Build a master-slave DNS Server Based on CentOS 6

Build a master-slave DNS Server Based on CentOS 6

1. Switch to the root user

2. bind is installed on two servers.

yuminstallbind

3. Compare the bind versions of the two servers

 

4. Modify the master configuration file information. We recommend that you back up the master configuration file and modify it later.

Cp/etc/named. conf/etc/named. conf. bakvi/etc/named. confoptions {listen-onport53 {127.0.0.1;}; // only listen to the 53 port listen-on-v6port53 of the Local Machine {: 1 ;}; directory "/var/named "; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt "; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {localhost ;}; // only allow recursive queries on the local machine: recursionyes; dnssec-enableyes; dnssec-validationyes; dnssec-lookasideauto;/* PathtoISCDLVkey */bindkeys-file "/etc/named. iscdlv. key "; managed-keys-directory"/var/named/dynamic ";};

By default, only port 53 of the local machine is monitored. To provide services, add at least one listener for port 53 of the Internet address and allow all users to perform recursive queries. And comment out all dnssec.

Vi/etc/named. confoptions {listen-onport53 {192.168.0.15; 127.0.0.1;}; // Add the listening address, add the local Internet address here to listen-on-v6port53 {: 1 ;}; directory "/var/named "; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt "; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {any ;}; // allow all recursionyes; // dnssec-enableyes; // dnssec-validationyes; // dnssec-lookasideauto;/* PathtoISCDLVkey * // bindkeys-file "/etc/named. iscdlv. key "; // managed-keys-directory"/var/named/dynamic ";};

5. Check the listening status of port 53 on the server.

[root@localhost~]#ss-tunlp|grep:53udpUNCONN00192.168.0.15:53*:*users:(("named",4387,513))udpUNCONN00127.0.0.1:53*:*users:(("named",4387,512))udpUNCONN00::1:53:::*users:(("named",4387,514))tcpLISTEN03::1:53:::*users:(("named",4387,22))tcpLISTEN03192.168.0.15:53*:*users:(("named",4387,21))tcpLISTEN03127.0.0.1:53*:*users:(("named",4387,20))

The above configurations are the same for the master and slave servers.

6. primary DNS Server Configuration:

Definition region:

[Root @ localhost ~] # Cat/etc/named. rfc1912.zoneszone "armo.com" IN {typemaster; file "armo.com. zone ";}; // forward zone" 0.168.192.in-addr. arpa "IN {typemaster; file" 192.168.0.zone ";}; // reverse Region

Define the region resolution library file:

[Root @ localhost ~] # Cat/var/named/armo.com. zone $ TTL1d@INSOAns1.armo.com.admin.armo.com (20160203011H5M7D1D) parser. keystore // forward parsing library file [root @ localhost ~] # Cat/var/named/192.168.0.zone $ TTL1d $ ORIGIN0.168.192.in-addr.arpa.@INSOAns1.armo.com.admin.armo.com. (20160203011H5M7D1D) Libraries. // reverse resolution Library File

Check for syntax errors

Name-checkconf // check whether the main configuration file has a syntax error named-checkzone "armo.com"/var/named/armo.com. zone // check the region configuration file

Change file permissions and Groups

[Root @ localhostnamed] # chmod640armo.com. zone [root @ localhostnamed] # chown: namedarmo.com. zone // forward to [root @ localhostnamed] # chmod640192.168.0.zone [root @ localhostnamed] # chown: named192.168.0.zone // reverse

Test primary DNS Server Resolution:

[Root @ localhost ~] [Email protected]; <> DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <> [email protected]; globaloptions: + cmd; Gotanswer :;; -> HEADER <-opcode: QUERY, status: NOERROR, id: 52591; flags: qraardra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2; QUESTIONSECTION:; www.armo.com. INA; ANSWERSECTION: www.armo.com. 86400INA192. 168.0.17; AUTHORITYSECTION: armo.com.86400INNSns2.armo.com.armo.com.86400INNSns1.armo.com .;; ADDITIONAL SECTION: ns1.armo.com.86400INA192.168.0.1ns2.armo.com. 86400INA192. 168.0.17; Querytime: 2 msec; SERVER: 192.168.0.15 #53 (192.168.0.15); WHEN: WedFeb306: 01: 382016; MSGSIZErcvd: 114 // forward [root @ localhost ~] [Email protected]; <> DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <> [email protected]; globaloptions: + cmd; Gotanswer :;; -> HEADER <-opcode: QUERY, status: NOERROR, id: 63940; flags: qraardra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0; QUESTIONSECTION:; 4.0.168.192.in-addr. arpa. INPTR; ANSWERSECTION: 4.0.168.192.in-addr. arpa.86400INPTRlocalhost .;; querytime: 29 msec; SERVER: 192.168.216.231 #53 (192.168.216.231); WHEN: WedFeb306: 03: 422016; MSGSIZErcvd: 65 // reverse

7. Slave DNS Server Configuration

Test zone transfer with the primary DNS Server

[root@localhost~][email protected];<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected];;globaloptions:+cmdarmo.com.86400INSOAns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400armo.com.86400INNSns1.armo.com.armo.com.86400INNSns2.armo.com.armo.com.86400INMX10mx1.armo.com.armo.com.86400INMX20mx2.armo.com.mx1.armo.com.86400INA192.168.0.4mx2.armo.com.86400INA192.168.0.1ns1.armo.com.86400INA192.168.0.1ns2.armo.com.86400INA192.168.0.17www.armo.com.86400INA192.168.0.17armo.com.86400INSOAns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400;;Querytime:21msec;;SERVER:192.168.0.15#53(192.168.0.15);;WHEN:WedFeb306:04:402016;;XFRsize:11records(messages1,bytes273)

Define Region

[root@localhost~]#cat/etc/named.rfc1912.zoneszone"armo.com"IN{typeslave;masters{192.168.0.15;};file"slave/armo.com.zone";}

Start the service

servicenamedstart

View synchronization Information

[root@localhost~]#tail/var/log/messagesFeb306:20:42localhostnamed[15085]:zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loadedserial0Feb306:20:42localhostnamed[15085]:zonelocalhost.localdomain/IN:loadedserial0Feb306:20:42localhostnamed[15085]:zonelocalhost/IN:loadedserial0Feb306:20:42localhostnamed[15085]:managed-keys-zone./IN:loadedserial2Feb306:20:42localhostnamed[15085]:runningFeb306:20:42localhostnamed[15085]:zonearmo.com/IN:Transferstarted.Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:connectedusing192.168.0.17#43758Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:transferredserial2016020301Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:Transfercompleted:1messages,11records,273bytes,0.001secs(273000bytes/sec)Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:sendingnotifies(serial2016020301)[root@localhost~]#cat/var/named/slaves/armo.com.zone$ORIGIN.$TTL86400;1dayarmo.comINSOAns1.armo.com.admin.armo.com.armo.com.(2016020301;serial3600;refresh(1hour)300;retry(5minutes)604800;expire(1week)86400;minimum(1day))NSns1.armo.com.NSns2.armo.com.MX10mx1.armo.com.MX20mx2.armo.com.$ORIGINarmo.com.mx1A192.168.0.4mx2A192.168.0.1ns1A192.168.0.1ns2A192.168.0.17wwwA192.168.0.17[root@localhost~]#

So far, the DNS Master/Slave server has been built.