DNS子域之bind
Posted 丶旋律
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS子域之bind相关的知识,希望对你有一定的参考价值。
环境要求:
DNS主服务器:172.31.0.38
DNS从服务器:172.31.0.48
DNS子域服务器:172.31.0.20
DNS客户端:172.31.0.18
前提准备
关闭SElinux
[root@localhost ~]# sed -ri 's/^(SELINUX=).*/\\1disabled/' /etc/selinux/config
关闭防火墙
[root@localhost ~]# systemctl disable --now firewalld
时间同步
DNS主服务配置
[root@localhost named]# vim /var/named/longxuan.vip.zone
$TTL 1D
@ IN SOA master admin.longxuan.vip. (
2021050102 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave1
shenzhen NS shenzhencdn
master A 172.31.0.38
slave1 A 172.31.0.48
shenzhencdn A 172.31.0.20
重启服务
[root@localhost named]# rndc reload
server reload successful
20服务器安装软件
[root@CentOS-8 ~]# yum install bind -y
改配置文件
[root@CentOS-8 ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
// #建议关闭加密验证(yes改成no)
dnssec-enable no;
dnssec-validation no;
改配置文件
[root@CentOS-8 ~]# vim /etc/named.rfc1912.zones
zone "shenzhen.longxuan.vip" {
type master;
file "shenzhen.longxuan.vip.zone";
};
改配置文件
[root@CentOS-8 ~]# vim /var/named/shenzhen.longxuan.vip.zone
$TTL 86400
@ IN SOA ns1 admin (1 12H 10M 3D 1H)
NS ns1
ns1 A 172.31.0.20
www A 172.31.0.200
改权限并改所属组
[root@CentOS-8 ~]# chmod 640 /var/named/shenzhen.longxuan.vip.zone
[root@CentOS-8 ~]# chgrp named /var/named/shenzhen.longxuan.vip.zone
开机并启动
[root@CentOS-8 ~]# systemctl enable --now named
没有加子域客户端验证
[16:22:14 root@sz-kx-centos8 ~]# dig www.shenzhen.longxuan.vip
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> www.shenzhen.longxuan.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45064
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: cbabcafa3ac2d38c8c442299608fbbf90f9f92157fb41903 (good)
;; QUESTION SECTION:
;www.shenzhen.longxuan.vip. IN A
;; Query time: 1 msec
;; SERVER: 172.31.0.38#53(172.31.0.38)
;; WHEN: Mon May 03 17:01:46 CST 2021
;; MSG SIZE rcvd: 82
添加子域后客户端验证
[17:01:46 root@sz-kx-centos8 ~]# dig www.shenzhen.longxuan.vip
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> www.shenzhen.longxuan.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17948
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 73b817821a2525e67527f046608fbca1f8a9d531cb6b1a13 (good)
;; QUESTION SECTION:
;www.shenzhen.longxuan.vip. IN A
;; ANSWER SECTION:
www.shenzhen.longxuan.vip. 86400 IN A 172.31.0.200
;; AUTHORITY SECTION:
shenzhen.longxuan.vip. 86400 IN NS shenzhencdn.longxuan.vip.
;; ADDITIONAL SECTION:
shenzhencdn.longxuan.vip. 86400 IN A 172.31.0.20
;; Query time: 1 msec
;; SERVER: 172.31.0.38#53(172.31.0.38)
;; WHEN: Mon May 03 17:04:34 CST 2021
;; MSG SIZE rcvd: 140
以上是关于DNS子域之bind的主要内容,如果未能解决你的问题,请参考以下文章