自己搭了个环境,一台主dns的bind版本9.9.4它的IP为192.168.137.177,一台从dns的版本为9.8.2它的IP为192.168.137.222
1 主dns配置
vim /etc/named.conf
options {
listen-on port 53 { 192.168.137.177; };
.....
allow-query { localhost;192.168.137.222; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
...}
vim /etc/named.rfc1912.zones
后面增加
zone "union.com" IN {
type master;
file "union.com";
notify yes;
also-notify { 192.168.137.222; };
allow-transfer { 192.168.137.222; };
allow-update { none; };
};
zone "137.168.192.in-addr.arpa" IN {
type master;
file "192.168.137.in-addr.arpa";
notify yes;
also-notify { 192.168.137.222; };
allow-transfer { 192.168.137.222; };
allow-update { none; };
};
[root@centos7 named]# vim /var/named/union.com
$TTL 3600
$ORIGIN union.com.
@ IN SOA ns1.union.com admin.union.com. (
2018031601
1D
1H
1w
3H
)
IN NS ns
IN MX 10 mail.union.com.
ns IN A 192.168.137.10
www IN A 192.168.137.10
webserver IN CNAME www
mail IN A 192.168.137.10
ftp IN A 192.168.137.20
ftp IN A 192.168.137.30
ns2 IN A 192.168.137.40
ns3 IN A 192.168.137.50
[root@centos7 named]# vim /var/named/192.168.137.in-addr.arpa
$TTL 3600
@ IN SOA ns1.union.com. admin.union.com. (
2018031601
1D
1H
1W
3H
)
IN NS ns.union.com.
10 IN PTR ns.union.com.
10 IN PTR www.union.com.
20 IN PTR ftp.union.com.
30 IN PTR ftp.union.com.
40 IN PTR ns2.union.com.
50 IN PTR ns3.union.com.
启动服务 systemctl start named.service
语法检查 named-checkconf
named-checkzone union.com /var/named/union.com
rndc status
2 从dns配置
vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;192.168.137.222; };
...
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
...
[root@uwsgi ~]# vim /etc/named.rfc1912.zones
最后增加
zone "union.com" IN {
type slave;
file "slaves/union.com.zone";
masters { 192.168.137.177; };
};
zone "137.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.137.in-addr-arpa";
masters { 192.168.137.177; };
};
service named start
rndc status
3 测试
从dns查看到在目录/var/named/slaves下面多了两个文件 union.com.zone和192.168.137.in-addr-arpa
#dig @192.168.137.222 union.com axfr
# dig @192.168.137.222 -x 192.168.137.20 用于查看反向解析
主要主dns的文件union.com和文件192.168.137.in-addr.arpa的权限
4测试增加条目同步
在主dns的文件union.com中增加一条记录
pop IN A 192.168.137.60
**并且修改系列号为2018031602,这里修改系列号下面的命令才有用
重启服务主从 rndc reload ---》主dns重启就可以
查看结果:
dig @192.168.137.222 pop.uniom.com
dig @192.168.137.222 -x 192.168.137.60
dig @192.168.137.222 union.com axfr 用于显示域union.com中的所有条目
dig -t A pop.union.om 查询A记录
//-t 有ns mx A 等
其他:acl可以设置访问控制
acl mynet {
192.168.137.222;
192.168.137.0/24;
};
使用 allow-transfer { mynet; };
allow-query { mynet; };
关于view
view “inside” {
match-clients { 192.168.137.0/24; };//匹配内网主机
recursion yes; //允许递归查询
};
view "outside" {
match-clinets { any; };//匹配任何的
recursion no;
};
在上面inside写在outside的前面表示内网地址可以递归查询;不允许外网地址通过本dns查询别的域名地址。