"Experimental description"
Experimental environment: Add a server ns2.test.com, IP 192.168.0.112;
Experimental purpose: The new server is configured to 192.168.0.111 this primary DNS server from the DNS server;
" conditions for implementing master-Slave Synchronization"
1, the master-slave server time must be synchronized, using NTP and time server periodic synchronization time;
[Email protected] ~]# vim/etc/crontab */3 * * * */sbin/ntpdate 192.168.0.111 &>/dev/null #每隔3分钟同步一次; #具体时间服务 The configuration of the device is not described here
2, note the master-slave service device bind version differences, both versions must be the same or the primary DNS version is less than the DNS version, because some features of the higher version may not be supported on the lower version, and the resolution library from the DNS is from the primary DNS synchronization, so be sure to note.
"Experimental Steps"
1, modify the primary DNS resolution library, add an NS record from DNS with a record, point from DNS;
[[email protected] ~]# vim /var/named/test.com.zone #修改正向解析库文件; $TTL 86400@ in soa ns.test.com. admin.test.com. ( 2015052612 2H 10M 7D 1D ) IN NS ns.test.com. in ns ns2.test.com. # To add an NS record from DNS; in mx 10 mail.test.com.ns in a 192.168.0.111ns2 in a 192.168.0.112 #添加从DNS的A记录;www in a 192.168.0.113mail in a 192.168.0.114pop3 in cname mail.test.com. [[email protected] ~]# vim /var/named/192.168.0.zone #修改反向解析库文件; $TTL 86400@ IN SOA ns.test.com. admin.test.com. ( 2015051105 2H 10M 7D 1D ) in ns ns.test.com. in ns ns2.test.com. #添加从DNS的NS记录; in mx 10 mail.test.com.111 in ptr ns.test.com.112 in ptr ns2.test.com. #添加从DNS的PTR记录; 113 in ptr www.test.com.114 in ptr mail.test.com.
[[email protected] named]# vim /etc/named.rfc1912.zones#----slightly-----zone ] Test.com " IN { type slave; #设定为从服务器; file "Slaves/test.com.zone"; #这里是相对路径; masters { 192.168.0.111; }; #指定主服务器是谁; // allow-transfer { none; }; # Do not enable this option by default to allow all host synchronization, as enabled this means that the startup whitelist is only available for the specified host to synchronize; }; zone "0.168.192.in-addr.arpa" IN { type slave; #设定为从服务器; file " Slaves/192.168.0.zone "; #这里是相对路径; masters { 172.16.0.111; }; #指定主服务器是谁; // allow-transfer { none; }; } #---configuration complete----#补充说明: Zone transfer restrictions feature:bind: has built-in Acl none: All do not allow; any: to allow any arbitrary; localhost: only native; allow-transfer { allowed ip; ip; ip; ... }; This means that the startup whitelist can only be synchronized by the specified host; allow-transfer { ip/Mask number; }; allows a network host to be synchronized. Example:allow-transfer { 192.168.1.0/24; }; indicates that 192.168.1.1~192.168.1.253 are allowed to synchronize;
3, synchronous from DNS;
#------The primary DNS side------[[email protected] ~]# setenforce 0 #关闭SELINUX to prevent synchronization errors; [Email protected] ~]# service iptables stop #关闭iptables服务 to prevent problems with synchronous transmission transmission;iptables: setting chains to policy accept: filter [ OK ]iptables: Flushing firewall rules: [ OK ]iptables: Unloading modules: [ OK ][[email protected] ~]# rndc reload #重新载入配置文件;server reload successful #重载成功! #------from the DNS side------[[EMAIL&NBsp;protected] ~]# setenforce 0[[email protected] ~]# service iptables stop[[email protected] ~]# service named start # Start dns Named Service;starting named:              [  OK  ] #启动成功! #------is automatically synchronized with the primary DNS from DNS------
#------Primary DNS side------[[email protected] ~]# tail /var/log/messagesmay 27 09:03:38 www named[2176]: client 192.168.0.112#35288: transfer of ' test.com/in ': AXFR started #正向解析库文件完全同步开始; may 27 09:03:38 www named[2176]: client 192.168.0.112#35288: transfer of ' test.com/in ': axfr ended # Full synchronization of the parse library file is complete;may 27 09:03:38 www named[2176]: client 192.168.0.112#43370: transfer of ' 0.168.192.in-addr.arpa/in ': axfr started #反向解析库文件完全同步开始;may 27 09:03:38 www named[2176]: client 192.168.0.112#43370: transfer of ' 0.168.192.in-addr.arpa/in ': axfr ended #反向解析库文件完全同步完成; #------------from the DNS side [[email Protected] ~]# ll /var/named/slavestotal 8-rw-r--r--. 1 named named 448 may 27 10:18 192.168.0.zone #正向解析库文件已经同步过来了;-rw-r--r--. 1 named named 431 may 27 10:14 test.com.zone #反向解析库文件已经同步过来了.
[[email protected] ~]# host -t ns test.com 192.168.0.112 # test.com NS records for query;using domain server: #使用的DNS;name: 192.168.0.112address: 192.168.0.112#53aliases: test.com name server ns.test.com. #成功查询到主DNS;test.com name server ns2.test.com. #成功查询到从DNS [[email protected] ~]# host -t mx test.com 192.168.0.112 #查询test. com's MX record;using domain server:name: 192.168.0.112address: 192.168.0.112#53aliases: test.com mail is handled by 10 mail.test.com. #成功查询到邮件服务器, priority is 10;[[email protected] ~]# host -t a www.test.com 192.168.0.112 #查询www. test.com corresponding IP address;using domain server:name: 192.168.0.112address: 192.168.0.112#53aliases: www.test.com has address 192.168.0.113 #成功返回www. test.com the corresponding IP address is 192.168.0.113;
Ok! to a simple from the DNS configuration to complete, if there is a description of the incomplete overview, also please the big God shoot brick pointing!!!
This article is from the "Flying Snail" blog, please be sure to keep this source http://ljmsky.blog.51cto.com/2878/1655536
DNS server Configuration practices under Linux (ii)-Configure DNS from the server