未加星标

Setup and Test Bind DNS Zone File Replication to Slave Servers on CentOS

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二05 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏
Scenario: You are on-boarding/bringing up a new Bind DNS server (say NSHost3 198.164.12.103) to replace/upgrade your existing Bind DNS server (NSHost2 198.164.12.102) You have installed Bind 9.8 as shown on the new server [[email protected] ~]# named -v

BIND 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1

[[email protected] ~]# You want to configure NSHost3 as slave server for some of the zones are primarily hosted on NSHost1 (198.164.12.101) in your other Data centre You are NOT running or have allowed the tcp/udp port#53 in your iptables Firewall on both NSHost1 and NSHost3 servers Implementation: Configuring your new server NSHost3 as slave to NSHost1 server requires updating named.conf file on both the servers as detailed here. On NSHost1 (198.164.12.101) setup /etc/named.conf with below essential contents

options {

listen-on port 53 { 198.164.12.101; }; //NSHost1 the master server in Data centre 1

allow-notify { 198.164.12.103; }; //NSHost3 the new Slave server

allow-transfer { 198.164.12.103; }; //NSHost3 the new Slave server

..

};

/* primary zones */
zone “dc1.mydomain.com” {
type master;
file “dc1.mydomain.com.zone”;
}; /* Secondary zones */
zone “dc2.mydomain.com” {
type slave;
masters { 198.164.12.103; };
file “secondary/dc2.mydomain.com.zone”;
}; On NSHost3 (198.164.12.103) setup /etc/named.conf with below essential contents

options {

listen-on port 53 { 198.164.12.103; }; //NSHost3 the new Slave server

allow-transfer { 198.164.12.101 }; //NSHost1 the master server in Data centre 1

allow-notify { 198.164.12.101 }; //NSHost1 the master server in Data centre 1

..

};

/* primary zones */
zone “dc2.mydomain.com” {
type master;
file “dc2.mydomain.com.zone”;
}; /* Secondary zones */
zone “dc1.mydomain.com” {
type slave;
masters { 198.164.12.101; }; // Specifying the IP-address of NSHost1 which is hosting this zone.
file “secondary/dc1.mydomain.com.zone”;
}; Troubleshooting:

During the first time replication setup on RedHat Bind, most people encounter that despite successful file transfers the zone files does not get created on the Slave servers. It results in below errors in /var/log/messages file.

Oct 14 02:58:15 NSHost3 named-sdb[18253]: zone dc1.mydomain.com/IN: Transfer started. Oct 14 02:58:15 NSHost3 named-sdb[18253]: transfer of ‘dc1.mydomain.com/IN’ from 198.164.12.101#53: connected using 198.164.12.103#49611 Oct 14 02:58:16 NSHost3 named-sdb[18253]: zone dc1.mydomain.com/IN: transferred serial 2014109804 Oct 14 02:58:16 NSHost3 named-sdb[18253]: transfer of ‘dc1.mydomain.com/IN’ from 198.164.12.101#53: Transfer completed: 1 messages, 21 records, 529 bytes, 0.217 secs (2437 bytes/sec) Oct 14 02:58:16 NSHost3 named-sdb[18253]: zone dc1.mydomain.com/IN: sending notifies (serial 2014109804) Oct 14 02:58:16 NSHost3 named-sdb[18253]: dumping master file: secondary/tmp-IWDKG5gBFC: open: permission denied

This is a known bug with RedHat Bind software as documented here: Bug 545128 SElinux is preventing the named daemon from writing to the zone directory . You require to fix it by enabling the SELinux paramater named_write_master_zones boolean as shown below:

<<Fix for error: dumping master file: open: permission denied >>

[[email protected] ~]# setsebool -P named_write_master_zones=1

<</>>

Then restart the named service as shown below:

[[email protected] ~]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[[email protected] ~]# service named status References: Bug 545128 SELinux is preventing the named daemon from writing to the zone directory Setup Master-Slave DNS Server Using “Bind” Tools in RHEL/CentOS 6.5

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: Linux
分页:12
转载请注明
本文标题:Setup and Test Bind DNS Zone File Replication to Slave Servers on CentOS
本站链接:http://www.codesec.net/view/482974.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(46)