DNS (BIND) Server master-slave for efficient domain name resolution (rookie training)

Experimental OS

CentOS 6.6 DNS master server ip:10.211.55.6

CentOS 7.2 DNS from server ip:10.211.55.11

2. Core configuration files and directories

   /etc/named.conf

   /var/named/

3. /etc/named.conf configuration file explanation 650) this.width=650; "Src=" http://s3.51cto.com/wyfs02/M01/80/67/ Wkiom1daii3qwbwtaajdlquzvfu075.png "title=" 34859036-b4af-4baf-9b8c-ebe8ba3f1b0b.png "alt=" Wkiom1daii3qwbwtaajdlquzvfu075.png "/>

   Options: Global Configuration

   Directory: Define the data directory with the following path relative to this configuration path

   Allow-recursion: Define recursion, above is to allow the recursion of the IP segment, can not be recursive equivalent to this DNS server will not resolve for you, of course, DNS local maintenance of the domain except

   Notify: When the primary DNS changes, notify the DNS server immediately

   Zone: Domain Configuration

   Type has master (primary zone), slave (from region), hint (root zone), forward (forwarding area)

   File storage location for directory data files relative to the options definition

   Allow-transfer the fundamental alxfr of the master-slave DNS configuration: Full zone transfer

   LXFR: Incremental zone transfer

   You can use dig-t AXFR jusene.com

   650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/80/67/wKiom1dAJHGDrNf0AANycEiYJSg515.png "title=" 31b5e914-98a8-466d-8c63-7a8083dbdd41.png "alt=" Wkiom1dajhgdrnf0aanyceiyjsg515.png "/>
   

   The data file configuration in the jusene.com domain is displayed and intercepted, which can cause information disclosure.

   Security reminder: In each zone in the configuration file, no domain transfer is set to None

   Master-slave DNS requires domain transfer to restrict the sending of requests from DNS

   Start the server

   ---------------------Primary DNS server configuration complete------------

5. From the DNS server configuration file

   650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/68/wKiom1dAJpODqaH-AAJsY7modr8893.png "title=" 11baee9d-6cc6-472e-8e05-c157baf428ea.png "alt=" Wkiom1dajpodqah-aajsy7modr8893.png "/>
   

The configuration file is similar to the master profile, and of course it is important to note that the zone needs to be obtained from the primary DNS server:

Type:slave

Master: IP of the primary DNS server

File: The default slaves directory exists under/var/named, if you want to modify, you need to be aware of the permissions, you can refer to slaves directory permissions

Start the server and view the log/var/log/messages

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/80/65/wKioL1dAKWKyDjW1AATlbewqxDQ128.png "title=" 7007692e-6656-4fad-9150-be554e4d4d5b.png "alt=" Wkiol1dakwkydjw1aatlbewqxdq128.png "/>

Send a synchronization request from the server, full zone to the primary server

The data file for the master service will be found under/var/named/slaves

---------------------from server configuration complete----------------

Note: For incremental synchronization, you need to include an NS record from the server in the master server's data file, and after each modification of the master server data file, add the serial value in the SOA configuration to enable incremental zone transfer.

DNS (BIND) Server master-slave for efficient domain name resolution (rookie training)