Deploy DNS master-slave replication, zone transfer

Environmental Science:
Main server ip:
Secondary server ip:

There are two conditions for decision-making:
   1. Authorize to the secondary server
     2. NS, A or PTR are configured in the zone file of the primary server

Simple and rough installation of bind for both devices
    `yum install bind -y`

Configure primary server

Modify the master profile of the master server:

~]# vim /etc/named.conf
listen-on port 53 { any; };
allow-query     { any; };
masterfile-format text;           If the secondary server is not configured, the files that cannot be accessed will be scrambled;

--------------------------------------The above part is in options Configured inside;

zone "" IN {
    type master;
    file "";
    allow-transfer {; };
        notify yes;       ----Initially configured at options It's found that it doesn't work. It can be configured here;

To create and configure a zone resolution library file for the primary server:

~]# touch
~]# chmod 640 
~]# chown root:named
~]# ll 
-rw-r----- 1 root named 335 1 Month 815:43
~]# vi
$TTL 600
@ IN SOA (

           IN   NS   ns1
           IN   NS   ns2
           IN   A
ns1        IN   A
ns2        IN   A
www        IN   A

Because I am a virtual machine, I need to configure / etc/resolv.conf as the local ip,

~]# cat /etc/resolv.conf
# Generated by NetworkManager

Configure secondary server

Modify the primary profile of the secondary server:

  listen-on port 53 { any; };
    allow-query     { any; };
    masterfile-format text;
--------------------------------------The above part is in options Configured inside;

zone "" IN {
    type slave;
    file "slaves/";
    masters {; };

Because the zone files are synchronized from the primary server, there is no need to configure them separately.

It is also necessary to change the ip address of / etc/resolv.conf as the main server.

Remember to use named checkconf and named checkzone to check the configuration file for syntax errors.
Then systemctl start named starts the bind service to see if the zone file of the master server already exists in the slave server.

If the area is not synchronized, the firewall may not be turned off, or the slave server may not be configured with NS record A record on the master server. The time of the two servers is synchronized!!!

Log observation synchronization information process:

The process of the first zone transfer is called full zone transfer (axfr)
Every subsequent area transfer is called incremental area transfer (ixfr)

Tags: Linux yum vim firewall

Posted on Sun, 01 Dec 2019 09:10:41 -0800 by kusal