers.net.
. 518268 IN NS k.root-servers.net.
. 518268 IN NS l.root-servers.net.
. 518268 IN NS a.root-servers.net.
. 518268 IN NS c.root-servers.net.
. 518268 IN NS d.root-servers.net.
. 518268 IN NS j.root-servers.net.
. 518268 IN NS m.root-servers.net.
. 518268 IN NS b.root-servers.net.
. 518268 IN NS g.root-servers.net.
. 518268 IN NS h.root-servers.net.
. 518268 IN NS e.root-servers.net.
. 518268 IN NS f.root-servers.net.
;; Received 508 bytes from 192.168.1.25#53(192.168.1.25) in 2 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
;; Received 491 bytes from 202.12.27.33#53(m.root-servers.net) in 720 ms
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns1.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
;; Received 201 bytes from 192.43.172.30#53(i.gtld-servers.net) in 387 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
;; Received 228 bytes from 180.76.76.92#53(ns7.baidu.com) in 11 ms
[root@localhost named]#
子域 dns 192.168.1.25
[root@localhost named]# vim /etc/named.conf
options {
directory "/var/named";
#forward first; # 把这两行移到最下面
#forwarders { 192.168.1.45; };
};
zone "." IN {
type hint;
file "named.ca";
#allow-transfer { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "fin.mageedu.com" IN {
type master;
file "fin.mageedu.com.zone";
};
zone "mageedu.com" IN { # 下面这个这实的功能是 只对 mageedu.com 区域的解析进行转发,对其它的区域的解析就不转发了
type forward; # 表示转发
forward first; # 表示 first 方式 首先转发给指定的服务器,如果那台服务器不给我们解析,我自己去找根
forwarders { 192.168.1.45; }; # 指定转发到哪个dns服务器
};
子域 dns 192.168.1.25
[root@localhost named]# named-checkconf
[root@localhost named]# service named restart
Stopping named: . [确定]
Starting named: [确定]
[root@localhost named]#
windows nslookup 看看
指定 解析服务器 子域 dns 服务器 192.168.1.25
可以解析 父域上的域名 www.mageedu.com
由此可见在子域 dns服务器192.168.1.25 /etc/named.conf 中
定义一个区域 (是我们的父区域 mageedu.com) 只将这个区域的请求转发,就可以了
在子域 dns 服务器192.168.1.25 中 请求百度 ,就不会在父域服务器中完成了,而是由子域服务器自身完成的
下面这两条可以写在全局的options当中,这将转发所有请求,(除了自己负责的域)
下面这两条写在某个区域里面,只负责转发对于这一个区域的请求
forward {only|first}
forwarders {};
zone "ZONE_NAME" IN {
type forward;
forward {only|first}
forwarders {};
};
在父域 dns 192.168.1.45 中
[root@localhost ~]# dig -t A www.baidu.com @192.168.1.45 (未执行)
192.168.1.45 肯定是不负责 www.baidu.com
我们想对.com的请求都直接转发给.com服务器,是可以的
我们可以对任何.com的请求直接转发给.com的服务器,
找到 .com的NS的A记录,把A记录填到那个forwarders中就可以了
看下.com的 dns 服务器
[root@localhost ~]# dig -t NS com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.2 <<>> -t NS com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33309
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;com. IN NS
;; ANSWER SECTION:
com. 170805 IN NS f.gtld-servers.net.
com. 170805 IN NS m.gtld-servers.net.
com. 170805 IN NS e.gtld-servers.net.
com. 170805 IN NS h.gtld-servers.net.
com. 170805 IN NS k.gtld-servers.net.
com. 170805 IN NS a.gtld-servers.net.
com. 170805 IN NS g.gtld-servers.net.
com. 170805 IN NS b.gtld-servers.net.
com. 170805 IN NS i.gtld-servers.net.
com. 170805 IN NS d.gtld-servers.net.
com. 170805 IN NS l.gtld-servers.net.
com. 170805 IN NS j.gtld-servers.net.
com. 170805 IN NS c.gtld-servers.net.
;; ADDITIONAL SECTION:
h.gtld-servers.net. 84406 IN A 192.54.112.30
h.gtld-servers.net. 84406 IN AAAA 2001:502:8cc::30
i.gtld-servers.net. 84406 IN A 192.43.172.30
i.gtld-servers.net. 84406 IN AAAA 2001:503:39c1::30
;; Query time: 251 msec
;; SERVER: 192.168.1.45#53(192.168.1.45)
;; WHEN: Tue Feb 12 19:06:08 2019
;; MSG SIZE rcvd: 333
[root@localhost ~]#