服务器三台
master:
ip: 192.168.1.10
主域:angrybeans.com
子域的master:由master授权
ip : 192.168.1.9
主域:ops.angrybeans.com
子域的slave从服务器:
ip: 192.168.1.11
- 子域授权
master配置:
1./etc/named.conf
listen-on port 53 { 192.168.1.10; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
2. /var/named/angrybeans.zone
$TTL 3600
$ORIGIN angrybeans.com.
@ IN SOAns1 admin (
2017012606
4H
2H
12H
1D
);
IN NSns1
IN NSns2
IN MX 10m1
IN MX 20m2
ops IN NS ns1.ops //授权子域NS记录
ops IN A 192.168.1.10 //授权子域A记录
ns1 IN A 192.168.1.10
ns2 IN A 192.168.1.9
a IN A192.168.1.2
b IN A192.168.1.3
子域的matser设置:
1./etc/named.conf
listen-on port 53 { 192.168.1.9; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
2. /var/named/ops.angrybeans.com
$TTL 3600
$ORIGIN ops.angrybeans.com.
@ IN SOAns1 admin(
2016012601
3H
1H
4H
6H
)
IN NSns1
IN NSns2
ns1 IN A 192.168.1.23
ns2 IN A 192.168.1.24
子域的slave设置:
1./etc/named.conf
listen-on port 53 { 192.168.1.11; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
2./etc/named.rfc1912.zones
zone "ops.angrybeans.com" IN {
type slave;
file "slaves/ops.angrybeans.com";
masters { 192.168.1.9; };
};
- 域名转发
ns1.angrybeans.com就可以了,这里指定为master(192.168.1.10),以为192.168.1.10当然可以转发它自己了。下面配置192.168.1.11以192.168.1.10作为转发器。
type forward;
forward only;
forwarders { 192.168.1.10; };
};
[root@localhost ~]# dig -t A flower.angrybeans.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> -t A flower.angrybeans.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38321
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;flower.angrybeans.com. INA
;; ANSWER SECTION:
flower.angrybeans.com. 3305IN A 192.168.1.4
;; AUTHORITY SECTION:
angrybeans.com. 3162IN NS ns1.angrybeans.com.
angrybeans.com. 3162IN NS ns2.angrybeans.com.
;; ADDITIONAL SECTION:
ns2.angrybeans.com. 3162IN A 192.168.1.9
ns1.angrybeans.com. 3162IN A 192.168.1.10
;; Query time: 0 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Tue Jan 26 19:01:22 2016
;; MSG SIZE rcvd: 123
- ACL访问控制
192.168.1.11;
127.0.0.1;
};
file "angrybeans.zone";
allow-transfer { none; } ;
};