Shulou(Shulou.com)06/01 Report--

This article shows you how to create a secondary domain name server in CentOS, which is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

When creating a secondary DNS server, the following factors need to be carefully considered.

In the secondary domain name server, you do not need to manually create forward and reverse zone files. These zone files are periodically synchronized from the primary domain name server.

When any zone file on the primary domain name server is modified, the 'serial' parameter should also be updated. The secondary DNS server synchronizes only when the serial of the zone file above the primary server is modified.

We assume that the IP address of the secondary server is 172.16.1.4. Let's do the installation.

Set hostname

Just like the primary domain name server, the hostname of the secondary domain name server should be a fully qualified domain name (FQDN).

# vim / etc/sysconfig/networkHOSTNAME=ns2.example.tst

Note that the hostname set in this file will be used when the server starts. Therefore, if you modify the file after the system starts, the modification will not take effect immediately. The following command can be used to modify and take effect in time while the system is running.

# hostname ns2.example.tst

After setting up, you can use the following command to view the host name.

# hostnamens2.example.tst

Before proceeding to the following steps, make sure that the host names of all three servers are set correctly.

Install the package

Just like the primary server, configure a secondary domain name server with or without chroot. The necessary packages can be easily installed using yum.

Do not use chroot:

# yum install bind

Use chroot:

# yum install bind-chroot

Prepare configuration files for transfer of zone files

After you create a domain name server using bind in CentOS, the default setting allows all zone files to be synchronized by any server. For security reasons, we need to configure the primary domain name server to allow only the secondary domain name server to synchronize.

1. Primary domain name server

Do not use chroot:

# vim / etc/named.conf

Use chroot:

# vim / var/named/chroot/etc/named.confzone "example.tst" IN {type master;file "example-fz"; # # File example-fz on the primary domain name server # # allow-update {none;}; allow-transfer {172.16.1.4;}; # # allow secondary domain name servers to transfer # #}; zone "1.16.172.in-addr.arpa" IN {type master;file "rz-172-16-1" # # File rz-172-16-1 on the primary domain name server # # allow-update {none;}; allow-transfer {172.16.1.4;}; # # allow secondary domain name servers to transfer # #}

two。 Secondary domain name server

The default configuration file provided after the software installation can be used to configure the secondary domain name server. However, we will use another instance configuration file for configuration because it is easy to adjust.

Do not use chroot:

# cp / usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones / etc/named.conf

Use chroot:

# cp / usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones / var/named/chroot/etc/named.conf

After executing the above command to copy the file, add the following to the copied file.

Options {directory "/ var/named"; forwarders {8.8.8;};}; zone "example.tst" IN {type slave; # # this host is a secondary domain name server # # file "example-fz"; # # this file is automatically created # # / / allow-update {none;}; allow-transfer {172.16.1.3;} # # define primary domain name server # # masters {172.16.1.3;}; # # define primary domain name server # #}; zone "1.16.172.in-addr.arpa" IN {type slave; # # this host is defined as secondary domain name server # # file "rz-172-16-1" # # this file will be automatically created # # / / allow-update {none;}; allow-transfer {172.16.1.3;}; # # define the primary domain name server # # masters {172.16.1.3;};}

Finish the work

In order to ensure that there are no permissions-related issues, we need to make the following adjustments.

Do not use chroot:

Chmod 770 / var/named/

To use chroot, you need to modify permissions according to the following command after the named service is started.

# chmod 770 / var/named/chroot/var/named

Now that everything is ready, we can restart the named service. Or, make sure that the named service has been added to the start list.

# service named restart# chkconfig named on

If nothing happens, the secondary domain name server should request a zone transfer from the primary domain name server and generate its own / var/named directory. The log file / var/log/messages will contain some useful information about the named service, including information during regional file transfer.

Test a secondary domain name server

We can use dig or nslookup for DNS test operations. In this tutorial, we will use nslookup to demonstrate. The necessary software packages can be installed through yum.

# yum install bind-utils# nslookup > server 172.16.1.4Default server: 172.16.1.4Address: 172.16.1.4: 53 > example.tstServer: 172.16.1.4Address: 172.16.1.4: 53 Name: example.tstAddress: 172.16.1.3 > set type=mx > example.tstServer: 172.16.1.4Address: 172. 16.1.453 example.tst mail exchanger = 10 mail.example.tst. > exit

Troubleshooting hint

We do not need to create any zone files on the secondary domain name server. All zone files are synchronized with the primary domain name server.

The named service on the secondary domain name server periodically synchronizes with the primary server. If you want a timely synchronization, you can use the command "rncd retransfer". As follows:

# rndc retransfer example.tst

The secondary domain name server will update only when the serial number of the zone file on the primary server is modified to become larger.

Make sure that user named can write to the folder / var/named or / var/named/chroot/var/named (in the case of chroot).

/ var/log/messages will contain useful information.

I've shut down SELinux.

Make sure the firewall is open to the UDP53 port.

The above is how to create a secondary domain name server in CentOS. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.