DNS子域授权,转发,ACL篇(三)
来源:互联网 发布:linux telnet退出命令 编辑:程序博客网 时间:2024/06/05 05:28
服务器三台
master:
ip: 192.168.1.10
主域:angrybeans.com
子域的master:由master授权
ip : 192.168.1.9
主域:ops.angrybeans.com
子域的slave从服务器:
ip: 192.168.1.11
- 子域授权
master配置:
1./etc/named.conf
listen-on port 53 { 192.168.1.10; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
2. /var/named/angrybeans.zone
$TTL 3600
$ORIGIN angrybeans.com.
@ IN SOAns1admin (
2017012606
4H
2H
12H
1D
);
IN NSns1
IN NSns2
IN MX 10m1
IN MX 20m2
ops IN NS ns1.ops //授权子域NS记录
ops IN A 192.168.1.10 //授权子域A记录
ns1 IN A 192.168.1.10
ns2 IN A 192.168.1.9
a IN A192.168.1.2
b IN A192.168.1.3
子域的matser设置:
1./etc/named.conf
listen-on port 53 { 192.168.1.9; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
2. /var/named/ops.angrybeans.com
$TTL 3600
$ORIGIN ops.angrybeans.com.
@ IN SOAns1admin(
2016012601
3H
1H
4H
6H
)
IN NSns1
IN NSns2
ns1 IN A 192.168.1.23
ns2 IN A 192.168.1.24
子域的slave设置:
1./etc/named.conf
listen-on port 53 { 192.168.1.11; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
2./etc/named.rfc1912.zones
zone "ops.angrybeans.com" IN {
type slave;
file "slaves/ops.angrybeans.com";
masters { 192.168.1.9; };
};
- 域名转发
ns1.angrybeans.com就可以了,这里指定为master(192.168.1.10),以为192.168.1.10当然可以转发它自己了。下面配置192.168.1.11以192.168.1.10作为转发器。
type forward;
forward only;
forwarders { 192.168.1.10; };
};
[root@localhost ~]# dig -t A flower.angrybeans.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> -t A flower.angrybeans.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38321
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;flower.angrybeans.com. INA
;; ANSWER SECTION:
flower.angrybeans.com. 3305INA 192.168.1.4
;; AUTHORITY SECTION:
angrybeans.com. 3162INNS ns1.angrybeans.com.
angrybeans.com. 3162INNS ns2.angrybeans.com.
;; ADDITIONAL SECTION:
ns2.angrybeans.com. 3162INA 192.168.1.9
ns1.angrybeans.com. 3162INA 192.168.1.10
;; Query time: 0 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Tue Jan 26 19:01:22 2016
;; MSG SIZE rcvd: 123
- ACL访问控制
192.168.1.11;
127.0.0.1;
};
file "angrybeans.zone";
allow-transfer { none; } ;
};
- DNS子域授权,转发,ACL篇(三)
- DNS主从、子域授权,转发实验
- DNS子域授权及视图view功能的应用
- DNS子域授权,主从同步,视图智能DNS,安全特性
- DNS、BIND实现正向,反向,主/从,子域,转发,基本安全控制
- DNS服务器配置实验--正向解析、反向解析、主从解析、子域授权和bindview
- ACL授权实例
- kafka topic acl授权
- DNS子域委派
- DNS:授权DNS、Local DNS
- ACL系统授权与认证
- DNS转发 zz
- DNS详解,权威DNS,递归DNS,转发DNS,公共DNS
- DNS系列四:实现DNS子域和委派
- 使用ACL库编写DNS查询应用
- DNS BIND之ACL、View、ZONE介绍
- 创建子域的DNS服务器
- DNS区域委派与转发
- android反混淆工具
- System.setErr()
- d3js+svg
- Linux 动态库剖析
- perl 读取wx返回的json 唉!
- DNS子域授权,转发,ACL篇(三)
- Android dialog 强制弹出输入法
- Android图片虚化源码
- WEB 容器、WEB服务和应用服务器的区别与联系
- WebView的使用之Java和JavaScript互调
- Recursion Vs Iteration
- myEclipse 控制台右边的按钮作用
- 一张图看懂SpringMVC
- iOS中的.h,.m,.mm,.cpp等区别