搭建辅助名称服务器:
yum install bind
1.先将其配置为缓存名称服务器
从主服务器上拷贝主配置文件和三个数据文件。
使用scp命令,但每次都需要输入密码,做以下设置使其不用输密码
ssh-keygen -t rsa (生成一对密钥)
ssh-copy-id -i .ssh/id_rsa.pub (把公钥抛给172.16.100.1)
yes
输个密码
再登录就不用输密码了
scp 192.168.0.6:/etc/named.conf /etc
scp 192.168.0.6:/var/named/named.ca /var/named
scp 192.168.0.6:/var/named/named.local /var/named
scp 192.168.0.6:/var/named/localhost.zone /var/named
chown :named /etc/named.conf /var/named/{named.ca,named.local,localhost.zone}(很重要,一定要改属组为named)!!!
service named configtest(测试语法错误)
service named configtest
service named start
此时已经是一个缓存名称服务器了
2.使其成为辅助dns服务器:
vim /etc/named.conf
在后面加上
zone "a.org" IN {
type slave;
file "slaves/a.org.zone";
masters { 192.168.0.138; };
};
zone "168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.zone";
masters { 192.168.0.138; };
};
service named restart(重启dns服务)
重启后从域名服务器的区域文件(主配置文件是不会自动传过来的)会自动过来的
cd /var/named/slaves
ls
去主域名服务器上的a.org.zone里添加一条记录,并将序列号加1,自己reload一下
来从域名服务器上,看会不会同步过来
此时一个辅助域名服务器已经搭建好了,下面我们来做一些扩展功能的配置:
1.如果主服务器不想让别的服务器随便从自己这里拿走数据,该怎么设置主服务器呢
zone "a.org" IN {
type master;
file "a.org.zone";
allow-transfer { 192.168.0.10; };(只允许这一个来同步数据)
};
zone "168.192.in-addr.arpa" IN {
type master;
file "192.168.zone";
allow-transfer { 192.168.0.10; };
};
service named reload
2.如果从服务器想设置不让任何人来同步数据,则:
zone "a.org" IN {
type slave;
file "slaves/a.org.zone";
masters { 192.168.0.138; };
allow-transfer { none; }
};
zone "168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.zone";
masters { 192.168.0.138; };
allow-transfer { none; }
};
service named reload
3.如果想打开查询日志功能,则:
options {
directory "/var/named";
querylog yes;
};
service named restart
dig -t A
阅读(1773) | 评论(0) | 转发(1) |
