DNS服务子域委派，授权解析，负载均衡等功能原理解析实验（欢迎各位朋友莅临指教、讨论）...

最新推荐文章于 2024-06-10 15:31:03 发布

weixin_33768481

最新推荐文章于 2024-06-10 15:31:03 发布

阅读量187

点赞数

文章标签：运维

原文链接：http://blog.51cto.com/13616979/2088027

版权

一、DNS服务器简易架构图

二、实验操作步骤

~~~~~~~~~~~~~~~~1、设置客户端域名解析，使之指向缓存服务器~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[root@DNS131 ~]# cat /etc/resolv.conf

; generated by /usr/sbin/dhclient-script
search localdomain

nameserver 172.168.3.133

~~~~~~~~~~~~~~~~2、修改缓存服务器主配置文件的内容，使之实现转发功能~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[root@DNS133 ~]# cat /etc/named.conf

options
{
directory "/var/named"; //"Working" directory
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 172.168.3.133; };
allow-query { any; };

recursion yes;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
forward only;
forwarders { 172.168.3.134; };
};

logging
{
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

~~~~~~~~~~~~~~~~3、修改根域服务器主配置文件，并授权com/net子域~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

（1）、修改主配置文件，创建区域配置文件

[root@DNS134 named]# cat /etc/named.conf

recursion yes;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};

logging
{
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
type master;
file "root.zone";
};

（2）创建区域配置文件，并授权com/net域

[root@DNS134 named]# cat root.zone

$TTL 300
@                              IN         SOA             root.zone.com             treey.qq.com.   (
                                                                   0 ; serial
                                                                   1D ; refresh
                                                                   1H ; retry
                                                                   1W ; expire
                                                                   3H ) ; minimum

@ IN NS root.gz.com.
root.gz.com IN A 172.168.3.134

com. IN NS DNS129.gz.com. ###授权子域过程
DNS129.gz.com. IN A 172.168.3.129

net. IN NS DNS129.gz.com.
DNS129.gz.com. IN A 172.168.3.129

~~~~~~~~~~~~~~~~4、修改com/net域服务器主配置文件，并授权企业DNS服务器子域~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

（1）、修改主配置文件，创建区域配置文件

[root@DNS129 named]# cat /etc/named.conf

recursion yes;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};

logging
{
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "com." IN {
type master;
file "com.zone";
};

zone "net." IN {
type master;
file "net.zone";

（2）创建区域配置文件，并授权子域

$TTL 1D

@                       IN          SOA         jh          jh.qq.com (
                                                    0 ; serial
                                                    1D ; refresh
                                                    1H ; retry
                                                    1W ; expire
                                                    3H ) ; minimum

@ IN NS DNS129.gz.com.
DNS129.gz.com. IN A 172.168.3.129

myclass.com. IN NS DNS128.gz.com. ###授权子域
DNS128.gz.com. IN A 172.168.3.128

game.com. IN NS DNS128.gz.com.
DNS128.gz.com IN A 172.168.3.128

~~~~~~~~~~~~~~~~5、修改企业DNS服务器主配置文件，并在区域配置文件中解析子域IP~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

（1）、添加本服务器需解析的域名段

[root@DNS128 named]# cat /etc/named.conf

recursion no;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};

logging
{
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "myclass.com" IN {
type master;
file "myclass.com.zone";
};

zone "game.com" IN {
type master;
       file "game.com.zone";
};
zone "myclass.net" IN {
         type master;
         file "myclass.net.zone";
};

zone "game.net" IN {
type master;
file "game.net.zone";

（2）、解析com域中的game.com域

[root@DNS128 named]# cat game.com.zone

$TTL 1D
@              IN             SOA               DNS128.gz.com.             class.gz.com. (
                                                                          0   ; serial
                                                                          1D ; refresh
                                                                          1H ; retry
                                                                          1W ; expire
                                                                          3H ) ; minimum

@                      IN                 NS                  DNS128.gz.com.
DNS128              IN                 A                      172.168.3.128
www                  IN                 A                      192.168.30.10    ###域名解析至端，并且实现负载均衡
www              IN                 A                      192.168.30.9
www                  IN                 A                      192.168.30.8

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

以上内容若有瑕疵或者错误，望各位朋友不吝指教，大家互相学习，讨论！谢谢~~~~~~！

转载于:https://blog.51cto.com/13616979/2088027

weixin_33768481

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
DNS服务子域委派，授权解析，负载均衡等功能原理解析实验（欢迎各位朋友莅临指教、讨论）...

一、DNS服务器简易架构图二、实验操作步骤~~~~~~~~~~~~~~~~1、设置客户端域名解析，使之指向缓存服务器~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[root@DNS131 ~]# cat /etc/resolv.conf ; generated by /usr/sbin/dhclient-scriptsearch localdoma...
复制链接

扫一扫