Zone transfer
As stated in the previous chapters, if there are multiple DNS servers in a zone, one of them is the primary DNS server, the other is the secondary DNS server, and the data files of the primary and secondary DNS servers are consistent. This ensures that the results of using primary DNS and secondary DNS resolution are consistent.
For a secondary DNS server, it cannot manually create data files and must be routed by the primary DNS server.
If no data file exists on the secondary DNS, the primary DNS server will transfer its own data files to the secondary DNS server at this point. This transfer mechanism is called full zone transfer.
If the secondary DNS server already has a data file on it, and the primary DNS data file is updated, the primary DNS server passes the added or updated data to the secondary DNS server, at which point the secondary DNS server updates its own data files. This transfer mechanism is called incremental zone transfer.
Of course, zone transfers need to be defined in the corresponding region.
Creating a secondary server first requires a host, where this host is 192.168.108.190.
Install DNS related software bind97, same as previous installation process
For example:
1. First define only which hosts are zone transfer on the specified zone above the primary DNS server
Zone "Xsl.com" in {
Type master;
File "Xsl.com.zone";
Allow-transfer {192.168.108.190;}; # allow only 192.168.108.190 this host to send zone transfer requests
};
2. Add an NS record and a record to the data file on the xsl.com zone on the primary DNS server
For example:
Xsl.com. In NS ns1.xsl.com.
Xsl.com. In NS ns2.xsl.com.
Ns1.xsl.com. In A 192.168.108.251
Ns2.xsl.com. In A 192.168.108.190
3, configure the secondary DNS configuration file, in the relevant areas need to define this:
Zone "Xsl.com" in {
Type slave; #定义自己是辅助DNS服务器
File "Slaves/xsl.com.zone"; #定义该区域的整解数据文件, the path here is a little different from the previous one.
Masters {192.168.108.251;}; #定义主DNS服务器是谁
Allow-transfer {none;}; #不允许其他主机向自己发送区域传送请求
};
Note: Since the/var/named group is named, and the permission is RX, and therefore does not have W permissions, when the DNS service is turned on, the process is the owner and the group are named, so if the data file is not directly stored in the/var/named directory, but/ Var/named/slaves This directory, because this directory has W permissions. So here the auxiliary DNS data files are generally present in the/var/named/slaves directory.
After the creation is complete, the owner and owner of the configuration file and data file that repaired the DNS are root, named
Then, after restarting the primary DNS service, observe the log information (tail/var/log/messages)
A delivery failure may occur at this time. The reason is to turn off SELinux and use Setenforce 0 to close SELinux
Also use Iptables-f to empty all the iptables chain
After these steps, you can complete the full zone transfer.
To verify the incremental zone transfer, simply modify or add a resource record in the data file value of a zone, and modify the serial number of the data file. Finally restarting the service, you can observe that the incremental zone transfer is also successful.
Subdomain authorization
If an area is too large, and there are many different units in this area, then we can divide each unit into a sub-region, so that the DNS requests of all units are directly resolved by each subdomain, thus reducing the pressure on the parent domain.
For defining subdomains, you need to define them on the configuration file of the parent domain's primary DNS server.
In the/etc/named.conf of the primary DNS server, add the following lines
Subdomain in NS ns1. Subdomain
ns1. Subdomain in A IP
For example:
Mini.xsl.com. In NS ns1.mini.xsl.com.
Ns1.mini.xsl.com. In NS 192.168.108.15
After the definition is complete on the parent domain's primary DNS server, configure the DNS configuration file and data file on the configuration as a subdomain DNS server. The configuration process is the same as before. Only here you need to define a subdomain on the parent domain's primary DNS server.
Defining a forwarding Domain
Zone "Zone_name" in {
Type forward; #定义转发区域
ForWord {Only|first}; #定义转发规则
forwarders {server_ip;}; #定义将请求转发给哪个DNS服务器来处理
Note: Forward is defined as a forwarding rule, where only the request is sent only to a server for processing, but the resolution succeeds or cannot be resolved and is returned to the local DNS server.
First means that the request is forwarded to a DNS server for the very first time, and if it cannot be resolved, the request is forwarded to the root server.
This article from the "Linux Learning Path" blog, declined reprint!
Zone transfer and subdomain authorization for the Linux learning path