當一個域很大時,並且還有上,下層關係,若是全部的記錄變動都由某一臺服務器來管理的話,那將會是什麼樣子?就比如一個公司的總經理直接管理公司1000我的的全部事項,恐怕會被累死。因此會在總經理下面設科室,科室下面又分班組,這樣一層管理一層會比較好管理些。
一樣道理,DNS中也分域和子域,上層DNS能夠將子域的管理受權給子域中的DNS服務器來管理記錄的變動,這種作法就叫子域受權。web
假設父域爲:frank.com,NS地址:master.frank.com 子域爲:mf.frank.com,NS地址:sub.mf.frank.comshell
只需在區域解析庫文件中添加下層DNS服務器的NS與A記錄便可。服務器
# vi /var/named/frank.com.zone $TTL 1D frank.com. IN SOA master.frank.com. admin.frank.com. ( 201802002 ;序列號 3H ;刷新時間 10M ;重試時間間隔 1W ;過時時間 1D ;沒法解析時否認答案的TTL值 ) frank.com. IN NS master.frank.com. mf.frank.com. IN NS sub.mf.frank.com. master.frank.com. IN A 192.168.138.200 sub.mf.frank.com. IN A 192.168.138.201 frank.com. IN MX 10 mx1.frank.com. IN MX 20 mx2.frank.com. mx1.frank.com. IN A 192.168.138.200 mx2.frank.com. IN A 192.168.138.200 www IN A 192.168.138.200 master IN CNAME www.frank.com. web IN CNAME www.frank.com.
子域須要有完整的區域相關的配置,配置內容和主,從配置相同。測試
# vi /etc/named.conf ... zone "mf.frank.com" IN { type master; file "mf.frank.com.zone"; };
# vi /var/named/mf.frank.com.zone $TTL 600 @ IN SOA sub.mf.frank.com. admin.sub.mf.frank.com. ( 201802001 2H 15M 1W 1D ) @ IN NS sub.mf.frank.com. sub IN A 192.168.138.201 www IN A 192.168.138.201
配置完成重載配置文件code
# rndc reload server reload successful
# dig -t A www.mf.frank.com @192.168.138.200 ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.mf.frank.com @192.168.138.200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17968 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.mf.frank.com. IN A ;; ANSWER SECTION: www.mf.frank.com. 600 IN A 192.168.138.201 ;; AUTHORITY SECTION: mf.frank.com. 600 IN NS sub.mf.frank.com. ;; ADDITIONAL SECTION: sub.mf.frank.com. 600 IN A 192.168.138.201 ;; Query time: 19 msec ;; SERVER: 192.168.138.200#53(192.168.138.200) ;; WHEN: Sat Feb 24 22:27:22 CST 2018 ;; MSG SIZE rcvd: 95
# vi /etc/named.rfc1912.conf ... zone "mf.frank.com" IN { type master; file "mf.frank.com.zone"; }; //將查詢父域的請求轉發給父域DNS zone "frank.com" IN { type forward; forward only; forwarders { 192.168.138.200; }; };
配置完成重載配置文件server
# rndc reload server reload successful
# dig -t A www.frank.com @192.168.138.201 ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.frank.com @192.168.138.201 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63485 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.frank.com. IN A ;; ANSWER SECTION: www.frank.com. 142 IN A 192.168.138.200 ;; AUTHORITY SECTION: frank.com. 142 IN NS master.frank.com. ;; ADDITIONAL SECTION: master.frank.com. 142 IN A 192.168.138.200 ;; Query time: 0 msec ;; SERVER: 192.168.138.201#53(192.168.138.201) ;; WHEN: Sat Feb 24 22:46:24 CST 2018 ;; MSG SIZE rcvd: 95