Build a master-slave DNS server and explain important transfer and recursive attributes

Build a master-slave DNS server and explain important transfer and recursive attributes

1. The main function of allow-recursion is to allow recursive queries on hosts to prevent DNS servers from hanging up or wasting network resources.

For example, only recursive DNS queries of hosts in the 1.1.1.0/24 network segment are allowed, and recursive queries of other hosts are not allowed.

Allow-recursion {1.1.1.0/24 ;};

2. Allow-transfer: Transfers regional data only to the slave server. Otherwise, security risks may occur.

For example, this server only transmits regional data from the DNS server 1.1.1.19.

Allow-transfer {1.1.1.19 ;};

3. Background: To build a master-slave DNS server, the requirements are as follows:

A. the IP address of the primary DNS server is 1.1.1.18 and the IP address of the slave DNS server is 1.1.1.19,

B. The primary DNS server only allows recursive DNS queries on hosts in the 1.1.1.0/24 network segment,

C. The primary DNS server only transmits regional data to the 1.1.1.19 slave DNS server,

D. The active/standby DNS server must add NS records corresponding to the DNS server.

A record, PTR record, etc.

Otherwise, when the primary DNS server updates the record, it will not send a notification to the slave DNS server to update the resource record.

3. 1. Set the primary DNS Server

3.1.1. added the named. conf file for primary DNS configuration.

Vim/etc/named. conf, add the following content

Options {

Directory "/var/named ";

Allow-recursion {1.1.1.0/24 ;};

};

Zone "." In {

Type hint;

File "named. ca ";

};

Zone "localhost" in {

Type master;

File "named. localhost ";

Allow-transfer {none ;};

};

Zone "0.0.127.in-ADDR. Arpa" in {

Type master;

File "named. loopback ";

Allow-transfer {none ;};

};

Zone "willow.com "{

Type master;

File "willow.com. Zone ";

Allow-transfer {1.1.1.19 ;};

};

Zone "1.1.1.in-ADDR. Arpa" in {

Type master;

File "1.1.1.zone ";

Allow-transfer {1.1.1.19 ;};

};

 3.1.2. added a forward region file for willow.com. Zone.

Vim/var/named/willow.com. zone:

$ TTL 600

Willow.com. In SOA ns1.willow.com. root.willow.com .(

20160517

1 H

10 m

3D

1D)

Willow.com. In NS NS1

Willow.com. In NS NS2.

In MX 10 mail

NS1 in a 1.1.1.18

Nsns in a 1.1.1.19

Mail.willow.com. In a 1.1.1.23

WWW in a 1.1.1.20

WWW in a 1.1.1.21

WWW in a 1.1.1.22

FTP in cname www.willow.com.

 

3.1.3. added the 1.1.1.zone reverse region file.

Vim/var/named/1.1.1.zone:

$ TTL 600

@ In SOA ns1.willow.com. root.willow.com .(

20160517

1 H

10 m

3D

1D)

In NS ns1.willow.com.

In NS ns2.willow.com.

18 In PTR ns1.willow.com.

19 In PTR ns2.willow.com.

23 In PTR mail.willow.com.

20 in PTR www.willow.com.

21 In PTR www.willow.com.

22 In PTR www.willow.com.

. Set slave DNS

3.2.1.Add named. conf file for configuring slave DNS

Vim/etc/named. conf, add the following content

Options {

Directory "/var/named ";

Allow-recursion {1.1.1.0/24 ;};

};

 

Zone "." In {

Type hint;

File "named. ca ";

};

 

Zone "localhost" in {

Type master;

File "named. localhost ";

Allow-transfer {none ;};

};

 

Zone "0.0.127.in-ADDR. Arpa" in {

Type master;

File "named. loopback ";

Allow-transfer {none ;};

};

 

Zone "willow.com "{

Type slave;

Masters {1.1.1.18 ;};

File "Slaves/willow.com. Zone ";

Allow-transfer {none ;};

};

 

Zone "1.1.1.in-ADDR. Arpa" in {

Type slave;

Masters {1.1.1.18 ;};

File "Slaves/1.1.1.zone ";

Allow-transfer {none ;};

};

Note: you do not need to manually configure the direct and reverse data areas of the DNS server. You can automatically download the data directly from the primary DNS server.

In addition, it can be stored in the/var/named/slaves/folder according to the configuration.

At this point, the master-slave DNS setup is complete. Please note the owner, group, and permissions of the corresponding file. If you do not understand, please refer to the blog above.

This article is from the "xia weiliu" blog, please be sure to keep this source http://willow.blog.51cto.com/6574604/1774294

Build a master-slave DNS server and explain important transfer and recursive attributes