2.CentOS6.5下的DNS主從區域傳送配置
接著《1.CentOS6.5下的基礎DNS配置》來說,主從區域傳送只能讓從服務器來進行傳送,不給任何人傳送,我們看看上一章節《1.CentOS6.5下的基礎DNS配置》是否可傳送:
[[email protected] etc]# dig -t axfr itox.com.cn @192.168.100.3
;; Connection to 192.168.100.3#53(192.168.100.3) for itox.com.cn failed: host unreachable.
[[email protected] etc]# dig -t axfr itox.com.cn @192.168.100.3
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -t axfr itox.com.cn @192.168.100.3
;; global options: +cmd
itox.com.cn. 600 IN SOA ns1.itox.com.cn. admin.itox.com.cn. 2019040701 7200 540 259200 36000
itox.com.cn. 600 IN NS ns1.itox.com.cn.
itox.com.cn. 600 IN MX 10 mail.itox.com.cn.
*.itox.com.cn. 600 IN A 192.168.100.3
ftp.itox.com.cn. 600 IN A 192.168.100.25
kali2.itox.com.cn. 600 IN A 192.168.100.22
kali3.itox.com.cn. 600 IN A 192.168.100.23
mail.itox.com.cn. 600 IN A 192.168.100.24
nfs.itox.com.cn. 600 IN A 192.168.100.28
ns1.itox.com.cn. 600 IN A 192.168.100.3
radius.itox.com.cn. 600 IN CNAME ftp.itox.com.cn.
samba.itox.com.cn. 600 IN A 192.168.100.27
www.itox.com.cn. 600 IN A 192.168.100.26
itox.com.cn. 600 IN SOA ns1.itox.com.cn. admin.itox.com.cn. 2019040701 7200 540 259200 36000
;; Query time: 2 msec
;; SERVER: 192.168.100.3#53(192.168.100.3)
;; WHEN: 日 4月 07 22:25:18 CST 2019
;; XFR size: 14 records (messages 1, bytes 343)
這裏我們看到是能夠被任何人傳送的,因此我們在配置DNS主從傳送的時候還需要改動一下named.conf只能被從服務器(這裏實驗指定192.168.100.24為從服務器),開始配置之前,主從服務器都改一下/etc/sysconfig/named文件,默認裏面全部是註釋的,加一行在末尾:OPTIONS="-4",去除去IPv6的解析,只解析IPv4,OPTIONS選項的值可以是:whatever、-4、-6中的一個,不然在主從傳送過程中會看到一堆的:named network unreachable resolving,主從都要改,記得!
區域傳送DNS主服務器named.conf如下,有改動的位置專註標紅
options {
directory "/var/named";
#recursion yes;
allow-recursion { 192.168.100.0/24; }; #這裏只允許給192.168.100.0/24的網段遞歸查詢,實際中幾乎不會用
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "itox.com.cn" IN {
type master;
file "itox.com.cn.zone";
allow-transfer { 192.168.100.24; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "192.168.100.zone";
allow-transfer { 192.168.100.24; };
};
把主服務器的named.conf復制到從服務器相同的位置,然後改動部分內容,就可以啟動服務了,從服務器named.conf如下:
options {
directory "/var/named";
#recursion yes;
allow-recursion { 192.168.100.0/24; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "itox.com.cn" IN {
type slave; #這裏改成從哦
file "slaves/itox.com.cn.zone"; #傳送過來的文件放在slaves目錄下,這個文件夾named用戶是用權限寫入的
masters { 192.168.100.3; }; #指定主服務器在哪裏
masterfile-format text; #這個寫上,不然你看到的主服務器傳送過來的/var/named/slaves/itox.com.cn的正反向文件是亂碼,raw格式的,無法讀。
allow-transfer { none; }; #我就是從了,我就不給別人傳送了
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.100.zone";
masterfile-format text;
masters { 192.168.100.3; };
allow-transfer { none; };
};
好了,配置完成,驗證辦法很簡單,直接看看/var/named/slaves目錄下,文件過來了沒有。
2.CentOS6.5下的DNS主從區域傳送配置