To configure primary and secondary BIND

Linux/CentOS7

To configure primary and secondary BIND

장성한군사 2017. 9. 18. 19:39

CentOS 7 Version

Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Mater, Slave Server에서 방화벽 열기

firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --permanent --add-port=53/udp

firewall-cmd --reload

Primay	Secondary
192.168.8.136	192.168.8.138

To install packages for BIND on both system

[root@localhost ~]# yum -y install bind bind-libs bind-utils

Priamry

[root@localhost ~]# vi /etc/named.conf

options {
        listen-on port 53 { 192.168.8.136; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

recursion yes;

Secondary

[root@localhost ~]# vi /etc/named.conf

options {
        listen-on port 53 { 192.168.8.138; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

recursion yes;

Primary

[root@localhost ~]# vi /etc/named.rfc1912.zones

zone "infosec.local" IN {
        type master;
        file "infosec.local.db";
        allow-transfer { 192.168.8.138; };
notify yes;
        also-notify { 192.168.8.138; };
};

zone "8.168.192.in-addr.arpa" IN {
        type master;
        file "infosec.local.rdb";
        allow-transfer { 192.168.8.138; };
   notify yes;
        also-notify { 192.168.8.138; };
};

Secondary

[root@localhost ~]# vi /etc/named.rfc1912.zones

zone "infosec.local" IN {
        type slave;
        file "slaves/infosec.local.db" ;
        masters { 192.168.8.136; };
};

Primary

[root@localhost ~]# cd /var/named

[root@localhost named]#cp -pv named.localhost infosec.local.db

[root@localhost named]#cp -pv named.loopback infosec.local.rdb

Primary

[root@localhost named]# vi /var/named/infosec.local.db

$TTL 3H
@       IN SOA @ infosec.local. (
                           2017091800       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
           NS      lux01.
lux01    A       192.168.8.136
www    CNAME   lux01.infosec.local.

While modifying zones, do not forget to change the serial number in the lookup file.

Primary

[root@localhost named]# vi /var/named/infosec.local.rdb

$TTL 1D
@       IN SOA @ infosec.local. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
          NS      lux01.
lux01   A       192.168.8.136
136     PTR     lux01.infosec.local.

Start bind daemon on both system

[root@localhost named]# systemctl start named.service

Auto remount on both system

[root@localhost named]# systemctl enable named.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[root@localhost ~]# systemctl list-unit-files

[root@localhost ~]# ps -ef | grep named
named 2958 1 0 14:08 ? 00:00:00 /usr/sbin/named -u named -c /etc/named.conf
root 3460 2431 0 14:23 pts/0 00:00:00 grep --color=auto named

[root@localhost named]# systemctl | grep named
named.service loaded active running Berkeley Internet Name Domain (DNS)

[root@localhost named]# named-checkzone infosec.local /var/named/infosec.local.db

Slave 서버에서 AXFR , IXFR 질의하기

dig AXFR infosec.local @MasterIP

저작자표시 비영리 변경금지