dns主从简单架构

试验拓扑：
192.168.80.139――主DNS服务器

192.168.80.140――从DNS服务器

一、配置主DNS服务器
1）安装bind,这里安装bind97，所以卸载本机自带的
#rpm -e bind-libs bind-utils

#yum -y install bind97 bind97-libs bind97-utils

2）、修改配置文件，这是手动写的，原文件移动到属主目录了

# mv /etc/named.conf ~

# vim /etc/named.conf 

options {
    directory "/var/named";
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "127.0.0.zone";
};

zone "peace.com" IN {
    type master;
    file "peace.com.zone";
};
zone "168.192.in-addr.arpa" IN {
    type master;
    file "192.168.zone";
};

3）修改权限
# chown :named /etc/named.conf
# chmod 640 /etc/named.conf

4）生成named.ca文件，这里联网才可以，默认就有个named.ca，没有的话，我们可以这样生成
# cd /var/named
# dig -t NS .
# dig -t NS . @a.root-servers.net. > /var/named/named.ca

5）修改资源记录
#cd /var/named/

#vim localhost.zome

$TTL 600
@ IN SOA localhost. admin.localhost. (
     2012061501 //序列号（主服务器版本号，不能超过10位）
     1H         //刷新时间
     10M         //重试时间
     7D         //过期时间
     6H )       //否定回答的TTL值 

  IN NS localhost.
  IN A 127.0.0.1

#vim 127.0.0.zone

$TTL 600
@ IN SOA localhost. admin.localhost. (
     2012061501
     1H
     10M
     7D
     6H )
  IN NS localhost.
1 IN PTR localhost.

# vim peace.com.zone
$TTL 600
$ORIGIN peace.com .  //这里的.一定要注意写
@ IN SOA ns1.peace.com. admin.peace.com (
     2012062201
     1H
     10M
     7D
     6H)
    IN NS ns1
    IN NS ns2
    IN MX 10 mail
ns1 IN A 192.168.80.100
ns2 IN A 192.168.80.101
mail IN A 192.168.80.110
pop3 IN A 192.168.80.110
www IN A 192.168.80.120
www IN A 192.168.80.130

# vim 192.168.zone
$TTL 600
@ IN SOA ns1.peace.com. admin.peace.com (
     2012062201 
     1H
     10M
     7D
     6H) 
   IN NS ns1.peace.com.
   IN NS ns2.peace.com.
100.80 IN PTR ns1.peace.com.
101.80 IN PTR ns2.peace.com.
110.80 IN PTR mail.peace.com.
110.80 IN PTR pop3.peace.com.
120.80 IN PTR www.peace.com.
130.80 IN PTR www.peace.com.

6）修改权限
#chown .named 127.0.0.zone localhost.zone peace.com.zone 192.168.zone 
#chmod 640 127.0.0.zone localhost.zone peace.com.zone 192.168.zone 

7）启动服务
#service named start

8）测试
#dig -t A localhost   @192.168.80.139  //这里是指定DNS服务器的，我们也可以写在/etc/resolv.conf中，这里就不用写了
#dig -x 127.0.0.1 

9）配置rndc
# rndc-confgen > /etc/rndc.conf
# chown .named /etc/rndc.conf
# chmod 640 /etc/rndc.conf
# cat /etc/rndc.conf
# tail -11 /etc/rndc.conf >> /etc/named.conf

10）去除#号
# vim /etc/named.conf
……
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "f1Zkqan8HpqavsmiUBBjhg==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf

11）重启服务
#service named restart

12）之后就可以用rndc重启查看named服务了。
  rndc 选项如下
        stop 停止服务
        flush 清空缓存
        status 统计数据 
        reload 重心载入配置文件和区域文件
        reload zone 重新在入某区域文件
        reconfig 重新载入主配置文件和发生过更新的区域文件


至此，我们的主DNS服务器就OK了，下面配置从DNS服务器

二，配置从DNS服务器

1）这里安装bind97，所以卸载本机自带的
# rpm -e bind-libs bind-utils
# yum -y install bind97 bind97-libs bind97-utils

2）、一样修改配置文件，这是手动写的，原文件移走
# mv /etc/named.conf ~

# cat /etc/named.conf
options {
    directory "/var/named";
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "127.0.0.zone";
};

zone "peace.com" IN {
    type slave;
    file "slaves/peace.com.zone";
    masters { 192.168.80.139; }; //这里指向主DNS
};

zone "168.192.in-addr.arpa" IN {
    type slave;
    file "slaves/192.168.zone";
    masters { 192.168.80.139; }; //这里指向主DNS
};

3）修改权限
#chown :named /etc/named.conf
#chmod 640 /etc/named.conf

4）修改资源记录，由于前两个不是指向DNS，所以要建立
#cd /var/named/

#vim localhost.zome
$TTL 600
@ IN SOA localhost. admin.localhost. (
      2012061501
      1H
      10M
      7D
      6H )
   IN NS localhost.
   IN A 127.0.0.1

#vim 127.0.0.zone
$TTL 600
@ IN SOA localhost. admin.localhost. (
     2012061501
     1H
     10M
     7D
     6H )
  IN NS  localhost. 
1 IN PTR localhost.


5）配置rndc
# rndc-confgen > /etc/rndc.conf
# chown .named /etc/rndc.conf
# chmod 640 /etc/rndc.conf
# cat /etc/rndc.conf
# tail -11 /etc/rndc.conf >> /etc/named.conf

6）去除#号
# vim /etc/named.conf
……
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "f1Zkqan8HpqavsmiUBBjhg==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf

7）重启服务
#service named restart

8）这样我们的从DNS也OK了，可以看下文件同步过来了
# ls /var/named/slaves/
192.168.zone peace.com.zone

注：如果修改主DNS服务器的资源记录后，序列号要手动加1

三：补充
设置限定，指定允许传送IP
zone "peace.com" IN {
type slave;
file "slaves/peace.com.zone";
allow-transfer { 172.16.100.7; };
};

至此DNS主从就OK了，当然这里是采用手动建立的，如有错误请多多指点。