zoukankan      html  css  js  c++  java

  • Bind9用view配主从

    We use two Bind server to realize view, master, slave
    -------------------------------------------------------------------------------------------------
    ns1: 192.168.1.99 --master
    ns2: 192.168.1.100/98 --slave
    -------------------------------------------------------------------------------------------------
    Install Bind on ns1 and ns2
    # yum install bind-chroot bind-libs bind-utils caching-nameserver
    -------------------------------------------------------------------------------------------------
    Configure ns1: Bind Master
    1.[root@1_99 named]# vi /var/named/chroot/etc/named.conf
    options {
    listen-on port 53 { 192.168.1.99; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    };
    acl "cnc"{
    192.168.52.0/24;
    };
    acl "tel"{
    192.168.112.0/24;
    };
    controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
    };

    view "tel"{
    match-clients {"tel";192.168.1.98;};
    recursion no;
    zone "." IN {
    type hint;
    file "named.ca.tel";
    };
    zone "domain.cn" IN {
    type master;
    file "my-tel.zone";
    allow-transfer {192.168.1.98;};
    };
    };

    view "cnc"{
    match-clients {"cnc";192.168.1.100;};
    recursion no;
    zone "." IN {
    type hint;
    file "named.ca.cnc";
    };
    zone "domain.cn" IN {
    type master;
    file "my-cnc.zone";
    allow-transfer {192.168.1.100;};
    };
    };
    include "/etc/rndc.key";

    2.[root@1_99 named]# vi /var/named/chroot/var/named/my-cnc.zone
    $TTL 86400
    @ IN SOA ns1.domain.cn root (
    20110519 ; serial (d. adams)
    3H ; refresh
    15M ; retry
    1W ; expiry
    1D ) ; minimum

    IN NS ns1.domain.cn
    www IN A 202.55.21.3
    ns1 IN A 192.168.1.99
    ns2 IN A 192.168.1.100

    [root@1_99 named]# vi /var/named/chroot/var/named/my-tel.zone
    $TTL 86400
    @ IN SOA ns1.domain.cn root (
    20110518 ; serial (d. adams)
    3H ; refresh
    15M ; retry
    1W ; expiry
    1D ) ; minimum

    IN NS ns1.domain.cn
    www IN A 89.33.12.4
    ns1 IN A 192.168.1.99
    ns2 IN A 192.168.1.100


    # ln -s /var/named/chroot/etc/named.conf /etc/named.conf
    # chown root.named /etc/named.conf
    3.[root@1_99 named]# cd /var/named/
    4.[root@1_99 named]# ln -s /var/named/chroot/var/named/my-cnc.zone my-cnc.zone
    5.[root@1_99 named]# ln -s /var/named/chroot/var/named/my-tel.zone my-tel.zone
    6.[root@1_99 named]# cd /var/named/chroot/var/named/
    7.[root@1_99 named]# cp named.ca named.ca.tel
    8.[root@1_99 named]# cp named.ca named.ca.cnc
    9.[root@1_99 named]# service named start
    -------------------------------------------------------------------------------------------------
    Configure ns2: Bind Slave
    1.[root@1_100 named]# vi /etc/named.conf
    options {
    listen-on port 53 { 192.168.1.100; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    };
    acl "cnc"{
    192.168.52.0/24;
    };
    acl "tel"{
    192.168.112.0/24;
    };
    controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
    };
    view "cnc" {
    match-clients{"cnc";};
    recursion no;
    notify-source 192.168.1.100; 指定哪个本地地址,以及本地端口被用来作为发送通知信息的源.此项受限于allow-notify.
    transfer-source 192.168.1.100; 指定通过哪个IPV4的源地址进行域的传送.
    query-source address 192.168.1.100; 如果服务器不知道答案,将查询其他的name服务器, query-source指定地址和端口用户这些查询.

    zone "." IN {
    type hint;
    file "named.ca.c";
    };
    zone "domain.cn" IN {
    type slave;
    file "my-cnc.slave";
    masters{192.168.1.99;};
    };
    };
    view "tel"{
    match-clients {"tel";};
    recursion no;
    notify-source 192.168.1.98;
    transfer-source 192.168.1.98;
    query-source address 192.168.1.98;
    zone "." IN {
    type hint;
    file "named.ca.t";
    };
    zone "domain.cn" IN {
    type slave;
    file "my-tel.slave";
    masters{192.168.1.99;};
    };
    };
    2.[root@1_100 named]# vi /etc/sysconfig/named
    ENABLE_ZONE_WRITE=yes
    3.[root@1_100 named]# cd /var/
    4.[root@1_100 named]# chown -R named.named named/
    5.[root@1_100 named]# chmod -R 755 named.named named/
    6.[root@1_100 named]# cd /var/named/chroot/var/named/
    7.[root@1_100 named]# cp named.ca named.ca.t
    8.[root@1_100 named]# cp named.ca named.ca.c
    9.[root@1_100 named]# service named start
    10.[root@1_100 named]# ls -l my-*
    -rw-r--r-- 1 named named 410 May 18 06:32 my-cnc.slave
    -rw-r--r-- 1 named named 409 May 18 06:32 my-tel.slave
    -------------------------------------------------------------------------------------------------
    Test result on 192.168.52.107
    1.login 192.168.52.107
    2.test nameing
    # dig @192.168.1.100 www.domain.cn | grep 86400
    www.domain.cn. 86400 IN A 202.55.21.3
    # dig @192.168.1.99 www.domain.cn | grep 86400
    www.domain.cn. 86400 IN A 202.55.21.3

    Test result on 192.168.112.107
    1.login 192.168.112.107
    2.test nameing
    # dig @192.168.1.100 www.domain.cn | grep 86400
    www.domain.cn. 86400 IN A 89.33.12.4
    # dig @192.168.1.99 www.domain.cn | grep 86400
    www.domain.cn. 86400 IN A 89.33.12.4
    -------------------------------------------------------------------------------------------------
    refer:https://www.isc.org/faq/item/182
  • 相关阅读:
    eclipse用法和技巧
    eclipse常用快捷键集锦
    移动端input的虚拟键盘影响布局
    使用github page + Hexo搭建个人博客折腾记
    javascript数组的排序(sort,冒泡)
    响应式布局与媒体查询
    css属性选择器诸如Class^=,Class*= ,Class$=释义
    怎么预览 GitHub 项目里的网页或 Demo
    常见浏览器的兼容问题(一)
    jQuery常用交互效果
  • 原文地址:https://www.cnblogs.com/oskb/p/3848765.html
Copyright © 2011-2022 走看看