创建DNS子域及view

author：JevonWei
版权声明：原创作品

---

子域

子域同父域在同一个服务器上

新建子域jevon.danran.com

1. vim /etc/named.rfc1912.zones

   zone "jevon.danran.com" IN {
   type master;
   file "jevon.danran.zone";
   allow-update { none; };
   };

2. 编辑jevon.danran.com域的数据库文件

   1. 编辑正向解析文件
      cp -p /var/named/danran.zone /var/named/jevon.danran.zone 带权限复制数据库文件
      vim /var/named/jevon.danran.zone
      $TTL 1D
      @ IN SOA ns1.jevon.danaran.com. dnsadmin.jevon.danran.com. (
      0 ; serial
      1D ; refresh
      1H ; retry
      1W ; expire
      3H ) ; minimum
      NS ns1.jevon.danran.com.
      NS ns2

       ns1     A       192.168.198.134
       ns2     A       192.168.198.11
      
       websrv  A       192.168.198.51
       ftpsrv  A       192.168.198.52
       www     CNAME   websrv  
      

   2. 编辑反向解析文件
      cp -p /var/named/IP.danran.zone /var/named/IP.jevon.danran.zone
      vim /var/named/IP.jevon.danran.zone
      $TTL 1D
      @ IN SOA ns1.jevon.danran.com. admin.jevon.danran.com. (
      0 ; serial
      1D ; refresh
      1H ; retry
      1W ; expire
      3H ) ; minimum
      NS @

               A       192.168.198.134
      
       134     PTR     ns1.jevon.danran.com.
       131     PTR     ns2.jevon.danran.com.
      
       51      PTR     websrv.jevon.danran.com.
       52      PTR     ftpsrv.jevon.danran.com.
      

3. 加载配置文件
   rndc reload

4. 访问测试
   dig www.jevon.danran.com @192.168.198.134

子域同父域不在同一台服务器上

新建子域zijie.danran.com

• 在主DNS上

  1. vim /etc/named.conf
     options {
     listen-on port 53 { localhost; }; 允许主机上的所有IP监听53号端口
     allow-query { any; }; 允许所有主机查询此DNS服务器
     dnssec-enable no; 与安全相关，设置为no
     dnssec-validation no; 与安全相关，设置为no

  2. vim /var/named/danran.zone
     $TTL 1D
     @ IN SOA ns1.danran.com. dnsadmin.danran.com. (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
     NS ns1.danran.com.

     zijie NS ns3
     ns3 A 192.168.198.11
     ns1 A 192.168.198.134

     dan A 192.168.198.40

     websrv A 192.168.198.51
     ftpsrv A 192.168.198.52
     www CNAME websrv

3. rndc reload

• 子域服务端

  4. vim /etc/named.rfc1912.zones
     zone "zijie.danran.com" IN {
     type master;
     file "zijie.danran.zone";
     };

  5. vim /var/named/zijie.danran.zone
     @ IN SOA ns1.zijie.danran.com. dnsadmin (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
     NS ns1

     ns1 A 192.168.198.11

     dan A 192.168.198.140
     websrv A 192.168.198.151
     ftpsrv A 192.168.198.152
     www CNAME websrv

  6. vim /var/named/zijie.IP.danran.zone
     $TTL 1D
     @ IN SOA ns1 admin (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
     NS @

          A       192.168.198.11
     

     11 PTR ns1

     150 PTR websrv
     151 PTR websrv
     152 PTR ftpsrv

     110 PTR test.com

  7. rndc reload //加载配置文件

  8. 客户端访问测试
     dig www.zijie.danran.com @192.168.198.134

view

从不同源地址发出的请求，返回不同的查询结果

• 主DNS服务器

  1. 创建不同地区的数据库
     vim /var/named/danran.zone.bj
     $TTL 1D
     @ IN SOA ns1 dnsadmin (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
     NS ns1

      ns1     A       192.168.198.134
     
      websrv  A       192.168.198.51
      www     CNAME   websrv
     

     vim /var/named/danran.zone.bj
     $TTL 1D
     @ IN SOA ns1 dnsadmin.danran.com. (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
     NS ns1.danran.com.

      ns1     A       192.168.198.134
      websrv  A       192.168.198.251
      www     CNAME   websrv
     

     vim /var/named/danran.zone
     @ IN SOA ns1 dnsadmin (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
     NS ns1

     ns1 A 192.168.198.134

     websrv A 192.168.198.60
     www CNAME websrv

  2. 编辑配置文件
     vim /etc/named.conf
     acl beijing {
     192.168.198.11;
     192.168.10.0/24;
     }; eijing的IP访问
     acl zhengzhou {192.168.198.131;};zhengzhou的IP访问
     acl other {any;};

      options {
          listen-on port 53 { any; };
          allow-query     { any; }; 
      view beijingview  {
          match-clients {beijing;}; \同acl beijing {192.168.198.11;};中的北京一致
          include "/etc/named.beijingview.zones";
      };
     
      view zhengzhouview  {
          match-clients {zhengzhou;}; \同acl zhengzhou {192.168.198.131;};中的zhengzhou一致
          include "/etc/named.zhengzhou.zones";
      };
     
      view otherview {
          match {other;};  \acl other {any;};的客户端
          include "/etc/named.rfc1912.zones";
      };
     

  3. vim /etc/named.rfc1912.zones
     zone "." IN {
     type hint
     file "named.ca";
     };
     zone "danran.com" IN {
     type master;
     file "danran.zone";
     };

  4. cat /etc/named.beijingview.zones 编辑beijing地区的区域配置文件，同/etc/named.conf记录一致
     zone "danran.com" IN {
     type master;
     file "danran.zone.bj";
     };

  5. vim /etc/named.zhengzhouview.zones编辑zhengzhou的区域配置文件
     zone "danran.com" IN {
     type master;
     file "danran.zone.zz";
     };

  6. rndc reload

DNS的相关知识请点击链接

http://119.23.52.191/dns服务/