示意圖:
<a href="http://5645432.blog.51cto.com/attachment/201208/21/5635432_1345541702Jvjl.png"></a>
一、父域(gjp.com)的配置Red Hat Enterprise Linux 5.4
1.安裝DNS
[root@gjp99 ~]# mount /dev/cdrom /mnt/cdrom
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@gjp99 ~]# cd /mnt/cdrom/Server
[root@gjp99 Server]# ll bind*
-r--r--r-- 64 root root 1001253 Jul 31 2009 bind-9.3.6-4.P1.el5.i386.rpm
-r--r--r-- 64 root root 44959 Jul 31 2009 bind-chroot-9.3.6-4.P1.el5.i386.rpm
-r--r--r-- 73 root root 2900989 Jul 31 2009 bind-devel-9.3.6-4.P1.el5.i386.rpm
-r--r--r-- 73 root root 450930 Jul 31 2009 bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm
-r--r--r-- 76 root root 877241 Jul 31 2009 bind-libs-9.3.6-4.P1.el5.i386.rpm
-r--r--r-- 64 root root 233804 Jul 31 2009 bind-sdb-9.3.6-4.P1.el5.i386.rpm
-r--r--r-- 64 root root 173772 Jul 31 2009 bind-utils-9.3.6-4.P1.el5.i386.rpm
[root@gjp99 Server]# rpm -ivh bind-9.3.6-4.P1.el5.i386.rpm
warning: bind-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind ########################################### [100%]
[root@gjp99 Server]# rpm -ivh bind-chroot-9.3.6-4.P1.el5.i386.rpm
warning: bind-chroot-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
1:bind-chroot ########################################### [100%]
[root@gjp99 Server]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm
warning: caching-nameserver-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
1:caching-nameserver ########################################### [100%]
[root@gjp99 Server]# rpm -qip bind-9.3.6-4.P1.el5.i386.rpm
[root@gjp99 Server]# rpm -ql bind* //檢視安裝的檔案路徑
/etc/dbus-1/system.d/named.conf
/etc/logrotate.d/named
/etc/named.conf
/etc/rc.d/init.d/named
/etc/rndc.conf
/etc/rndc.key
2.DNS基本配置:
[root@gjp99 Server]# cd /var/named/chroot/
[root@gjp99 chroot]# ls
<b>dev etc var</b>
<b>[root@gjp99 chroot]# cd etc</b>
<b>[root@gjp99 etc]# ll</b>
<b>total 16</b>
<b>-rw-r--r-- 1 root root 405 Aug 2 21:30 localtime</b>
<b>-rw-r----- 1 root named 1230 Jul 30 2009 named.caching-nameserver.conf</b>
<b>-rw-r----- 1 root named 955 Jul 30 2009 named.rfc1912.zones</b>
<b>-rw-r----- 1 root named 113 Aug 20 19:29 rndc.key</b>
<b>[root@gjp99 etc]# cp -p named.caching-nameserver.conf named.conf</b>
<b>不加-p</b><b>的話 </b><b>所屬組為root</b><b>,服務啟動不了! //拷貝樣例檔案</b>
<b>total 20</b>
<b>-rw-r----- 1 root named 1230 Jul 30 2009 named.caching-nameserver.conf</b>
<b>-rw-r----- 1 root named 1230 Jul 30 2009 named.conf</b>
<b>[root@gjp99 etc]# vim named.conf</b>
<b>options {</b>
<b> listen-on port 53 { any; }; //</b><b>監聽端口</b>
<b> listen-on-v6 port 53 { ::1; };</b>
<b> directory "/var/named";</b><b>檢測的真實路徑:/var/named/chroot/var/named</b>
<b> dump-file "/var/named/data/cache_dump.db";</b>
<b> statistics-file "/var/named/data/named_stats.txt";</b>
<b> memstatistics-file "/var/named/data/named_mem_stats.txt";</b>
<b> allow-query { any; }; //</b><b>允許查詢</b>
<b> allow-query-cache { any; }; //</b><b>允許查詢緩存</b>
<b>};</b>
<b>logging {</b>
<b> channel default_debug {</b>
<b> file "data/named.run";</b>
<b> severity dynamic;</b>
<b> };</b>
<b>view localhost_resolver {</b>
<b> match-clients { any; }; //</b><b>比對用戶端</b>
<b> match-destinations { any; }; //</b><b>目的</b>
<b> recursion yes;</b>
<b> include "/etc/named.rfc1912.zones"; // </b><b>引用該檔案</b>
<b>[root@gjp99 etc]# vim named.rfc1912.zones</b>
<b>增加以下資訊:</b>
<b>zone "gjp.com" IN {</b>
<b> type master;</b>
<b> file "gjp.com.zone"; //</b><b>要生成該檔案</b>
<b> allow-update { none; };</b>
<b>[root@gjp99 chroot]# cd var/named/ //</b><b>注意準确路徑</b>
<b>[root@gjp99 named]# ll</b>
<b>total 36</b>
<b>drwxrwx--- 2 named named 4096 Aug 26 2004 data</b>
<b>-rw-r----- 1 root named 198 Jul 30 2009 localdomain.zone</b>
-rw-r----- 1 root named 195 Jul 30 2009 localhost.zone
<b>-rw-r----- 1 root named 427 Jul 30 2009 named.broadcast</b>
<b>-rw-r----- 1 root named 1892 Jul 30 2009 named.ca</b>
<b>-rw-r----- 1 root named 424 Jul 30 2009 named.ip6.local</b>
<b>-rw-r----- 1 root named 426 Jul 30 2009 named.local</b>
<b>-rw-r----- 1 root named 427 Jul 30 2009 named.zero</b>
<b>drwxrwx--- 2 named named 4096 Jul 27 2004 slaves</b>
<b>[root@gjp99 named]# cp -p localhost.zone gjp.com.zone //-p</b><b>可以換成-a</b>
<b>total 40</b>
<b>-rw-r----- 1 root named 195 Jul 30 2009 gjp.com.zone</b>
<b>-rw-r----- 1 root named 195 Jul 30 2009 localhost.zone</b>
<b>-rw-r----- 1 root named 1892 Jul 30 2009 named.ca //</b><b>根訓示檔案</b>
<b>[root@gjp99 named]#vim gjp.com.zone</b>
<b></b>
<b>[root@gjp99 named]# named-checkzone gjp.com gjp.com.zone</b>
<b>zone gjp.com/IN: loaded serial 42 OK</b>
<b>[root@gjp99 named]# named-checkconf /var/named/chroot/etc/named.conf</b>
<b>[root@gjp99 named]# service named start</b>
<b>Starting named: [ OK ]</b>
<b>[root@gjp99 ~]# tail -f /var/log/messages //</b><b>監控日志情況</b>
<b>用實機測試(hostonly </b><b>與 vmware1 </b><b>連接配接)</b>
<b> [root@gjp99 named]# vim /etc/resolv.conf //</b><b>編輯過之後,在linux</b><b>下才能使用nslookup</b>
<b>[root@gjp99 named]</b>
<b># rndc reload //</b><b>無需重新開機服務,隻改變更新的!</b>
<b>server reload successful</b>
<b>[root@gjp99 named]# nslookup www.gjp.com</b>
<b>Server: 192.168.2.100</b>
<b>Address: 192.168.2.100#53</b><b></b>
<b>Name: www.gjp.com</b>
<b>Address: 192.168.2.100</b>
<b>二、配置子域bj.gjp.com</b>
<b>[root@gjp99 etc]# pwd</b>
<b>/var/named/chroot/etc</b>
<b>[root@gjp99 etc]# vim named.rfc1912.zones</b>
<b>zone "bj.gjp.com" IN {</b>
<b> file "bj.gjp.com.zone";</b>
<b>[root@gjp99 ~]# cd /var/named/chroot/var/named</b>
<b> [root@gjp99 named]# cp -p gjp.com.zone bj.gjp.com.zone</b>
<b>total 44</b>
<b>-rw-r----- 1 root named 274 Aug 20 20:11 bj.gjp.com.zone</b>
<b>drwxrwx--- 2 named named 4096 Aug 20 20:23 data</b>
<b>-rw-r----- 1 root named 274 Aug 20 20:11 gjp.com.zone</b>
<b>[root@gjp99 named]# vim bj.gjp.com.zone</b>
<b>[root@gjp99 etc]# rndc reload</b>
<b>[root@gjp99 etc]# nslookup www.bj.gjp.com</b>
<b>Address: 192.168.2.100#53</b>
<b>Name: www.bj.gjp.com</b>
<b>Address: 192.168.3.100</b>
<b>Windows</b><b>下</b>
<a href="http://5645432.blog.51cto.com/attachment/201208/22/5635432_1345605885iyP5.png"></a>
<b>三、委派子域 sh.gjp.com</b>
<b>[root@gjp99 named]</b><b># vim gjp.com.zone</b>
<b>[root@gjp99 named]# rndc reload</b>
<b>四、将被委派的主機配置: </b><b>Red Hat Enterprise Linux 5.3</b><b></b>
<b>主機IP</b>
<b>Ping </b><b>父域所在的主機IP</b>
<b>安裝 </b><b>過程與父域主機相同</b>
<b>[root@www etc]# cp -p named.caching-nameserver.conf named.conf</b>
<b>[root@www etc]# pwd</b>
<b>[root@www etc]# cat named.conf</b>
<b> listen-on port 53 { any; };</b>
<b> directory "/var/named";</b>
<b> allow-query { any; };</b>
<b> match-clients { any; };</b>
<b> match-destinations { any; };</b>
<b> include "/etc/named.rfc1912.zones";</b>
<b>[root@www etc]# vim named.rfc1912.zones</b>
<b>增加以下記錄:</b>
<b>26 zone "sh.gjp.com" IN {</b>
<b> 27 type master;</b>
<b> 28 file "sh.gjp.com.zone";</b>
<b> 29 allow-update { none; };</b>
<b> 30 };</b>
<b>産生 sh.gjp.com.zone </b><b>檔案</b>
<b>[root@www named]# pwd</b>
<b>/var/named/chroot/var/named</b>
<b>[root@www named]# cp -p localdomain.zone sh.gjp.com.zone</b>
[root@www named]#vim sh.gjp.com.zone
<b>[root@www named]# service named start</b>
<b>啟動 named</b><b>: [</b><b>确定]</b>
<b>[root@www named]# vim /etc/resolv.conf</b>
<b>[root@www named]# rndc reload</b>
<b>[root@www named]# nslookup www.sh.gjp.com</b>
<b>Server: 192.168.2.12</b>
<b>Address: 192.168.2.12#53</b>
<b>Name: www.sh.gjp.com</b>
<b>Address: 192.168.4.100</b>
<b>在父域主機上測試:</b>
<b>[root@gjp99 named]# rndc flush //</b><b>清緩存!</b>
<b>[root@gjp99 named]# nslookup www.sh.gjp.com</b>
<b>Non-authoritative answer:</b>
<b>Name: www.sh.gjp.com</b>
<b>RHEL 5.3</b><b>被委派端:</b>
<b>無條件轉發:</b>
<b>[root@www ~]# cd /var/named/chroot/etc</b>
<b>[root@www etc]# vim named.conf</b>
<b>無條件轉發:forwarders {</b><b>空格ip ; </b><b>空格}</b><b>;</b>
<b>[root@www etc]# nslookup www.gjp.com</b>
<b>Name: www.gjp.com</b>
<b>Address: 192.168.2.100</b>
<b>[root@www etc]# nslookup www.bj.gjp.com</b>
<b>Name: www.bj.gjp.com</b>
<b>有條件轉發:</b>
<b>先删除上面的無條件轉發:forwarders{ }</b>
<b>增加如下資訊:</b>
<b>26 zone "gjp.com" IN {</b>
<b> 27 type forward;</b>
<b> 28 forwarders { 192.168.2.100; };</b>
<b> 29 };</b>
<b>[root@www etc]# rndc reload</b>
<b>[root@www etc]# rndc flush</b>
<b>[root@www etc]# nslookup www.gjp.com</b>
<b>Address: 192.168.2.100</b><b></b>
<b>四、用一台XP</b><b>系統測試:</b>
<b>1.把DNS</b><b>指向被委派的主機:(RHEL 5.3)</b>
<a href="http://5645432.blog.51cto.com/attachment/201208/22/5635432_1345605932xlx4.png"></a>
2.把DNS指向父域所在的dns伺服器IP
<a href="http://5645432.blog.51cto.com/attachment/201208/22/5635432_1345605960yaug.png"></a>
本文轉自 gjp0731 51CTO部落格,原文連結:http://blog.51cto.com/guojiping/969738