DNS server Configuration practices under Linux (ii)-Configure DNS from the server

Source: Internet
Author: User
Tags mx record

"Experimental description"

Experimental environment: Add a server ns2.test.com, IP 192.168.0.112;

Experimental purpose: The new server is configured to 192.168.0.111 this primary DNS server from the DNS server;

" conditions for implementing master-Slave Synchronization"

1, the master-slave server time must be synchronized, using NTP and time server periodic synchronization time;

[Email protected] ~]# vim/etc/crontab */3 * * * */sbin/ntpdate 192.168.0.111 &>/dev/null #每隔3分钟同步一次; #具体时间服务 The configuration of the device is not described here

2, note the master-slave service device bind version differences, both versions must be the same or the primary DNS version is less than the DNS version, because some features of the higher version may not be supported on the lower version, and the resolution library from the DNS is from the primary DNS synchronization, so be sure to note.

"Experimental Steps"

1, modify the primary DNS resolution library, add an NS record from DNS with a record, point from DNS;

[[email protected] ~]# vim /var/named/test.com.zone   #修改正向解析库文件; $TTL  86400@     in    soa    ns.test.com. admin.test.com.   (               2015052612                2H                10M                7D                1D )      IN   NS   ns.test.com.     in   ns  ns2.test.com. # To add an NS record from DNS;     in   mx  10 mail.test.com.ns    in    a   192.168.0.111ns2  in   a   192.168.0.112    #添加从DNS的A记录;www  in   a   192.168.0.113mail in    a   192.168.0.114pop3 in cname  mail.test.com. [[email protected] ~]# vim /var/named/192.168.0.zone  #修改反向解析库文件; $TTL  86400@    IN    SOA    ns.test.com. admin.test.com.  (               2015051105                2H                10M                7D                1D )     in   ns  ns.test.com.    in   ns   ns2.test.com.    #添加从DNS的NS记录;    in  mx 10  mail.test.com.111 in  ptr  ns.test.com.112 in  ptr   ns2.test.com.   #添加从DNS的PTR记录; 113 in  ptr www.test.com.114 in  ptr  mail.test.com.

   

[[email protected] named]#  vim /etc/named.rfc1912.zones#----slightly-----zone ] Test.com " IN {      type slave;          #设定为从服务器;      file  "Slaves/test.com.zone";       #这里是相对路径;      masters { 192.168.0.111; };      #指定主服务器是谁;  //   allow-transfer { none; }; #   Do not enable this option by default to allow all host synchronization, as enabled this means that the startup whitelist is only available for the specified host to synchronize;        };    zone  "0.168.192.in-addr.arpa"  IN {      type  slave;         #设定为从服务器;      file  " Slaves/192.168.0.zone ";      #这里是相对路径;       masters  { 172.16.0.111; };       #指定主服务器是谁;  //   allow-transfer { none; }; }  #---configuration complete----#补充说明: Zone transfer restrictions feature:bind:  has built-in Acl        none:   All do not allow;        any:  to allow any arbitrary;         localhost: only native;        allow-transfer {  allowed ip; ip; ip; ... };  This means that the startup whitelist can only be synchronized by the specified host;         allow-transfer {  ip/Mask number; };   allows a network host to be synchronized.            Example:allow-transfer { 192.168.1.0/24;  };  indicates that 192.168.1.1~192.168.1.253 are allowed to synchronize;

    3, synchronous from DNS;

#------The primary DNS side------[[email protected] ~]# setenforce 0   #关闭SELINUX to prevent synchronization errors; [Email  protected] ~]# service iptables stop  #关闭iptables服务 to prevent problems with synchronous transmission transmission;iptables:  setting chains to policy accept: filter           [  OK  ]iptables: Flushing firewall rules:                           [  OK  ]iptables: Unloading modules:                                 [  OK  ][[email  protected] ~]# rndc reload  #重新载入配置文件;server reload successful   #重载成功! #------from the DNS side------[[EMAIL&NBsp;protected] ~]# setenforce 0[[email protected] ~]# service iptables  stop[[email protected] ~]# service named start  #  Start dns  Named Service;starting named:                                              [  OK  ]   #启动成功! #------is automatically synchronized with the primary DNS from DNS------

   

#------Primary DNS side------[[email protected] ~]# tail /var/log/messagesmay 27 09:03:38  www named[2176]: client 192.168.0.112#35288: transfer of  ' test.com/in ':  AXFR started  #正向解析库文件完全同步开始; may 27 09:03:38 www named[2176]: client  192.168.0.112#35288: transfer of  ' test.com/in ':  axfr ended  # Full synchronization of the parse library file is complete;may 27 09:03:38 www named[2176]: client 192.168.0.112#43370:  transfer of  ' 0.168.192.in-addr.arpa/in ': axfr started   #反向解析库文件完全同步开始;may  27 09:03:38 www named[2176]: client 192.168.0.112#43370: transfer of  ' 0.168.192.in-addr.arpa/in ': axfr ended   #反向解析库文件完全同步完成; #------------from the DNS side [[email  Protected] ~]# ll /var/named/slavestotal 8-rw-r--r--.  1 named named  448 may 27 10:18 192.168.0.zone  #正向解析库文件已经同步过来了;-rw-r--r--.  1 named named 431 may 27  10:14 test.com.zone  #反向解析库文件已经同步过来了.

   

[[email protected] ~]# host -t ns test.com 192.168.0.112 # test.com NS records for query;using domain server:  #使用的DNS;name: 192.168.0.112address:  192.168.0.112#53aliases: test.com name server ns.test.com.  #成功查询到主DNS;test.com  name server ns2.test.com.  #成功查询到从DNS [[email protected] ~]# host -t mx  test.com 192.168.0.112  #查询test. com's MX record;using domain server:name:  192.168.0.112address: 192.168.0.112#53aliases: test.com mail is handled by  10 mail.test.com.  #成功查询到邮件服务器, priority is 10;[[email protected] ~]# host -t a  www.test.com 192.168.0.112  #查询www. test.com corresponding IP address;using domain server:name:  192.168.0.112address: 192.168.0.112#53aliases: www.test.com has address 192.168.0.113   #成功返回www. test.com the corresponding IP address is 192.168.0.113;

Ok! to a simple from the DNS configuration to complete, if there is a description of the incomplete overview, also please the big God shoot brick pointing!!!

This article is from the "Flying Snail" blog, please be sure to keep this source http://ljmsky.blog.51cto.com/2878/1655536

DNS server Configuration practices under Linux (ii)-Configure DNS from the server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.