~~~~~~~~~~接上一篇linux下8种DNS功能的实现(一)~~~~~~~~~
八.DNS的子域授权
子在原有的域上再划分出一个区域并指定新DNS服务器。这样的做的好处可以减轻主DNS的压力,也有利于管理。
主:
[root@tx1 etc]# vim named.conf
options
{
listen-on port 53 {any;};
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-query {any;};
};
zone "tx.com" IN {
type master;
file "tx.com.zone";
[root@tx1 named]# vim tx.com.zone
$TTL 86400
@ IN SOA ns.tx.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.tx.com.
ns IN A 192.168.8.70
www IN A 192.168.8.64
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
th IN NS ns.th.tx.com.
ns.th IN A 192.168.8.71
从:
[root@tx2 etc]# vim named.conf
options
{
listen-on port 53 {any;};
directory "/var/named/slaves";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-query {any;};
};
zone "th.tx.com" IN {
type master;
file "th.tx.com.zone";
};
[root@tx2 etc]# cd ../var/named/slaves/
[root@tx2 slaves]# ls
[root@tx2 slaves]# vim th.tx.com.zone
$TTL 86400
@ IN SOA ns.th.tx.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.th.tx.com.
ns IN A 192.168.8.70
www IN A 192.168.8.64
客户端测试:
在/etc/resolv.conf 指定父域dns的ip
[root@tx3 ~]# nslookup www.tx.com
Server:192.168.8.70
Address:192.168.8.70#53
Name:www.tx.com
Address: 192.168.8.64
[root@tx3 ~]# nslookup www.th.tx.com
Server:192.168.8.70
Address:192.168.8.70#53
Non-authoritative answer:
Name:www.th.tx.com
Address: 192.168.8.64
九.DNS视图的配置
视图原理: 在主配置文件中,可以指定多个view, 如果DNS客户端所提交的查询满足第一个view的条件时,就会使用第一个view来进行解析,否 则就判断一下view,然后再进行解析。如果所有的 view都不满足条件时,BIND将返回Query refuset的消息。设置多个view的作用 在于可以根据不同的DNS客户端返回不同的解析结果。
视图的名字不要用关键字,不要重复。存在优先级顺序的
[root@tx1 etc]# vim named.conf
options
{
listen-on port 53 {any;};
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};
view cnc {
match-clients { 192.168.8.1; }; //声明可以访问的网段,这里拿一个ip举例
recursion no; //是否允许递归查询
zone "tx.com" {
type master;
file "tx.com.cnc";
};
};
view tel {
match-clients { 192.168.8.2; };
recursion no;
zone "tx.com" {
type master;
file "tx.com.tel";
};
};
view all {
match-clients { any; };
recursion no;
zone "tx.com" {
type master;
file "tx.com.all";
};
};
[root@tx1 named]# vim tx.com.cnc
$TTL 86400
@ IN SOA ns.tx.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.tx.com.
ns IN A 192.168.8.70
www IN A 1.1.1.1
[root@tx1 named]# vim tx.com.tel
@ IN NS ns.tx.com.
ns IN A 192.168.8.70
www IN A 2.2.2.2
[root@tx1 named]# vim tx.com.all
@ IN NS ns.tx.com.
ns IN A 192.168.8.70
www IN A 3.3.3.3
客户端测试:
十.DNS的轮询
一个FQDN对映多个IP,减轻只对一台服务器的访问压力。
[root@tx1 etc]# vim named.conf
options
{
listen-on port 53 {any;};
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-query {any;};
};
zone "tx.com" {
type master;
file "tx.com.zone";
};
[root@tx1 named]# vim tx.com.zone
$TTL 86400
@ IN SOA ns.tx.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.tx.com.
ns IN A 192.168.8.70
www IN A 192.168.8.64
www IN A 192.168.8.65
www IN A 192.168.8.66
客户端测试:
十一.DNS的别名
DNS的轮询是一个域名对应多个ip,DNS的别名就是一个ip对应多个域名,例如当一台机器同时提供www,mail等服务时,用DNS的别名功能还是很方便的
[root@tx1 etc]# vim named.conf
options
{
listen-on port 53 {any;};
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-query {any;};
};
zone "bb.com" {
type master;
file "bb.com.zone";
};
zone "aa.com" {
type master;
file "aa.com.zone";
};
[root@tx1 named]# vim aa.com.zone
$TTL 86400
@ IN SOA ns.aa.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.aa.com.
ns IN A 192.168.8.70
www IN CNAME
www.bb.com.
[root@tx1 named]# vim bb.com.zone
$TTL 86400
@ IN SOA ns.bb.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.bb.com.
ns IN A 192.168.8.70
www IN A 192.168.8.64
客户端测试
十二.DNS的泛解析
域名泛解析是指域名解析设置一条“*.tx.com”这种格式的A记录,并对应一个固定的IP.。那输入t1.tx.com或t2.tx。com或者其他 不正确的域名都能正确的访问。但这种方式不利于SEO(搜索引擎)的优化。优点:输入错的域名可以访问。缺点:例如DNS有一条t1.tx.com的记 录,当你再访问t1.tx.com 时就不是泛解析的内容了。
[root@tx1 etc]# vim named.conf
options
{
listen-on port 53 {any;};
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-query {any;};
};
zone "tx.com" {
type master;
file "tx.com.zone";
};
[root@tx1 named]# vim tx.com.zone
$TTL 86400
@ IN SOA ns.tx.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.tx.com.
ns IN A 192.168.8.70
$GENERATE 1-3 t$ A 192.168.8.$
客户端测试
十三.DNS的转发
forward DNS也称Cache-only DNS Server,只有转发和缓存的功能,那有什么用呢?某些公司有严格的上网规定,53号端口会被过滤掉,自然也就无法解析出主机名对应的ip,所以要搭建一个DNS转发的服务器
1.真正的DNS
[root@tx1 etc]# vim named.conf
options
{
listen-on port 53 {any;};
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};
zone "tx.com" {
type master;
file "tx.com.zone";
};
[root@tx1 named]# vim tx.com.zone
$TTL 86400
@ IN SOA ns.tx.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.tx.com.
ns IN A 192.168.8.70
www IN A 192.168.8.60
2. 转发的DNS
[root@tx2 etc]# vim named.conf
acl zf { //允许访问的客户端请求
192.168.8.1;
192.168.8.2;
};
options
{
listen-on port 53 {any;};
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
forward only; //转发模式
allow-query { zf;}; //转发acl里面定义的ip
forwarders {192.168.8.70;}; //真正的DNS服务器
};
3. 客户端测试
个人总结:终于写完了,过程中出现过很多错误,真心累啊,但是写博客最大的好处就是可以让你弄清楚一些细节的问题,另外能给别人讲明白才是真正的懂了,而且记忆更加深刻,希望对看到的人有帮助哦!!!
转载于:https://blog.51cto.com/tanxin/1177947
扫一扫
136
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
