天天看點

Linux指令:DNS應用

bind97:

    /etc/named.conf

        BIND程序的工作屬性

        區域的定義

    /etc/rndc.key

        rndc: Remote Name Domain Controller

        密鑰檔案

        配置資訊:/etc/rndc.conf

    /var/named/    區域資料檔案

    /etc/rc.d/init.d/named    {start|stop|restart|status|reload}

    二進制程式:named

bind-chroot:

    預設:named

        使用者:named

        組:named

/var/named/chroot/

        etc/named.conf

        etc/rdnc.key

        sbin/named

        var/named/

[[email protected] ~]# yum list all |grep bind

This system is not registered with RHN.

RHN support will be disabled.

bind-libs.i386        30:9.3.6-4.P1.el5         installed

bind-utils.i386       30:9.3.6-4.P1.el5         installed

[[email protected] ~]# rpm -e bind-libs bind-utils

[[email protected] ~]# yum list all |grep bind

This system is not registered with RHN.

RHN support will be disabled.

bind.i386          30:9.3.6-4.P1.el5         Media

bind-chroot.i386     30:9.3.6-4.P1.el5         Media 

一、bind安裝

bind97下載下傳位址:http://mirrors.ctyun.cn/centos/5/os/i386/CentOS/

[[email protected] ~]# rpm -ivh bind97-libs-9.7.0-21.P2.el5.i386.rpm

warning: bind97-libs-9.7.0-21.P2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897

Preparing...    ################################### [100%]

   1:bind97-libs   ################################# [100%]

[[email protected] ~]# rpm -ivh bind97-utils-9.7.0-21.P2.el5.i386.rpm

warning: bind97-utils-9.7.0-21.P2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897

Preparing...       ############################## [100%]

   1:bind97-utils     ############################ [100%]

[[email protected] ~]# rpm -ivh bind97-9.7.0-21.P2.el5.i386.rpm

warning: bind97-9.7.0-21.P2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897

Preparing...     ############################## [100%]

   1:bind97    ############################### [100%]

二、文法錯誤判斷、日志檢視、服務啟動狀态

[[email protected] etc]# vi named.conf

options {

    directory    "/var/named";

};

zone "." IN {

    type hint;

    file "named.ca";

};

zone "localhost" IN {

    type master;

    file "named.localhost";

};

zone "0.0.127.in-addr.arpa" IN {

    type master;

    file "named.loopback";

};

[[email protected] etc]# named-checkconf

[[email protected] etc]# named-checkzone  "." /var/named/named.ca

zone ./IN: has 0 SOA records

zone ./IN: not loaded due to errors.

[[email protected] etc]# named-checkzone  "localhost" /var/named/named.localhost

zone localhost/IN: loaded serial 0

OK

[[email protected] etc]# named-checkzone  "0.0.127.in-addr.arpa" /var/named/named.loopback

zone 0.0.127.in-addr.arpa/IN: loaded serial 0

OK

[[email protected] etc]# service named start

Starting named: named: already running                     [  OK  ]

[[email protected] etc]# service named restart

Stopping named: .                                          [  OK  ]

Starting named:                                            [  OK  ]

[[email protected] etc]# tail /var/log/messages

Dec 13 15:37:16 test named[29856]: command channel listening on 127.0.0.1#953

Dec 13 15:37:16 test named[29856]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0

Dec 13 15:37:16 test named[29856]: zone localhost/IN: loaded serial 0

Dec 13 15:37:16 test named[29856]: running

[[email protected] ~]# vi /etc/resolv.conf

nameserver 110.19.131.131

search localdomain

[[email protected] ~]# dig -t NS .

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t NS .

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6718

;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 12

;; QUESTION SECTION:

;.                IN    NS

;; ANSWER SECTION:

.            16803    IN    NS    i.root-servers.net.

.            16803    IN    NS    a.root-servers.net.

.            16803    IN    NS    e.root-servers.net.

.            16803    IN    NS    k.root-servers.net.

.            16803    IN    NS    d.root-servers.net.

.            16803    IN    NS    b.root-servers.net.

.            16803    IN    NS    g.root-servers.net.

.            16803    IN    NS    c.root-servers.net.

.            16803    IN    NS    l.root-servers.net.

.            16803    IN    NS    h.root-servers.net.

.            16803    IN    NS    f.root-servers.net.

.            16803    IN    NS    j.root-servers.net.

.            16803    IN    NS    m.root-servers.net.

;; ADDITIONAL SECTION:

i.root-servers.net.    86400    IN    A    192.36.148.17

i.root-servers.net.    17019    IN    AAAA    2001:7fe::53

a.root-servers.net.    17019    IN    A    198.41.0.4

a.root-servers.net.    17019    IN    AAAA    2001:503:ba3e::2:30

e.root-servers.net.    29300    IN    A    192.203.230.10

e.root-servers.net.    86400    IN    AAAA    2001:500:a8::e

k.root-servers.net.    29300    IN    A    193.0.14.129

k.root-servers.net.    17019    IN    AAAA    2001:7fd::1

d.root-servers.net.    29300    IN    A    199.7.91.13

d.root-servers.net.    17019    IN    AAAA    2001:500:2d::d

b.root-servers.net.    16803    IN    A    192.228.79.201

b.root-servers.net.    17019    IN    AAAA    2001:500:84::b

;; Query time: 38 msec

;; SERVER: 10.109.131.131#53(10.109.131.131)

;; WHEN: Wed Dec 14 08:14:20 2016

;; MSG SIZE  rcvd: 505

[[email protected] ~]# ping www.163.com

PING 163.xdwscache.ourglb0.com (113.107.57.41) 56(84) bytes of data.

64 bytes from 113.107.57.41: icmp_seq=1 ttl=53 time=39.4 ms

64 bytes from 113.107.57.41: icmp_seq=2 ttl=53 time=38.3 ms

--- 163.xdwscache.ourglb0.com ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1013ms

rtt min/avg/max/mdev = 38.381/38.924/39.468/0.578 ms

[[email protected] ~]# chkconfig --list named

named    0:off    1:off    2:off    3:off    4:off    5:off    6:off

[[email protected] ~]# chkconfig  named on

[[email protected] ~]# chkconfig --list named

named    0:off    1:off    2:on    3:on    4:on    5:on    6:off

[[email protected] ~]#

三、建立本地NS正向域

[[email protected] ~]# vi  /etc/named.conf

...  #新增以下部分

zone "jacktest.com" IN {

        type master;

        file "jacktest.com.zone";

};

[[email protected] ~]# named-checkconf /etc/named.conf

/etc/named.conf:24: missing ';' before end of file

[[email protected] named]# vi jacktest.com.zone   #正向區域名稱

$TTL 600            #宏要加$

jacktest.com.   IN  SOA     ns1.jacktest.com.    admin.jacktest.com. (

                                20161214

                                1H

                                5M

                                2D

                                6H )

jacktest.com.   IN      NS      ns1.jacktest.com.

       IN      MX  10  mail    #域名可省,10為郵件等級

ns1         IN      A       10.109.131.131

mail        IN      A       10.109.131.209

www        IN      A       10.109.131.209

www       IN      A       10.109.131.209

ftp       IN      CNAME   www

[[email protected] named]# chown root:named jacktest.com.zone

[[email protected] named]# ll

total 32

drwxrwx--- 2 named named 4096 Dec 13 14:57 data

drwxrwx--- 2 named named 4096 Dec 13 14:58 dynamic

-rw-r----- 1 root  named  207 Dec 14 10:08 jacktest.com.zone

-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca

-rw-r----- 1 root  named  152 Dec 15  2009 named.empty

-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost

-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx--- 2 named named 4096 Dec 13 15:48 slaves

[[email protected] named]# vi jacktest.com.zone   #正向區域名稱

$TTL 600            #宏要加$

jacktest.com.  IN   SOA     ns1.jacktest.com.  admin.jacktest.com. (

                                20161214

                                1H

                                5M

                                2D

                                6H )

jacktest.com.   IN      NS      ns1.jacktest.com.

         IN      MX  10  mail     #域名可省,10為郵件等級

ns1          IN      A       10.109.131.131

mail         IN      A       10.109.131.209

www          IN      A       10.109.131.209

www         IN      A       10.109.131.209

ftp         IN      CNAME   www

四、語建立本地NS反向域

[[email protected] ~]# vi  /etc/named.conf

...  #新增以下部分

zone "1.168.192.in-addr.arpa" IN {

        type master;

        file "192.168.1.zone";

};

[[email protected] named]# cp -p jacktest.com.zone 192.168.1.zone     #将正向複制為反向區域名稱

[[email protected] named]# vi jacktest.com.zone   #修改反向區域名稱

$TTL 600            #宏要加$

@   IN   SOA   ns1.jacktest.com.  admin.jacktest.com. (

                                20161214

                                1H

                                5M

                                2D

                                6H )

   IN      NS      ns1.jacktest.com.  // 最後一項必須是完整的記錄,句尾不可忘記寫上" . "

3   IN      PTR      ns1.jacktest.com.

3   IN      PTR      www.jacktest.com.

4   IN      PTR      mail.jacktest.com.

5   IN      PTR      www.jacktest.com.

Linux指令:DNS應用

dig -x 192.168.1.3

Linux指令:DNS應用

dig -x 192.168.1.4

Linux指令:DNS應用

dig +norecurse -t A www.163.com @192.168.1.3   #不遞歸查詢

dig  +trace -t A www.baidu.com @192.168.1.3     #遞歸顯示查詢結果

五、更改配制檔案後即可限定查詢段

[[email protected] etc]# vi named.conf

options {

    directory    "/var/named";

    allow-recursion    { 192.168.1.0/24; };    //隻允許此IP段遞歸查詢

};

zone "." IN {

    type hint;

    file "named.ca";

};

zone "localhost" IN {

    type master;

    file "named.localhost";

    allow-transfer { none; };     //none不允許所有用戶端發出傳送請求 

};

zone "0.0.127.in-addr.arpa" IN {

    type master;

    file "named.loopback";

    allow-transfer { none; };

};

zone "jacktest.com" IN {

        type master;

        file "jacktest.com.zone";

    allow-transfer { 192.168.1.5; };    //隻允許此IP發出傳送請求

};

zone "1.168.192.in-addr.arpa" IN {

    type master;

    file "192.168.1.zone";

    allow-transfer { 192.168.1.5; };

};

Linux指令:DNS應用

[[email protected] etc]# tail /var/log/messages

Dec 15 14:11:41 test named[7276]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2016121401

Dec 15 14:11:41 test named[7276]: zone jacktest.com/IN: loaded serial 20161214

Dec 15 14:11:41 test named[7276]: zone localhost/IN: loaded serial 0

Dec 15 14:11:41 test named[7276]: running

Dec 15 14:13:31 test named[7276]: client 192.168.1.5#58423: transfer of 'jacktest.com/IN': AXFR started

Dec 15 14:13:31 test named[7276]: client 192.168.1.5#58423: transfer of 'jacktest.com/IN': AXFR ended

六、設定從DNS伺服器

[[email protected] named]# setenforce 0

setenforce: SELinux is disabled

[[email protected] named]# scp 192.168.1.3:/etc/named.conf /etc/

The authenticity of host '192.168.1.3 (192.168.1.3)' can't be established.

RSA key fingerprint is c2:f2:75:5c:ab:4a:43:d3:e1:76:bc:d2:0f:c7:d6:32.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.3' (RSA) to the list of known hosts.

[email protected]'s password:

named.conf              

[[email protected] etc]# vi /etc/named.conf

...

zone "jacktest.com" IN {

        type slave;

        file "slaves/jacktest.com.zone";

        allow-transfer { 192.168.1.5; };

};

zone "1.168.192.in-addr.arpa" IN {

        type slave;

        file "slaves/192.168.1.zone";

        allow-transfer { 192.168.1.5; };

};

驗證:

[[email protected] slaves]# tail /var/log/messages      #192.168.1.3主

Dec 15 15:43:35 test named[7595]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2016121401

Dec 15 15:43:35 test named[7595]: zone jacktest.com/IN: loaded serial 20161214

Dec 15 15:43:35 test named[7595]: zone localhost/IN: loaded serial 0

Dec 15 15:43:35 test named[7595]: running

Dec 15 15:44:12 test named[7595]: client 192.168.1.5#47432: transfer of 'jacktest.com/IN': AXFR started

Dec 15 15:44:12 test named[7595]: client 192.168.1.5#47432: transfer of 'jacktest.com/IN': AXFR ended

Dec 15 17:25:29 test named[7595]: client 192.168.1.5#34268: transfer of 'jacktest.com/IN': AXFR started

Dec 15 17:25:29 test named[7595]: client 192.168.1.5#34268: transfer of 'jacktest.com/IN': AXFR ended

Dec 15 17:25:29 test named[7595]: client 192.168.1.5#59389: transfer of '1.168.192.in-addr.arpa/IN': AXFR started    #傳送開始

Dec 15 17:25:29 test named[7595]: client 192.168.1.5#59389: transfer of '1.168.192.in-addr.arpa/IN': AXFR ended   #傳送結果

[[email protected] named]# tail /var/log/messages      #192.168.1.5

Dec 15 17:28:13 jacktest named[10089]: zone localhost/IN: loaded serial 0

Dec 15 17:28:13 jacktest named[10089]: running

Dec 15 17:28:13 jacktest named[10089]: zone jacktest.com/IN: Transfer started.

Dec 15 17:28:13 jacktest named[10089]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: connected using 192.168.1.5#34268

Dec 15 17:28:13 jacktest named[10089]: zone jacktest.com/IN: transferred serial 20161214

Dec 15 17:28:13 jacktest named[10089]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: Transfer completed: 1 messages, 9 records, 233 bytes, 0.004 secs (58250 bytes/sec)

Dec 15 17:28:13 jacktest named[10089]: zone 1.168.192.in-addr.arpa/IN: Transfer started.

Dec 15 17:28:13 jacktest named[10089]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.3#53: connected using 192.168.1.5#59389

Dec 15 17:28:13 jacktest named[10089]: zone 1.168.192.in-addr.arpa/IN: transferred serial 2016121401

Dec 15 17:28:13 jacktest named[10089]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.3#53: Transfer completed: 1 messages, 7 records, 219 bytes, 0.002 secs (109500 bytes/sec)

七、測試NS自動更新到從伺服器

[[email protected] named]# vi jacktest.com.zone     #192.168.1.3主

$TTL 600

jacktest.com.    IN    SOA    ns1.jacktest.com.    admin.jacktest.com. (

     2016121404     #3改成4

...

imap        IN    A    192.168.1.6

haha        IN    A    192.168.1.7    #新增一條記錄

[[email protected] named]# service named reload

Reloading named:                                           [  OK  ]

[[email protected] named]# tail /var/log/messages    #192.168.1.3主NS

Dec 16 10:05:53 test named[10112]: reloading configuration succeeded

Dec 16 10:05:53 test named[10112]: reloading zones succeeded

Dec 16 10:05:53 test named[10112]: zone jacktest.com/IN: loaded serial 2016121404

Dec 16 10:05:53 test named[10112]: zone jacktest.com/IN: sending notifies (serial 2016121404)

Dec 16 10:05:53 test named[10112]: client 192.168.1.5#50038: transfer of 'jacktest.com/IN': AXFR-style IXFR started

Dec 16 10:05:53 test named[10112]: client 192.168.1.5#50038: transfer of 'jacktest.com/IN': AXFR-style IXFR ended

[[email protected] named]# tail /var/log/messages    #192.168.1.5從NS

Dec 16 10:08:38 jacktest named[12536]: client 192.168.1.3#6791: received notify for zone 'jacktest.com'

Dec 16 10:08:38 jacktest named[12536]: zone jacktest.com/IN: Transfer started.

Dec 16 10:08:38 jacktest named[12536]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: connected using 192.168.1.5#50038

Dec 16 10:08:38 jacktest named[12536]: zone jacktest.com/IN: transferred serial 2016121404

Dec 16 10:08:38 jacktest named[12536]: transfer of 'jacktest.com/IN' from 192.168.1.3#53: Transfer completed: 1 messages, 13 records, 309 bytes, 0.002 secs (154500 bytes/sec)

Dec 16 10:08:38 jacktest named[12536]: zone jacktest.com/IN: sending notifies (serial 2016121404)

[[email protected] slaves]# cat jacktest.com.zone     #192.168.1.5從NS

jacktest.com  IN SOA    ns1.jacktest.com. admin.jacktest.com. (

         2016121404 ; serial

...

ftp       CNAME    www

haha       A    192.168.1.7    #自動學習成功

八、開放遠端通路DC

Remote Name Daemon Control    # [di:mn]守護程序

[[email protected] ~]# rndc-confgen > /etc/rndc.conf

[[email protected] ~]# cat /etc/rndc.conf

# Start of rndc.conf

key "rndc-key" {

    algorithm hmac-md5;

    secret "PElKGniJbHk/esQ9zpN+xg==";

};

options {

    default-key "rndc-key";

    default-server 127.0.0.1;

    default-port 953;

};

# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

#     algorithm hmac-md5;

#     secret "PElKGniJbHk/esQ9zpN+xg==";

# };

#

# controls {

#     inet 127.0.0.1 port 953

#         allow { 127.0.0.1; } keys { "rndc-key"; };

# };  

# End of named.conf    #綠色部分複制添加到named.conf 

[[email protected] ~]# rndc -c /etc/rndc.conf status

rndc: connection to remote host closed

This may indicate that

* the remote server is using an older version of the command protocol,

* this host is not authorized to connect,

* the clocks are not synchronized, or

* the key is invalid.

[[email protected] ~]# rm /etc/rndc.key

rm: remove regular file `/etc/rndc.key'? y

[[email protected] ~]# rndc -c /etc/rndc.conf status

rndc: connection to remote host closed

This may indicate that

* the remote server is using an older version of the command protocol,

* this host is not authorized to connect,

* the clocks are not synchronized, or

* the key is invalid.

[[email protected] ~]# service named restart

Stopping named: .                  [  OK  ]

Generating /etc/rndc.key:                 [  OK  ]

Starting named:                     [  OK  ]

[[email protected] ~]# rndc -c /etc/rndc.conf status

version: 9.7.0-P2-RedHat-9.7.0-21.P2.el5

CPUs found: 8

worker threads: 8

number of zones: 16

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

[[email protected] ~]# rndc -c /etc/rndc.conf notify "jacktest.com"

zone notify queued

[[email protected] ~]# tail /var/log/messages

Dec 16 10:36:32 test named[10285]: received control channel command 'notify jacktest.com'

Dec 16 10:36:32 test named[10285]: zone jacktest.com/IN: sending notifies (serial 2016121404)

[[email protected] ~]# rndc -c /etc/rndc.conf flush

[[email protected] ~]# rndc -c /etc/rndc.conf stop

...

controls {

        inet 192.168.1.3 port 953                  #監聽位址

                allow { 192.168.1.5; } keys { "rndc-key"; };       #允許通路192.168.1.3的IP

};

[[email protected] ~]# scp /etc/rndc.conf 192.168.1.5:/root/

[[email protected] ~]# vi /etc/rndc.conf      #192.168.1.5從NS

# Start of rndc.conf

key "rndc-key" {

        algorithm hmac-md5;

        secret "PElKGniJbHk/esQ9zpN+xg==";

};

options {

        default-key "rndc-key";

        default-server 192.168.1.3;

        default-port 953;

};

[[email protected] ~]# rndc -c rndc.conf status    #192.168.1.5從NS,已可遠端通路

version: 9.7.0-P2-RedHat-9.7.0-21.P2.el5      #一般不開放遠端允許通路,非常危險

CPUs found: 8

worker threads: 8

number of zones: 16

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

[[email protected] ~]#

九、子域及子域轉發(forward)

forward {only|first}

forwarders {};

zone "ZONE_NAME" IN {

    type forward;

    forward first;

    forwarders {172.168.1.3};

};

新增子域伺服器192.168.1.8

[[email protected] ~]# vi fin.jacktest.com.zone    #192.168.1.8 子DNS

$TTL 600     ; 10 minutes

@  IN SOA  ns1.fin.jacktest.com. admin.fin.jacktest.com. (

                      2016121701 ; serial

                      3600       ; refresh (1 hour)

                      300        ; retry (5 minutes)

                     172800     ; expire (2 days)

                      21600      ; minimum (6 hours)

                       )

          NS      ns1.fin.jacktest.com.

           MX      10 mail.fin.jacktest.com.

ns1           A       192.168.1.8

mail         A       192.168.1.9

www        A       192.168.1.10

[[email protected] ~]# service named restart

Stopping named: .                [  OK  ]

Starting named:                 [  OK  ]

驗證子域

[[email protected] named]# dig -t A ns1.fin.jacktest.com @192.168.1.3  #通過主域可解析子域IP

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A ns1.fin.jacktest.com @192.168.1.3

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57664

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;ns1.fin.jacktest.com.      IN    A

;; ANSWER SECTION:

ns1.fin.jacktest.com.   600   IN    A    192.168.1.8

;; AUTHORITY SECTION:

fin.jacktest.com.   600   IN   NS    ns1.fin.jacktest.com.

;; Query time: 3 msec

;; SERVER: 192.168.1.3#53(192.168.1.3)

;; WHEN: Sat Dec 17 11:11:13 2016

;; MSG SIZE  rcvd: 68

[[email protected] named]# dig -t A ns1.fin.jacktest.com @192.168.1.8   #通過子域可解析子域IP

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A ns1.fin.jacktest.com @192.168.1.8

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53646

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;ns1.fin.jacktest.com.    IN    A

;; ANSWER SECTION:

ns1.fin.jacktest.com.   600    IN    A    192.168.1.8

;; AUTHORITY SECTION:

fin.jacktest.com.   600   IN    NS    ns1.fin.jacktest.com.

;; Query time: 2 msec

;; SERVER: 192.168.1.8#53(192.168.1.8)

;; WHEN: Sat Dec 17 11:12:39 2016

;; MSG SIZE  rcvd: 68

[[email protected] named]# nslookup

> server 192.168.1.3

Default server: 192.168.1.3

Address: 192.168.1.3#53

> set q=A

> www.jacktest.com

Server:        192.168.1.3      #通過伺服器192.168.1.3查找

Address:    192.168.1.3#53

Name:    www.jacktest.com      #查找出兩條記錄

Address: 192.168.1.3

Name:    www.jacktest.com

Address: 192.168.1.5

> set q=A

> www.fin.jacktest.com

Server:        192.168.1.3     #通過此伺服器查找

Address:    192.168.1.3#53

Non-authoritative answer:     #查找出一條記錄,有為非官方記錄

Name:    www.fin.jacktest.com

Address: 192.168.1.10

> server 192.168.1.8

Default server: 192.168.1.8

Address: 192.168.1.8#53

> set q=A         

> www.fin.jacktest.com

Server:        192.168.1.8     #通過伺服器192.168.1.8查找

Address:    192.168.1.8#53

Name:    www.fin.jacktest.com     #查找出一條記錄  

Address: 192.168.1.10

> set q=A  

> www.jacktest.com    #通過子域伺服器192.168.1.8查找父域的A記錄 

Server:        192.168.1.8

Address:    192.168.1.8#53

** server can't find www.jacktest.com.localdomain: SERVFAIL    #子域無法查找父域的A記錄 

>

預設子域無法查找父域資訊,定義轉發即可告訴子域

[[email protected] ~]# vi /etc/rndc.conf      #192.168.1.8 子DNS 中新增以下部分

zone "jacktest.com" IN {

        type forward;

        forward first;

        forwarders { 192.168.1.3; };

 };

驗證:

[[email protected] named]# nslookup

> set q=A

> www.jacktest.com

Server:        192.168.1.8     #通過伺服器192.168.1.8查找

Address:    192.168.1.8#53

Non-authoritative answer:

Name:    www.jacktest.com    #新增forward後查找出兩條記錄   

Address: 192.168.1.5

Name:    www.jacktest.com

Address: 192.168.1.3

>

---end---

轉載于:https://blog.51cto.com/wangfx/1883580

繼續閱讀