linux上主从dns的配置

最新推荐文章于 2023-03-10 11:09:35 发布

Dawn-liu

最新推荐文章于 2023-03-10 11:09:35 发布

阅读量386

点赞数

文章标签： dns 主从

本文链接：https://blog.csdn.net/mingri_xing/article/details/79576972

版权

自己搭了个环境，一台主dns的bind版本9.9.4它的IP为192.168.137.177，一台从dns的版本为9.8.2它的IP为192.168.137.222

1 主dns配置
vim /etc/named.conf

options {
        listen-on port 53 { 192.168.137.177; };
.....
        allow-query     { localhost;192.168.137.222; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;
...}

vim /etc/named.rfc1912.zones
后面增加
zone "union.com" IN {
        type master;
        file "union.com";
        notify yes;
        also-notify { 192.168.137.222; };
        allow-transfer { 192.168.137.222; };
        allow-update { none; };
};
zone "137.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.137.in-addr.arpa";
        notify yes;
        also-notify { 192.168.137.222; };
        allow-transfer { 192.168.137.222; };
        allow-update { none; };
};

[root@centos7 named]# vim /var/named/union.com
$TTL 3600
$ORIGIN union.com.
@       IN SOA ns1.union.com admin.union.com. (
                2018031601
                1D
                1H
                1w
                3H
)

        IN      NS ns
        IN      MX 10 mail.union.com.
ns      IN      A       192.168.137.10
www     IN      A       192.168.137.10
webserver IN    CNAME   www
mail    IN      A       192.168.137.10
ftp     IN      A       192.168.137.20
ftp     IN      A       192.168.137.30
ns2     IN      A       192.168.137.40
ns3     IN      A       192.168.137.50

[root@centos7 named]# vim /var/named/192.168.137.in-addr.arpa

$TTL 3600
@       IN      SOA ns1.union.com. admin.union.com. (
                2018031601
                1D
                1H
                1W
                3H

)

                IN      NS ns.union.com.
10              IN      PTR ns.union.com.
10              IN      PTR www.union.com.
20              IN      PTR ftp.union.com.
30              IN      PTR ftp.union.com.
40              IN      PTR ns2.union.com.
50              IN      PTR ns3.union.com.

启动服务 systemctl start named.service
语法检查 named-checkconf
         named-checkzone union.com /var/named/union.com
            rndc status
2 从dns配置
vim /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1;192.168.137.222; };
...
        allow-query     { any; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

...

[root@uwsgi ~]# vim /etc/named.rfc1912.zones

最后增加

zone "union.com" IN {
        type slave;
        file "slaves/union.com.zone";
        masters { 192.168.137.177; };
};
zone "137.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/192.168.137.in-addr-arpa";
        masters { 192.168.137.177; };
};
service named start
rndc status

3 测试
从dns查看到在目录/var/named/slaves下面多了两个文件 union.com.zone和192.168.137.in-addr-arpa
#dig @192.168.137.222 union.com axfr
# dig @192.168.137.222 -x 192.168.137.20 用于查看反向解析

主要主dns的文件union.com和文件192.168.137.in-addr.arpa的权限

4测试增加条目同步

在主dns的文件union.com中增加一条记录

pop   IN   A 192.168.137.60
**并且修改系列号为2018031602，这里修改系列号下面的命令才有用
重启服务主从 rndc reload ---》主dns重启就可以

查看结果：
dig @192.168.137.222 pop.uniom.com
dig @192.168.137.222 -x 192.168.137.60
dig @192.168.137.222 union.com axfr   用于显示域union.com中的所有条目
dig -t A pop.union.om 查询A记录
//-t 有ns mx A 等

其他：acl可以设置访问控制
acl mynet {
      192.168.137.222;
      192.168.137.0/24;
};
使用 allow-transfer { mynet; };
allow-query { mynet; }；

关于view

view “inside” {
   match-clients { 192.168.137.0/24; };//匹配内网主机
   recursion yes;   //允许递归查询
};

view "outside" {
   match-clinets { any; };//匹配任何的
   recursion no;
};
在上面inside写在outside的前面表示内网地址可以递归查询;不允许外网地址通过本dns查询别的域名地址。

Dawn-liu

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
linux上主从dns的配置

自己搭了个环境，一台主dns的bind版本9.9.4它的IP为192.168.137.177，一台从dns的版本为9.8.2它的IP为192.168.137.2221 主dns配置vim /etc/named.confoptions { listen-on port 53 { 192.168.137.177; };..... allow-query { loca...
复制链接

扫一扫