Книга: Fedora™ Unleashed, 2008 edition
Forward Zone
Forward Zone
First, you must introduce the zone to named.conf:
----------
| zone "example.com" {
| type master;
| file "example.com";
| };
----------
and create the zone file:
----------
| $TTL 2D
| @ SOA ns1.example.com. hostmaster.example.com. (
| 2001090101 ; Serial
| 24h ; Refresh
| 2h ; Retry
| 3600000 ; Expire (1000h)
| 1h) ; Minimum TTL
| NS ns1.example.com.
| NS ns2.example.com.
| MX 5 mx1.example.com.
| MX 10 mx2.example.com.
| A 192.0.2.1
|
| ; Addresses
| ns1 A 192.0.2.1 ; Nameservers
| ns2 A 192.0.2.96
| mx1 A 192.0.2.2 ; Mail servers
| mx2 A 192.0.2.96
| www A 192.0.2.3 ; Web servers
| dev A 192.0.2.4
| work A 192.0.2.5 ; Workstations
| play A 192.0.2.6
|
| ; Delegations
| foo NS dns1.foo.example.com.
| foo NS dns2.foo.example.com.
| dns1.foo A 192.0.2.96
| dns2.foo A 192.0.2.1
----------
The SOA record is similar to the one you saw before. Note that the next five records use the implicit name @, which is short for example.com.
The two NS records define ns1.example.com (your own server, 192.0.2.1) and ns2.example.com (your friend's server, 192.0.2.96) as authoritative nameservers for example.com.
The MX (Mail Exchanger) records specify a mail server for the zone. An MX RR takes two arguments: a priority number and the name of a host. In delivering mail addressed to example.com, the listed MXes are tried in increasing order of priority. In this case, mx1.example.com (your own machine, 192.0.2.2) has the lowest priority and is always tried first. If the attempt to deliver mail to mx1 fails for some reason, the next listed MX, mx2.example.com (your friend's server), is tried.
The A record says that the address of example.com is 192.0.2.1, and the next few lines specify addresses for other hosts in the zone: your nameservers ns1 and ns2, mail servers mx1 and mx2, two web servers, and two workstations.
Next you add NS records to delegate authority over the foo.example.com domain to dns1 and dns2.foo.example.com. The A records for dns1 and dns2 are known as glue records, and they enable resolvers to find the address of the authoritative nameservers so that they can continue the query. (If you were using dig, the NS records for dns1 and dns2 would be listed in the AUTHORITY section of the response, whereas the ADDITIONAL section would contain their addresses.)
Notice that dns2.foo.example.com is 192.0.2.1, your own nameserver. You are acting as a slave for the foo.example.com zone and must configure named accordingly. You introduce the zone as a slave in named.conf and specify the address of the master nameserver:
----------
| zone "foo.example.com" {
| type slave;
| file "foo.example.com";
| masters {
| 192.0.2.96;
| };
| };
----------
Similarly, your friend must configure 192.0.2.96, which is a master for foo.example.com and a slave for example.com. She must also configure her server to accept mail addressed to example.com. Usually, mx2 would just queue the mail until it could be delivered to mx1.
Оглавление книги
- Creating child domains in separate zones
- Updating zone properties and the SOA record
- FORWARD chain
- Setting the Time Zone
- Forwarding Email with Aliases
- Reverse Zone
- Troubleshooting Problems in Zone Files
- Forwarding
- Forwarding virtual-hosted mail to other destinations
- Using DNSSEC and Signing Zones
- Creating child domains within zones
- Allowing and restricting zone transfers