Linux-dns Server (2): Bind zone transfer

1. BINDThe zone transfer(master-Slave synchronization)

when a domain within the primary DNS downtime or high pressure requires adding a DNS server to replace the primary DNS or relieve the stress of primary DNS.

Host Planning:

Role	IP Address	Host Name
Dns-master	192.168.233.135	Dns_master
Dns-slave	192.168.233.134	Dns_slave

3.1steps for configuring zone transfers

To add a critical two-step step from the server to the zone:

( authorized by superiors )

add a from server to the zone data file NS Records and corresponding a records;

3.2Installation fromDnsServer

[[Email protected]_slave ~]# yum -y  install bind[[email protected]_ Slave ~]# mv /etc/named.conf/etc/named.conf.ori[[email protected]_slave ~]# vim  /etc/named.confoptions {       directory  "/var/named/";}; zone  "."  IN {       type hint;        file  "named.ca";}; zone  "localhost"  IN {       type master;        file  "Named.localhost";}; zone  "1.0.0.127.in-addr.arpa" in {       type master;        file  "Named.loopback";}; zone  "enzhi.com."  IN {       type slave;        masters { 192.168.233.135; };       file  "Slaves/enzhi.com.zone";}; Zone "233.168.192.in-addr.arpa"  IN {       type slave;        masters { 192.168.233.135; };        file  "Slaves/192.168.233.zone";};

#masters {dns_server_ip; }; Specify the primary DNS Server IP address

Attention:

# The zone data file from the server does not need to be created by itself, from the server is automatically copied from the primary server to the/var/named/slaves/directory from the server . So the path to the file from the server's zone profile is to write the relative path file "Slaves/enzhi.com.zone";

3.3Configure Master server Master profile authorization from server

# zone add a row allow-transfer{slave_server_ip;}

[[email protected]_master named]# vi  /etc/named.confoptions {        directory  "/var/named";}; zone  "."  IN {       type hint;        file  "named.ca";}; zone  "localhost"  IN {       type master;        file  "Named.localhost";}; zone  "1.0.0.127.in-addr.apra" in {       type master;        file  "Named.loopback";}; zone  "enzhi.com."  IN {       type master;        file  "Enzhi.com.zone";       allow-transfer {  192.168.233.134; };}; Zone "233.168.192.in-addr.arpa"  in {       type master;       file  "192.168.233.zone";        allow-transfer { 192.168.233.134; };};

3.4Modify the zone file of the primary server to add a server from theNsRecord

[[email protected]_master named]# vimenzhi.com.zone$ttl 600@       IN      SOA     ns.enzhi.com.    admin.enzhi.com.  (                 2016032401                 2H                 5m                7d                 1D )          IN      NS       ns       IN      NS       ns2       in      mx  10 mailns      IN      A        192.168.233.135ns2     in     a        192.168.233.134mail   IN      A        192.168.233.11www    in      a        192.168.233.10ftp    IN       cname   www

#

[[email protected]_master named]# vim 192.168.233.zone$ttl 600@       IN      SOA     ns.enzhi.com.    admin.enzhi.com.  (                 2016032401                 2H                 5M                 7d                1d )  @      IN      NS       ns.enzhi.com.       IN     NS       ns2.enzhi.com.135    in      ptr      ns.enzhi.com.134     in     ptr      ns2.enzhi.com.11     IN      PTR      mail.enzhi.com.10     in      ptr      www.enzhi.com.

# grammar Check and restart nsmed Service

[Email protected]_master named]# named-checkzone "233.168.192.in-addr.arpa" 192.168.233.zonezone 233.168.192.                     In-addr.arpa/in:loadedserial 2016032401ok[[email protected]_master named]#/etc/init.d/named reloadReloading named: [OK]

3.5StartDns-slaveof theNamedService

[Email protected]_slave ~]#/etc/init.d/namedconfigtest #语法检查zone localhost/in:loaded serial 0zone 1.0.0.127. In-addr.arpa/in:loadedserial 0[[email protected]_slave ~]#/etc/init.d/namedstart #启动namedGenerating/etc/rndc.ke Y: [OK]starting named: [OK] #检查区域数据文件是否成功复制过来 [[Email protected]_slave ~]# CD /var/named/slaves/[[email protected]_slave slaves]# Ls192.168.233.zone enzhi.com.zone

3.6UseDigCommand TestSlavecan parse

[[email protected]_slave slaves]# dig -t a www.enzhi.com @192.168.233.134  ; <<>> dig9.8.2rc1-redhat-9.8.2-0.37.rc1.el6_7.7 <<>> -t  A [email protected];;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode:QUERY, status: NOERROR, id: 15935;;  flags: qr aa rd ra; QUERY: 1, ANSWER:1, AUTHORITY: 2,  additional: 2 ;;  QUESTION SECTION:;www.enzhi.com.                  IN      A ;;  ANSWER SECTION:www.enzhi.com.          600      IN     A        192.168.233.10 ;;  authority section:enzhi.com.              600     IN      NS       ns2.enzhi.com.enzhi.com.               600     in     ns       ns.enzhi.com. ;;  ADDITIONAL SECTION:ns.enzhi.com.            600     in     a        192.168.233.135ns2.enzhi.com.          600      IN     A       192.168.233.134 ;;  Query time: 1 msec;;  server:192.168.233.134#53 (192.168.233.134);  when: thu mar 24 12:43:39 2016;;  msg size  rcvd: 114

# reverse parse

[[email protected]_slave slaves]# dig -x192.168.233.10 @192.168.233.134 ;  <<>> dig9.8.2rc1-redhat-9.8.2-0.37.rc1.el6_7.7 <<>> -x [email  protected];;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode:QUERY, status: NOERROR, id: 28690;;  flags: qr aa rd ra; QUERY: 1, ANSWER:1, AUTHORITY: 2,  additional: 2 ;;  question section:;10.233.168.192.in-addr.arpa.   in     ptr  ;;  ANSWER SECTION:10.233.168.192.in-addr.arpa. 600 IN     PTR     www.enzhi.com. ;;  AUTHORITY SECTION:233.168.192.in-addr.arpa. 600   IN      ns      ns2.enzhi.com.233.168.192.in-addr.arpa. 600   in     ns      ns.enzhi.com. ;;  ADDITIONAL SECTION:ns.enzhi.com.            600     in     a        192.168.233.135ns2.enzhi.com.          600      IN     A       192.168.233.134 ;;  Query time: 1 msec;;  server:192.168.233.134#53 (192.168.233.134);  WHEN: Thu Mar 24 12:44:58 2016;;  msg size  rcvd: 139

This article from "Enzhi" blog, reproduced please contact the author!

Linux-dns Server (2): Bind zone transfer