[服务搭建] bind正反向配置 主从配置 子域配置 基本安全设置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[服务搭建] bind正反向配置 主从配置 子域配置 基本安全设置相关的知识,希望对你有一定的参考价值。
实验环境
系统 主机名 IP 备注
Centos6.8 nod1.wupeng.com 10.208.131.222 主服务器
Centos6.8 nod2.wupeng.com 10.208.131.228 从服务器
Centos6.8 nod3.wupeng.com 10.208.131.229 子域服务器
bind程序包:
bind:提供的dns server程序、以及几个常用的测试程序;
bind-libs:被bind和bind-utils包中的程序共同用到的库文件;
bind-utils:bind客户端程序集,例如dig, host, nslookup等;
bind-chroot:选装,让named运行于jail模式下;
对三台主机分别更改主机名 关闭防火墙以及关闭selinux (iptables和selinux保存配置后需要重启服务才能生效)
nod1更改主机
[[email protected] ~]# vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=nod1.wupeng.com
nod2更改主机
[[email protected] ~]# vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=nod2.wupeng.com
nod3更改主机
[[email protected] ~]# vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=nod3.wupeng.com
nod1清空防火墙规则
[[email protected] ~]# iptables -F [[email protected] ~]# service iptables save
nod2清空防火墙规则
[[email protected] ~]# iptables -F [[email protected] ~]# service iptables save
nod3清空防火墙规则
[[email protected] ~]# iptables -F [[email protected] ~]# service iptables save
nod1关闭selinux安全机制
[[email protected] ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config SELINUX=disabled
nod2关闭selinux安全机制
[[email protected] ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config SELINUX=disabled
nod3关闭selinux安全机制
[[email protected] ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config SELINUX=disabled
三台主机分别同步时间为一致 可以使用ntpdate命令来进行时间同步
[[email protected] ~]# yum install ntpdate -y
[[email protected] ~]# yum install ntpdate -y
[[email protected] ~]# yum install ntpdate -y
[[email protected] ~]# ntpdate ntp.api.bz
28 Jun 15:42:08 ntpdate[1598]: step time server 17.253.84.125 offset 856096.191423 sec
[[email protected] ~]# ntpdate ntp.api.bz
28 Jun 15:42:08 ntpdate[1577]: step time server 17.253.84.125 offset 854843.947376 sec
[[email protected] ~]# ntpdate ntp.api.bz
28 Jun 15:42:08 ntpdate[1593]: step time server 17.253.84.125 offset 599540.432080 sec
正向配置
在nod1主机上安装bind的相关软件
[[email protected] ~]# yum install bind bind-utils -y //bind-libs 这个库文件会进行依赖安装
编辑/etc/bind.conf主配置文件
[[email protected] ~]# vim /etc/named.conf
options { listen-on port 53 { 127.0.0.1; 10.208.131.222; }; //监听地址 // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; //允许的请求方式为所有人 recursion yes; dnssec-enable no; //安全机制为NO dnssec-validation no; //安全机制为NO /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; };
编辑/etc/named.rfc1912.zones创建正向区域文件
[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "wupeng.com" IN { type master; file "wupeng.com.zone"; };
利用模板创建一个wupeng.com域的区域数据文件 文件权限为640 属组为named
[[email protected] ~]# cd /var/named/
第一种: [[email protected] named]# cp -p named.localhost wupeng.com.zone 第二种: [[email protected] named]# cp -rf named.localhost wupeng.com.zone [[email protected] named]# chmod 640 wupeng.com.zone [[email protected] named]# chgrp named wupeng.com.zone
查看文件属性
[[email protected] named]# ll wupeng.com.zone -rw-r----- 1 root named 152 6月 21 2007 wupeng.com.zone
编辑wupeng.com.zone文件记录 NS和A记录
[[email protected] named]# vim wupeng.com.zone
$TTL 1D $ORIGIN wupeng.com. @ IN SOA ns1.wupeng.com. admin.wupeng.com. ( 2017062800 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.wupeng.com. ns1 IN A 10.208.131.222 www IN A 10.208.131.223
检测主配置文件和区域数据文件是否有错误
[[email protected] named]# named-checkconf //正确是没有任何提示 [[email protected] named]# named-checkzone wupeng.com /var/named/wupeng.com.zone zone wupeng.com/IN: loaded serial 2017062800 OK
启动bind服务 并测试正向解析是否成功
[[email protected] named]# service named start
Generating /etc/rndc.key: [确定]
启动 named: [确定]
测试:
[[email protected] named]# dig -t A www.wupeng.com @10.208.131.222
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t A www.wupeng.com @10.208.131.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33056
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.wupeng.com. IN A
;; ANSWER SECTION:
www.wupeng.com. 86400 IN A 10.208.131.223
;; AUTHORITY SECTION:
wupeng.com. 86400 IN NS ns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400 IN A 10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.222#53(10.208.131.222)
;; WHEN: Wed Jun 28 21:26:24 2017
;; MSG SIZE rcvd: 82
解释:
-t A www.wupeng.com 类型为A记录的域名
@10.208.131.222 以10.208.131.222的IP进行解析 无需在/etc/resolv.conf里进行设置
编辑/etc/named.rfc1912.zones创建反向区域文件
[[email protected] named]# vim /etc/named.rfc1912.zones zone "131.208.10.in-addr.arpa" IN { type master; file "10.208.131"; };
利用模板创建一个10.208.131.zone的区域数据文件 文件权限为640 属组为named
[[email protected] ~]# cd /var/named/
第一种: [[email protected] named]# cp -p named.loopback 10.208.131.zone 第二种: [[email protected] named]# cp -rf named.loopback 10.208.131.zone [[email protected] named]# chmod 640 wupeng.com.zone [[email protected] named]# chgrp named wupeng.com.zone
查看文件属性
[[email protected] named]# ll 10.208.131.zone
-rw-r----- 1 root named 263 6月 28 21:07 10.208.131.zone
编辑wupeng.com.zone文件记录 NS和PTR记录
[[email protected] named]# vim 10.208.131.zone $TTL 1D $ORIGIN 131.208.10.in-addr.arpa. @ IN SOA ns1.wupeng.com admin.wupeng.com. ( 2017062800 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.wupeng.com. 222 IN PTR ns1.wupeng.com. 223 IN PTR www.wupeng.com.
重新加载bind服务 并测试反向解析是否成功
[[email protected] named]# rndc reload
server reload successful
测试:
[[email protected] named]# dig -x 10.208.131.223 @10.208.131.222
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.223 @10.208.131.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54483
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;223.131.208.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
223.131.208.10.in-addr.arpa. 86400 IN PTR www.wupeng.com.
;; AUTHORITY SECTION:
131.208.10.in-addr.arpa. 86400 IN NS ns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400 IN A 10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.222#53(10.208.131.222)
;; WHEN: Wed Jun 28 21:19:16 2017
;; MSG SIZE rcvd: 107
主从复制
在主服务器添加从服务器的NS和A记录 并重新加载服务
$TTL 1D
$ORIGIN wupeng.com.
@ IN SOA ns1.wupeng.com. admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
ns1 IN A 10.208.131.222
ns2 IN A 10.208.131.228
www IN A 10.208.131.223
[[email protected] named]# rndc reload
server reload successful
在主机nod2上安装bind相关文件
[[email protected] ~]# yum install bind bind-utils -y
配置bind主文件
vim /etc/named.conf options { listen-on port 53 { 127.0.0.1; 10.208.131.228; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable no; dnssec-validation no; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; };
配置区域文件
[[email protected] ~]# vim /etc/named.rfc1912.zones zone "wupeng.com" IN { type slave; file "slaves/wupeng.com"; masters { 10.208.131.222; }; }; zone "131.208.10.in-addr.arpa" IN { type slave; file "10.208.131.zone"; masters { 10.208.131.222; }; };
检查配置是否有错误
[[email protected] ~]# named-checkconf
启动bind服务 查看区域数据是否传输到slaves目录下并测试
[[email protected] ~]# service named start
启动 named: [确定]
[[email protected] ~]# ll /var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 390 6月 28 21:55 10.208.131.zone
-rw-r--r-- 1 named named 335 6月 28 21:54 wupeng.com
测试:
[[email protected] ~]# dig www.wupeng.com @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.wupeng.com @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.wupeng.com. IN A
;; ANSWER SECTION:
www.wupeng.com. 86400 IN A 10.208.131.223
;; AUTHORITY SECTION:
wupeng.com. 86400 IN NS ns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400 IN A 10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 21:56:38 2017
;; MSG SIZE rcvd: 82
[[email protected] ~]# dig -x 10.208.131.223 @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.223 @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18940
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;223.131.208.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
223.131.208.10.in-addr.arpa. 86400 IN PTR www.wupeng.com.
;; AUTHORITY SECTION:
131.208.10.in-addr.arpa. 86400 IN NS ns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400 IN A 10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 21:57:05 2017
;; MSG SIZE rcvd: 107
在主服务器新增一条记录 在进行测试
[[email protected] named]# vim /var/named/wupeng.com.zone
$TTL 1D
$ORIGIN wupeng.com.
@ IN SOA ns1.wupeng.com. admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
ns1 IN A 10.208.131.222
ns2 IN A 10.208.131.228
www IN A 10.208.131.223
dns IN A 10.208.131.224
[[email protected] named]# vim 10.208.131.zone
$TTL 1D
$ORIGIN 131.208.10.in-addr.arpa.
@ IN SOA ns1.wupeng.com admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
222 IN PTR ns1.wupeng.com.
228 IN PTR ns2.wupeng.com.
223 IN PTR www.wupeng.com.
224 IN PTR dns.wupeng.com.
重新加载主服务器
[[email protected] named]# rndc reload
server reload successful
重新加载从服务器
[[email protected] ~]# rndc reload wupeng.com
zone refresh queued
[[email protected] ~]# rndc reload 131.208.10.in-addr.arpa
zone refresh queued
NOTE: rndc reload 在从服务器不生效 尝试过多次只能在后边加区域才生效
测试:
[[email protected] ~]# dig dns.wupeng.com @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> dns.wupeng.com @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30389
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;dns.wupeng.com. IN A
;; ANSWER SECTION:
dns.wupeng.com. 86400 IN A 10.208.131.224
;; AUTHORITY SECTION:
wupeng.com. 86400 IN NS ns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400 IN A 10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 22:29:46 2017
;; MSG SIZE rcvd: 82
[[email protected] ~]# dig -x 10.208.131.224 @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.224 @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20995
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;224.131.208.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
224.131.208.10.in-addr.arpa. 86400 IN PTR dns.wupeng.com.
;; AUTHORITY SECTION:
131.208.10.in-addr.arpa. 86400 IN NS ns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400 IN A 10.208.131.222
;; Query time: 1 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 22:30:07 2017
;; MSG SIZE rcvd: 107
子域配置
在主机nod3上安装bind相关软件 并配置主文件
[[email protected] ~]# yum install bind bind-utils -y [[email protected] ~]# vim /etc/named.conf options { listen-on port 53 { 127.0.0.1; 10.208.131.229; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable no; dnssec-validation no; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; [[email protected] ~]# vim /etc/named.rfc1912.zones zone "music.wupeng.com" IN { type master; file "music.wupeng.com.zone"; }; zone "wupeng.com" IN { //设置了转发功能才能进行查询和传输区域文件 type forward; forward only; forwarders { 10.208.131.222; 10.208.131.228; }; };
复制模板创建子域区域配置文件
[[email protected] named]# cp -p named.localhost music.wupeng.com.zone
[[email protected] named]# vim music.wupeng.com.zone
$TTL 1D
$ORIGIN music.wupeng.com.
@ IN SOA ns3.music.wupeng.com. admin.music.wupeng.com. (
2017062800 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns3.music
ns3.music IN A 10.208.131.229
www IN A 10.208.131.230
检测是否有配置错误
[[email protected] named]# named-checkzone music.wupeng.com /var/named/music.wupeng.com.zone
zone music.wupeng.com/IN: loaded serial 2017062800
OK
在主服务器添加子域的NS和A记录
[[email protected] named]# vim /etc/named.conf
$TTL 1D
$ORIGIN wupeng.com.
@ IN SOA ns1.wupeng.com. admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
ns1 IN A 10.208.131.222
ns2 IN A 10.208.131.228
www IN A 10.208.131.223
dns IN A 10.208.131.224
ns3 IN NS ns3.music
ns3.music IN A 10.208.131.229
重新加载主配置文件 启动nod3的bind的服务
[[email protected] named]# rndc reload
server reload successful
测试:
[[email protected] named]# dig www.music.wupeng.com @10.208.131.229
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.music.wupeng.com @10.208.131.229
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46119
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.music.wupeng.com. IN A
;; ANSWER SECTION:
www.music.wupeng.com. 86400 IN A 10.208.131.230
;; AUTHORITY SECTION:
music.wupeng.com. 86400 IN NS ns3.music.music.wupeng.com.
;; ADDITIONAL SECTION:
ns3.music.music.wupeng.com. 86400 IN A 10.208.131.229
;; Query time: 0 msec
;; SERVER: 10.208.131.229#53(10.208.131.229)
;; WHEN: Wed Jun 28 23:28:55 2017
;; MSG SIZE rcvd: 94
[[email protected] named]# dig www.wupeng.com @10.208.131.229
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.wupeng.com @10.208.131.229
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25255
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.wupeng.com. IN A
;; ANSWER SECTION:
www.wupeng.com. 86365 IN A 10.208.131.223
;; AUTHORITY SECTION:
wupeng.com. 86365 IN NS ns1.wupeng.com.
wupeng.com. 86365 IN NS ns2.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86365 IN A 10.208.131.222
ns2.wupeng.com. 86365 IN A 10.208.131.228
;; Query time: 13 msec
;; SERVER: 10.208.131.229#53(10.208.131.229)
;; WHEN: Wed Jun 28 23:29:06 2017
;; MSG SIZE rcvd: 116
[[email protected] named]# dig -t axfr wupeng.com @10.208.131.222 //全量区域传送
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.222
;; global options: +cmd
wupeng.com. 86400 IN SOA ns1.wupeng.com. admin.wupeng.com. 2017062802 86400 3600
604800 10800wupeng.com. 86400 IN NS ns1.wupeng.com.
wupeng.com. 86400 IN NS ns2.wupeng.com.
dns.wupeng.com. 86400 IN A 10.208.131.224
ns3.music.wupeng.com. 86400 IN A 10.208.131.229
ns1.wupeng.com. 86400 IN A 10.208.131.222
ns2.wupeng.com. 86400 IN A 10.208.131.228
ns3.wupeng.com. 86400 IN NS ns3.music.wupeng.com.
www.wupeng.com. 86400 IN A 10.208.131.223
wupeng.com. 86400 IN SOA ns1.wupeng.com. admin.wupeng.com. 2017062802 86400 3600
604800 10800;; Query time: 4 msec
;; SERVER: 10.208.131.222#53(10.208.131.222)
;; WHEN: Wed Jun 28 23:41:31 2017
;; XFR size: 10 records (messages 1, bytes 258)
可以进行全量传输区域数据 一般是不允许的 所以我们要进行安全配置
在主机nod1主配置文件上配置acl 只允许从服务器传输 全局之外定义
[[email protected] named]# vim /etc/named.conf acl slaves { 10.208.131.228; }; [[email protected] named]# vim /etc/named.rfc1912.zones zone "wupeng.com" IN { type master; file "wupeng.com.zone"; allow-transfer { slaves; }; allow-update { none; }; }; zone "131.208.10.in-addr.arpa" IN { type master; file "10.208.131.zone"; allow-transfer { slaves; }; allow-update { none; }; };
重新加载服务
[[email protected] named]# rndc reload
server reload successful
在主机nod2上配置文件不进行更新
zone "wupeng.com" IN { type slave; file "slaves/wupeng.com"; masters { 10.208.131.222; }; allow-transfer { none; }; allow-update { none; }; }; zone "131.208.10.in-addr.arpa" IN { type slave; file "slaves/10.208.131.zone"; masters { 10.208.131.222; }; allow-transfer { none; }; allow-update { none; }; };
重新加载服务
[[email protected] slaves]# rndc reload
server reload successful
测试
[[email protected] named]# dig -t axfr wupeng.com @10.208.131.222
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.222
;; global options: +cmd
; Transfer failed.
[[email protected] named]# dig -t axfr wupeng.com @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.228
;; global options: +cmd
; Transfer failed.
本文出自 “吴鹏的博客” 博客,请务必保留此出处http://sedlock.blog.51cto.com/3030387/1942884
以上是关于[服务搭建] bind正反向配置 主从配置 子域配置 基本安全设置的主要内容,如果未能解决你的问题,请参考以下文章
Linux----DNS服务器构建(反向解析,缓存服务器,主从服务器)!