由于本人水平有限,还请大家多多批评指正,共同提高(^_^)!
-----------那你魔鬼
区域转发:
实验环境:
和上篇博客的环境一样;
接着上篇做好的子域授权环境,继续做这次的实验;
全部转发:
只要不是本地所负责的区域,都统统转发
方法:
在被授权的节点172.16.3.3上
# 由上篇博客可知该节点负责解析域ops.stu3.com.
# 转发设置之前,该节点无法解析域stu3.com.
[root@localhost named]# dig -t A www.stu3.com @172.16.3.3
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.stu3.com @172.16.3.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32136
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.stu3.com. IN A
;; Query time: 11 msec
;; SERVER: 172.16.3.3#53(172.16.3.3)
;; WHEN: Thu Dec 11 00:41:28 2014
;; MSG SIZE rcvd: 30
# 编辑/etc/named.conf,把options选项修改为如下
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
forward only;
forwarders { 172.16.3.1; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
/* Path to ISC DLV key
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory /"/var/named/dynamic";
*/
};
# 其实也就是把如下两行加入上面的options中
forward only; # 该项设置:只要不是本地所负责的区域,仅仅转发出去;
forwarders { 172.16.3.1; }; # 转发给172.16.3.1节点,要它帮忙解析
# 重启bind
service named restart
# 可以看到,设置之后,该节点把域stu3.com.转发给了172.16.3.1节点,
# 带由172.16.3.1帮忙解析,把解析后的结果输出来
[root@localhost named]# dig -t A www.stu3.com @172.16.3.3
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.stu3.com @172.16.3.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9924
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.stu3.com. IN A
;; ANSWER SECTION:
www.stu3.com. 600 IN A 172.16.3.1
;; AUTHORITY SECTION:
stu3.com. 600 IN NS ns.stu3.com.
;; ADDITIONAL SECTION:
ns.stu3.com. 600 IN A 172.16.3.1
;; Query time: 12 msec
;; SERVER: 172.16.3.3#53(172.16.3.3)
;; WHEN: Thu Dec 11 00:52:52 2014
;; MSG SIZE rcvd: 79
某区域转发:
负责转发某个区域【在被授权的节点172.16.3.3】
# 原理:只负责转发某个域
# 比如只能转发域stu3.com.到其他节点帮忙解析,但是不能转发其他域
# 把/etc/named.conf里面上次加的那两行注释了
# forward only;
# forwarders { 172.16.3.1; };
# 向/etc/named.conf加入如下内容
zone "stu3.com" IN {
type forward; # 域类型为转发类型
forward only; # 对该域只负责转发
forwarders { 172.16.3.1; }; # 指定转发到节点172.16.3.1,让其帮忙解析该域
};
# 检查/etc/named.conf有无语法错误
[root@localhost named]# named-checkconf
[root@localhost named]#
# 重启bind
root@localhost named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
# 测试stu3.com.域,可以看到有解析结果
[root@localhost named]# dig -t A www.stu3.com @172.16.3.3
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.stu3.com @172.16.3.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48375
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.stu3.com. IN A
;; ANSWER SECTION:
www.stu3.com. 600 IN A 172.16.3.1
;; AUTHORITY SECTION:
stu3.com. 600 IN NS ns.stu3.com.
;; ADDITIONAL SECTION:
ns.stu3.com. 600 IN A 172.16.3.1
;; Query time: 7 msec
;; SERVER: 172.16.3.3#53(172.16.3.3)
;; WHEN: Thu Dec 11 01:58:30 2014
;; MSG SIZE rcvd: 79
# 测试xiaodu.com.域,可以看到,没有解析结果
[root@localhost named]# dig -t A www.xiaodu.com @172.16.3.3
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.xiaodu.com @172.16.3.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49570
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.xiaodu.com. IN A
;; Query time: 17 msec
;; SERVER: 172.16.3.3#53(172.16.3.3)
;; WHEN: Thu Dec 11 02:02:31 2014
;; MSG SIZE rcvd: 32
# 在上面两个测试中其实172.16.3.1对两个域都能解析
# 但是172.16.3.3只能把域stu3.com.转发给172.16.3.1
# 所以测试域xiaodu.com.的时候,没有解析结果
# 读者可以自己操作试试(^_^)
转载于:https://blog.51cto.com/wangjingshuai/1591181
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
