CentOS 6.2安装Bind 9.8.2 master、slave与自动修改后更新(2)

下面是我的master的反向解析配置
[root@master named]# cat 192.168.56.arpa
$TTL 1D
@  IN SOA  ns1.test.com.  root.lcoalhost. (
2013070814  ; serial
60  ; refresh
1H  ; retry
1W  ; expire
3H )    ; minimum
NS  ns1.test.com.
NS  ns2.test.com.
101 PTR server.test.com.
102 PTR Ubuntu.test.com.
103 PTR client1.test.com.
104 PTR ns1.test.com.
105 PTR ns2.test.com.

4、启动bind
/etc/init.d/named start

5、把本机的dns解析指向我们刚建立的
[root@master named]# cat /etc/resolv.conf
nameserver 192.168.56.104
nameserver 192.168.56.105

6、使用nslookup测试
[root@master named]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 08:00:27:59:BB:1F
inet addr:192.168.56.104  Bcast:192.168.56.255  Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe59:bb1f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:2761 errors:0 dropped:0 overruns:0 frame:0
TX packets:3224 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:255523 (249.5 KiB)  TX bytes:455771 (445.0 KiB)
[root@master named]# nslookup
> ns1.test.com
Server:    192.168.56.104
Address:    192.168.56.104#53
Name:  ns1.test.com
Address: 192.168.56.104
> ns2.test.com
Server:    192.168.56.104
Address:    192.168.56.104#53
Name:  ns2.test.com
Address: 192.168.56.105
> server.test.com
Server:    192.168.56.104
Address:    192.168.56.104#53
Name:  server.test.com
Address: 192.168.56.101
> 192.168.56.104
Server:    192.168.56.104
Address:    192.168.56.104#53
104.56.168.192.in-addr.arpa name = ns1.test.com.
> 192.168.56.105
Server:    192.168.56.104
Address:    192.168.56.104#53
105.56.168.192.in-addr.arpa name = ns2.test.com.
> 192.168.56.101
Server:    192.168.56.104
Address:    192.168.56.104#53
101.56.168.192.in-addr.arpa name = server.test.com.

使用dig测试
[root@master named]# dig ns1.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25723
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns1.test.com.          IN  A
;; ANSWER SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns2.test.com.
test.com.      86400  IN  NS  ns1.test.com.
;; ADDITIONAL SECTION:
ns2.test.com.      86400  IN  A  192.168.56.105
;; Query time: 1 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Mon Jul  8 10:11:30 2013
;; MSG SIZE  rcvd: 94
[root@master named]# dig ns2.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16279
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns2.test.com.          IN  A
;; ANSWER SECTION:
ns2.test.com.      86400  IN  A  192.168.56.105
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns2.test.com.
test.com.      86400  IN  NS  ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
;; Query time: 0 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Mon Jul  8 10:11:33 2013
;; MSG SIZE  rcvd: 94
[root@master named]# dig server.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1422
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;server.test.com.      IN  A
;; ANSWER SECTION:
server.test.com.    86400  IN  A  192.168.56.101
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns2.test.com.
test.com.      86400  IN  NS  ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
ns2.test.com.      86400  IN  A  192.168.56.105
;; Query time: 1 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Mon Jul  8 10:11:38 2013
;; MSG SIZE  rcvd: 117

可以看到这些解析都是从SERVER: 192.168.56.104#53(192.168.56.104)也就是192.168.56.104这dns解析的
B、在slave端配置
1、修改/etc/named.conf
此文件注意是提供bind的配置
下面我的slave的配置
[root@slave named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
#  listen-on-v6 port 53 { ::1; };
directory  "/var/named";
dump-file  "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query    { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";

2、/etc/named.rfc1912.zones
此文件主要是保存正向解析与反向解决配置
下面是我在slave里的配置
[root@slave named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
#zone "localhost.localdomain" IN {
#  type master;
#  file "named.localhost";
#  allow-update { none; };
#};
zone "test.com" IN {
type slave;
file "named.test.com";
#allow-update { none;};
masters { 192.168.56.104;};
allow-update { none;};
};
#zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
#  type master;
#  file "named.loopback";
#  allow-update { none; };
#};
zone "56.168.192.in-addr.arpa" IN {
type slave;
file "192.168.56.arpa";
#  allow-update { none; };
masters { 192.168.56.104;};
allow-update { none; };
};
#zone "0.in-addr.arpa" IN {
#  type master;
#  file "named.empty";
#  allow-update { none; };
#};

3、启动slave的bind服务
由于我使用dns的master与slave的自动更新，所以在slave段不需要配置正向解析与反向解析，slave会在启动时直接从master端获取配置。
先启动bind
/etc/init.d/named start

然后查看master端的/var/log/message的日志

Jul  8 10:16:21 master named-sdb[2060]: client 192.168.56.105#40695: transfer of 'test.com/IN': AXFR started
Jul  8 10:16:21 master named-sdb[2060]: client 192.168.56.105#40695: transfer of 'test.com/IN': AXFR ended
Jul  8 10:16:22 master named-sdb[2060]: client 192.168.56.105#34075: transfer of '56.168.192.in-addr.arpa/IN': AXFR started
Jul  8 10:16:22 master named-sdb[2060]: client 192.168.56.105#34075: transfer of '56.168.192.in-addr.arpa/IN': AXFR ended
查看slave段的/var/log/message的日志
Jul  8 02:16:22 slave named-sdb[5004]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 -u named -t /var/named/chroot
Jul  8 02:16:22 slave named-sdb[5004]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Jul  8 02:16:22 slave named-sdb[5004]: ----------------------------------------------------
Jul  8 02:16:22 slave named-sdb[5004]: BIND 9 is maintained by Internet Systems Consortium,
Jul  8 02:16:22 slave named-sdb[5004]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jul  8 02:16:22 slave named-sdb[5004]: corporation.  Support and training for BIND 9 are
Jul  8 02:16:22 slave named-sdb[5004]: available at https://www.isc.org/support
Jul  8 02:16:22 slave named-sdb[5004]: ----------------------------------------------------
Jul  8 02:16:22 slave named-sdb[5004]: adjusted limit on open files from 4096 to 1048576
Jul  8 02:16:22 slave named-sdb[5004]: found 2 CPUs, using 2 worker threads
Jul  8 02:16:22 slave named-sdb[5004]: using up to 4096 sockets
Jul  8 02:16:22 slave named-sdb[5004]: SDB ldap zone database module loaded.
Jul  8 02:16:22 slave named-sdb[5004]: SDB postgreSQL DB zone database module loaded.
Jul  8 02:16:22 slave named-sdb[5004]: SDB sqlite3 DB zone database module loaded.
Jul  8 02:16:22 slave named-sdb[5004]: SDB directory DB zone database module loaded.
Jul  8 02:16:22 slave named-sdb[5004]: loading configuration from '/etc/named.conf'
Jul  8 02:16:22 slave named-sdb[5004]: /etc/named.rfc1912.zones:24: option 'allow-update' is not allowed in 'slave' zone 'test.com'
Jul  8 02:16:22 slave named-sdb[5004]: /etc/named.rfc1912.zones:38: option 'allow-update' is not allowed in 'slave' zone '56.168.192.in-addr.arpa'
Jul  8 02:16:22 slave named-sdb[5004]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Jul  8 02:16:22 slave named-sdb[5004]: using default UDP/IPv4 port range: [1024, 65535]
Jul  8 02:16:22 slave named-sdb[5004]: using default UDP/IPv6 port range: [1024, 65535]
Jul  8 02:16:22 slave named-sdb[5004]: no IPv6 interfaces found
Jul  8 02:16:22 slave named-sdb[5004]: listening on IPv4 interface lo, 127.0.0.1#53
Jul  8 02:16:22 slave named-sdb[5004]: listening on IPv4 interface eth0, 192.168.56.105#53
Jul  8 02:16:22 slave named-sdb[5004]: generating session key for dynamic DNS
Jul  8 02:16:22 slave named-sdb[5004]: sizing zone task pool based on 3 zones
Jul  8 02:16:22 slave named-sdb[5004]: using built-in DLV key for view _default
Jul  8 02:16:22 slave named-sdb[5004]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Jul  8 02:16:22 slave named-sdb[5004]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 0.IN-ADDR.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 127.IN-ADDR.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: D.F.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 8.E.F.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 9.E.F.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: A.E.F.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: B.E.F.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jul  8 02:16:22 slave named-sdb[5004]: command channel listening on 127.0.0.1#953
Jul  8 02:16:22 slave named-sdb[5004]: managed-keys-zone ./IN: loaded serial 5
Jul  8 02:16:22 slave named-sdb[5004]: running
Jul  8 02:16:22 slave named-sdb[5004]: zone test.com/IN: Transfer started.
Jul  8 02:16:22 slave named-sdb[5004]: transfer of 'test.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#40695
Jul  8 02:16:22 slave named-sdb[5004]: zone test.com/IN: transferred serial 2013070814
Jul  8 02:16:22 slave named-sdb[5004]: transfer of 'test.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 10 records, 266 bytes, 0.005 secs (53200 bytes/sec)
Jul  8 02:16:22 slave named-sdb[5004]: zone test.com/IN: sending notifies (serial 2013070814)
Jul  8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: Transfer started.
Jul  8 02:16:22 slave named-sdb[5004]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168.56.104#53: connected using 192.168.56.105#34075
Jul  8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: transferred serial 2013070814
Jul  8 02:16:22 slave named-sdb[5004]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 9 records, 283 bytes, 0.006 secs (47166 bytes/sec)
Jul  8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)

可以在日志里看到master已经给slave发送了配置，而slave也收到了。
在系统上查看是否收到了文件
[root@slave ~]# cd /var/named/
[root@slave named]# ll
total 40
-rw-r--r-- 1 named named  461 Jul  8 02:16 192.168.56.arpa
drwxr-x--- 6 named named 4096 Jul  7 21:14 chroot
drwxrwx--- 2 named named 4096 Jul  7 22:01 data
drwxrwx--- 2 named named 4096 Jul  8 02:17 dynamic
-rw-r----- 1 named named 1892 Feb 18  2008 named.ca
-rw-r----- 1 named named  152 Dec 15  2009 named.empty
-rw-r----- 1 named named  152 Jun 21  2007 named.localhost
-rw-r----- 1 named named  168 Dec 15  2009 named.loopback
-rw-r--r-- 1 named named  447 Jul  8 02:16 named.test.com
drwxrwx--- 2 named named 4096 Mar 29 06:21 slaves

可以看到系统里已经有了正常解析与反向解析