为了更好完成DNS解析服务,我们可以搭建主从服务器,维护域服务的正常运转,并且主从服务器维护的是同一域名;但是在域名下还有很多子域,这时就需要用到子域授权,来关联父域和子域,共同完成域名解析;不同网段或区域访问同一资源,得到的DNS解析结果可能不同,这时就要用到Split View分离解析
就自己的理解向大家谈一下如何搭建子域服务器以及如何实现Split View分离解析:
1,实验准备:rhel5_A主机作为主DNS解析服务器并且需要实现分离解析,ip地址为:192.168.10.10,rhel_B作为子域DNS服务器,ip地址为192.168.10.12,Win7主机作为客户机测试,ip地址为:192.168.10.99;域名地址:single.com
2,配置三台主机的ip地址
3,查看父域主机软件是否安装
[root@ser1 ~]# rpm -q bind bind-chrootcaching-nameserver
package bind is not installed
package bind-chroot is not installed
package caching-nameserver is not installed……软件未安装
4,安装所需软件
[root@ser1 ~]# yum install -y bind bind-chrootcaching-nameserver
5,创建并编辑父域服务器主配置文件
(1)配置监听端口及网络有关限制
[root@ser1 ~]# cd /var/named/chroot/etc/
[root@ser1 etc]# cp –p named.caching-nameserver.conf named.conf
[root@ser1 etc]# vim named.conf
options {
listen-on port 53 { 192.168.10.10; };
listen-on-v6 port 53 { ::1; };
…..
allow-query { any; };
allow-query-cache{ any; };
……
view lt_resolver {
match-clients { any; };
match-destinations { any; };
(2)配置分离解析
接(1)
view localhost_resolver {
match-clients { 192.168.10.99; };
match-destinations { any; };
include"/etc/named.rfc1912.zones";
};
view yd_resolver {
match-clients { any; };
match-destinations { any; };
include"/etc/named.rfc1913.zones";
};
~
[root@ser1 etc]# vim named.rfc1912.zones
zone "single.com" IN {
typemaster;
file"single.com.zone";
};
zone "10.168.192.in-addr.arpa" IN {
typemaster;
file"192.168.10.arpa";
};
~
6, 创建named.rfc1913.zones文件并编辑
[root@ser1 etc]# cp -p named.rfc1912.zones named.rfc1913.zones
[root@ser1 etc]# vimnamed.rfc1913.zones
zone "single.com" IN {
typemaster;
file"single1.com.zone";
};
zone "10.168.192.in-addr.arpa" IN {
typemaster;
file"192.168.101.arpa";
};
7,配置区域配置文件
(1)配置子域授权正反向解析文件
[root@ser1 named]# cp -p named.local single.com.zone
[root@ser1 named]# vim single.com.zone
$TTL 86400
@ IN SOA single.com. root.single.com. (
2014030801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns1.single.com.
bg.single.com. IN NS dns1.bg.single.com.
dns1.bg.single.com. IN A 192.168.10.12
dns1 IN A 192.168.10.10
www IN A 192.168.10.11
~
[root@ser1 named]# cp -p single.com.zone192.168.10.arpa
[root@ser1 named]# vim 192.168.10.arpa
$TTL 86400
@ IN SOA single.com. root.single.com. (
2014030801; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum
IN NS dns1.single.com.
10 IN PTR dns1.single.com.
11 IN PTR www.single.com.
~
(2)配置分离解析正反向解析文件
[root@ser1 named]# cp -psingle.com.zonesingle1.com.zone
[root@ser1 named]# vim single1.com.zone
$TTL 86400
@ IN SOA single.com. root.single.com. (
2014030801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum
IN NS dns1.single.com.
bg.single.com. IN NS dns1.bg.single.com.
dns1.bg.single.com. IN A 192.168.10.12
dns1 IN A 192.168.10.10
www IN A 192.168.10.13
[root@ser1 named]# cp -p 192.168.10.arpa192.168.101.arpa
[root@ser1 named]# vim 192.168.101.arpa
$TTL 86400
@ IN SOA single.com. root.single.com. (
2014030801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum
IN NS dns1.single.com.
10 IN PTR dns1.single.com.
13 IN PTR www.single.com.
8,开启父域服务器
[root@ser1 named]# servicenamed start
启动named: [确定]
[root@ser1 named]# chkconfignamed on
9,配置子域服务器
(1)安装软件
[root@localhost ~]# yuminstall -y bind bind-chroot caching-nameserver
(2)创建编辑主配置文件
[root@localhost ~]# cd /var/named/chroot/etc/
[root@localhost etc]# cp -pnamed.caching-nameserver.conf named.conf
[root@localhost etc]# vimnamed.conf
……
options {
listen-on port 53 { 192.168.10.12; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";,
forwarders {192.168.10.10; }……[如果让子域服务器解析到父域里的主机则需要添加此条授权]
……
allow-query { any; };
allow-query-cache { any; };
…….
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
[root@localhost etc]# vim named.rfc1912.zones
zone "bg.single.com" IN {
typemaster;
file"bg.single.com.zone";
};
zone "192.168.10.in-addr.arpa" IN {
typemaster;
file"192.168.10.arpa";
};
(3)创建并编辑区域配置文件
[root@localhost named]# vimbg.single.com.zone
$TTL 86400
@ IN SOA bg.single.com. root.bg.single.com. (
2014030801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum
IN NS dns1.bg.single.com.
dns1 IN A 192.168.10.12
www IN A 192.168.10.15
[root@localhost named]# vim 192.168.10.arpa
$TTL 86400
@ IN SOA bg.single.com. root.bg.single.com. (
2014030801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum
IN NS dns1.bg.single.com.
12 IN PTR dns1.bg.single.com.
15 IN PTR www.bg.single.com.
(4)开启子域服务器
[root@localhost named]# servicenamed start
启动named: [确定]
[root@localhost named]# chkconfignamed on
10,验证配置
(1)验证子域授权
配置win7的DNS地址
验证:通过父域解析到子域中的地址
(2)验证分离解析
当win7地址为192.168.10.99的时候,验证www.single.com解析到的地址
修改win7主机的ip地址为192.168.10.100
验证www.single.com解析到的地址
