bind从192.168.126
[root@localhost yum.repos.d]# ?yum -y install bind bind-utils
[root@slavenamed slaves]# which named-checkconf
/usr/sbin/named-checkconf
[root@localhost yum.repos.d]# rpm -qf `which named-checkconf`
bind-9.16.23-14.el9.x86_64
bind从192.168.8.126
[root@slavenamed slaves]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.8.126; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query ????{ localhost; 192.168.8.0/24; };??#限制客户端的查询
/*
?- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
?- If you are building a RECURSIVE (caching) DNS server, you need to enable
???recursion.
?- If your recursive DNS server has a public IP address, you MUST enable access
???control to limit queries to your legitimate users. Failing to do so will
???cause your server to become part of large scale DNS amplification
???attacks. Implementing BCP38 within your network would greatly
???reduce such attack surface
*/
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
????????channel default_debug {
????????????????file "data/named.run";
????????????????severity dynamic;
????????};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#zone "jin.com" IN {
?# ??????type master;
??# ?????file "jin.com.zone";??
#};
zone "jin.com" IN {??????????#配置bind高可用
type slave;
file "slaves/jin.com.zone";
masters { ?192.168.8.118; };
masterfile-format text;
};
检查区域配置文件
[root@masternamed named]# named-checkzone jin.com jin.com.zone
检查配置文件
[root@masternamed named]# named-checkconf /etc/named.conf
(2)部署bind master
bind主192.168.8.118
[root@localhost yum.repos.d]# ?yum -y install bind bind-utils
[root@masternamed named]# pwd
/var/named
[root@masternamed named]# touch jin.com.zone
[root@masternamed named]# chown -R named. jin.com.zone
[root@masternamed named]# cat jin.com.zone
$TTL 7200
jin.com. IN SOA jin.com. admin.jin.com. (
2024012302
1H
10M
1W
1D )
jin.com. IN NS ns1.jin.com.
jin.com. IN NS ns2.jin.com.
ns1.jin.com. IN A 192.168.8.118
ns2.jin.com. IN A 192.168.8.126
www.jin.com. IN A 192.168.8.118
www.jin.com. IN A 192.168.8.126
ftp.jin.com. IN A 192.168.8.5
ftp.jin.com. IN A 192.168.8.6
[root@masternamed named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.8.118;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query ????{ localhost; 192.168.8.0/24; };
/*
?- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
?- If you are building a RECURSIVE (caching) DNS server, you need to enable
???recursion.
?- If your recursive DNS server has a public IP address, you MUST enable access
???control to limit queries to your legitimate users. Failing to do so will
???cause your server to become part of large scale DNS amplification
???attacks. Implementing BCP38 within your network would greatly
???reduce such attack surface
*/
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
????????channel default_debug {
????????????????file "data/named.run";
????????????????severity dynamic;
????????};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#zone "jin.com" IN {
# type master;
# file "jin.com.zone";
#};
zone "jin.com" IN {
type master;
file "jin.com.zone";???????#配置bind主的配置
also-notify { 192.168.8.126;};
allow-transfer { ?192.168.8.126;};
allow-update { none; };
notify yes;
};
修改bind主的区域配置文件
[root@masternamed named]# cat jin.com.zone
$TTL 7200
jin.com. IN SOA jin.com. admin.jin.com. (
2024012303?
1H
10M
1W
1D )
jin.com. IN NS ns1.jin.com.
jin.com. IN NS ns2.jin.com.
ns1.jin.com. IN A 192.168.8.118
ns2.jin.com. IN A 192.168.8.126
www.jin.com. IN A 192.168.8.118
www.jin.com. IN A 192.168.8.126
ftp.jin.com. IN A 192.168.8.5
ftp.jin.com. IN A 192.168.8.6
ftp.jin.com. IN A 192.168.8.7
重启服务
[root@masternamed named]# systemctl restart named
查看bind从slaves
[root@slavenamed slaves]# cat jin.com.zone
$ORIGIN .
$TTL 7200 ; 2 hours
jin.com IN SOA jin.com. admin.jin.com. (
2024012303 ; serial
3600 ??????; refresh (1 hour)
600 ???????; retry (10 minutes)
604800 ????; expire (1 week)
86400 ?????; minimum (1 day)
)
NS ns1.jin.com.
NS ns2.jin.com.
$ORIGIN jin.com.
ftp A 192.168.8.5
A 192.168.8.6
A 192.168.8.7
ns1 A 192.168.8.118
ns2 A 192.168.8.126
www A 192.168.8.118
A 192.168.8.126
[root@slavenamed slaves]# pwd
/var/named/slaves