DNS子域授权问题

fush_linux

UID: 10266
帖子: 41
积分: 94
在线时间: 2 小时

1^# fush_linux 发表于 2006-12-01 17:04

DNS子域授权问题

1。首先配置了一个域fush.com，现在想配置一个子域domain.fush.com;
fush.com域的区域文件为：

复制内容到剪贴板

代码:

[root@testing24 root]# cat /var/named/fush.com.zone
$TTL 86400
@    1D IN SOA    @ root (
42    ; serial (d. adams)
3H    ; refresh
15M    ; retry
1W    ; expiry
1D ) ; minimum

1D IN NS @
1D IN MX 10    mails.fush.com.
1D IN A    127.0.0.1
www IN A 172.16.1.135
mails    IN A 172.16.1.24
news    IN A 192.168.10.35
trul    IN A 172.16.1.11
online    IN A 172.16.1.27
www1    IN CNAME www
domain.fush.com.    IN NS h7.domain.fush.com.
h7.domain.fush.com. IN A 172.16.1.7

*注：h7为172.16.1.7的主机名

2。测试，该域运行正常，如：

复制内容到剪贴板

代码:

[root@testing24 root]# host [url="http://www.fush.com/"]www.fush.com[/url]
[url="http://www.fush.com/"]www.fush.com[/url] has address 172.16.1.135

3。登陆到子域服务器h7，且测试该DNS情况，host [url="http://www.domain.fush.com运行正常。/"]www.domain.fush.com运行正常。[/url]

复制内容到剪贴板

代码:

[root@testing24 root]# ssh 172.16.1.7
The authenticity of host '172.16.1.7 (172.16.1.7)' can't be established.
RSA key fingerprint is dc:a6:e3:99:05:10:2a:62:18:ba:6e:99:68:1f:14:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.7' (RSA) to the list of known hosts.
root@172.16.1.7's password:
Last login: Fri Dec 1 16:13:51 2006 from 172.16.1.135
[root@h7 root]# cat /etc/resolv.conf
#nameserver 61.139.2.69
nameserver 127.0.0.1
[root@h7 root]# host [url="http://www.domain.fush.com/"]www.domain.fush.com[/url]
[url="http://www.domain.fush.com/"]www.domain.fush.com[/url] has address 172.16.1.237
[root@h7 root]# exit
logout
Connection to 172.16.1.7 closed.

4.但是回到fush.com域去查找[url="http://www.domain.fush.com时却不成功：/"]www.domain.fush.com时却不成功：[/url]

复制内容到剪贴板

代码:

[root@testing24 root]# host [url="http://www.domain.fush.com/"]www.domain.fush.com[/url]
;; connection timed out; no servers could be reached
[root@testing24 root]#

麻烦你们帮我看看怎么回事哈，整了一天都没搞懂。谢谢拉　　　　　　

lsurp

UID: 38384
帖子: 111
积分: 255
在线时间: 17 小时

2^# lsurp 发表于 2006-12-02 21:19

因为fush.com是发到外网去查询的,你的这个域名是非法的,当然查不到了.　　　　　　

fush_linux

UID: 10266
帖子: 41
积分: 94
在线时间: 2 小时

3^# fush_linux 发表于 2006-12-03 16:01

fush.com这个机子的DNS是设置的自己，它应该可以查到自己子域的地址吧

复制内容到剪贴板

代码:

[root@testing24 root]# cat /etc/resolv.conf
nameserver 127.0.0.1

lsurp

UID: 38384
帖子: 111
积分: 255
在线时间: 17 小时

4^# lsurp 发表于 2006-12-03 22:52

检查一下子域DNS服务器有没有配置,再检查一下父域DNS服务器的配置,对子域授权的配置的这几行看一下是不是有问题,我看好像有问题.　　　　　　

fush_linux

UID: 10266
帖子: 41
积分: 94
在线时间: 2 小时

5^# fush_linux 发表于 2006-12-04 09:36

[QUOTE=lsurp]检查一下子域DNS服务器有没有配置,再检查一下父域DNS服务器的配置,对子域授权的配置的这几行看一下是不是有问题,我看好像有问题.[/QUOTE]子域就按照一般的配置就行了吧？？

下面是子域的配置，/etc/named.conf和/var/named/domain.fush.com:

复制内容到剪贴板

代码:

[root@h7 root]# cat /etc/named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
   * If there is a firewall between you and nameservers you want
   * to talk to, you might need to uncomment the query-source
   * directive below. Previous versions of BIND always asked
   * questions using port 53, but BIND 8.1 uses an unprivileged
   * port by default.
   */
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "domain.fush.com" {
type master;
file "domain.fush.com.zone";
};
include "/etc/rndc.key";

[root@h7 root]# cat /var/named/domain.fush.com.zone
$TTL 86400
@    1D IN SOA    @ root (
42    ; serial (d. adams)
3H    ; refresh
15M    ; retry
1W    ; expiry
1D ) ; minimum
1D IN NS @
1D IN MX 10    mails.domain.fush.com.
1D IN A    127.0.0.1
www IN A 172.16.1.237
mails    IN A 172.16.1.24

lsurp

UID: 38384
帖子: 111
积分: 255
在线时间: 17 小时

6^# lsurp 发表于 2006-12-04 21:45

在父域上DNS的配置可能不对(在对子域授权的配置) 比如domain.fush..com IN NS h7.domain.fush.com这一行,应该把h7.去掉.　　　　　　