Bind 9 Installation Configuration master slave. It's not difficult, but there are some problems. Took a little time to solve

You intend to install a DNS to use within your company. Because the company's internal development server is also quite a lot. Now all are using IP. But I want to have a domain name to keep in mind.

Planning to do master and slave on a gateway and a development server

IP is:

Gateway: 192.168.1.243

Development server: 192.168.1.241

My system is FREEBSD. Of course it was installed with ports. Wow, ka-ka.

We first do master:

# cd/usr/ports/dns/bind94

# Make install clean

When you're done, remember to modify the/etc/rc.conf file to start

# vi/etc/rc.conf

Named_enable= "YES"

First look at the file directory of my bind:

files# ls
Dynamic master named.127.0.0 named.192.168.1 named.365.com named.conf named.localhost named.root Rndc.key slave

All right, now we're going to start configuring the bind positive and negative solution information. Specifically how to set the positive and negative solution this is not much to say

1. Configuring named.conf Files

Options {//relative to the Chroot directory, if any directory "/etc/namedb"; Pid-file "/var/run/named/pid"; Dump-file "/ Var/dump/named_dump.db "; Statistics-file "/var/stats/named.stats"; allow-query {any;}; }; Zone "." {type hint; file "Named.root";}; Zone "localhost" {type master; file "Named.localhost";}; Zone "0.0.127.in-addr.arpa" {type master; file "named.127.0.0";}; Zone "365.com" {type master; file "named.365.com"; allow-transfer {192.168.1.241;};//notify yes;}; Zone "1.168.192.in-addr.arpa" {type master; file "named.192.168.1"; allow-transfer {192.168.1.241;};//notify yes;}; # Use with the following in named.conf, adjusting the Allow list as Needed:key "Rndc-key" {algorithm hmac-md5; secret "L dnfz6l1j4oyhd2lwk1/aa== "; }; Controls {inet 127.0.0.1 port 953 allow {127.0.0.1;} keys {"Rndc-key";};}; # End of named.conf

2. Then start to set the domain name I want 365.com positive and negative zone. FileName: named.365.com

$TTL @ in SOA ns.365.com huithe (28800 14400 720000 86400) @ in NS ns.365.com. @ in NS ns2.365.com. NS in a 192.168.1.243 ns2 in a 192.168.1.241 www. 192.168.1.241 xxoo in CNAME www. jjyy in CNAME www. Luosuo in CNAME ww W Test in CNAME www bb in a 192.168.1.244 cc into a 192.168.1.244 JJ in a 192.168.1.244 yehuiming in a 192.168.1.244 www2 in CNAME www

Inverse solution. In fact, do not explain the same can be run:

$TTL @ in SOA ns.365.com huithe.ns.365.com. (2011030802 28800 14400 720000 86400) @ in NS ns.365.com. @ in NS ns2.365.com. 243 in PTR ns.365.com. 241 in PTR ns2.365.com.

That's it. will be ready to run.

#/etc/rc.d/named Start

Then see the success or not remember to see the/var/log/message log.

#tail-N 30/var/log/message

Mar 8 17:56:31 Files named[31213]: Starting bind 9.4.3-p2-t/var/named-u bind
Mar 8 17:56:31 files named[31213]: command channel listening on 127.0.0.1#953
Mar 8 17:56:31 Files named[31213]: Running

See this. It was a success ....

Okay, now let's do slave:

First of all, I have to install bind. After loading, I will copy Master's configuration file in the past to modify the line. But there are two files that don't get past. One is named.365.com one is named.192.168.1 because these two files are master sync to slave without the need slave have these two files exist.

So the main thing to configure slave is just named.conf this general configuration file

Options {//relative to the Chroot directory, if any directory "/etc/namedb"; Pid-file "/var/run/named/pid"; Dump-file "/ Var/dump/named_dump.db "; Statistics-file "/var/stats/named.stats"; allow-query {any;}; }; Zone "." {type hint; file "Named.root";}; Zone "localhost" {type master; file "Named.localhost";}; Zone "0.0.127.in-addr.arpa" {type master; file "named.127.0.0";}; Zone "365.com" {type slave; file "named.365.com"; Masters {192.168.1.243;};}; Zone "1.168.192.in-addr.arpa" {type slave; file "named.192.168.1"; Masters {192.168.1.243;};};

It's easy enough. Well, then it's ready to start.

If successful, you can see that named.365.com files and named.192.168.1 reverse files are automatically synchronized from master.

And then we'll look at it based on our own domain name test to see if we can explain:

# Dig @127.0.0.1 www.365.com

beihai365test# dig @127.0.0.1 www.365.com; <<>> DiG 9.4.2 <<>> @127.0.0.1 www.365.com; (1 server found);; Global options:printcmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:28909; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:2, Additional:2; Question section:; www.365.com. in A;; ANSWER section:www.365.com. 192.168.1.241 in A;; Authority section:365.com in NS ns2.365.com. 365.com in NS ns.365.com. ;; ADDITIONAL section:ns.365.com. Ns2.365.com in A 192.168.1.243. 192.168.1.241 in A;; Query time:14 msec;; server:127.0.0.1#53 (127.0.0.1); when:wed Mar 9 10:10:37 2011;; MSG SIZE rcvd:112

It's OK to explain that.

Then add a new zone or a level two domain name in master. Just modify the serial number to become larger. And then I use the reboot bind or

#rndc reload so from the automatic update ... Is it convenient?

Two issues were encountered in this deployment:

1. The file directory permissions problem caused by chroot. View/var/log/message Display:

Mar 8 17:36:58 Files named[30498]: The working directory is not writable

Solution: Vi/etc/mtree/bind.chroot.dist

Put

/set type=dir uname=root Gname=wheel mode=0755

Modified into

/set type=dir uname=bind Gname=wheel mode=0755

It's OK to reboot.

2.  Master failed to update slave and slave reboot and could not update master. Catch bag with tcpdump find. The update package was not sent to slave at all when master restarted. Puzzled by the solution. Then suddenly awakened. I forgot.

Master updates only the DNS servers that are set up in zone, which is the IP of the NS record. And I forgot to add the NS record for slave. Causes Master to think that he has only one DNS. So no update package was sent to slave. And finally, everything is fine:

@ in NS ns.365.com.
@ in NS ns2.365.com.

NS in A 192.168.1.243
NS2 in A 192.168.1.241

。。。。。。。。。。。。。

3. Occurs when configuring RNDC:

Rndc:connection to remote host closed

This problem is due to the inconsistency between the key in the rndc.conf and the secret in the Rndc.key. After the change, it's OK.

Finished ~ ~ To yourself to record ...