[服務(wù)搭建] bind正反向配置主從配置子域配置基本安全設(shè)置

發(fā)布時間：2020-07-10 15:25:08 來源：網(wǎng)絡(luò) 閱讀：511 作者：吳鵬欄目：建站服務(wù)器

實驗環(huán)境

系統(tǒng) 主機(jī)名 IP 備注

Centos6.8 nod1.wupeng.com 10.208.131.222 主服務(wù)器

Centos6.8 nod2.wupeng.com 10.208.131.228 從服務(wù)器

Centos6.8 nod3.wupeng.com 10.208.131.229 子域服務(wù)器

bind程序包：

bind：提供的dns server程序、以及幾個常用的測試程序；

bind-libs：被bind和bind-utils包中的程序共同用到的庫文件；

bind-utils：bind客戶端程序集，例如dig, host, nslookup等；

bind-chroot：選裝，讓named運(yùn)行于jail模式下；

對三臺主機(jī)分別更改主機(jī)名關(guān)閉防火墻以及關(guān)閉selinux （iptables和selinux保存配置后需要重啟服務(wù)才能生效）

nod1更改主機(jī)

[root@nod1 ~]# vim /etc/sysconfig/network    
NETWORKING=yes
HOSTNAME=nod1.wupeng.com

nod2更改主機(jī)

[root@nod2 ~]# vim /etc/sysconfig/network    
NETWORKING=yes
HOSTNAME=nod2.wupeng.com

nod3更改主機(jī)

[root@nod3 ~]# vim /etc/sysconfig/network    
NETWORKING=yes
HOSTNAME=nod3.wupeng.com

nod1清空防火墻規(guī)則

[root@nod1 ~]# iptables -F 
[root@nod1 ~]# service iptables save

nod2清空防火墻規(guī)則

[root@nod2 ~]# iptables -F 
[root@nod2 ~]# service iptables save

nod3清空防火墻規(guī)則

[root@nod3 ~]# iptables -F 
[root@nod3 ~]# service iptables save

nod1關(guān)閉selinux安全機(jī)制

[root@nod1 ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config
SELINUX=disabled

nod2關(guān)閉selinux安全機(jī)制

[root@nod2 ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config
SELINUX=disabled

nod3關(guān)閉selinux安全機(jī)制

[root@nod3 ~]# vim /etc/sysconfig/selinux 或者 vim /etc/selinux/config
SELINUX=disabled

三臺主機(jī)分別同步時間為一致可以使用ntpdate命令來進(jìn)行時間同步

[root@nod1 ~]# yum install ntpdate -y

[root@nod2 ~]# yum install ntpdate -y

[root@nod3 ~]# yum install ntpdate -y

[root@nod1 ~]# ntpdate ntp.api.bz

28 Jun 15:42:08 ntpdate[1598]: step time server 17.253.84.125 offset 856096.191423 sec

[root@nod2 ~]# ntpdate ntp.api.bz

28 Jun 15:42:08 ntpdate[1577]: step time server 17.253.84.125 offset 854843.947376 sec

[root@nod3 ~]# ntpdate ntp.api.bz

28 Jun 15:42:08 ntpdate[1593]: step time server 17.253.84.125 offset 599540.432080 sec

正向配置

在nod1主機(jī)上安裝bind的相關(guān)軟件

[root@nod1 ~]# yum install bind bind-utils -y //bind-libs 這個庫文件會進(jìn)行依賴安裝

編輯/etc/bind.conf主配置文件

[root@nod1 ~]# vim /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; 10.208.131.222; };        //監(jiān)聽地址
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };                   //允許的請求方式為所有人
        recursion yes;
        dnssec-enable no;                          //安全機(jī)制為NO
        dnssec-validation no;                        //安全機(jī)制為NO
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};

編輯/etc/named.rfc1912.zones創(chuàng)建正向區(qū)域文件

[root@nod1 ~]# vim /etc/named.rfc1912.zones

zone "wupeng.com" IN {
        type master;
        file "wupeng.com.zone";
};

利用模板創(chuàng)建一個wupeng.com域的區(qū)域數(shù)據(jù)文件文件權(quán)限為640 屬組為named

[root@nod1 ~]# cd /var/named/

第一種：
[root@nod1 named]# cp -p named.localhost wupeng.com.zone
第二種：
[root@nod1 named]# cp -rf named.localhost wupeng.com.zone
[root@nod1 named]# chmod 640 wupeng.com.zone 
[root@nod1 named]# chgrp named wupeng.com.zone

查看文件屬性

[root@nod1 named]# ll wupeng.com.zone 
-rw-r----- 1 root named 152 6月  21 2007 wupeng.com.zone

編輯wupeng.com.zone文件記錄 NS和A記錄

[root@nod1 named]# vim wupeng.com.zone

$TTL 1D
$ORIGIN wupeng.com.
@       IN SOA  ns1.wupeng.com. admin.wupeng.com. (
                                        2017062800      ; serial
                                        1D              ; refresh
                                        1H              ; retry
                                        1W              ; expire
                                        3H )            ; minimum
        IN      NS      ns1.wupeng.com.
ns1     IN      A       10.208.131.222
www     IN      A       10.208.131.223

檢測主配置文件和區(qū)域數(shù)據(jù)文件是否有錯誤

[root@nod1 named]# named-checkconf                        //正確是沒有任何提示
[root@nod1 named]# named-checkzone wupeng.com /var/named/wupeng.com.zone 
zone wupeng.com/IN: loaded serial 2017062800
OK

啟動bind服務(wù) 并測試正向解析是否成功

[root@nod1 named]# service named start

Generating /etc/rndc.key: [確定]

啟動 named： [確定]

測試:

[root@nod1 named]# dig -t A www.wupeng.com @10.208.131.222

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t A www.wupeng.com @10.208.131.222

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33056

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.wupeng.com. IN A

;; ANSWER SECTION:

www.wupeng.com. 86400 IN A 10.208.131.223

;; AUTHORITY SECTION:

wupeng.com. 86400 IN NS ns1.wupeng.com.

;; ADDITIONAL SECTION:

ns1.wupeng.com. 86400 IN A 10.208.131.222

;; Query time: 0 msec

;; SERVER: 10.208.131.222#53(10.208.131.222)

;; WHEN: Wed Jun 28 21:26:24 2017

;; MSG SIZE rcvd: 82

解釋:

-t A www.wupeng.com 類型為A記錄的域名

@10.208.131.222 以10.208.131.222的IP進(jìn)行解析無需在/etc/resolv.conf里進(jìn)行設(shè)置

編輯/etc/named.rfc1912.zones創(chuàng)建反向區(qū)域文件

[root@nod1 named]# vim /etc/named.rfc1912.zones
zone "131.208.10.in-addr.arpa" IN {
        type master;
        file "10.208.131";
};

利用模板創(chuàng)建一個10.208.131.zone的區(qū)域數(shù)據(jù)文件文件權(quán)限為640 屬組為named

[root@nod1 ~]# cd /var/named/

第一種：
[root@nod1 named]# cp -p named.loopback 10.208.131.zone
第二種：
[root@nod1 named]# cp -rf named.loopback 10.208.131.zone
[root@nod1 named]# chmod 640 wupeng.com.zone 
[root@nod1 named]# chgrp named wupeng.com.zone

查看文件屬性

[root@nod1 named]# ll 10.208.131.zone

-rw-r----- 1 root named 263 6月 28 21:07 10.208.131.zone

編輯wupeng.com.zone文件記錄 NS和PTR記錄

[root@nod1 named]# vim 10.208.131.zone
$TTL 1D
$ORIGIN 131.208.10.in-addr.arpa.
@       IN SOA  ns1.wupeng.com  admin.wupeng.com. (
                                        2017062800        ; serial
                                        1D              ; refresh
                                        1H              ; retry
                                        1W              ; expire
                                        3H )             ; minimum
      IN       NS     ns1.wupeng.com.
222     IN      PTR     ns1.wupeng.com.
223     IN      PTR     www.wupeng.com.

重新加載bind服務(wù) 并測試反向解析是否成功

[root@nod1 named]# rndc reload

server reload successful

測試：

[root@nod1 named]# dig -x 10.208.131.223 @10.208.131.222

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.223 @10.208.131.222

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54483

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;223.131.208.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:

223.131.208.10.in-addr.arpa. 86400 IN PTR www.wupeng.com.

;; AUTHORITY SECTION:

131.208.10.in-addr.arpa. 86400 IN NS ns1.wupeng.com.

;; ADDITIONAL SECTION:

ns1.wupeng.com. 86400 IN A 10.208.131.222

;; Query time: 0 msec

;; SERVER: 10.208.131.222#53(10.208.131.222)

;; WHEN: Wed Jun 28 21:19:16 2017

;; MSG SIZE rcvd: 107

主從復(fù)制

在主服務(wù)器添加從服務(wù)器的NS和A記錄并重新加載服務(wù)

$TTL 1D

$ORIGIN wupeng.com.

@ IN SOA ns1.wupeng.com. admin.wupeng.com. (

2017062802 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS ns1.wupeng.com.

IN NS ns2.wupeng.com.

ns1 IN A 10.208.131.222

ns2 IN A 10.208.131.228

www IN A 10.208.131.223

[root@nod1 named]# rndc reload

server reload successful

在主機(jī)nod2上安裝bind相關(guān)文件

[root@nod2 ~]# yum install bind bind-utils -y

配置bind主文件

vim /etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; 10.208.131.228; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
        dnssec-enable no;
        dnssec-validation no;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};

配置區(qū)域文件

[root@nod2 ~]# vim /etc/named.rfc1912.zones 
zone "wupeng.com" IN {
        type slave;
        file "slaves/wupeng.com";
        masters { 10.208.131.222; };
};
zone "131.208.10.in-addr.arpa" IN {
        type slave;
        file "10.208.131.zone";
        masters { 10.208.131.222; };
};

檢查配置是否有錯誤

[root@nod2 ~]# named-checkconf

啟動bind服務(wù) 查看區(qū)域數(shù)據(jù)是否傳輸?shù)絪laves目錄下并測試

[root@nod2 ~]# service named start

啟動 named： [確定]

[root@nod2 ~]# ll /var/named/slaves/

總用量 8

-rw-r--r-- 1 named named 390 6月 28 21:55 10.208.131.zone

-rw-r--r-- 1 named named 335 6月 28 21:54 wupeng.com

測試:

[root@nod2 ~]# dig www.wupeng.com @10.208.131.228

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.wupeng.com @10.208.131.228

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1634

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.wupeng.com. IN A

;; ANSWER SECTION:

www.wupeng.com. 86400 IN A 10.208.131.223

;; AUTHORITY SECTION:

wupeng.com. 86400 IN NS ns1.wupeng.com.

;; ADDITIONAL SECTION:

ns1.wupeng.com. 86400 IN A 10.208.131.222

;; Query time: 0 msec

;; SERVER: 10.208.131.228#53(10.208.131.228)

;; WHEN: Wed Jun 28 21:56:38 2017

;; MSG SIZE rcvd: 82

[root@nod2 ~]# dig -x 10.208.131.223 @10.208.131.228

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.223 @10.208.131.228

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18940

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;223.131.208.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:

223.131.208.10.in-addr.arpa. 86400 IN PTR www.wupeng.com.

;; AUTHORITY SECTION:

131.208.10.in-addr.arpa. 86400 IN NS ns1.wupeng.com.

;; ADDITIONAL SECTION:

ns1.wupeng.com. 86400 IN A 10.208.131.222

;; Query time: 0 msec

;; SERVER: 10.208.131.228#53(10.208.131.228)

;; WHEN: Wed Jun 28 21:57:05 2017

;; MSG SIZE rcvd: 107

在主服務(wù)器新增一條記錄在進(jìn)行測試

[root@nod1 named]# vim /var/named/wupeng.com.zone

$TTL 1D

$ORIGIN wupeng.com.

@ IN SOA ns1.wupeng.com. admin.wupeng.com. (

2017062802 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS ns1.wupeng.com.

IN NS ns2.wupeng.com.

ns1 IN A 10.208.131.222

ns2 IN A 10.208.131.228

www IN A 10.208.131.223

dns IN A 10.208.131.224

[root@nod1 named]# vim 10.208.131.zone

$TTL 1D

$ORIGIN 131.208.10.in-addr.arpa.

@ IN SOA ns1.wupeng.com admin.wupeng.com. (

2017062802 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS ns1.wupeng.com.

IN NS ns2.wupeng.com.

222 IN PTR ns1.wupeng.com.

228 IN PTR ns2.wupeng.com.

223 IN PTR www.wupeng.com.

224 IN PTR dns.wupeng.com.

重新加載主服務(wù)器

[root@nod1 named]# rndc reload

server reload successful

重新加載從服務(wù)器

[root@nod2 ~]# rndc reload wupeng.com

zone refresh queued

[root@nod2 ~]# rndc reload 131.208.10.in-addr.arpa

zone refresh queued

NOTE: rndc reload 在從服務(wù)器不生效嘗試過多次只能在后邊加區(qū)域才生效

測試：

[root@nod2 ~]# dig dns.wupeng.com @10.208.131.228

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> dns.wupeng.com @10.208.131.228

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30389

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;dns.wupeng.com. IN A

;; ANSWER SECTION:

dns.wupeng.com. 86400 IN A 10.208.131.224

;; AUTHORITY SECTION:

wupeng.com. 86400 IN NS ns1.wupeng.com.

;; ADDITIONAL SECTION:

ns1.wupeng.com. 86400 IN A 10.208.131.222

;; Query time: 0 msec

;; SERVER: 10.208.131.228#53(10.208.131.228)

;; WHEN: Wed Jun 28 22:29:46 2017

;; MSG SIZE rcvd: 82

[root@nod2 ~]# dig -x 10.208.131.224 @10.208.131.228

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -x 10.208.131.224 @10.208.131.228

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20995

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;224.131.208.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:

224.131.208.10.in-addr.arpa. 86400 IN PTR dns.wupeng.com.

;; AUTHORITY SECTION:

131.208.10.in-addr.arpa. 86400 IN NS ns1.wupeng.com.

;; ADDITIONAL SECTION:

ns1.wupeng.com. 86400 IN A 10.208.131.222

;; Query time: 1 msec

;; SERVER: 10.208.131.228#53(10.208.131.228)

;; WHEN: Wed Jun 28 22:30:07 2017

;; MSG SIZE rcvd: 107

子域配置

在主機(jī)nod3上安裝bind相關(guān)軟件并配置主文件

[root@nod3 ~]# yum install bind bind-utils -y
[root@nod3 ~]# vim /etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; 10.208.131.229; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
        dnssec-enable no;
        dnssec-validation no;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};
[root@nod3 ~]# vim /etc/named.rfc1912.zones 
zone "music.wupeng.com" IN {
        type master;
        file "music.wupeng.com.zone";
};
zone "wupeng.com" IN {                                    //設(shè)置了轉(zhuǎn)發(fā)功能才能進(jìn)行查詢和傳輸區(qū)域文件
        type forward;
        forward only;
        forwarders { 10.208.131.222; 10.208.131.228; };
};

復(fù)制模板創(chuàng)建子域區(qū)域配置文件

[root@nod3 named]# cp -p named.localhost music.wupeng.com.zone

[root@nod3 named]# vim music.wupeng.com.zone

$TTL 1D

$ORIGIN music.wupeng.com.

@ IN SOA ns3.music.wupeng.com. admin.music.wupeng.com. (

2017062800 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS ns3.music

ns3.music IN A 10.208.131.229

www IN A 10.208.131.230

檢測是否有配置錯誤

[root@nod3 named]# named-checkzone music.wupeng.com /var/named/music.wupeng.com.zone

zone music.wupeng.com/IN: loaded serial 2017062800

在主服務(wù)器添加子域的NS和A記錄

[root@nod1 named]# vim /etc/named.conf

$TTL 1D

$ORIGIN wupeng.com.

@ IN SOA ns1.wupeng.com. admin.wupeng.com. (

2017062802 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS ns1.wupeng.com.

IN NS ns2.wupeng.com.

ns1 IN A 10.208.131.222

ns2 IN A 10.208.131.228

www IN A 10.208.131.223

dns IN A 10.208.131.224

ns3 IN NS ns3.music

ns3.music IN A 10.208.131.229

重新加載主配置文件啟動nod3的bind的服務(wù)

[root@nod1 named]# rndc reload

server reload successful

測試:

[root@nod3 named]# dig www.music.wupeng.com @10.208.131.229

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.music.wupeng.com @10.208.131.229

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46119

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.music.wupeng.com. IN A

;; ANSWER SECTION:

www.music.wupeng.com. 86400 IN A 10.208.131.230

;; AUTHORITY SECTION:

music.wupeng.com. 86400 IN NS ns3.music.music.wupeng.com.

;; ADDITIONAL SECTION:

ns3.music.music.wupeng.com. 86400 IN A 10.208.131.229

;; Query time: 0 msec

;; SERVER: 10.208.131.229#53(10.208.131.229)

;; WHEN: Wed Jun 28 23:28:55 2017

;; MSG SIZE rcvd: 94

[root@nod3 named]# dig www.wupeng.com @10.208.131.229

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.wupeng.com @10.208.131.229

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25255

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.wupeng.com. IN A

;; ANSWER SECTION:

www.wupeng.com. 86365 IN A 10.208.131.223

;; AUTHORITY SECTION:

wupeng.com. 86365 IN NS ns1.wupeng.com.

wupeng.com. 86365 IN NS ns2.wupeng.com.

;; ADDITIONAL SECTION:

ns1.wupeng.com. 86365 IN A 10.208.131.222

ns2.wupeng.com. 86365 IN A 10.208.131.228

;; Query time: 13 msec

;; SERVER: 10.208.131.229#53(10.208.131.229)

;; WHEN: Wed Jun 28 23:29:06 2017

;; MSG SIZE rcvd: 116

[root@nod3 named]# dig -t axfr wupeng.com @10.208.131.222 //全量區(qū)域傳送

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.222

;; global options: +cmd

wupeng.com. 86400 IN SOA ns1.wupeng.com. admin.wupeng.com. 2017062802 86400 3600

604800 10800wupeng.com. 86400 IN NS ns1.wupeng.com.

wupeng.com. 86400 IN NS ns2.wupeng.com.

dns.wupeng.com. 86400 IN A 10.208.131.224

ns3.music.wupeng.com. 86400 IN A 10.208.131.229

ns1.wupeng.com. 86400 IN A 10.208.131.222

ns2.wupeng.com. 86400 IN A 10.208.131.228

ns3.wupeng.com. 86400 IN NS ns3.music.wupeng.com.

www.wupeng.com. 86400 IN A 10.208.131.223

wupeng.com. 86400 IN SOA ns1.wupeng.com. admin.wupeng.com. 2017062802 86400 3600

604800 10800;; Query time: 4 msec

;; SERVER: 10.208.131.222#53(10.208.131.222)

;; WHEN: Wed Jun 28 23:41:31 2017

;; XFR size: 10 records (messages 1, bytes 258)

可以進(jìn)行全量傳輸區(qū)域數(shù)據(jù) 一般是不允許的所以我們要進(jìn)行安全配置

在主機(jī)nod1主配置文件上配置acl 只允許從服務(wù)器傳輸全局之外定義

[root@nod1 named]# vim /etc/named.conf
acl slaves {
        10.208.131.228;
};
[root@nod1 named]# vim /etc/named.rfc1912.zones 
zone "wupeng.com" IN {
        type master;
        file "wupeng.com.zone";
        allow-transfer { slaves; };
        allow-update { none; };
};
zone "131.208.10.in-addr.arpa" IN {
        type master;
        file "10.208.131.zone";
        allow-transfer { slaves; };
        allow-update { none; };
};

重新加載服務(wù)

[root@nod1 named]# rndc reload

server reload successful

在主機(jī)nod2上配置文件不進(jìn)行更新

zone "wupeng.com" IN {
        type slave;
        file "slaves/wupeng.com";
        masters { 10.208.131.222; };
        allow-transfer { none; };
        allow-update { none; };
};
zone "131.208.10.in-addr.arpa" IN {
        type slave;
        file "slaves/10.208.131.zone";
        masters { 10.208.131.222; };
        allow-transfer { none; };
        allow-update { none; };
};

重新加載服務(wù)

[root@nod2 slaves]# rndc reload

server reload successful

測試

[root@nod3 named]# dig -t axfr wupeng.com @10.208.131.222

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.222

;; global options: +cmd

; Transfer failed.

[root@nod3 named]# dig -t axfr wupeng.com @10.208.131.228

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -t axfr wupeng.com @10.208.131.228

;; global options: +cmd

; Transfer failed.

向AI問一下細(xì)節(jié)

[服務(wù)搭建] bind正反向配置 主從配置 子域配置 基本安全設(shè)置

猜你喜歡

最新資訊

相關(guān)推薦

相關(guān)標(biāo)簽

[服務(wù)搭建] bind正反向配置主從配置子域配置基本安全設(shè)置