The Domain Name System DNS has a tree structure or hierarchy, with each non-resource record node on the tree being a domain name. A subdomain is a domain that is part of larger domain, the only domain that is not also a subdomain is the root domain. For example sub1.zmailtech.com and sub2.zmailtech.com are subdomain of the zmailtech.com domain, which in turn is subdomain of the com top-level domain.
we have already create main domain in zmailtech.com in previous blog post. so here we are create and configure subdomain (sub1.zmailtech.com) domain in subdomain server.
# Add entry in main domain for resolve subdomain as like below.
[root@master ~]# vim /var/named/zmailtech.com.zone
[root@master ~]# cat /var/named/zmailtech.com.zone
$TTL 1D
@ IN SOA ns1.zmailtech.com. admin.zmailtech.com. (
2018021002 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.zmailtech.com.
ns1 IN A 192.168.10.2
master IN A 192.168.10.2
slave IN A 192.168.10.20
mail IN A 192.168.10.2
web IN A 192.168.10.2
web1 IN A 192.168.10.2
;CNAME Record
www IN CNAME master.zmailtech.com.
ftp IN CNAME master.zmailtech.com.
smtp IN CNAME master.zmailtech.com.
;MX Record
zmailtech.com. IN MX 10 mail.zmailtech.com.
zmailtech.com. IN MX 20 smtp.zmailtech.com.
;spf recrod
zmailtech.com. IN TXT "v=spf1 a:192.168.10.2 mx:mail.zmailtech.com ptr:master.zmailtech.com -all"
;srv record
_web._tcp.zmailtech.com. 3600 IN SRV 10 60 80 web.zmailtech.com.
_web._tcp.zmailtech.com. 3600 IN SRV 10 20 80 web1.zmailtech.com.
;sub domain
sub1.zmailtech.com. IN NS ns1.sub1.zmailtech.com.
ns1.sub1.zmailtech.com. IN A 192.168.10.40
[root@master ~]#
Check subdomain with dig command
[root@master ~]# dig ns1.sub1.zmailtech.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> ns1.sub1.zmailtech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59020
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.sub1.zmailtech.com. IN A
;; AUTHORITY SECTION:
sub1.zmailtech.com. 86400 IN NS ns1.sub1.zmailtech.com.
;; ADDITIONAL SECTION:
ns1.sub1.zmailtech.com. 86400 IN A 192.168.10.40
;; Query time: 0 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sun Feb 18 16:03:51 IST 2018
;; MSG SIZE rcvd: 81
[root@master ~]#
Now configure subdomain server 192.168.10.40
#install bind and bind-utils in server
[root@sub1 ~]# yum install bind bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-50.el7 will be installed
--> Processing Dependency: bind-libs = 32:9.9.4-50.el7 for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: liblwres.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libisccfg.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libisccc.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libisc.so.95()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libdns.so.100()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libbind9.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
---> Package bind-utils.x86_64 32:9.9.4-50.el7 will be installed
--> Running transaction check
---> Package bind-libs.x86_64 32:9.9.4-50.el7 will be installed
--> Finished Dependency Resolution
....
...
Output omitted
...
....
Running transaction
Installing : 32:bind-libs-9.9.4-50.el7.x86_64
Installing : 32:bind-9.9.4-50.el7.x86_64
Installing : 32:bind-utils-9.9.4-50.el7.x86_64
Verifying : 32:bind-9.9.4-50.el7.x86_64
Verifying : 32:bind-libs-9.9.4-50.el7.x86_64
Verifying : 32:bind-utils-9.9.4-50.el7.x86_64
Installed:
bind.x86_64 32:9.9.4-50.el7
Dependency Installed:
bind-libs.x86_64 32:9.9.4-50.el7
Complete!
[root@sub1 ~]#
# start named service
[root@sub1 ~]# systemctl start named
# configure /etc/named.conf file in subdomain server.
[root@sub1 ~]# vim /etc/named.conf
[root@sub1 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.10.40; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "sub1.zmailtech.com" IN {
type master;
file "sub1.zmailtech.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@sub1 ~]#
# Create forward zone file /var/named/sub1.zmailtech.com.zone in subdomain server.
[root@sub1 ~]# cat /var/named/sub1.zmailtech.com.zone
$TTL 1D
@ IN SOA sub1.zmailtech.com. root.sub1.zmailtech.com. (
2018021701 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.sub1.zmailtech.com.
IN A 192.168.10.40
ns1 IN A 192.168.10.40
sub40 IN A 192.168.10.40
[root@sub1 ~]#
# Change group own on /var/named/sub1.zmailtech.com.zone file
[root@sub1 ~]# chgrp named /var/named/sub1.zmailtech.com.zone
# restart named service on subdomain server.
[root@sub1 ~]# systemctl restart named
# Check A record entry in master server.
[root@master ~]# dig sub40.sub1.zmailtech.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> sub40.sub1.zmailtech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60733
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sub40.sub1.zmailtech.com. IN A
;; AUTHORITY SECTION:
sub1.zmailtech.com. 86400 IN NS ns1.sub1.zmailtech.com.
;; ADDITIONAL SECTION:
ns1.sub1.zmailtech.com. 86400 IN A 192.168.10.40
;; Query time: 0 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sun Feb 18 16:36:23 IST 2018
;; MSG SIZE rcvd: 87
[root@master ~]#
Main domain name : zmailtech.com
Main domain host ip : 192.168.10.2
Subdomain name : sub.zmailtech.com
Sub domain host ip : 192.168.10.40
# Add entry in main domain for resolve subdomain as like below.
[root@master ~]# vim /var/named/zmailtech.com.zone
[root@master ~]# cat /var/named/zmailtech.com.zone
$TTL 1D
@ IN SOA ns1.zmailtech.com. admin.zmailtech.com. (
2018021002 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.zmailtech.com.
ns1 IN A 192.168.10.2
master IN A 192.168.10.2
slave IN A 192.168.10.20
mail IN A 192.168.10.2
web IN A 192.168.10.2
web1 IN A 192.168.10.2
;CNAME Record
www IN CNAME master.zmailtech.com.
ftp IN CNAME master.zmailtech.com.
smtp IN CNAME master.zmailtech.com.
;MX Record
zmailtech.com. IN MX 10 mail.zmailtech.com.
zmailtech.com. IN MX 20 smtp.zmailtech.com.
;spf recrod
zmailtech.com. IN TXT "v=spf1 a:192.168.10.2 mx:mail.zmailtech.com ptr:master.zmailtech.com -all"
;srv record
_web._tcp.zmailtech.com. 3600 IN SRV 10 60 80 web.zmailtech.com.
_web._tcp.zmailtech.com. 3600 IN SRV 10 20 80 web1.zmailtech.com.
;sub domain
sub1.zmailtech.com. IN NS ns1.sub1.zmailtech.com.
ns1.sub1.zmailtech.com. IN A 192.168.10.40
[root@master ~]#
Check subdomain with dig command
[root@master ~]# dig ns1.sub1.zmailtech.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> ns1.sub1.zmailtech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59020
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.sub1.zmailtech.com. IN A
;; AUTHORITY SECTION:
sub1.zmailtech.com. 86400 IN NS ns1.sub1.zmailtech.com.
;; ADDITIONAL SECTION:
ns1.sub1.zmailtech.com. 86400 IN A 192.168.10.40
;; Query time: 0 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sun Feb 18 16:03:51 IST 2018
;; MSG SIZE rcvd: 81
[root@master ~]#
Now configure subdomain server 192.168.10.40
#install bind and bind-utils in server
[root@sub1 ~]# yum install bind bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-50.el7 will be installed
--> Processing Dependency: bind-libs = 32:9.9.4-50.el7 for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: liblwres.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libisccfg.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libisccc.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libisc.so.95()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libdns.so.100()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
--> Processing Dependency: libbind9.so.90()(64bit) for package: 32:bind-9.9.4-50.el7.x86_64
---> Package bind-utils.x86_64 32:9.9.4-50.el7 will be installed
--> Running transaction check
---> Package bind-libs.x86_64 32:9.9.4-50.el7 will be installed
--> Finished Dependency Resolution
....
...
Output omitted
...
....
Running transaction
Installing : 32:bind-libs-9.9.4-50.el7.x86_64
Installing : 32:bind-9.9.4-50.el7.x86_64
Installing : 32:bind-utils-9.9.4-50.el7.x86_64
Verifying : 32:bind-9.9.4-50.el7.x86_64
Verifying : 32:bind-libs-9.9.4-50.el7.x86_64
Verifying : 32:bind-utils-9.9.4-50.el7.x86_64
Installed:
bind.x86_64 32:9.9.4-50.el7
Dependency Installed:
bind-libs.x86_64 32:9.9.4-50.el7
Complete!
[root@sub1 ~]#
# start named service
[root@sub1 ~]# systemctl start named
# configure /etc/named.conf file in subdomain server.
[root@sub1 ~]# vim /etc/named.conf
[root@sub1 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.10.40; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "sub1.zmailtech.com" IN {
type master;
file "sub1.zmailtech.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@sub1 ~]#
# Create forward zone file /var/named/sub1.zmailtech.com.zone in subdomain server.
[root@sub1 ~]# cat /var/named/sub1.zmailtech.com.zone
$TTL 1D
@ IN SOA sub1.zmailtech.com. root.sub1.zmailtech.com. (
2018021701 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.sub1.zmailtech.com.
IN A 192.168.10.40
ns1 IN A 192.168.10.40
sub40 IN A 192.168.10.40
[root@sub1 ~]#
# Change group own on /var/named/sub1.zmailtech.com.zone file
[root@sub1 ~]# chgrp named /var/named/sub1.zmailtech.com.zone
# restart named service on subdomain server.
[root@sub1 ~]# systemctl restart named
# Check A record entry in master server.
[root@master ~]# dig sub40.sub1.zmailtech.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> sub40.sub1.zmailtech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60733
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sub40.sub1.zmailtech.com. IN A
;; AUTHORITY SECTION:
sub1.zmailtech.com. 86400 IN NS ns1.sub1.zmailtech.com.
;; ADDITIONAL SECTION:
ns1.sub1.zmailtech.com. 86400 IN A 192.168.10.40
;; Query time: 0 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sun Feb 18 16:36:23 IST 2018
;; MSG SIZE rcvd: 87
[root@master ~]#
No comments:
Post a Comment