BIND主从复制及子域授权
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了BIND主从复制及子域授权相关的知识,希望对你有一定的参考价值。
一、BIND的正反向区域解析如下
http://jiayimeng.blog.51cto.com/10604001/1852025
二、从DNS的配置文件/etc/named.conf和主DNS配置一样,
[[email protected] ~]# vim /etc/named.conf listen-on port 53 { 127.0.0.1; 192.168.3.8; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; #allow-query { localhost; }; recursion yes; [[email protected] ~]# named-checkconf #检查主配置文件
编辑区域文件/etc/named.rf1912.zones,紧接着添加正反解析,如下所示:
[[email protected] ~]# vim /etc/named.rfc1912.zones zone "magedu.com" IN { type slave; masters { 192.168.3.9; }; file "slaves/magedu.com"; allow-update { none; }; }; zone "3.168.192.in-addr.arpa" IN { type slave; masters { 192.168.3.9; }; file "slaves/192.168.3.zone"; allow-update { none; }; };
三、测试从DNS
#开启服务 [[email protected] ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] #查看是否从主服务器复制有文件 [[email protected] ~]# cd /var/named/slaves [[email protected] slaves]# ll total 8 -rw-r--r-- 1 named named 475 Nov 4 08:29 192.168.3.zone -rw-r--r-- 1 named named 490 Nov 4 08:29 magedu.com #测试解析 [[email protected] slaves]# dig -t NS magedu.com @192.168.3.8 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> -t NS magedu.com @192.168.3.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19495 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;magedu.com. IN NS ;; ANSWER SECTION: magedu.com. 86400 IN NS ns2.magedu.com. magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.3.9 ns2.magedu.com. 86400 IN A 192.168.3.9 ;; Query time: 2 msec ;; SERVER: 192.168.3.8#53(192.168.3.8) ;; WHEN: Fri Nov 4 08:32:25 2016 ;; MSG SIZE rcvd: 96 [[email protected] slaves]# dig -t NS magedu.com @192.168.3.9 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> -t NS magedu.com @192.168.3.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16105 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;magedu.com. IN NS ;; ANSWER SECTION: magedu.com. 86400 IN NS ns2.magedu.com. magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.3.9 ns2.magedu.com. 86400 IN A 192.168.3.9 ;; Query time: 2 msec ;; SERVER: 192.168.3.9#53(192.168.3.9) ;; WHEN: Fri Nov 4 08:33:01 2016 ;; MSG SIZE rcvd: 96
四、主从同步
主服务器添加一条A记录 [[email protected] named]# vim /var/named/magedu.com.zone $TTL 86400 $ORIGIN magedu.com. @ IN SOA ns1.magedu.com. admin.magedu.com ( 2016110401 1H 5M 7D 1D ) IN NS ns1.magedu.com. IN NS ns2.magedu.com. IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 192.168.3.9 ns2 IN A 192.168.3.9 mx1 IN A 192.168.3.9 mx2 IN A 192.168.3.9 www IN A 192.168.3.9 jym IN CNAME www img IN A 192.168.3.9 #添加的A记录
主DNS重读配置文件
[[email protected] named]# service named reload 重新载入named: [确定]
为防止同步失败,应关闭selinux,iptables放行。同时时间同步一致,版本尽量一致,否则主低从高
五、子域授权
配置子域的主配置文件
[[email protected] ~]# vim /etc/named.rfc1912.zones zone "cdn.magedu.com" IN{ type master; file "cdn.magedu.com.zone"; };
2.添加区域解析库文件
$TTL 1D $ORIGIN cdn.magedu.com. @ IN SOA ns1.cdn.magedu.com. admin.cdn.magedu.com. ( 2016103001 1H 5M 7D 1D) IN NS ns1.cdn.magedu.com. ns1 IN A 192.168.3.8 www IN A 192.168.3.8 www IN A 192.168.3.8
3.在主DNS配置文件中加入
cdn.magedu.com. IN NS ns1.cdn.magedu.com. ns1.cdn.magedu.com IN A 192.168.3.8
4.修改子域DNS文件权限并检查语法
[[email protected] named]# chown :named cdn.magedu.com.zone [[email protected] named]# chmod 640 cdn.magedu.com.zone [[email protected] named]# named-checkzone "cdn.magedu.com.zone" /var/named/cdn.magedu.com.zone
5.重读配置文件
[[email protected] named]# service named reload
6.测试
dig -t A www.cdn.magedu.com @192.168.3.8 dig -t A www.cdn.magedu.com @192.168.3.9
本文出自 “linux启航” 博客,请务必保留此出处http://jiayimeng.blog.51cto.com/10604001/1869624
以上是关于BIND主从复制及子域授权的主要内容,如果未能解决你的问题,请参考以下文章