BIND 1차 2차 동기화

※ 환경 : CentOS 7.5

 

– Master 서버

 

# vi /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
/* 
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching) DNS server, you need to enable 
recursion. 
– If your recursive DNS server has a public IP address, you MUST enable access 
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification 
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface 
*/
recursion no;
allow-transfer { SLAVE 서버 IP; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
pid-file “/run/named/named.pid”;
session-keyfile “/run/named/session.key”;
};

 

# chown -R named.named /var/named

# vi /etc/named.rfc1912.zones
zone “test.com” IN {
type master;
file “test.com.zone”;
allow-transfer { SLAVE 서버IP; };
};
zone “ittech.com” IN {
type master;
file “ittech.com.zone”;
allow-transfer { SLAVE 서버IP; };
};

allow-transfer : 존 파일을 전송을 허용하고자 하는 IP

 

– SLAVE 서버

 

# vi /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
masterfile-format text;
/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
– If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
pid-file “/run/named/named.pid”;
session-keyfile “/run/named/session.key”;
};

 

masterfile-format text; 를 추가하는 이유는 slave 쪽에서 zone 파일이 data 파일로 생성되기 때문에 보이기 쉽게 text 형태로 확인할 수 있도록 설정하는 부분입니다.

 

# vi /etc/named.rfc1912.zones
zone “test.com” IN {
type slave;
file “testcom.zone”;
masters { MASTER 서버IP; };
};
zone “ittech.com” IN {
type slave;
file “ittech.com.zone”;
masters { MASTER 서버IP; };
};

 

설정 완료 후 MASTER쪽과 SLAVE쪽에서 DNS서버를 재시작해줍니다.

 

# service named restart

재시작하면 SLAVE 쪽에서 /var/named 폴더 안에 존파일을 master쪽에서 받아오게 됩니다.
질의를 했을 때, 1차 2차에서도 동시에 질의되는것을 확인할 수 있습니다.