Build a master-slave DNS Server Based on CentOS 6

Last Update:2016-02-18 Source: Internet

Author: User

Tags dnssec

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Build a master-slave DNS Server Based on CentOS 6

1. Switch to the root user

2. bind is installed on two servers.

yuminstallbind

3. Compare the bind versions of the two servers

4. Modify the master configuration file information. We recommend that you back up the master configuration file and modify it later.

Cp/etc/named. conf/etc/named. conf. bakvi/etc/named. confoptions {listen-onport53 {127.0.0.1;}; // only listen to the 53 port listen-on-v6port53 of the Local Machine {: 1 ;}; directory "/var/named "; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt "; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {localhost ;}; // only allow recursive queries on the local machine: recursionyes; dnssec-enableyes; dnssec-validationyes; dnssec-lookasideauto;/* PathtoISCDLVkey */bindkeys-file "/etc/named. iscdlv. key "; managed-keys-directory"/var/named/dynamic ";};

By default, only port 53 of the local machine is monitored. To provide services, add at least one listener for port 53 of the Internet address and allow all users to perform recursive queries. And comment out all dnssec.

Vi/etc/named. confoptions {listen-onport53 {192.168.0.15; 127.0.0.1;}; // Add the listening address, add the local Internet address here to listen-on-v6port53 {: 1 ;}; directory "/var/named "; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt "; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {any ;}; // allow all recursionyes; // dnssec-enableyes; // dnssec-validationyes; // dnssec-lookasideauto;/* PathtoISCDLVkey * // bindkeys-file "/etc/named. iscdlv. key "; // managed-keys-directory"/var/named/dynamic ";};

5. Check the listening status of port 53 on the server.

[root@localhost~]#ss-tunlp|grep:53udpUNCONN00192.168.0.15:53*:*users:(("named",4387,513))udpUNCONN00127.0.0.1:53*:*users:(("named",4387,512))udpUNCONN00::1:53:::*users:(("named",4387,514))tcpLISTEN03::1:53:::*users:(("named",4387,22))tcpLISTEN03192.168.0.15:53*:*users:(("named",4387,21))tcpLISTEN03127.0.0.1:53*:*users:(("named",4387,20))

The above configurations are the same for the master and slave servers.

6. primary DNS Server Configuration:

Definition region:

[Root @ localhost ~] # Cat/etc/named. rfc1912.zoneszone "armo.com" IN {typemaster; file "armo.com. zone ";}; // forward zone" 0.168.192.in-addr. arpa "IN {typemaster; file" 192.168.0.zone ";}; // reverse Region

Define the region resolution library file:

[Root @ localhost ~] # Cat/var/named/armo.com. zone $ TTL1d@INSOAns1.armo.com.admin.armo.com (20160203011H5M7D1D) parser. keystore // forward parsing library file [root @ localhost ~] # Cat/var/named/192.168.0.zone $ TTL1d $ ORIGIN0.168.192.in-addr.arpa.@INSOAns1.armo.com.admin.armo.com. (20160203011H5M7D1D) Libraries. // reverse resolution Library File

Check for syntax errors

Name-checkconf // check whether the main configuration file has a syntax error named-checkzone "armo.com"/var/named/armo.com. zone // check the region configuration file

Change file permissions and Groups

[Root @ localhostnamed] # chmod640armo.com. zone [root @ localhostnamed] # chown: namedarmo.com. zone // forward to [root @ localhostnamed] # chmod640192.168.0.zone [root @ localhostnamed] # chown: named192.168.0.zone // reverse

Test primary DNS Server Resolution:

[Root @ localhost ~] [Email protected]; <> DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <> [email protected]; globaloptions: + cmd; Gotanswer :;; -> HEADER <-opcode: QUERY, status: NOERROR, id: 52591; flags: qraardra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2; QUESTIONSECTION:; www.armo.com. INA; ANSWERSECTION: www.armo.com. 86400INA192. 168.0.17; AUTHORITYSECTION: armo.com.86400INNSns2.armo.com.armo.com.86400INNSns1.armo.com .;; ADDITIONAL SECTION: ns1.armo.com.86400INA192.168.0.1ns2.armo.com. 86400INA192. 168.0.17; Querytime: 2 msec; SERVER: 192.168.0.15 #53 (192.168.0.15); WHEN: WedFeb306: 01: 382016; MSGSIZErcvd: 114 // forward [root @ localhost ~] [Email protected]; <> DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <> [email protected]; globaloptions: + cmd; Gotanswer :;; -> HEADER <-opcode: QUERY, status: NOERROR, id: 63940; flags: qraardra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0; QUESTIONSECTION:; 4.0.168.192.in-addr. arpa. INPTR; ANSWERSECTION: 4.0.168.192.in-addr. arpa.86400INPTRlocalhost .;; querytime: 29 msec; SERVER: 192.168.216.231 #53 (192.168.216.231); WHEN: WedFeb306: 03: 422016; MSGSIZErcvd: 65 // reverse

7. Slave DNS Server Configuration

Test zone transfer with the primary DNS Server

[root@localhost~][email protected];<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected];;globaloptions:+cmdarmo.com.86400INSOAns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400armo.com.86400INNSns1.armo.com.armo.com.86400INNSns2.armo.com.armo.com.86400INMX10mx1.armo.com.armo.com.86400INMX20mx2.armo.com.mx1.armo.com.86400INA192.168.0.4mx2.armo.com.86400INA192.168.0.1ns1.armo.com.86400INA192.168.0.1ns2.armo.com.86400INA192.168.0.17www.armo.com.86400INA192.168.0.17armo.com.86400INSOAns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400;;Querytime:21msec;;SERVER:192.168.0.15#53(192.168.0.15);;WHEN:WedFeb306:04:402016;;XFRsize:11records(messages1,bytes273)

Define Region

[root@localhost~]#cat/etc/named.rfc1912.zoneszone"armo.com"IN{typeslave;masters{192.168.0.15;};file"slave/armo.com.zone";}

Start the service

servicenamedstart

View synchronization Information

[root@localhost~]#tail/var/log/messagesFeb306:20:42localhostnamed[15085]:zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loadedserial0Feb306:20:42localhostnamed[15085]:zonelocalhost.localdomain/IN:loadedserial0Feb306:20:42localhostnamed[15085]:zonelocalhost/IN:loadedserial0Feb306:20:42localhostnamed[15085]:managed-keys-zone./IN:loadedserial2Feb306:20:42localhostnamed[15085]:runningFeb306:20:42localhostnamed[15085]:zonearmo.com/IN:Transferstarted.Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:connectedusing192.168.0.17#43758Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:transferredserial2016020301Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:Transfercompleted:1messages,11records,273bytes,0.001secs(273000bytes/sec)Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:sendingnotifies(serial2016020301)[root@localhost~]#cat/var/named/slaves/armo.com.zone$ORIGIN.$TTL86400;1dayarmo.comINSOAns1.armo.com.admin.armo.com.armo.com.(2016020301;serial3600;refresh(1hour)300;retry(5minutes)604800;expire(1week)86400;minimum(1day))NSns1.armo.com.NSns2.armo.com.MX10mx1.armo.com.MX20mx2.armo.com.$ORIGINarmo.com.mx1A192.168.0.4mx2A192.168.0.1ns1A192.168.0.1ns2A192.168.0.17wwwA192.168.0.17[root@localhost~]#

So far, the DNS Master/Slave server has been built.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More