DNS Article 4 build a master-slave DNS Server

Vim/etc/name. conf

Options {

Directory "/var/named ";

Recursion yes; # define enable recursion. By default, recursion is performed for all users.

Allow-recursion {172.16.0.0/16;}; # indicates recursion only for users of this network segment; or define the recursive client source;

Allow-query # defines who can perform the query;

};

Zone "." In {

Type hint;

File "named. ca ";

Allow-transfer {none ;};

};

Zone "localhost" in {

Type master;

File "named. localhost ";

Allow-transfer {none;}; # indicates that no one in the localhost region is allowed to transmit data;

};

Zone "zledu.com" in {

Type master;

File "zledu.com. Zone ";

Allow-transfer {172.16.100.2 ;}; # indicates that zledu.com is only allowed for transmission by 172.16.100.2 hosts.

};

Dig + recurse-t a www.sohu.com @ 172.16.100.1

Dig + norecurse-t a www.sohu.com @ 172.16.100.1

Dig-trace-t a www.baidu.com @ 172.16.100.1 # Shows the entire process.

Dig-T axfr zledu.com

Axfs: complete region Transfer;

Ixfs: Incremental region Transfer

Regional transfer: (only data can be transferred from the server, and how to define the hosts for transfer)

Master and slave.

How do I create a DNS slave server?

Rpm-e bind-libs bind-utils

SCP 172.16.100.1:/etc/yum. Repos. d/server. Repo ./

Yum-y install bind97 bind97-utils

Ls-L/var/named/# note that the data is synchronized using the named user and named group during data synchronization. Therefore, it is not allowed to directly put the data under this directory;

When synchronizing data, you can directly put it in the slave directory. There are two solutions;

[[Email protected] ~] # Setenforce 0

Setenforce: SELinux is disabled

[[Email protected] etc] # mv named. conf/etc/named.conf.org

[[Email protected] etc] # SCP 172.16.100.1:/etc/named. conf/etc/

Vim name. conf

Zone "zledu.com" in {

Masters {172.16.100.1 ;};

Type slave;

File "Slaves/zledu.com. Zone ";

Allow-transfer {none ;};

};

Zone "100.16.172.in-ADDR. Arpa" in {

Type slave;

File "Slaves/172.16.100.zone ";

Masters {172.16.100.1 ;};

Allow-transfer {none ;};

};

[[Email protected] ~] # Cat/var/named/zledu.com. Zone

$ TTL 600

Zledu.com. In SOA ns1.zledu.com. admin.zledu.com .(

20150523

1 H

5 m

2d

6 h)

In NS NS1

In NS NS2.

In MX 10 mail

NS1 in a 172.16.100.1

Ns2-in A 172.16.100.2

Mail in a 172.16.100.2

Pop in a 172.16.100.4

WWW in a 172.16.100.1

WWW in a 172.16.100.3

DNS log file path/var/log/messages:

[[Email protected] etc] # service named start

[[Email protected] etc] # tail/var/log/messages

An error may occur during synchronization. You need to add one more NS record. When adding an NS server, you must add one record.

Rndc: Used to remotely manage DNS servers;

-H: View help information;

Rndc-confgen>/etc/rndc. conf

[[Email protected] ~] # Cat/etc/rndc. conf

# Start of rndc. conf

Key "rndc-key "{

Algorithm hmac-md5;

Secret "gluqnmx4q97sw1a55zuhqw = ";

};

Options {

Default-key "rndc-key ";

Default-server 127.0.0.1;

Default-port 953;

};

# End of rndc. conf

# Use with the following in named. conf, adjusting the allow list as needed:

# Key "rndc-key "{

# Algorithm hmac-md5;

# Secret "gluqnmx4q97sw1a55zuhqw = ";

#};

#

# Controls {

# Inet 127.0.0.1 port 953

# Allow {127.0.0.1;} Keys {"rndc-key ";};

#};

# End of named. conf

Append it to/etc/name. conf;

Rndc-C/etc/rndc. conf # the server can be controlled by default;

[[Email protected] ~] # Service named reload

Reloading named: [OK]

[[Email protected] ~] # Rndc-C/etc/rndc. conf status

Whether the current host can control the remote host requires modifying the configuration file in named. conf;

CAT/etc/named. conf

Controls {

Inet 127.0.0.1 port 953 # indicates the port of the listener host;

Allow {127.0.0.1;} Keys {"rndc-key" ;};# indicates that the host is allowed for control;

};

Controls {

Inet 172.16.100.1 port 953

Allow {172.16.100.2;} Keys {"rndc-key ";};

};

Perform the following operations;

SCP/etc/rndc. conf 172.16.100.2:/root

Then, modify 172.16.100.2 accordingly;

[[Email protected] slaves] # Cat/root/rndc. conf

# Start of rndc. conf

Key "rndc-key "{

Algorithm hmac-md5;

Secret "gluqnmx4q97sw1a55zuhqw = ";

};

Options {

Default-key "rndc-key ";

Default-server 172.16.100.1;

Default-port 953;

};

[[Email protected] slaves] # rndc-C/root/rndc. conf status

Note that it is often used to control the local machine. It is rare to allow remote hosts. Therefore, we must generate at least a configuration file on the local machine.

This article from the "sweat achievement dream" blog, please be sure to keep this source http://redhatdragon.blog.51cto.com/9183870/1441395

DNS Article 4 build a master-slave DNS Server