bind配置内网解析部分子域名,其它子域名转发。以下以m.xxx.com和admin.xxx.com由内网dns解析,其它*.xxx.com转发给外网dns解析为例配置。
文件/etc/named.conf:
options {
# listen-on port 53 { 127.0.0.1; }; #注释表示监听所有端口
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders { 202.96.134.133;8.8.8.8; };#这里指定本地找不到解析转发的服务器列表
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
#配置m.xxx.com内网解析
zone "m.xxx.com" IN{
type master;
file "m.xx.com.zone";
allow-update { none; };
};
#配置admin.xxx.com内网解析
zone "admin.xxx.com" IN{
type master;
file "admin.xxx.com.zone";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
文件 /var/named/m.xx.com.zone:
$TTL 1D
@ IN SOA @ m.xxx.com. (
2019032015; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns1
dns1 600 IN A 192.168.1.229
m.xxx.com. 600 IN A 192.168.1.223
文件 /var/named/admin.xx.com.zone:
$TTL 1D
@ IN SOA @ admin.xxx.com. (
2019032017; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns1
dns1 600 IN A 192.168.1.229
admin.xxx.com. 600 IN A 192.168.1.224
注意,关键说明:
1,每个资源文件要设置权限,如:chown root:named /var/named/admin.xxx.com.zone ,切记,否则有可能不能加载,导致配置无效。
2,配置完成named-checkzone admin.xxx.com /var/named/admin.xxx.com.zone 和 named-checkconf /etc/named.conf 进行配置检查。
3,注意域名配置后面的有的有点".",有的没有,不要弄差了。
原文地址:https://www.cnblogs.com/sun51586/p/10566778.html