配置 DNS 辅助域名服务器和子域名服务器 一、规划说明： 主机 A: 双网卡 192.168.1.7 mydomain.org 主域名服务器 192.168.10.7 myzone.org 主域名服务器，其有两个子域，为 market.myzone.org 和 develog.myzone.org 主机 B：双网卡 192.168.1.6 mydomain.org 辅助域名服务器 192.168.10.6 market.myzone.org 子域名服务器 两台服务器均有 DNS 独立的日志，用以记录查询（query_logs）记录和错误 （err_logs）记录，以便于 DNS 后期管理；本文不过多涉及安全方面的问题。 安装过程请参照另一篇文章“Bind 9.4.0rc2 安装笔记（一步步学习配置简易 DNS）”。 二、主机A： 1. 主配置文件/etc/named.conf options directory “/var/named/“;version “0.0.0“; ; logging channel dns_errors file “/var/log/named/err_logs“ versions 3 size 10m;severity error;print-category yes;print-severity yes;print-time yes; ;channel dns_queries file “/var/log/named/query_logs“ versions 3 size 10m;severity info;print-category yes;print-severity yes;print-time yes;category default dns_errors; ;category queries dns_queries; ; ; zone “.“ type hint; file “named.ca“; ; zone “localhost“ type master;file “named.local“; ; zone “0.0.127.IN-addr.arpa“ type master;file “named.rev“; ; zone “mydomain.org“ type master;file “mydomain.org.zone“;allow-transfer 192.168.1.6/32; ; ;zone “myzone.org“ type master;file “myzone.org.zone“;allow-transfer 192.168.10.0/24; ; ; zone “10.168.192.in-addr.arpa“ type master;file “192.168.10.zone“;allow-transfer 192.168.10.0/24; ; ; zone “1.168.192.in-addr.arpa“ type master;file “192.168.1.zone“;allow-transfer 192.168.1.6/32; ; ; key “rndc-key“ algorithm hmac-md5;secret “oKLRLl8BolNj883OX1YcxQ=“; ; controls inet 127.0.0.1 port 953allow 127.0.0.1; keys “rndc-key“; ; ; # End of named.conf 2.域 mydomain.org 的正向解析文件/var/named/mydomain.org.zone $TTL 1D$ORIGIN mydomain.org. 1D IN SOA mydomain.org. root.mail.mydomain.org. ( 200703011H15M1W1D )IN NS ns.mydomain.org.IN MX 10 mail.mydomain.org. mydomain.org. IN A 192.168.1.7 #泛域名解析 ns IN A 192.168.1.7 mail IN A 192.168.1.100 www IN CNAME mail ftp IN CNAME mail 3.域 mydomain.org 的反向解析文件/var/named/192.168.1.zone $TTL 1D 1D IN SOA mydomain.org. root.mail.mydomain.org. ( 200703011H15M1W1D )IN NS ns.mydomain.org. 7 IN PTR marion.org. 7 IN PTR ns.mydomain.org. 100 IN PTR mail.mydomain.org. 4.域 myzone.org 的正向解析文件/var/named/myzone.org.zone # more /var/named/myzone.org.zone $TTL 1D $ORIGIN myzone.org. 1D IN SOA myzone.org. root.mail.myzone.org. ( 200703011H15M1W1D )IN NS ns.myzone.org.IN MX 10 mail.myzone.org. myzone.org. IN A 192.168.10.7 ns IN A 192.168.10.7 mail IN A 192.168.10.5 www IN CNAME mail ftp IN CNAME mail market IN NS ns.market #指明授权的子域market ns.market IN A 192.168.10.6 $ORIGIN develop.myzone.org. #指明授权的子域 develop,和上一种方法稍有不同.IN NS ns.develop.myzone.org. ns IN A 192.168.10.2 5.域 myzone.org 的反向解析文件/var/named/192.168.10.zone $TTL 1D 1D IN SOA myzone.org. root.mail.myzone.org. ( 200703011H15M1W1D )IN NS ns.myzone.org. 6 IN PTR ns.market.myzone.org 2 IN PTR ns.develop.myzone.org 7 IN PTR ns.myzone.org. 5 IN PTR mail.myzone.org. 7 IN PTR myzone.org. 三、主机B： 1.named 主配置文件/etc/named.conf options directory “/var/named/“;version “unknown“;forwarders 192.168.1.7; ; ; logging channel dns_errors file “/var/log/named/err_logs“ versions 3 size 10m;severity error;print-category yes;print-severity yes;print-time yes;channel dns_queries file “/var/log/named/query_logs“ versions 3 size 10m;severity info;print-category yes;print-severity yes;print-time yes;category default dns_errors; ;category queries dns_queries; ; ; zone “.“ type hint; file “named.ca“; ; zone “localhost“ type master;file “named.local“; ; zone “0.0.127.IN-addr.arpa“ type master;file “named.rev“; ; zone “mydomain.org“ type slave;file “mydomain.org.zone“;masters 192.168.1.7; ; ; zone “1.168.192.in-addr.arpa“ type slave;file “192.168.1.zone“;