bind主从配置--非DLZ

参考 : 

https://www.isc.org/faq/item/182

 

 

1. 编译安装bind

./configure --prefix=/usr/local/bind --enable-threads --disable-openssl-version-check  && make && make install

 

2. 主节点生成key并scp至从节点

/usr/local/bind/sbin/rndc-confgen -s 127.0.0.1 -r /dev/urandom > rndc.conf

 

echo "aaa" > aaa

echo "bbb" > bbb 

/usr/local/bind/sbin/rndc-confgen -a -b -r aaa 128 -c /usr/local/bind/etc/b.key -k b

/usr/local/bind/sbin/rndc-confgen -a -b -r bbb 128 -c /usr/local/bind/etc/a.key -k b

scp a.key 1.1.1.2:/usr/local/bind/etc/a.key

scp b.key 1.1.1.2:/usr/local/bind/etc/b.key

 

3. 配置主节点:1.1.1.1

include "/usr/local/bind/etc/a.key";
include "/usr/local/bind/etc/b.key";
options {
directory "/usr/local/bind/etc/";
recursion yes;
auth-nxdomain yes;
transfer-format one-answer;
version "[secured]";
allow-query {any;};
files 102400;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
logging {
channel debug_log {
file "named.log" versions 3 ;
severity debug 10;
print-time yes;
print-category yes;
print-severity yes;
};
category xfer-out {
debug_log;
};
};

view "a" {
server 1.1.1.2 { keys a; };

match-clients { !key b; 1.1.1.0/24; };
recursion yes;

zone "test.me" {
type master;
file "/usr/local/bind/etc/zonea";
allow-transfer { 1.1.1.2; };
};
};

view "b" {
server 1.1.1.2 { keys b; };

match-clients { !key a; 1.1.1.0/24; };
recursion yes;

zone "test.me" {
type master;
file "/usr/local/bind/etc/zoneb";
allow-transfer { 1.1.1.2; };
};
};

4. 配置从节点 : 1.1.1.2

include "/usr/local/bind/etc/a.key";
include "/usr/local/bind/etc/b.key";

options {
directory "/usr/local/bind/etc/";
recursion yes;
auth-nxdomain yes;
transfer-format one-answer;
version "[secured]";
allow-query {any;};
files 102400;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
logging {
channel debug_log {
file "named.log" versions 3 ;
severity debug 10;
print-time yes;
print-category yes;
print-severity yes;
};
category xfer-out {
debug_log;
};
};

 

view "a" {
server 1.1.1.1 { keys a; };

match-clients { !key b; 1.1.1.0/24; };
recursion yes;

zone "55tuan.me" {
type slave;
masters { 1.1.1.1; };
file "/usr/local/bind/etc/zonea";
};
};

view "b" {
server 1.1.1.1 { keys b; };

match-clients { !key a; 1.1.1.0/24; };
recursion yes;

zone "55tuan.me" {
type slave;
masters { 1.1.1.1; };
file "/usr/local/bind/etc/zoneb";
};
};

 

注意：

1. master zone file serial NO. must be diff.

2. match client must exclude the other key.

 

 

 

 

转载于:https://www.cnblogs.com/devops/archive/2013/04/23/3037580.html