案例3 授权与转发

2020-01-14 15:50:09 浏览数 (1)

父域dns对子域dns实现授权,

子域对父域:1.改变根提示,把父域dns视为根

2.转发器

[root@host2 ~]# cd /media/cdrom

[root@host2 cdrom]# ll

[root@host2 cdrom]# cd Packages/

[root@host2 Packages]# ll bind*

-r--r--r--. 2 root root 4173752 Aug 282013 bind-9.8.2-0.17.rc1.el6

-r--r--r--. 2 root root72540 Aug 282013 bind-chroot-9.8.2-0.17.

-r--r--r--. 2 root root70488 Nov 25 03:29 bind-dyndb-ldap-2.3-5.e

-r--r--r--. 2 root root910676 Aug 282013 bind-libs-9.8.2-0.17.rc

-r--r--r--. 2 root root185116 Aug 282013 bind-utils-9.8.2-0.17.r

[root@host2 Packages]# yum --disablerepo --enablerepo=c6-media install bind bind-chroot bind-utils -y

Loaded plugins: fastestmirror, refresh-packagekit

Error getting repository data for --enablerepo=c6-media, repository not found

[root@host2 Packages]# yum --disablerepo=*--enablerepo=c6-media install bind bind-chroot bind-utils -y

Loaded plugins: fastestmirror, refresh-packagekit

Loading mirror speeds from cached hostfile

* c6-media: 

file:///media/CentOS/repodata/repomd.xml: [Errno 14] Could not open/read file:///media/CentOS/repodata/repomd.xml

Trying other mirror.

file:///media/cdrecorder/repodata/repomd.xml: [Errno 14] Could not open/read file:///media/cdrecorder/repodata/repomd.xml

Trying other mirror.

c6-media| 4.0 kB00:00 ... 

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package bind.i686 32:9.8.2-0.17.rc1.el6_4.6 will be installed

--> Processing Dependency: bind-libs = 32:9.8.2-0.17.rc1.el6_4.6 for package: 32:bind-9.8.2-0.17.rc1.el6_4.6.i686

--> Processing Dependency: liblwres.so.80 for package: 32:bind-9.8.2-0.17.rc1.el6_4.6.i686

--> Processing Dependency: libisccfg.so.82 for package: 32:bind-9.8.2-0.17.rc1.el6_4.6.i686

--> Processing Dependency: libisccc.so.80 for package: 32:bind-9.8.2-0.17.rc1.el6_4.6.i686

--> Processing Dependency: libisc.so.83 for package: 32:bind-9.8.2-0.17.rc1.el6_4.6.i686

--> Processing Dependency: libdns.so.81 for package: 32:bind-9.8.2-0.17.rc1.el6_4.6.i686

--> Processing Dependency: libbind9.so.80 for package: 32:bind-9.8.2-0.17.rc1.el6_4.6.i686

---> Package bind-chroot.i686 32:9.8.2-0.17.rc1.el6_4.6 will be installed

---> Package bind-utils.i686 32:9.8.2-0.17.rc1.el6_4.6 will be installed

--> Running transaction check

---> Package bind-libs.i686 32:9.8.2-0.17.rc1.el6_4.6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================

PackageArchVersionRepositorySize

======================================================================================================================

Installing:

bindi68632:9.8.2-0.17.rc1.el6_4.6c6-media4.0 M

bind-chrooti68632:9.8.2-0.17.rc1.el6_4.6 c6-media71 k

bind-utilsi68632:9.8.2-0.17.rc1.el6_4.6c6-media181 k

Installing for dependencies:

bind-libsi68632:9.8.2-0.17.rc1.el6_4.6c6-media889 k

Transaction Summary

======================================================================================================================

Install4 Package(s)

Total download size: 5.1 M

Installed size: 10 M

Downloading Packages:

----------------------------------------------------------------------------------------------------------------------

Total32 MB/s | 5.1 MB00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : 32:bind-libs-9.8.2-0.17.rc1.el6_4.6.i6861/4 

Installing : 32:bind-9.8.2-0.17.rc1.el6_4.6.i6862/4 

Installing : 32:bind-chroot-9.8.2-0.17.rc1.el6_4.6.i6863/4 

Installing : 32:bind-utils-9.8.2-0.17.rc1.el6_4.6.i6864/4 

Verifying: 32:bind-libs-9.8.2-0.17.rc1.el6_4.6.i6861/4 

Verifying: 32:bind-9.8.2-0.17.rc1.el6_4.6.i6862/4 

Verifying: 32:bind-chroot-9.8.2-0.17.rc1.el6_4.6.i6863/4 

Verifying: 32:bind-utils-9.8.2-0.17.rc1.el6_4.6.i6864/4 

Installed:

bind.i686 32:9.8.2-0.17.rc1.el6_4.6bind-chroot.i686 32:9.8.2-0.17.rc1.el6_4.6

bind-utils.i686 32:9.8.2-0.17.rc1.el6_4.6

Dependency Installed:

bind-libs.i686 32:9.8.2-0.17.rc1.el6_4.6

Complete!

在本地终端产生钥匙文件

[root@host2 `]rndc-confgen –a

产生钥匙文件

[root@host2 ]service named restart

[root@host2 ]netstat –tupln |grep 53

监控日志,从新执行

[root@host2 ~]# rndc reload

server reload successful

编辑主配置文件

[root@host2 chroot]# tail -f /var/log/messages

May9 23:35:27 host2 named[1712]: reloading configuration succeeded

May9 23:35:27 host2 named[1712]: reloading zones succeeded

[root@host2 chroot]# cd etc/

[root@host2 etc]# vim named.conf

10 options {

11listen-on port 53 { any; };

12listen-on-v6 port 53 { ::1; };

13directory"/var/named";

14dump-file"/var/named/data/cache_dump.db";

15statistics-file "/var/named/data/named_stats.txt";

16memstatistics-file "/var/named/data/named_mem_stats.txt";

17allow-query{ any; };

18recursion yes;

[root@host2 etc]# vim named.rfc1912.zones

[root@host2 etc]# cd /var/named/chroot/var/named/

[root@host2 named]# ll

total 32

drwxr-x---. 6 rootnamed 4096 May9 23:23 chroot

drwxrwx---. 2 named named 4096 May9 23:30 data

drwxrwx---. 2 named named 4096 May9 23:31 dynamic

-rw-r-----. 1 rootnamed 1892 Feb 182008 named.ca

-rw-r-----. 1 rootnamed152 Dec 152009 named.empty

-rw-r-----. 1 rootnamed152 Jun 212007 named.localhost

-rw-r-----. 1 rootnamed168 Dec 152009 named.loopback

drwxrwx---. 2 named named 4096 Aug 272013 slaves

[root@host2 named]# cp -p named.localhost abc.com.zone

[root@host2 named]# vim abc.com.zone

辑named.rfc1912.zones ,

[root@host2 ~]# cd /var/named/chroot/etc

[root@host2 etc]# vim named.rfc1912.zones 

zone "b.com" IN {[root@host2 ~]# cd /var/named/chroot/etc

type forward;

forwarders { 192.168.10.9; };

};

b.com 父域

1.[root@host2 ~]# cd /var/named/chroot/etc

声明2个区域 b.com 和bj.b.com

[root@centos etc]# vim named.rfc1912.zones 

zone "b.com" IN {

type master;

file "b.com.zone";

allow-update { none; };

};

zone "bj.b.com" IN {

type master;

file "bj.b.com.zone";

allow-update { none; };

};

2.给sh.b.com授权:

[root@host2 ~]# cd /var/named/chroot

[root@centos chroot]# cd var/named/

[root@centos named]# cp -p named.localhost b.com.zone

[root@centos named]# vim b.com.zone

$TTL 1D

@INSOAns.b.com.rname.invalid. (

2;serial

1D;refresh

1H;retry

1W;expire

3H ); minimum

@INNSns.b.com.

nsINA192.168.10.9

wwwINA1.1.1.1

sh.b.com.INNSns.sh.b.com.

ns.sh.b.com.INA192.168.10.10

3.北京子域

[root@host2 ~]# cd /var/named/chroot

[root@centos chroot]# cd var/named/

root@centos named]# cp -p named.localhost bj.b.com.zone

[root@centos named]# vim bj.b.com.zone 

$TTL 1D

@INSOAns.bj.b.com.rname.invalid. (

1;serial

1D;refresh

1H;retry

1W;expire

3H ); minimum

@INNSns.bj.b.com.

nsINA192.168.10.9

wwwINA2.2.2.2

测试:转发成功

PC 的dns指向192.168.10.10

C:Documents and SettingsAdministrator>nslookup www.sh.b.com

DNS request timed out.

timeout was 2 seconds.

*** Can't find server name for address 192.168.10.10: Timed ou

Server:UnKnown

Address:192.168.10.10

Name:www.sh.b.com

Address:3.3.3.3

C:Documents and SettingsAdministrator>nslookup www.b.com

DNS request timed out.

timeout was 2 seconds.

*** Can't find server name for address 192.168.10.10: Timed ou

Server:UnKnown

Address:192.168.10.10

Non-authoritative answer:

Name:www.b.com

Address:1.1.1.1

C:Documents and SettingsAdministrator>nslookup www.bj.b.co

DNS request timed out.

timeout was 2 seconds.

*** Can't find server name for address 192.168.10.10: Timed ou

Server:UnKnown

Address:192.168.10.10

Non-authoritative answer:

Name:www.bj.b.com

Address:2.2.2.2

0 人点赞