domain-name-system – BIND:如何将子区域委托给其他DNS服务器?

前端之家收集整理的这篇文章主要介绍了domain-name-system – BIND:如何将子区域委托给其他DNS服务器?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在从BIND9 DNS服务器服务的工作组迁移到基于 Windows Server 2008 R2的AD域,我希望继续使用BIND服务器,直到AD基础结构准备就绪.

在设置AD期间,通过dcpromo,我收到警告,我应该确保我们当前的DNS服务器将AD域名委托给AD服务器.

假设我的AD域是mydomain.lan,而我的常规BIND域是example.com.我将我的BIND服务器设置为lan.的授权,但是想委托mydomain.lan.到AD服务器的IP.

我的named.conf.local包含:

zone "lan" {
        type master;
        file "zone.lan";
};

而zone.lan包含:

$ORIGIN lan.
$TTL 1H ; 1 hour
@                       IN SOA  dns.example.com. hostmaster.example.com. (
                                201008137  ; serial
                                28800      ; refresh (8 hours)
                                14400      ; retry (4 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )
                        IN NS   dns.example.com.

$ORIGIN mydomain.lan.
@                       IN NS   dc1.mydomain.lan.
dc1                     IN A    10.10.0.200 ; 'glue' record

当我在dns.example.com上查询“lan”时,我可以得到预期的答案,但是当我查询“mydomain.lan”或“dc1.mydomain.lan”时,我得到一个NXDOMAIN响应.到目前为止我所有的尝试都失败了.

如何正确创建和委派子区?

更新:更多信息

$dig mydomain.lan @dns.example.com NS +norecurse

; <<>> DiG 9.7.0-P1 <<>> @dns.example.com mydomain.lan NS +norecurse
; (3 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 23380
;; flags: qr ra; QUERY: 1,ANSWER: 0,AUTHORITY: 1,ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.lan.          IN  NS

;; AUTHORITY SECTION:
mydomain.lan.       3600    IN  NS  dc1.mydomain.lan.

;; ADDITIONAL SECTION:
dc1.mydomain.lan.   3600    IN  A   10.10.0.200

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sun Aug 15 00:41:05 2010
;; MSG SIZE  rcvd: 64

$dig @dc1.mydomain.lan dc1.mydomain.lan
dig: couldn't get address for 'dc1.mydomain.lan': not found

$dig @10.10.0.200 dc1.mydomain.lan

; <<>> DiG 9.7.0-P1 <<>> @10.10.0.200 dc1.mydomain.lan
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,id: 21348
;; flags: qr aa rd ra; QUERY: 1,ANSWER: 1,AUTHORITY: 0,ADDITIONAL: 0

;; QUESTION SECTION:
;dc1.mydomain.lan.      IN  A

;; ANSWER SECTION:
dc1.mydomain.lan.   1200    IN  A   10.10.0.200

;; Query time: 6 msec
;; SERVER: 10.10.0.200#53(10.10.0.200)
;; WHEN: Sun Aug 15 00:55:11 2010
;; MSG SIZE  rcvd: 50

$dig @10.10.0.200 mydomain.lan

; <<>> DiG 9.7.0-P1 <<>> @10.10.0.200 mydomain.lan
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,id: 24664
;; flags: qr aa rd ra; QUERY: 1,ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.lan.          IN  A

;; ANSWER SECTION:
mydomain.lan.       600 IN  A   10.10.0.200

;; Query time: 0 msec
;; SERVER: 10.10.0.200#53(10.10.0.200)
;; WHEN: Sun Aug 15 01:04:39 2010
;; MSG SIZE  rcvd: 46

解决方法

问题出在你的named.conf中.我猜你已经在named.conf中定义了转发器.对于服务器具有权威性的任何区域,您需要关闭转发.使用上面的示例,您应该将其更改为如下所示:
zone "lan" {
    type master;
    file "zone.lan";
    forwarders { };
};

一旦你这样做它应该工作.

原文链接:https://www.f2er.com/html/228128.html

猜你在找的HTML相关文章