DNS域名解析子域之bind

环境要求：

DNS主服务器：172.31.0.38
DNS从服务器：172.31.0.48
DNS子域服务器：172.31.0.20
DNS客户端：172.31.0.18

前提准备

关闭SElinux
[root@localhost ~]# sed -ri 's/^(SELINUX=).*/1disabled/' /etc/selinux/config
关闭防火墙
[root@localhost ~]# systemctl disable --now firewalld
时间同步

DNS主服务配置

[root@localhost named]# vim /var/named/longxuan.vip.zone
$TTL 1D
@       IN SOA  master admin.longxuan.vip. (
                                2021050102      ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
             NS      master
             NS      slave1
shenzhen     NS      shenzhencdn
master       A       172.31.0.38
slave1       A       172.31.0.48
shenzhencdn  A       172.31.0.20

重启服务

[root@localhost named]# rndc reload
server reload successful

20服务器安装软件

[root@CentOS-8 ~]# yum install bind -y

改配置文件

[root@CentOS-8 ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; };

//#建议关闭加密验证（yes改成no）
dnssec-enable no;
dnssec-validation no;

改配置文件

[root@CentOS-8 ~]# vim /etc/named.rfc1912.zones
zone "shenzhen.longxuan.vip" {
    type master;
    file "shenzhen.longxuan.vip.zone";
};

改配置文件

[root@CentOS-8 ~]# vim /var/named/shenzhen.longxuan.vip.zone
$TTL 86400
@       IN  SOA   ns1 admin (1 12H 10M 3D 1H)
        NS  ns1
ns1     A   172.31.0.20
www     A   172.31.0.200

改权限并改所属组

[root@CentOS-8 ~]# chmod 640 /var/named/shenzhen.longxuan.vip.zone 
[root@CentOS-8 ~]# chgrp named /var/named/shenzhen.longxuan.vip.zone

开机并启动

[root@CentOS-8 ~]# systemctl enable --now named

没有加子域客户端验证

[16:22:14 root@sz-kx-centos8 ~]# dig www.shenzhen.longxuan.vip

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> www.shenzhen.longxuan.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45064
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: cbabcafa3ac2d38c8c442299608fbbf90f9f92157fb41903 (good)
;; QUESTION SECTION:
;www.shenzhen.longxuan.vip.	IN	A

;; Query time: 1 msec
;; SERVER: 172.31.0.38#53(172.31.0.38)
;; WHEN: Mon May 03 17:01:46 CST 2021
;; MSG SIZE  rcvd: 82

添加子域后客户端验证

[17:01:46 root@sz-kx-centos8 ~]# dig www.shenzhen.longxuan.vip

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> www.shenzhen.longxuan.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17948
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 73b817821a2525e67527f046608fbca1f8a9d531cb6b1a13 (good)
;; QUESTION SECTION:
;www.shenzhen.longxuan.vip.	IN	A

;; ANSWER SECTION:
www.shenzhen.longxuan.vip. 86400 IN	A	172.31.0.200

;; AUTHORITY SECTION:
shenzhen.longxuan.vip.	86400	IN	NS	shenzhencdn.longxuan.vip.

;; ADDITIONAL SECTION:
shenzhencdn.longxuan.vip. 86400	IN	A	172.31.0.20

;; Query time: 1 msec
;; SERVER: 172.31.0.38#53(172.31.0.38)
;; WHEN: Mon May 03 17:04:34 CST 2021
;; MSG SIZE  rcvd: 140