背景:
阅读新闻
域名服务bind构建与应用配置
[日期:2013-04-02] 来源:Linux社区 作者:seneagle [字体:]
3 slave DNS服务器的配置
3.1 /etc/named.conf配置如下
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 172.16.100.70;192.168.4.70;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
[root@Nodes01 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 172.16.100.70;192.168.4.70;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
key "lan" {
algorithm hmac-md5 ;
secret "1Zgap+bwH5Yjtj0mo+Bj9g==";
};
key "wan"{
algorithm hmac-md5;
secret "1TK0ThAdgiQ8IrJBm+SQZA==";
};
view "lan" {
match-clients { 172.16.100.0/24; };
server 172.16.100.80 {keys lan;};
allow-transfer {key lan;};
zone "linuxidc.com" IN {
type slave;
masters {172.16.100.80;};
file "slaves/linuxidc.lan";
};
zone "100.16.172.in-addr.arpa." IN {
type slave;
masters {172.16.100.80;};
file "slaves/100.16.172.arpa";
};
};
view "wan"{
match-clients { any; };
server 192.168.4.44 {keys wan;};
allow-transfer {key wan;};
zone "linuxidc.com" IN {
type slave;
masters {192.168.4.44;};
file "slaves/linuxidc.wan";
};
zone "4.168.192.in-addr.arpa." IN {
type slave;
masters {192.168.4.44;};
file "slaves/4.168.192.arpa ";
};
};
3.2 key生成方法
以lan密钥为例
[root@master ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST "lan"
Klan.+157+47240
[root@master ~]# ls Klan.+157+47240.*
Klan.+157+47240.key Klan.+157+47240.private
4 重启named服务
service named restart
查看zone是否同步成功
[root@Nodes01 ~]# ls /var/named/slaves/ //同步成功zone文件
100.16.172.arpa 4.168.192.arpa linuxidc.lan linuxidc.wan
如果没同步成功,请查看日志/var/log/messages
本文评论 查看全部评论 (0)
尊重网上道德,遵守中华人民共和国的各项有关法律法规 承担一切因您的行为而直接或间接导致的民事或刑事法律责任 本站管理人员有权保留或删除其管辖留言中的任意内容 本站有权在网站内转载或引用您的评论 参与本评论即表明您已经阅读并接受上述条款
评论声明
最新资讯