bind97:
/etc/named.conf
BIND程序的工作屬性
區域的定義
/etc/rndc.key
rndc: Remote Name Domain Controller
密鑰檔案
配置資訊:/etc/rndc.conf
/var/named/ 區域資料檔案
/etc/rc.d/init.d/named {start|stop|restart|status|reload}
二進制程式:named
bind-chroot:
預設:named
使用者:named
組:named
/var/named/chroot/
etc/named.conf
etc/rdnc.key
sbin/named
var/named/
[[email protected] ~]# yum list all |grep bind
This system is not registered with RHN.
RHN support will be disabled.
bind-libs.i386 30:9.3.6-4.P1.el5 installed
bind-utils.i386 30:9.3.6-4.P1.el5 installed
[[email protected] ~]# rpm -e bind-libs bind-utils
[[email protected] ~]# yum list all |grep bind
This system is not registered with RHN.
RHN support will be disabled.
bind.i386 30:9.3.6-4.P1.el5 Media
bind-chroot.i386 30:9.3.6-4.P1.el5 Media
一、bind安裝
bind97下載下傳位址:http://mirrors.ctyun.cn/centos/5/os/i386/CentOS/
[[email protected] ~]# rpm -ivh bind97-libs-9.7.0-21.P2.el5.i386.rpm
warning: bind97-libs-9.7.0-21.P2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ################################### [100%]
1:bind97-libs ################################# [100%]
[[email protected] ~]# rpm -ivh bind97-utils-9.7.0-21.P2.el5.i386.rpm
warning: bind97-utils-9.7.0-21.P2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ############################## [100%]
1:bind97-utils ############################ [100%]
[[email protected] ~]# rpm -ivh bind97-9.7.0-21.P2.el5.i386.rpm
warning: bind97-9.7.0-21.P2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ############################## [100%]
1:bind97 ############################### [100%]
二、文法錯誤判斷、日志檢視、服務啟動狀态
[[email protected] etc]# vi named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
[[email protected] etc]# named-checkconf
[[email protected] etc]# named-checkzone "." /var/named/named.ca
zone ./IN: has 0 SOA records
zone ./IN: not loaded due to errors.
[[email protected] etc]# named-checkzone "localhost" /var/named/named.localhost
zone localhost/IN: loaded serial 0
OK
[[email protected] etc]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
OK
[[email protected] etc]# service named start
Starting named: named: already running [ OK ]
[[email protected] etc]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[[email protected] etc]# tail /var/log/messages
Dec 13 15:37:16 test named[29856]: command channel listening on 127.0.0.1#953
Dec 13 15:37:16 test named[29856]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 13 15:37:16 test named[29856]: zone localhost/IN: loaded serial 0
Dec 13 15:37:16 test named[29856]: running
[[email protected] ~]# vi /etc/resolv.conf
nameserver 110.19.131.131
search localdomain
[[email protected] ~]# dig -t NS .
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6718
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 12
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 16803 IN NS i.root-servers.net.
. 16803 IN NS a.root-servers.net.
. 16803 IN NS e.root-servers.net.
. 16803 IN NS k.root-servers.net.
. 16803 IN NS d.root-servers.net.
. 16803 IN NS b.root-servers.net.
. 16803 IN NS g.root-servers.net.
. 16803 IN NS c.root-servers.net.
. 16803 IN NS l.root-servers.net.
. 16803 IN NS h.root-servers.net.
. 16803 IN NS f.root-servers.net.
. 16803 IN NS j.root-servers.net.
. 16803 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
i.root-servers.net. 86400 IN A 192.36.148.17
i.root-servers.net. 17019 IN AAAA 2001:7fe::53
a.root-servers.net. 17019 IN A 198.41.0.4
a.root-servers.net. 17019 IN AAAA 2001:503:ba3e::2:30
e.root-servers.net. 29300 IN A 192.203.230.10
e.root-servers.net. 86400 IN AAAA 2001:500:a8::e
k.root-servers.net. 29300 IN A 193.0.14.129
k.root-servers.net. 17019 IN AAAA 2001:7fd::1
d.root-servers.net. 29300 IN A 199.7.91.13
d.root-servers.net. 17019 IN AAAA 2001:500:2d::d
b.root-servers.net. 16803 IN A 192.228.79.201
b.root-servers.net. 17019 IN AAAA 2001:500:84::b
;; Query time: 38 msec
;; SERVER: 10.109.131.131#53(10.109.131.131)
;; WHEN: Wed Dec 14 08:14:20 2016
;; MSG SIZE rcvd: 505
[[email protected] ~]# ping www.163.com
PING 163.xdwscache.ourglb0.com (113.107.57.41) 56(84) bytes of data.
64 bytes from 113.107.57.41: icmp_seq=1 ttl=53 time=39.4 ms
64 bytes from 113.107.57.41: icmp_seq=2 ttl=53 time=38.3 ms
--- 163.xdwscache.ourglb0.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1013ms
rtt min/avg/max/mdev = 38.381/38.924/39.468/0.578 ms
[[email protected] ~]# chkconfig --list named
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[[email protected] ~]# chkconfig named on
[[email protected] ~]# chkconfig --list named
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[[email protected] ~]#
三、建立本地NS正向域
[[email protected] ~]# vi /etc/named.conf
... #新增以下部分
zone "jacktest.com" IN {
type master;
file "jacktest.com.zone";
};
[[email protected] ~]# named-checkconf /etc/named.conf
/etc/named.conf:24: missing ';' before end of file
[[email protected] named]# vi jacktest.com.zone #正向區域名稱
$TTL 600 #宏要加$
jacktest.com. IN SOA ns1.jacktest.com. admin.jacktest.com. (
20161214
1H
5M
2D
6H )
jacktest.com. IN NS ns1.jacktest.com.
IN MX 10 mail #域名可省,10為郵件等級
ns1 IN A 10.109.131.131
mail IN A 10.109.131.209
www IN A 10.109.131.209
www IN A 10.109.131.209
ftp IN CNAME www
[[email protected] named]# chown root:named jacktest.com.zone
[[email protected] named]# ll
total 32
drwxrwx--- 2 named named 4096 Dec 13 14:57 data
drwxrwx--- 2 named named 4096 Dec 13 14:58 dynamic
-rw-r----- 1 root named 207 Dec 14 10:08 jacktest.com.zone
-rw-r----- 1 root named 1892 Feb 18 2008 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Dec 13 15:48 slaves
[[email protected] named]# vi jacktest.com.zone #正向區域名稱
$TTL 600 #宏要加$
jacktest.com. IN SOA ns1.jacktest.com. admin.jacktest.com. (
20161214
1H
5M
2D
6H )
jacktest.com. IN NS ns1.jacktest.com.
IN MX 10 mail #域名可省,10為郵件等級
ns1 IN A 10.109.131.131
mail IN A 10.109.131.209
www IN A 10.109.131.209
www IN A 10.109.131.209
ftp IN CNAME www
四、語建立本地NS反向域
[[email protected] ~]# vi /etc/named.conf
... #新增以下部分
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
};
[[email protected] named]# cp -p jacktest.com.zone 192.168.1.zone #将正向複制為反向區域名稱
[[email protected] named]# vi jacktest.com.zone #修改反向區域名稱
$TTL 600 #宏要加$
@ IN SOA ns1.jacktest.com. admin.jacktest.com. (
20161214
1H
5M
2D
6H )
IN NS ns1.jacktest.com. // 最後一項必須是完整的記錄,句尾不可忘記寫上" . "
3 IN PTR ns1.jacktest.com.
3 IN PTR www.jacktest.com.
4 IN PTR mail.jacktest.com.
5 IN PTR www.jacktest.com.
dig -x 192.168.1.3
dig -x 192.168.1.4
dig +norecurse -t A www.163.com @192.168.1.3 #不遞歸查詢
dig +trace -t A www.baidu.com @192.168.1.3 #遞歸顯示查詢結果
五、更改配制檔案後即可限定查詢段
[[email protected] etc]# vi named.conf
options {
directory "/var/named";
allow-recursion { 192.168.1.0/24; }; //隻允許此IP段遞歸查詢
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; }; //none不允許所有用戶端發出傳送請求
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "jacktest.com" IN {
type master;
file "jacktest.com.zone";
allow-transfer { 192.168.1.5; }; //隻允許此IP發出傳送請求
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-transfer { 192.168.1.5; };
};
[[email protected] etc]# tail /var/log/messages
Dec 15 14:11:41 test named[7276]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2016121401
Dec 15 14:11:41 test named[7276]: zone jacktest.com/IN: loaded serial 20161214
Dec 15 14:11:41 test named[7276]: zone localhost/IN: loaded serial 0
Dec 15 14:11:41 test named[7276]: running
Dec 15 14:13:31 test named[7276]: client 192.168.1.5#58423: transfer of 'jacktest.com/IN': AXFR started
Dec 15 14:13:31 test named[7276]: client 192.168.1.5#58423: transfer of 'jacktest.com/IN': AXFR ended
六、設定從DNS伺服器
[[email protected] named]# setenforce 0
setenforce: SELinux is disabled
[[email protected] named]# scp 192.168.1.3:/etc/named.conf /etc/
The authenticity of host '192.168.1.3 (192.168.1.3)' can't be established.
RSA key fingerprint is c2:f2:75:5c:ab:4a:43:d3:e1:76:bc:d2:0f:c7:d6:32.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.3' (RSA) to the list of known hosts.
[email protected]'s password:
named.conf
[[email protected] etc]# vi /etc/named.conf
...
zone "jacktest.com" IN {
type slave;
file "slaves/jacktest.com.zone";
allow-transfer { 192.168.1.5; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.1.zone";
allow-transfer { 192.168.1.5; };
};
驗證:
[[email protected] slaves]# tail /var/log/messages #192.168.1.3主
Dec 15 15:43:35 test named[7595]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2016121401
Dec 15 15:43:35 test named[7595]: zone jacktest.com/IN: loaded serial 20161214
Dec 15 15:43:35 test named[7595]: zone localhost/IN: loaded serial 0
Dec 15 15:43:35 test named[7595]: running
Dec 15 15:44:12 test named[7595]: client 192.168.1.5#47432: transfer of 'jacktest.com/IN': AXFR started
Dec 15 15:44:12 test named[7595]: client 192.168.1.5#47432: transfer of 'jacktest.com/IN': AXFR ended
Dec 15 17:25:29 test named[7595]: client 192.168.1.5#34268: transfer of 'jacktest.com/IN': AXFR started
Dec 15 17:25:29 test named[7595]: client 192.168.1.5#34268: transfer of 'jacktest.com/IN': AXFR ended
Dec 15 17:25:29 test named[7595]: client 192.168.1.5#59389: transfer of '1.168.192.in-addr.arpa/IN': AXFR started #傳送開始
Dec 15 17:25:29 test named[7595]: client 192.168.1.5#59389: transfer of '1.168.192.in-addr.arpa/IN': AXFR ended #傳送結果
[[email protected] named]# tail /var/log/messages #192.168.1.5
Dec 15 17:28:13 jacktest named[10089]: zone localhost/IN: loaded serial 0
Dec 15 17:28:13 jacktest named[10089]: running
Dec 15 17:28:13 jacktest named[10089]: zone jacktest.com/IN: Transfer started.
Dec 15 17:28:13 jacktest named[10089]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: connected using 192.168.1.5#34268
Dec 15 17:28:13 jacktest named[10089]: zone jacktest.com/IN: transferred serial 20161214
Dec 15 17:28:13 jacktest named[10089]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: Transfer completed: 1 messages, 9 records, 233 bytes, 0.004 secs (58250 bytes/sec)
Dec 15 17:28:13 jacktest named[10089]: zone 1.168.192.in-addr.arpa/IN: Transfer started.
Dec 15 17:28:13 jacktest named[10089]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.3#53: connected using 192.168.1.5#59389
Dec 15 17:28:13 jacktest named[10089]: zone 1.168.192.in-addr.arpa/IN: transferred serial 2016121401
Dec 15 17:28:13 jacktest named[10089]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.3#53: Transfer completed: 1 messages, 7 records, 219 bytes, 0.002 secs (109500 bytes/sec)
七、測試NS自動更新到從伺服器
[[email protected] named]# vi jacktest.com.zone #192.168.1.3主
$TTL 600
jacktest.com. IN SOA ns1.jacktest.com. admin.jacktest.com. (
2016121404 #3改成4
...
imap IN A 192.168.1.6
haha IN A 192.168.1.7 #新增一條記錄
[[email protected] named]# service named reload
Reloading named: [ OK ]
[[email protected] named]# tail /var/log/messages #192.168.1.3主NS
Dec 16 10:05:53 test named[10112]: reloading configuration succeeded
Dec 16 10:05:53 test named[10112]: reloading zones succeeded
Dec 16 10:05:53 test named[10112]: zone jacktest.com/IN: loaded serial 2016121404
Dec 16 10:05:53 test named[10112]: zone jacktest.com/IN: sending notifies (serial 2016121404)
Dec 16 10:05:53 test named[10112]: client 192.168.1.5#50038: transfer of 'jacktest.com/IN': AXFR-style IXFR started
Dec 16 10:05:53 test named[10112]: client 192.168.1.5#50038: transfer of 'jacktest.com/IN': AXFR-style IXFR ended
[[email protected] named]# tail /var/log/messages #192.168.1.5從NS
Dec 16 10:08:38 jacktest named[12536]: client 192.168.1.3#6791: received notify for zone 'jacktest.com'
Dec 16 10:08:38 jacktest named[12536]: zone jacktest.com/IN: Transfer started.
Dec 16 10:08:38 jacktest named[12536]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: connected using 192.168.1.5#50038
Dec 16 10:08:38 jacktest named[12536]: zone jacktest.com/IN: transferred serial 2016121404
Dec 16 10:08:38 jacktest named[12536]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: Transfer completed: 1 messages, 13 records, 309 bytes, 0.002 secs (154500 bytes/sec)
Dec 16 10:08:38 jacktest named[12536]: zone jacktest.com/IN: sending notifies (serial 2016121404)
[[email protected] slaves]# cat jacktest.com.zone #192.168.1.5從NS
jacktest.com IN SOA ns1.jacktest.com. admin.jacktest.com. (
2016121404 ; serial
...
ftp CNAME www
haha A 192.168.1.7 #自動學習成功
八、開放遠端通路DC
Remote Name Daemon Control # [di:mn]守護程序
[[email protected] ~]# rndc-confgen > /etc/rndc.conf
[[email protected] ~]# cat /etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "PElKGniJbHk/esQ9zpN+xg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "PElKGniJbHk/esQ9zpN+xg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf #綠色部分複制添加到named.conf
[[email protected] ~]# rndc -c /etc/rndc.conf status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
[[email protected] ~]# rm /etc/rndc.key
rm: remove regular file `/etc/rndc.key'? y
[[email protected] ~]# rndc -c /etc/rndc.conf status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
[[email protected] ~]# service named restart
Stopping named: . [ OK ]
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[[email protected] ~]# rndc -c /etc/rndc.conf status
version: 9.7.0-P2-RedHat-9.7.0-21.P2.el5
CPUs found: 8
worker threads: 8
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[[email protected] ~]# rndc -c /etc/rndc.conf notify "jacktest.com"
zone notify queued
[[email protected] ~]# tail /var/log/messages
Dec 16 10:36:32 test named[10285]: received control channel command 'notify jacktest.com'
Dec 16 10:36:32 test named[10285]: zone jacktest.com/IN: sending notifies (serial 2016121404)
[[email protected] ~]# rndc -c /etc/rndc.conf flush
[[email protected] ~]# rndc -c /etc/rndc.conf stop
...
controls {
inet 192.168.1.3 port 953 #監聽位址
allow { 192.168.1.5; } keys { "rndc-key"; }; #允許通路192.168.1.3的IP
};
[[email protected] ~]# scp /etc/rndc.conf 192.168.1.5:/root/
[[email protected] ~]# vi /etc/rndc.conf #192.168.1.5從NS
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "PElKGniJbHk/esQ9zpN+xg==";
};
options {
default-key "rndc-key";
default-server 192.168.1.3;
default-port 953;
};
[[email protected] ~]# rndc -c rndc.conf status #192.168.1.5從NS,已可遠端通路
version: 9.7.0-P2-RedHat-9.7.0-21.P2.el5 #一般不開放遠端允許通路,非常危險
CPUs found: 8
worker threads: 8
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[[email protected] ~]#
九、子域及子域轉發(forward)
forward {only|first}
forwarders {};
zone "ZONE_NAME" IN {
type forward;
forward first;
forwarders {172.168.1.3};
};
新增子域伺服器192.168.1.8
[[email protected] ~]# vi fin.jacktest.com.zone #192.168.1.8 子DNS
$TTL 600 ; 10 minutes
@ IN SOA ns1.fin.jacktest.com. admin.fin.jacktest.com. (
2016121701 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
172800 ; expire (2 days)
21600 ; minimum (6 hours)
)
NS ns1.fin.jacktest.com.
MX 10 mail.fin.jacktest.com.
ns1 A 192.168.1.8
mail A 192.168.1.9
www A 192.168.1.10
[[email protected] ~]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
驗證子域
[[email protected] named]# dig -t A ns1.fin.jacktest.com @192.168.1.3 #通過主域可解析子域IP
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A ns1.fin.jacktest.com @192.168.1.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57664
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.fin.jacktest.com. IN A
;; ANSWER SECTION:
ns1.fin.jacktest.com. 600 IN A 192.168.1.8
;; AUTHORITY SECTION:
fin.jacktest.com. 600 IN NS ns1.fin.jacktest.com.
;; Query time: 3 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Sat Dec 17 11:11:13 2016
;; MSG SIZE rcvd: 68
[[email protected] named]# dig -t A ns1.fin.jacktest.com @192.168.1.8 #通過子域可解析子域IP
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A ns1.fin.jacktest.com @192.168.1.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.fin.jacktest.com. IN A
;; ANSWER SECTION:
ns1.fin.jacktest.com. 600 IN A 192.168.1.8
;; AUTHORITY SECTION:
fin.jacktest.com. 600 IN NS ns1.fin.jacktest.com.
;; Query time: 2 msec
;; SERVER: 192.168.1.8#53(192.168.1.8)
;; WHEN: Sat Dec 17 11:12:39 2016
;; MSG SIZE rcvd: 68
[[email protected] named]# nslookup
> server 192.168.1.3
Default server: 192.168.1.3
Address: 192.168.1.3#53
> set q=A
> www.jacktest.com
Server: 192.168.1.3 #通過伺服器192.168.1.3查找
Address: 192.168.1.3#53
Name: www.jacktest.com #查找出兩條記錄
Address: 192.168.1.3
Name: www.jacktest.com
Address: 192.168.1.5
> set q=A
> www.fin.jacktest.com
Server: 192.168.1.3 #通過此伺服器查找
Address: 192.168.1.3#53
Non-authoritative answer: #查找出一條記錄,有為非官方記錄
Name: www.fin.jacktest.com
Address: 192.168.1.10
> server 192.168.1.8
Default server: 192.168.1.8
Address: 192.168.1.8#53
> set q=A
> www.fin.jacktest.com
Server: 192.168.1.8 #通過伺服器192.168.1.8查找
Address: 192.168.1.8#53
Name: www.fin.jacktest.com #查找出一條記錄
Address: 192.168.1.10
> set q=A
> www.jacktest.com #通過子域伺服器192.168.1.8查找父域的A記錄
Server: 192.168.1.8
Address: 192.168.1.8#53
** server can't find www.jacktest.com.localdomain: SERVFAIL #子域無法查找父域的A記錄
>
預設子域無法查找父域資訊,定義轉發即可告訴子域
[[email protected] ~]# vi /etc/rndc.conf #192.168.1.8 子DNS 中新增以下部分
zone "jacktest.com" IN {
type forward;
forward first;
forwarders { 192.168.1.3; };
};
驗證:
[[email protected] named]# nslookup
> set q=A
> www.jacktest.com
Server: 192.168.1.8 #通過伺服器192.168.1.8查找
Address: 192.168.1.8#53
Non-authoritative answer:
Name: www.jacktest.com #新增forward後查找出兩條記錄
Address: 192.168.1.5
Name: www.jacktest.com
Address: 192.168.1.3
>
---end---
轉載于:https://blog.51cto.com/wangfx/1883580