實驗環(huán)境
創(chuàng)新互聯(lián)公司是一家集網(wǎng)站建設(shè),運城企業(yè)網(wǎng)站建設(shè),運城品牌網(wǎng)站建設(shè),網(wǎng)站定制,運城網(wǎng)站建設(shè)報價,網(wǎng)絡(luò)營銷,網(wǎng)絡(luò)優(yōu)化,運城網(wǎng)站推廣為一體的創(chuàng)新建站企業(yè)�����,幫助傳統(tǒng)企業(yè)提升企業(yè)形象加強企業(yè)競爭力�����?���?沙浞譂M足這一群體相比中小企業(yè)更為豐富����、高端�����、多元的互聯(lián)網(wǎng)需求���。同時我們時刻保持專業(yè)、時尚��、前沿��,時刻以成就客戶成長自我���,堅持不斷學(xué)習(xí)�、思考��、沉淀�����、凈化自己����,讓我們?yōu)楦嗟钠髽I(yè)打造出實用型網(wǎng)站。
系統(tǒng) 主機名 IP 備注
Centos6.8 nod1.wupeng.com 10.208.131.222 主服務(wù)器
Centos6.8 nod2.wupeng.com 10.208.131.228 從服務(wù)器
Centos6.8 nod3.wupeng.com 10.208.131.229 子域服務(wù)器
bind程序包:
bind:提供的DNS server程序��、以及幾個常用的測試程序��;
bind-libs:被bind和bind-utils包中的程序共同用到的庫文件����;
bind-utils:bind客戶端程序集,例如dig, host, nslookup等�����;
bind-chroot:選裝��,讓named運行于jail模式下�;
對三臺主機分別更改主機名 關(guān)閉防火墻以及關(guān)閉selinux (iptables和selinux保存配置后需要重啟服務(wù)才能生效)
nod1更改主機
[root@nod1 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nod1.wupeng.com
nod2更改主機
[root@nod2 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nod2.wupeng.com
nod3更改主機
[root@nod3 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nod3.wupeng.com
nod1清空防火墻規(guī)則
[root@nod1 ~]# iptables -F
[root@nod1 ~]# service iptables save
nod2清空防火墻規(guī)則
[root@nod2 ~]# iptables -F
[root@nod2 ~]# service iptables save
nod3清空防火墻規(guī)則
[root@nod3 ~]# iptables -F
[root@nod3 ~]# service iptables save
nod1關(guān)閉selinux安全機制
[root@nod1 ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config
SELINUX=disabled
nod2關(guān)閉selinux安全機制
[root@nod2 ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config
SELINUX=disabled
nod3關(guān)閉selinux安全機制
[root@nod3 ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config
SELINUX=disabled
三臺主機分別同步時間為一致 可以使用ntpdate命令來進行時間同步
[root@nod1 ~]# yum install ntpdate -y
[root@nod2 ~]# yum install ntpdate -y
[root@nod3 ~]# yum install ntpdate -y
[root@nod1 ~]# ntpdate ntp.api.bz
28 Jun 15:42:08 ntpdate[1598]: step time server 17.253.84.125 offset 856096.191423 sec
[root@nod2 ~]# ntpdate ntp.api.bz
28 Jun 15:42:08 ntpdate[1577]: step time server 17.253.84.125 offset 854843.947376 sec
[root@nod3 ~]# ntpdate ntp.api.bz
28 Jun 15:42:08 ntpdate[1593]: step time server 17.253.84.125 offset 599540.432080 sec
正向配置
在nod1主機上安裝bind的相關(guān)軟件
[root@nod1 ~]# yum install bind bind-utils -y //bind-libs 這個庫文件會進行依賴安裝
編輯/etc/bind.conf主配置文件
[root@nod1 ~]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 10.208.131.222; }; //監(jiān)聽地址
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //允許的請求方式為所有人
recursion yes;
dnssec-enable no; //安全機制為NO
dnssec-validation no; //安全機制為NO
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};編輯/etc/named.rfc1912.zones創(chuàng)建正向區(qū)域文件
[root@nod1 ~]# vim /etc/named.rfc1912.zones
zone "wupeng.com" IN {
type master;
file "wupeng.com.zone";
};利用模板創(chuàng)建一個wupeng.com域的區(qū)域數(shù)據(jù)文件 文件權(quán)限為640 屬組為named
[root@nod1 ~]# cd /var/named/
第一種:
[root@nod1 named]# cp -p named.localhost wupeng.com.zone
第二種:
[root@nod1 named]# cp -rf named.localhost wupeng.com.zone
[root@nod1 named]# chmod 640 wupeng.com.zone
[root@nod1 named]# chgrp named wupeng.com.zone
查看文件屬性
[root@nod1 named]# ll wupeng.com.zone
-rw-r----- 1 root named 152 6月 21 2007 wupeng.com.zone
編輯wupeng.com.zone文件記錄 NS和A記錄
[root@nod1 named]# vim wupeng.com.zone
$TTL 1D
$ORIGIN wupeng.com.
@ IN SOA ns1.wupeng.com. admin.wupeng.com. (
2017062800 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
ns1 IN A 10.208.131.222
www IN A 10.208.131.223
檢測主配置文件和區(qū)域數(shù)據(jù)文件是否有錯誤
[root@nod1 named]# named-checkconf //正確是沒有任何提示
[root@nod1 named]# named-checkzone wupeng.com /var/named/wupeng.com.zone
zone wupeng.com/IN: loaded serial 2017062800
OK
啟動bind服務(wù) 并測試正向解析是否成功
[root@nod1 named]# service named start
Generating /etc/rndc.key: [確定]
啟動 named: [確定]
測試:
[root@nod1 named]# dig -t A www.wupeng.com @10.208.131.222
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t A www.wupeng.com @10.208.131.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33056
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.wupeng.com. INA
;; ANSWER SECTION:
www.wupeng.com. 86400INA10.208.131.223
;; AUTHORITY SECTION:
wupeng.com. 86400INNSns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400INA10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.222#53(10.208.131.222)
;; WHEN: Wed Jun 28 21:26:24 2017
;; MSG SIZE rcvd: 82
解釋:
-t A www.wupeng.com 類型為A記錄的域名
@10.208.131.222 以10.208.131.222的IP進行解析 無需在/etc/resolv.conf里進行設(shè)置
編輯/etc/named.rfc1912.zones創(chuàng)建反向區(qū)域文件
[root@nod1 named]# vim /etc/named.rfc1912.zones
zone "131.208.10.in-addr.arpa" IN {
type master;
file "10.208.131";
};利用模板創(chuàng)建一個10.208.131.zone的區(qū)域數(shù)據(jù)文件 文件權(quán)限為640 屬組為named
[root@nod1 ~]# cd /var/named/
第一種:
[root@nod1 named]# cp -p named.loopback 10.208.131.zone
第二種:
[root@nod1 named]# cp -rf named.loopback 10.208.131.zone
[root@nod1 named]# chmod 640 wupeng.com.zone
[root@nod1 named]# chgrp named wupeng.com.zone
查看文件屬性
[root@nod1 named]# ll 10.208.131.zone
-rw-r----- 1 root named 263 6月 28 21:07 10.208.131.zone
編輯wupeng.com.zone文件記錄 NS和PTR記錄
[root@nod1 named]# vim 10.208.131.zone
$TTL 1D
$ORIGIN 131.208.10.in-addr.arpa.
@ IN SOA ns1.wupeng.com admin.wupeng.com. (
2017062800 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
222 IN PTR ns1.wupeng.com.
223 IN PTR www.wupeng.com.
重新加載bind服務(wù) 并測試反向解析是否成功
[root@nod1 named]# rndc reload
server reload successful
測試:
[root@nod1 named]# dig -x 10.208.131.223 @10.208.131.222
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.223 @10.208.131.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54483
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;223.131.208.10.in-addr.arpa.INPTR
;; ANSWER SECTION:
223.131.208.10.in-addr.arpa. 86400 INPTRwww.wupeng.com.
;; AUTHORITY SECTION:
131.208.10.in-addr.arpa. 86400INNSns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400INA10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.222#53(10.208.131.222)
;; WHEN: Wed Jun 28 21:19:16 2017
;; MSG SIZE rcvd: 107
主從復(fù)制
在主服務(wù)器添加從服務(wù)器的NS和A記錄 并重新加載服務(wù)
$TTL 1D
$ORIGIN wupeng.com.
@ IN SOA ns1.wupeng.com. admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
ns1 IN A 10.208.131.222
ns2 IN A 10.208.131.228
www IN A 10.208.131.223
[root@nod1 named]# rndc reload
server reload successful
在主機nod2上安裝bind相關(guān)文件
[root@nod2 ~]# yum install bind bind-utils -y
配置bind主文件
vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 10.208.131.228; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};配置區(qū)域文件
[root@nod2 ~]# vim /etc/named.rfc1912.zones
zone "wupeng.com" IN {
type slave;
file "slaves/wupeng.com";
masters { 10.208.131.222; };
};
zone "131.208.10.in-addr.arpa" IN {
type slave;
file "10.208.131.zone";
masters { 10.208.131.222; };
};檢查配置是否有錯誤
[root@nod2 ~]# named-checkconf
啟動bind服務(wù) 查看區(qū)域數(shù)據(jù)是否傳輸?shù)絪laves目錄下并測試
[root@nod2 ~]# service named start
啟動 named: [確定]
[root@nod2 ~]# ll /var/named/slaves/
總用量 8
-rw-r--r-- 1 named named 390 6月 28 21:55 10.208.131.zone
-rw-r--r-- 1 named named 335 6月 28 21:54 wupeng.com
測試:
[root@nod2 ~]# dig www.wupeng.com @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.wupeng.com @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.wupeng.com. INA
;; ANSWER SECTION:
www.wupeng.com. 86400INA10.208.131.223
;; AUTHORITY SECTION:
wupeng.com. 86400INNSns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400INA10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 21:56:38 2017
;; MSG SIZE rcvd: 82
[root@nod2 ~]# dig -x 10.208.131.223 @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.223 @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18940
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;223.131.208.10.in-addr.arpa.INPTR
;; ANSWER SECTION:
223.131.208.10.in-addr.arpa. 86400 INPTRwww.wupeng.com.
;; AUTHORITY SECTION:
131.208.10.in-addr.arpa. 86400INNSns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400INA10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 21:57:05 2017
;; MSG SIZE rcvd: 107
在主服務(wù)器新增一條記錄 在進行測試
[root@nod1 named]# vim /var/named/wupeng.com.zone
$TTL 1D
$ORIGIN wupeng.com.
@ IN SOA ns1.wupeng.com. admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
ns1 IN A 10.208.131.222
ns2 IN A 10.208.131.228
www IN A 10.208.131.223
dns IN A 10.208.131.224
[root@nod1 named]# vim 10.208.131.zone
$TTL 1D
$ORIGIN 131.208.10.in-addr.arpa.
@ IN SOA ns1.wupeng.com admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
222 IN PTR ns1.wupeng.com.
228 IN PTR ns2.wupeng.com.
223 IN PTR www.wupeng.com.
224 IN PTR dns.wupeng.com.
重新加載主服務(wù)器
[root@nod1 named]# rndc reload
server reload successful
重新加載從服務(wù)器
[root@nod2 ~]# rndc reload wupeng.com
zone refresh queued
[root@nod2 ~]# rndc reload 131.208.10.in-addr.arpa
zone refresh queued
NOTE:rndc reload 在從服務(wù)器不生效 嘗試過多次只能在后邊加區(qū)域才生效
測試:
[root@nod2 ~]# dig dns.wupeng.com @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> dns.wupeng.com @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30389
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;dns.wupeng.com. INA
;; ANSWER SECTION:
dns.wupeng.com. 86400INA10.208.131.224
;; AUTHORITY SECTION:
wupeng.com. 86400INNSns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400INA10.208.131.222
;; Query time: 0 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 22:29:46 2017
;; MSG SIZE rcvd: 82
[root@nod2 ~]# dig -x 10.208.131.224 @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.224 @10.208.131.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20995
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;224.131.208.10.in-addr.arpa.INPTR
;; ANSWER SECTION:
224.131.208.10.in-addr.arpa. 86400 INPTRdns.wupeng.com.
;; AUTHORITY SECTION:
131.208.10.in-addr.arpa. 86400INNSns1.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86400INA10.208.131.222
;; Query time: 1 msec
;; SERVER: 10.208.131.228#53(10.208.131.228)
;; WHEN: Wed Jun 28 22:30:07 2017
;; MSG SIZE rcvd: 107
子域配置
在主機nod3上安裝bind相關(guān)軟件 并配置主文件
[root@nod3 ~]# yum install bind bind-utils -y
[root@nod3 ~]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 10.208.131.229; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
[root@nod3 ~]# vim /etc/named.rfc1912.zones
zone "music.wupeng.com" IN {
type master;
file "music.wupeng.com.zone";
};
zone "wupeng.com" IN { //設(shè)置了轉(zhuǎn)發(fā)功能才能進行查詢和傳輸區(qū)域文件
type forward;
forward only;
forwarders { 10.208.131.222; 10.208.131.228; };
};復(fù)制模板創(chuàng)建子域區(qū)域配置文件
[root@nod3 named]# cp -p named.localhost music.wupeng.com.zone
[root@nod3 named]# vim music.wupeng.com.zone
$TTL 1D
$ORIGIN music.wupeng.com.
@ IN SOA ns3.music.wupeng.com. admin.music.wupeng.com. (
2017062800 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns3.music
ns3.music IN A 10.208.131.229
www IN A 10.208.131.230
檢測是否有配置錯誤
[root@nod3 named]# named-checkzone music.wupeng.com /var/named/music.wupeng.com.zone
zone music.wupeng.com/IN: loaded serial 2017062800
OK
在主服務(wù)器添加子域的NS和A記錄
[root@nod1 named]# vim /etc/named.conf
$TTL 1D
$ORIGIN wupeng.com.
@ IN SOA ns1.wupeng.com. admin.wupeng.com. (
2017062802 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.wupeng.com.
IN NS ns2.wupeng.com.
ns1 IN A 10.208.131.222
ns2 IN A 10.208.131.228
www IN A 10.208.131.223
dns IN A 10.208.131.224
ns3 IN NS ns3.music
ns3.music IN A 10.208.131.229
重新加載主配置文件 啟動nod3的bind的服務(wù)
[root@nod1 named]# rndc reload
server reload successful
測試:
[root@nod3 named]# dig www.music.wupeng.com @10.208.131.229
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.music.wupeng.com @10.208.131.229
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46119
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.music.wupeng.com. INA
;; ANSWER SECTION:
www.music.wupeng.com.86400INA10.208.131.230
;; AUTHORITY SECTION:
music.wupeng.com.86400INNSns3.music.music.wupeng.com.
;; ADDITIONAL SECTION:
ns3.music.music.wupeng.com. 86400 INA10.208.131.229
;; Query time: 0 msec
;; SERVER: 10.208.131.229#53(10.208.131.229)
;; WHEN: Wed Jun 28 23:28:55 2017
;; MSG SIZE rcvd: 94
[root@nod3 named]# dig www.wupeng.com @10.208.131.229
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.wupeng.com @10.208.131.229
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25255
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.wupeng.com. INA
;; ANSWER SECTION:
www.wupeng.com. 86365INA10.208.131.223
;; AUTHORITY SECTION:
wupeng.com. 86365INNSns1.wupeng.com.
wupeng.com. 86365INNSns2.wupeng.com.
;; ADDITIONAL SECTION:
ns1.wupeng.com. 86365INA10.208.131.222
ns2.wupeng.com. 86365INA10.208.131.228
;; Query time: 13 msec
;; SERVER: 10.208.131.229#53(10.208.131.229)
;; WHEN: Wed Jun 28 23:29:06 2017
;; MSG SIZE rcvd: 116
[root@nod3 named]# dig -t axfr wupeng.com @10.208.131.222 //全量區(qū)域傳送
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.222
;; global options: +cmd
wupeng.com. 86400INSOAns1.wupeng.com. admin.wupeng.com. 2017062802 86400 3600
604800 10800wupeng.com. 86400INNSns1.wupeng.com.
wupeng.com. 86400INNSns2.wupeng.com.
dns.wupeng.com. 86400INA10.208.131.224
ns3.music.wupeng.com.86400INA10.208.131.229
ns1.wupeng.com. 86400INA10.208.131.222
ns2.wupeng.com. 86400INA10.208.131.228
ns3.wupeng.com. 86400INNSns3.music.wupeng.com.
www.wupeng.com. 86400INA10.208.131.223
wupeng.com. 86400INSOAns1.wupeng.com. admin.wupeng.com. 2017062802 86400 3600
604800 10800;; Query time: 4 msec
;; SERVER: 10.208.131.222#53(10.208.131.222)
;; WHEN: Wed Jun 28 23:41:31 2017
;; XFR size: 10 records (messages 1, bytes 258)
可以進行全量傳輸區(qū)域數(shù)據(jù) 一般是不允許的 所以我們要進行安全配置
在主機nod1主配置文件上配置acl 只允許從服務(wù)器傳輸 全局之外定義
[root@nod1 named]# vim /etc/named.conf
acl slaves {
10.208.131.228;
};
[root@nod1 named]# vim /etc/named.rfc1912.zones
zone "wupeng.com" IN {
type master;
file "wupeng.com.zone";
allow-transfer { slaves; };
allow-update { none; };
};
zone "131.208.10.in-addr.arpa" IN {
type master;
file "10.208.131.zone";
allow-transfer { slaves; };
allow-update { none; };
};重新加載服務(wù)
[root@nod1 named]# rndc reload
server reload successful
在主機nod2上配置文件不進行更新
zone "wupeng.com" IN {
type slave;
file "slaves/wupeng.com";
masters { 10.208.131.222; };
allow-transfer { none; };
allow-update { none; };
};
zone "131.208.10.in-addr.arpa" IN {
type slave;
file "slaves/10.208.131.zone";
masters { 10.208.131.222; };
allow-transfer { none; };
allow-update { none; };
};重新加載服務(wù)
[root@nod2 slaves]# rndc reload
server reload successful
測試
[root@nod3 named]# dig -t axfr wupeng.com @10.208.131.222
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.222
;; global options: +cmd
; Transfer failed.
[root@nod3 named]# dig -t axfr wupeng.com @10.208.131.228
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.228
;; global options: +cmd
; Transfer failed.
網(wǎng)站題目:[服務(wù)搭建]bind正反向配置主從配置子域配置基本安全設(shè)置
路徑分享:
http://weahome.cn/article/picepg.html
重慶分公司
重慶分公司
