Tutorials on master-slave DNS servers under CentOS6.5

Source: Internet
Author: User
Tags dnssec domain transfer nslookup nslookup command

--> Master/Slave DNS Server:

Master DNS: the Administrator manually updates the database;

Secondary DNS server (SlaveDNS): Database updates are completed from the primary server or other secondary DNS servers;


I. Common DNS commands:

1. Test the parsing command.

1). dig command:

# Dig [-t type] [-x addr] [name] [@ server]

+ [No] trace --> (trace the parsing process)

+ [No] recurse --> (whether to use recursion)

+ [No] tcp --> (whether to use tcp query instead of udp)

+ [No] question --> (whether to hide the problem)

+ [No] answer --> (whether to hide the answer)

+ [No] authority --> (whether to hide the authority Section)

+ [No] additional --> (whether to hide additional segments)

2). host command:

# Host [-t type] {name} [server]

Example:

123 [root@localhost ~] # host -t MX xiaoma.com xiaoma.com mail ishandled by 10mail .xiaoma.com. [root@localhost ~] #

3). nslookup command (Interactive command ):

Nslookup>

Server DNS_SERVER_IP

Set q = TYPE

{Name}

Example:

12345678 [root@localhost ~] # nslookup > setq = A > www.xiaoma.com Server: 172.16 . 17.202 Address: 172.16 . 17.202 #53 Name:www.xiaoma.com Address: 172.16 . 17.203 >

2. Start/reload command:

1). startup command:

# Named-u named

# Servcice named start (this may depend on rndc. key)

2). Reload command:

# Service named reload

# Killall-1 named

# Killall named (disabled)

3. Test syntax error:

# Service named configtest

# Named-checkconf

# Named-checkzone "xiaoma.com"/var/named/xiaoma.com. zone

Ii. Master-slave replication of regional transmission:

Note:

I changed the host name here, so that you can easily recognize the master and slave;

Primary DNS server: host1

Slave DNS: host2

---- You can synchronize data that is not in the same CIDR block ----

Prerequisites:

12345678910111213 Attach a CD: [root@host2 ~] # mkdir /media/cdrom [root@host2 ~] # mount /dev/cdrom /media/cdrom/ mount: block device / dev / sr0 iswrite - protected, mounting read - only Configure the local yum Source: [root@host2 ~] # cd /etc/yum.repos.d/ [root@host2 yum.repos.d] # mv CentOS-Base.repo CentOS-Base.repo.bak [root@host2 yum.repos.d] # vim media1.repo [media1] name = media1 baseurl = file : / / / media / cdrom enabled = 1 gpgcheck = 0

--> Install the prepared bind package:

1 [root@localhost ~] # yum -y install bind

1. configure the implementation of the forward Master/Slave service:

1) configure the master server/var/named/xiaoma.com. zone:

2) configure the master server to reload the region file:

12 [root@host1 ~] # service named reload Reloading named: [ OK ]

3) test whether the Master/Slave server can communicate with each other:

2). Configure/etc/named. conf on the slave server:

1234567891011 Note: Here we only paste the content of the comment: / / listen - on port 53 { 127.0 . 0.1 ; }; / / listen - on - v6 port 53 { :: 1 ; }; / / allow - query { localhost; }; / / dnssec - enable yes; / / dnssec - validation yes; / / dnssec - lookaside auto; / / bindkeys - file "/etc/named.iscdlv.key" ; / / managed - keys - directory "/var/named/dynamic" ; / / include "/etc/named.root.key" ;

3) Configure vim/etc/named. rfc1912.zones on the slave server:

4) configure the slave server to start and check whether port 53 is Enabled:

12 [root@host2 ~] # named -u named [root@host2 ~] # ss tunl

5) Check whether/var/named/slaves/xiaoma.com. zone is synchronized from the server configuration:

6) Analysis of slave server configuration test:

7) configure the master server to reload and modify the serial number:

I. Add a record and modify the serial number:

II. Reload:

12 [root@host1 ~] # service named reload Reloading named: [ OK ]

8). view the log:

9) Check whether synchronization is performed on the server:

10). Other resolutions:

1234 [root@host2 ~] # dig -t NS xiaoma.com @172.16.17.100 [root@host2 ~] # dig -t MX xiaoma.com @172.16.17.100 [root@host2 ~] # dig -t CNAME pop.xiaoma.com @172.16.17.100 [root@host2 ~] # dig -t CNAME ftp.xiaoma.com @172.16.17.100

Connect (1. Configure the implementation of the forward master-slave Service)

2. Configure the implementation of the Reverse master-slave service:

1) Configure vim/etc/named. rfc1912.zones on the slave server:

2). Test the syntax on the slave server and reload it:

123 [root@host2 ~] # named-checkconf [root@host2 ~] # service named reload Reloading named: [ OK ]

3). View logs from the server:

4). view the synchronization file from the server:

5). Add the record of the master server to the reverse record:

We add an NS record in the master server (/var/named/172.16.17.zone) to tell the master server that there is a slave server. (Records of NS2. img and slave server ).

6). Start the service and reload it:

7). Check the log on the master server:

8). View synchronization from the server:

Interface (2. Configure the implementation of the Reverse master-slave Service)

3. region transfer security control:

Note: We all know that, by default, without security control, domain transfer on the DNS server is transmitted to all servers. How can we prevent others from synchronizing data on your server?

1) Configure vim/etc/named. rfc1912.zones on the master server:

2) Configure test syntax/reload on the master server:

1234 [root@host1 ~] # named-checkconf [root@host1 ~] # service named reload Reloading named: [ OK ] [root@host1 ~] #

3) Transfer the test area of the master server:

4). transfer from the server test area:

6). Set the security control of the slave Server vim/etc/named. rfc1912.zones:

7). Test syntax/reload from the server

123 [root@host2 ~] # named-checkconf [root@host2 ~] # service named reload Reloading named:

8). slave server test:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.