1.产生燕郊 蓝汛 亦庄三机房同步dns数据所用到的key
rndc-confgen -k yanjiao -c yanjiao -a -r keyboard
rndc-confgen -k lanxun -c lx -a -r keyboard
rndc-confgen -k yizhuang-c yz -a -r keyboard
2./etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { ****; }; #dns服务的ip和端口
directory "/var/named"; #dns目录
dump-file "/var/named/data/cache_dump.db"; #dns缓存文件
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
key "rndc-key" { #key
algorithm hmac-md5;
secret "****";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
acl yj { #添加acl规则,添加允许访问的规则
172.16.8.0/21;
};
acl yz {
172.16.0.0/21;
};
acl lx {
172.17.0.0/16;
};
key "yanjiao" { #添加各个机房所对应的key
algorithm hmac-md5;
secret "*******";
};
key "yizhuang" {
algorithm hmac-md5;
secret "******";
};
key "lanxun" {
algorithm hmac-md5;
secret "*******";
};
view "yj-zoo" { #添加view规则
match-clients { key yanjiao;"yj";}; #用yanjiao的key,用yj的ip规则
allow-transfer { *******;}; #dns其他机器ip
also-notify { *****;}; #dns其他机器ip
server ***** {keys yanjiao;}; #其他机器用燕郊key
server ***** {keys yanjiao;};
server ****** {keys yanjiao;};
zone "." IN {
type hint;
file "named.ca";
};
zone "hui800.net" { #hui800.net走yj-hui800.net.zone文件
type master; #角色是master
file "yj-hui800.net.zone";
};
};
view "lx-zoo" {
match-clients { key lanxun;"lx";};
allow-transfer { *****};
also-notify { *****;};
server ***** {keys lanxun;};
server *** {keys lanxun;};
server ****** {keys lanxun;};
zone "." IN {
type hint;
file "named.ca";
};
zone "hui800.net" {
type master;
file "yj-hui800.net.zone";
};
};
view "yz-zoo" {
match-clients {key yizhuang;"yz";};
also-notify { *********;};
allow-transfer { *********;};
server ***** {keys yizhuang;};
server ******** {keys yizhuang;};
server ******** {keys yizhuang;};
zone "." IN {
type hint;
file "named.ca";
};
zone "hui800.net" {
type master;
file "yz-hui800.net.zone";
};
};
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2./var/named/yj-hui800.net.zone
$TTL 3600 ; 1 hour
@ IN SOA hui800.net. root.hui800.net. (
0135 ;
3600 ;
1800 ;
36000 ;
3600) ;
IN NS localhost.
@ IN A ******
zk IN A ********
zk IN A ********
zk IN A *********
ouyang IN A 9.9.9.9
wanqing IN A 1.1.1.1
test IN A 2.2.2.3
3.从配置
/etc/named.conf
# Start of rndc.conf
options {
listen-on port 53 { ********; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
key "rndc-key" {
algorithm hmac-md5;
secret "+TmU5c2HdRa+x0DX3QjTPg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
acl yj {
172.16.8.0/21;
};
acl yz {
172.16.0.0/21;
};
acl lx {
172.17.0.0/16;
};
key "yanjiao" {
algorithm hmac-md5;
secret "***********";
};
key "yizhuang" {
algorithm hmac-md5;
secret "*********";
};
key "lanxun" {
algorithm hmac-md5;
secret "*********";
};
view "yj-zoo" {
match-clients { key yanjiao;yj;};
allow-transfer { none; };
allow-notify { **********;};
server ********** {keys yanjiao;};
zone "." IN {
type hint;
file "named.ca";
};
zone "hui800.net" {
type slave;
file "slaves/yj-hui800.net.zone";
masters { ********; };
};
};
view "yz-zoo" {
match-clients {key yizhuang;yz;};
allow-transfer { none; };
allow-notify { ********;};
server ******** {keys yizhuang;};
zone "." IN {
type hint;
file "named.ca";
};
zone "hui800.net" {
type slave;
file "slaves/yz-hui800.net.zone";
masters { *********; };
};
};
view "lx-zoo" {
match-clients {key lanxun;lx;};
allow-transfer { none; };
allow-notify { *********;};
server ********* {keys lanxun;};
zone "." IN {
type hint;
file "named.ca";
};
zone "hui800.net" {
type slave;
file "slaves/lx-hui800.net.zone";
masters { 172.16.12.84; };
};
};
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
/var/named/slaves/yj-hui800.net.zone
$ORIGIN .
$TTL 3600 ; 1 hour
hui800.net IN SOA hui800.net. root.hui800.net. (
135 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
36000 ; expire (10 hours)
3600 ; minimum (1 hour)
)
NS localhost.
A ********
$ORIGIN hui800.net.
ouyang A 9.9.9.9
test A 2.2.2.3
wanqing A 1.1.1.1
zk A ********
A ********
A **********