Linux Miscellaneous (19): DNS server configuration (2)

Last Update:2014-05-13 Source: Internet

Author: User

Tags reverse dns

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

1 Local and Internet resolution ?? We have discussed forward and reverse DNS resolution before, but sometimes we want the DNS server to parse the local server and the external server and the Internet.
?
? We have discussed forward and reverse DNS resolution before, but sometimes we want the DNS server to parse the local server differently from the Internet. You need to configure the local machine and the Internet in the main configuration file:
?
?
?
?
?
? This is the access to this server in the main configuration file, and the secondary configuration file is example.com. zone; (note the content to be commented out ).
?
?
?
? This is a non-local configuration, and the sub-configuration file is example.com. inter.
?
? In order to unify the process, comment out the policy of the previous sub-configuration file.
?
?
?
?

? Then we create and edit the internet sub-configuration file:
?
?
?
?
?
? This is the settings of our internet sub-configuration file. Unlike the intranet, the IP address corresponding to www.example.com is 192.168.2.160 instead of 192.168.2.150.
?
? After the service is restarted, use the local machine to view the IP address corresponding to www.example.com:
?
?
?
? Check the IP address corresponding to www.example.com from a non-local machine:
?
?
?
? Note: When we were doing experiments, we found that the firewall had not been flushed. Therefore, we should pay attention to turning off the fire wall during testing.
?
?
? During the next experiment, we need to restore the previous settings !!
?
?
?
? 2. secondary node DNS
?
? Generally, a DNS server is not just one. we will use the idea of a cluster, that is, multiple DNS servers provide domain name resolution services together. At this time, we need other servers as the secondary nodes. synchronizing the master node and the secondary node is our final goal.
?
? Modify the master configuration file of the secondary node:
?
?
?
? Modify its sub-configuration file:
?
?
?
?
?
? In this case, our configuration file is no longer under the named directory, but under the slave directory.
?
At this point, we need to add a message on the master node, that is, specify the secondary node as the server we just set:
?
?
? When the two servers enable the service at the same time, we found that the example.com. zone file exists under the slave Directory of the secondary node, which is generated by synchronization.
?
?
?
? In this case, modify the dns of the secondary node to itself:

?
?
?
? We didn't set the information in example.com. zone, but the ip address obtained after dig is the same as that set on the master server:
?
?
?
? We changed the ip address of www.example.com in example.com. zone on the master server to 192.168.2.151, and then restarted the named service. dig www.example.com found that the IP address of the server on the secondary node was not modified:
?
? Master node:
?
?
?
? Secondary node:
?
?
?
? Although the secondary node can also access the information of the primary node, the synchronization fails. This is not acceptable. We want to synchronize the record of the primary and secondary nodes:
?
? Modify the synchronization information in the configuration file of the master node:
?
?
?
? Add the also-policy parameter:
?
?
?
? Restart the service after saving:
?
?
?
? In addition, we want to view the boolean value of selinux. if it is not allowed, we need to enable the modifiable permissions:
?
?
?
? Then, we use the secondary node to add the IP address information of www.example.com:
?
?
?
? The discovery is not allowed. After troubleshooting, it is found that allow-uodate, a parameter of the original master node, is not set as the IP address of the secondary node. add it:
?
?
?
? Then add bbs.example.com:
?

?
? Modified successfully!
?
? Then let's dig the bbs.example.com:
?
?
?
? It is the same as what we added, indicating that synchronization has been done. In fact, we can add more nodes to provide more powerful DNS services.
?
?
? Summary:
?
? It seems that our DNS functions seem to be good, but it is obviously insufficient in terms of security. next we will explain how to modify the record after encryption. During this experiment, there were hundreds of errors, indicating that I was not careful enough to consider the problem. this habit needs to be strengthened. Next, I will explain it again.
?
?
?
?
?
?
?

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More