bind雜記(3)

bind高級

回顧

配置成緩存名稱服務器

[root@www ~]# vim /etc/named.conf

//

options {
        //listen-on port 53 { 10.201.106.129; };
        /* listen-on-v6 port 53 { ::1; }; */
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        //allow-query     { any; };
        recursion yes;

        /*dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

         Path to ISC DLV key 
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
        */
};

查看DNS的TCP和UDP端口是否開啓

[root@www ~]# ss -tuln | grep :53
udp    UNCONN     0      0         10.201.106.129:53                    *:*     
udp    UNCONN     0      0              127.0.0.1:53                    *:*     
tcp    LISTEN     0      3         10.201.106.129:53                    *:*     
tcp    LISTEN     0      3              127.0.0.1:53                    *:*     
tcp    LISTEN     0      128                   :::53835                :::*     

定義正向和反向區域文件

vim /etc/named.rfc1912.conf
zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
};

zone "106.201.10.in-addr.arpa" IN {
        type master;
        file "10.201.106.zone";
};

重載服務
[root@www ~]# rndc reload
server reload successful

[root@www ~]# rndc reload
server reload successful
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[root@www ~]# tail /var/log/messages
Aug  3 13:39:42 qq named[19186]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Aug  3 13:39:42 qq named[19186]: error (network unreachable) resolving './DNSKEY/IN': 2001:7fe::53#53
Aug  3 13:39:53 qq named[19186]: received control channel command 'reload'
Aug  3 13:39:53 qq named[19186]: loading configuration from '/etc/named.conf'
Aug  3 13:39:53 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug  3 13:39:53 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug  3 13:39:53 qq named[19186]: sizing zone task pool based on 8 zones
Aug  3 13:39:54 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug  3 13:39:54 qq named[19186]: reloading configuration succeeded
Aug  3 13:39:54 qq named[19186]: reloading zones succeeded

創建正向區域解析庫文件

[root@www named]# vim zz.com.zone 

$TTL 1D
$ORIGIN zz.com.
@       IN      SOA     ns1.zz.com. admin.zz.com. (
                        2016042501
                        1H
                        5M
                        3D
                        1D )
        IN      NS      ns1
        IN      NS      ns2
ns1     IN      A       10.201.106.129
ns2     IN      A       10.201.106.128
www     IN      A       10.201.106.129
*       IN      A       10.201.106.129

[root@www named]# named-checkzone "zz.com" /var/named/zz.com.zone 
zone zz.com/IN: loaded serial 2016042501
OK

更改區域記錄文件權限

[root@www named]# chmod 640 zz.com.zone 
[root@www named]# chown :named zz.com.zone 
[root@www named]# ll zz.com.zone 
-rw-r----- 1 root named 217 Aug  3 14:09 zz.com.zone

重新加載named

[root@www named]# rndc reload
server reload successful
[root@www named]# tail /var/log/messages
Aug  3 14:14:07 qq named[19186]: received control channel command 'reload'
Aug  3 14:14:07 qq named[19186]: loading configuration from '/etc/named.conf'
Aug  3 14:14:07 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug  3 14:14:07 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug  3 14:14:07 qq named[19186]: sizing zone task pool based on 9 zones
Aug  3 14:14:07 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug  3 14:14:07 qq named[19186]: reloading configuration succeeded
Aug  3 14:14:07 qq named[19186]: zone zz.com/IN: loaded serial 2016042501
Aug  3 14:14:07 qq named[19186]: reloading zones succeeded
Aug  3 14:14:07 qq named[19186]: zone zz.com/IN: sending notifies (serial 2016042501)

記錄測試

[root@www named]# dig -t A www.zz.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.zz.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3270
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.zz.com.            IN  A

;; ANSWER SECTION:
www.zz.com.     86400   IN  A   10.201.106.129

;; AUTHORITY SECTION:
zz.com.         86400   IN  NS  ns2.zz.com.
zz.com.         86400   IN  NS  ns1.zz.com.

泛域名解析
[root@www named]# dig -t A ftp.zz.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A ftp.zz.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4797
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ftp.zz.com.            IN  A

;; ANSWER SECTION:
ftp.zz.com.     86400   IN  A   10.201.106.129

;; AUTHORITY SECTION:
zz.com.         86400   IN  NS  ns2.zz.com.
zz.com.         86400   IN  NS  ns1.zz.com.

子域授權

在區域解析庫創建子域

[root@www named]# vim zz.com.zone 

$TTL 1D
$ORIGIN zz.com.
@       IN      SOA     ns1.zz.com. admin.zz.com. (
                        2016042501
                        1H
                        5M
                        3D
                        1D )
        IN      NS      ns1
        IN      NS      ns2
ns1     IN      A       10.201.106.129
ns2     IN      A       10.201.106.128
www     IN      A       10.201.106.129
*       IN      A       10.201.106.129

ops     IN      NS      ns1.ops         ##子域定義
ops     IN      NS      ns2.ops         ##子域定義
ns1.ops IN      A       10.201.106.128  ##子域定義
ns2.ops IN      A       10.201.106.131  ##子域定義

重載後區域數不會發生改變

[root@www named]# 
[root@www named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@www named]# 
[root@www named]# rndc reload
server reload successful
[root@www named]# 
[root@www named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@www named]# 

配置子域服務器

也是將子域服務器配置成緩存服務器,/etc/named.conf

定義子域區域

[root@zz ~]# vim /etc/named.rfc1912.zones 
 55 zone "ops.zz.com" IN {
 56         type master;
 57         file "ops.zz.com";
 58 };

重載後已經增加了一個區域

[root@zz ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@zz ~]# 
[root@zz ~]# rndc reload
server reload successful
[root@zz ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@zz ~]# 

編輯子正向域區域解析庫文件

[root@zz named]# vim ops.zz.com.zone

  1 $TTl 1d
  2 $ORIGIN ops.zz.com.
  3 @       IN      SOA     ns1.ops.zz.com. admin.ops.zz.com. (
  4                         2015042501
  5                         1H
  6                         10M
  7                         3D
  8                         1D )
  9         IN      NS      ns1
 10         IN      NS      ns2
 11 ns1     IN      A       10.201.106.128
 12 ns2     IN      A       10.201.106.131
 13 www     IN      A       10.201.106.200
 14 *       IN      A       10.201.106.200

[root@zz named]# named-checkzone "ops.zz.com" /var/named/ops.zz.com.zone 
zone ops.zz.com/IN: loaded serial 2015042501
OK
[root@zz named]# vim ops.zz.com.zone

[root@zz named]# tail /var/log/messages
Jul 29 18:39:35 zz named[2524]: loading configuration from '/etc/named.conf'
Jul 29 18:39:35 zz named[2524]: using default UDP/IPv4 port range: [1024, 65535]
Jul 29 18:39:35 zz named[2524]: using default UDP/IPv6 port range: [1024, 65535]
Jul 29 18:39:35 zz named[2524]: sizing zone task pool based on 9 zones
Jul 29 18:39:36 zz named[2524]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul 29 18:39:36 zz named[2524]: zone ops.zz.com/IN: (master) removed
Jul 29 18:39:36 zz named[2524]: reloading configuration succeeded
Jul 29 18:39:36 zz named[2524]: zone ops.zz.com/IN: loaded serial 2015042501
Jul 29 18:39:36 zz named[2524]: reloading zones succeeded
Jul 29 18:39:36 zz named[2524]: zone ops.zz.com/IN: sending notifies (serial 2015042501)

修改權限
[root@zz named]# chgrp named ops.zz.com.zone 
[root@zz named]# ll ops.zz.com.zone 
-rw-r-----. 1 root named 232 Jul 29 21:29 ops.zz.com.zone
[root@zz named]# 

[root@zz named]# dig -t NS ops.zz.com @10.201.106.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS ops.zz.com @10.201.106.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12464
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;ops.zz.com.            IN  NS

;; ANSWER SECTION:
ops.zz.com.     86400   IN  NS  ns2.ops.zz.com.
ops.zz.com.     86400   IN  NS  ns1.ops.zz.com.

測試子域服務器解析

[root@zz named]# dig -t A www.ops.zz.com @10.201.106.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.ops.zz.com @10.201.106.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17382
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.ops.zz.com.            IN  A

;; ANSWER SECTION:
www.ops.zz.com.     86400   IN  A   10.201.106.200

;; AUTHORITY SECTION:
ops.zz.com.     86400   IN  NS  ns1.ops.zz.com.
ops.zz.com.     86400   IN  NS  ns2.ops.zz.com.

父域測試子域

[root@www named]# dig -t NS ops.zz.com @10.201.106.129 +norecurse

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t NS ops.zz.com @10.201.106.129 +norecurse
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42676
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ops.zz.com. IN NS

;; AUTHORITY SECTION:
ops.zz.com. 86400 IN NS ns1.ops.zz.com.
ops.zz.com. 86400 IN NS ns2.ops.zz.com.

;; ADDITIONAL SECTION:
ns1.ops.zz.com. 86400 IN A 10.201.106.128
ns2.ops.zz.com. 86400 IN A 10.201.106.131

解決問題:

定義轉發域

父域配置(全局轉發)

vim /etc/name.conf
options {
        listen-on port 53 { 10.201.106.128;127.0.0.1; };
        //listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
        forward first;                  ***
        forwarder { 10.201.106.2; };    ***

子域(區域轉發),配置子域對zz.com的解析都轉發給主服務器解析;

vim /etc/named.rfc1912.conf

zone "zz.com" IN {
        type forward;
        forward only;
        forwarders { 10.201.106.129; };
};

測試:在子域解析父域的域名
[root@zz ~]# dig -t A www.magedu.com @10.201.106.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.magedu.com @10.201.106.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39821
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.magedu.com.            IN  A

;; ANSWER SECTION:
www.magedu.com.     86400   IN  A   10.201.106.129
www.magedu.com.     86400   IN  A   10.201.106.128

測試:在父域測試子域的域名
[root@qq ~]# dig -t A ns1.ops.zz.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A ns1.ops.zz.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13781
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;ns1.ops.zz.com.            IN  A

;; ANSWER SECTION:
ns1.ops.zz.com.     86400   IN  A   10.201.106.128

將子域的轉發區域測試,將不能解析父域 ###、

將轉發域註釋掉(/etc/named.rfc1912.conf)
[root@zz ~]# dig -t A www.zz.com @10.201.106.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.zz.com @10.201.106.128
;; global options: +cmd
;; Got answer:

查看防火牆是否打開

[root@zz ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@zz ~]# 

清空緩存
rndc flsuh

區域解析優先級大於全局解析

當子域服務器同時配置區域和全局解析配置時,解析內網的域名時找父域服務器,解析外網的域名時找外網DNS服務器;

配置:
全局解析配置:
[root@zz ~]# vim /etc/named.conf
forward first;
forwarders { 10.201.106.2; };
區域解析配置:
[root@zz ~]# vim /etc/named.rfc1912.zones 

zone "zz.com" IN {
        type forward;
        forward only;
        forwarders { 10.201.106.129; };
};

測試驗證:
[root@zz ~]# dig -t A www.baidu.com @10.201.106.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.baidu.com @10.201.106.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27032
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 10

;; QUESTION SECTION:
;www.baidu.com.         IN  A

;; ANSWER SECTION:
www.baidu.com.      5   IN  CNAME   www.a.shifen.com.
www.a.shifen.com.   5   IN  A   111.13.100.91
www.a.shifen.com.   5   IN  A   111.13.100.92

;; AUTHORITY SECTION:
.           5   IN  NS  e.root-servers.net.
.           5   IN  NS  f.root-servers.net.
.           5   IN  NS  h.root-servers.net.
.           5   IN  NS  g.root-servers.net.
.           5   IN  NS  d.root-servers.net.
.           5   IN  NS  i.root-servers.net.
.           5   IN  NS  c.root-servers.net.
.           5   IN  NS  l.root-servers.net.
.           5   IN  NS  a.root-servers.net.
.           5   IN  NS  j.root-servers.net.
.           5   IN  NS  k.root-servers.net.
.           5   IN  NS  b.root-servers.net.
.           5   IN  NS  m.root-servers.net.

;; ADDITIONAL SECTION:
h.root-servers.net. 5   IN  A   198.97.190.53
j.root-servers.net. 5   IN  A   192.58.128.30
j.root-servers.net. 5   IN  AAAA    2001:503:c27::2:30
e.root-servers.net. 5   IN  A   192.203.230.10
a.root-servers.net. 5   IN  A   198.41.0.4
a.root-servers.net. 5   IN  AAAA    2001:503:ba3e::2:30
k.root-servers.net. 5   IN  A   193.0.14.129
k.root-servers.net. 5   IN  AAAA    2001:7fd::1
d.root-servers.net. 5   IN  A   199.7.91.13
d.root-servers.net. 5   IN  AAAA    2001:500:2d::d

;; Query time: 12 msec
;; SERVER: 10.201.106.128#53(10.201.106.128)
;; WHEN: Fri Jul 29 23:41:15 2016
;; MSG SIZE  rcvd: 509

[root@zz ~]# dig -t A www.zz.com @10.201.106.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.zz.com @10.201.106.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6758
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.zz.com.            IN  A

;; ANSWER SECTION:
www.zz.com.     85785   IN  A   10.201.106.129

;; AUTHORITY SECTION:
zz.com.         85770   IN  NS  ns1.zz.com.
zz.com.         85770   IN  NS  ns2.zz.com.

;; ADDITIONAL SECTION:
ns2.zz.com.     85770   IN  A   10.201.106.128
ns1.zz.com.     85770   IN  A   10.201.106.129

;; Query time: 1 msec
;; SERVER: 10.201.106.128#53(10.201.106.128)
;; WHEN: Fri Jul 29 23:41:27 2016
;; MSG SIZE  rcvd: 112

如果失敗失敗,可以看下named.conf裏的一些安全配置改爲no,兩邊服務器的安全配置都需要一模一樣,不能一邊項關閉,一邊項註釋;

bind的基礎安全配置

acl的定義

[root@qq ~]# vim /etc/named.conf

acl slaves {
    10.201.106.129;
    127.0.0.1
};

只需要特定主機查詢主域服務器的解析困

如果不在白名單,就算是自己服務器的其它IP也無法查詢
/etc/named.rfc1912.conf
zone "zz.com" IN {
        type master;
        file "zz.com.zone";
        allow-query { 10.201.106.129; };

};

換成any,任意主機都可以查詢;
zone "zz.com" IN {
    type master;
    file "zz.com.zone";
    allow-query { any; };

};
子域發起查詢主域名
[root@zz ~]# dig -t A www.zz.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.zz.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3007
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.zz.com.            IN  A

;; ANSWER SECTION:
www.zz.com.     86400   IN  A   10.201.106.129

;; AUTHORITY SECTION:
zz.com.         86400   IN  NS  ns1.zz.com.
zz.com.         86400   IN  NS  ns2.zz.com.

只需許主域本機區域傳送

未配置前子域可以從主域區域傳送:
[root@zz ~]# dig -t AXFR zz.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t AXFR zz.com @10.201.106.129
;; global options: +cmd
zz.com.         86400   IN  SOA ns1.zz.com. admin.zz.com. 2016042501 3600 300 259200 86400
zz.com.         86400   IN  NS  ns1.zz.com.
zz.com.         86400   IN  NS  ns2.zz.com.
*.zz.com.       86400   IN  A   10.201.106.129
ns1.zz.com.     86400   IN  A   10.201.106.129
ns2.zz.com.     86400   IN  A   10.201.106.128
ops.zz.com.     86400   IN  NS  ns1.ops.zz.com.
ns1.ops.zz.com.     86400   IN  A   10.201.106.128
www.zz.com.     86400   IN  A   10.201.106.129
zz.com.         86400   IN  SOA ns1.zz.com. admin.zz.c

主機配置/etc/named.rfc1912.conf進行限制
zone "zz.com" IN {
        type master;
        file "zz.com.zone";
        allow-query { any; };
        allow-transfer { 10.201.106.129; };

};

子域再測試,不能再傳送了:
[root@zz ~]# dig -t AXFR zz.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t AXFR zz.com @10.201.106.129
;; global options: +cmd
; Transfer failed.

主域可以正常傳送區域
[root@qq ~]# dig -t AXFR zz.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t AXFR zz.com @10.201.106.129
;; global options: +cmd
zz.com.         86400   IN  SOA ns1.zz.com. admin.zz.com. 2016042501 3600 300 259200 86400
zz.com.         86400   IN  NS  ns1.zz.com.
zz.com.         86400   IN  NS  ns2.zz.com.
*.zz.com.       86400   IN  A   10.201.106.129
ns1.zz.com.     86400   IN  A   10.201.106.129
ns2.zz.com.     86400   IN  A   10.201.106.128
ops.zz.com.     86400   IN  NS  ns1.ops.zz.com.
ns1.ops.zz.com.     86400   IN  A   10.201.106.128
www.zz.com.     86400   IN  A   10.201.106.129
zz.com.         86400   IN  SOA ns1.zz.com. admin.zz.com. 2016042501 3600 300 259200 86400
;; Query time: 2 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug  3 20:33:43 2016
;; XFR size: 10 records (messages 1, bytes 246)

允許哪些主機遞歸

/etc/named.confg
allow-recursion { ip; };

禁止更新區域數據庫中的內容

zone "zz.com" IN {
        type master;
        file "zz.com.zone";
        allow-update { none; };

};
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章