dns之slave
接前面内容master,主要修改zone参数内的allow-transfer项目
[root@master ~]# cat /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "devin.vm" IN { type master; file "named.devin.vm";
allow-transfer { 192.168.26.100; }; #添加slave IP }; zone "26.168.192.in-addr.arpa" IN { type master; file "named.192.168.26";
allow-transfer { 192.168.26.100; }; ##添加slave IP };
修改正向解析 /var/named/named.devin.vm
[root@master named]# cat /var/named/named.devin.vm $TTL 1D @ IN SOA devin.vm. ns2.devin.vm. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.devin.vm.
@ IN NS slave.devin.vm. #添加slave master IN A 192.169.26.51
slave.devin.vm. IN A 192.168.26.100 #添加slave
@ IN MX 10 ns2.devin.vm. ns2.devin.vm. IN A 192.168.26.53 ns1.devin.vm. IN A 192.168.26.52 client.devin.vm. IN A 192.168.26.52 www.devin.vm. IN A 192.168.26.52 ftp.devin.vm. IN CNAME www.devin.vm. dhcp.devin.vm. IN CNAME www.devin.vm.
修改反向解析 /var/named/named.192.168.26
[root@master named]# cat /var/named/named.192.168.26
$TTL 1D
@ IN SOA devin.vm. ns2.devin.vm. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.devin.vm.
@ IN NS slave.devin.vm. #添加slave
51 IN PTR master.devin.vm.
100 IN PTR slave.devin.vm. #添加slave
52 IN PTR ns1.devin.vm.
52 IN PTR client.devin.vm.
52 IN PTR www.devin.vm.
52 IN PTR ftp.devin.vm.
52 IN PTR dhcp.devin.vm.
53 IN PTR ns2.devin.vm.
slave的主配置文件
[root@slave ~]# cat /etc/named.conf options { listen-on port 53 { any; }; #放开所有 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; #放开所有 allow-transfer { none; }; #禁止转发 recursion yes; dnssec-enable yes; dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "devin.vm" IN { type slave; #修改成slave file "named.devin.vm";
masters { 192.168.26.51; }; #添加master }; zone "26.168.192.in-addr.arpa" IN { type slave; #修改成slave file "named.192.168.26";
masters { 192.168.26.51; }; #添加master };
添加dns
[root@slave named]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.26.100 nameserver 192.168.26.51
重启服务
systemctl restart named
检测命令
[root@slave named]# dig master.devin.vm @127.0.0.1 [root@slave named]# dig -x 192.168.26.51 @127.0.0.1 能正确的显示出A和PTR,那就成功了!
It is the quality of one's convictions that determines success, not the number of followers.
浙公网安备 33010602011771号