Test environment:
MASTER: 192.168.79.130
From: 192.168.79.128,
Domain Name: bkjia.com
I. Compilation and Installation
Here, we use compilation and installation to better understand the working mechanism than the rpm installation method.
(Download the source file package)
# Tar-zxvf bind-9.9.3.tar.gz (extract)
# Cd bind-9.9.3 (enter the extracted directory)
#./Configure-prefix =/usr/local/named-enable-threads-with-dlz-mysql
(For compilation, the-perfix option specifies the installation directory. The-enable-threads option is used to enable thread support to improve server performance. The-with-dlz-mysql option is used to enable dynamic loading of regions, suitable for large dns server systems. Other compilation options can be entered. /configure-help view)
Checking for MySQL DLZ driver... Not found
Configure: error: MySQL was not found in any of/usr/local/mysql/usr/pkg; use-with-dlz-mysql =/path
(The mysql development header file is not found in the system. The mysql development header file name in CentOS is mysql-devel. you can install it using the yum-y install mysql-devel command)
#./Configure-prefix =/usr/local/named-enable-threads
# Make & make install !)
# Ls/usr/local/named/(view the directory after installation)
Bin etc include lib man sbin var first generates a control key for master-slave data encryption.
#/Usr/local/named/sbin/rndc-confgen-a-c bkjia. key-k bkjia
The generated/bkjia. key is also uploaded to the Master/Slave server.
Enter/usr/local/named/etc, and generate rndc. conf and named. conf.
#/Usr/local/named/sbin/rndc-confgen>/usr/local/named/etc/rndc. conf
(Use the rndc-confgen command to generate the rndc. conf file. rndc is mainly used to control the bind9 server through the network. before being able to control a bind server, you must establish an authentication mechanism between the two parties .)
# Cat etc/rndc. conf
# Start of rndc. conf
Key "rndc-key "{
Algorithm hmac-md5;
Secret "uLNAkFRNnTEChIurTi6bow = ";
};
Options {
Default-key "rndc-key ";
Default-server 127.0.0.1;
Default-port 953;
};
# End of rndc. conf
# Use with the following in named. conf, adjusting the allow list as needed:
# Key "rndc-key "{
# Algorithm hmac-md5;
# Secret "uLNAkFRNnTEChIurTi6bow = ";
#};
#
# Controls {
# Inet 127.0.0.1 port 953
# Allow {127.0.0.1;} keys {"rndc-key ";};
#};
# End of named. conf
# Tail-10 rndc. conf | head-9
# Key "rndc-key "{
# Algorithm hmac-md5;
# Secret "uLNAkFRNnTEChIurTi6bow = ";
#};
#
# Controls {
# Inet 127.0.0.1 port 953
# Allow {127.0.0.1;} keys {"rndc-key ";};
#};
Output the key information in rndc. conf to named. conf.
# Cd etc/
It is emphasized that the key values of rndc. conf and named. conf must be the same and do not need to be generated.
Rndc. key
# Tail-10 rndc. conf | head-9> name. conf (redirects the last 10th rows of rndc. conf to the last 2 rows of files to name. conf)
Remove the # number before the 9 rows
# Cat name. conf
Key "rndc-key "{
Algorithm hmac-md5;
Secret "uLNAkFRNnTEChIurTi6bow = ";
};
Controls {
Inet 127.0.0.1 port 953
Allow {127.0.0.1;} keys {"rndc-key ";};
};
Ii. Configure the master server
Modify the main Bind configuration file and load zhir. key
# Vim named. conf
# Acl "bkjia_acl" {192.168.1, 10; 192.168.2.10 ;}; # Use acl for access control
Options {
Directory "/usr/local/named/var/named ";
Version "0.0.0 ″;
Datasize 40 M;
Pid-file "/var/run/named. pid ";
Listen-on port 53 {any ;};
Dump-file "/usr/local/bind/var/data/cache_dump.db ";
Statistics-file "/usr/local/bind/var/data/bind_stats.txt ";
Auth-nxdomain no;
Optional Y yes;
Also-policy {192.168.79.128 ;};
Transfer-format allow-answers;
Interface-interval 0;
Allow-query {any ;};
};
Logging {
Channel warning {
File "dns_warnings" versions 3 size 1240 k;
Severity warning;
Print-category yes;
Print-severity yes;
Print-time yes;
};
Channel general_dns {
File "dns_logs" versions 3 size 1240 k;
Severity info;
Print-category yes;
Print-severity yes;
Print-time yes;
};
Category default {warning ;};
Category queries {general_dns ;};
};
Include "/usr/local/named/etc/bkjia. key ";
# The Value of "bkjia" can be specified.
# Key "bkjia "{
# Algorithm hmac-md5;
# Secret "/3 + UyJBAAS8WDus4DudqzQ = ";
#};
View "view_bkjia "{
Match-clients {any ;};
# Match-clients {bkjia_acl ;};
Server 192.168.79.128 {keys bkjia;}; # slave database encryption and authentication
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "localhost" IN {
Type master;
File "localhost. zone ";
};
Zone "bkjia.com" IN {
Type master;
File "bkjia. zone ";
Allow-transfer {key bkjia;}; # encrypted transmission
};
};
Key "rndc-key "{
Algorithm hmac-md5;
Secret "uLNAkFRNnTEChIurTi6bow = ";
};
Controls {
Inet 127.0.0.1 port 953
Allow {127.0.0.1;} keys {"rndc-key ";};
};