以下是dns主从无法自动同步时配置步骤

防火墙

  1.dns加入防火墙机制

[root@localhost named]# firewall-cmd --permanent --add-service=dns

success

[root@localhost named]# firewall-cmd --reload

success

[root@localhost named]# chgrp named /etc/named.conf

查看防火墙机制

[root@localhost named]# firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: ens33

  sources:

  services: ssh dhcpv6-client dns

  ports:

  protocols:

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:

关闭SElinux

[root@localhost named]# getenforce

Enforcing

[root@localhost named]# setenforce 0

[root@localhost named]# getenforce 0

Permissive

5)开启路由功能

[root@localhost named]# sysctl -a| grep ip_forward

net.ipv4.ip_forward = 1

net.ipv4.ip_forward_use_pmtu = 0

sysctl: reading key "net.ipv6.conf.all.stable_secret"

sysctl: reading key "net.ipv6.conf.default.stable_secret"

sysctl: reading key "net.ipv6.conf.ens33.stable_secret"

sysctl: reading key "net.ipv6.conf.lo.stable_secret"

sysctl: reading key "net.ipv6.conf.virbr0.stable_secret"

sysctl: reading key "net.ipv6.conf.virbr0-nic.stable_secre

注 ---> 需在/proc/sys/net/ipv4/ip_forward配置文件设置

查看端口状态

[root@localhost named]# netstat -antulpe|grep named

tcp        0      0 192.168.154.111:53      0.0.0.0:*               LISTEN      25     

 

 

权限问题配置

chown named linux.com.zone  

chmod 665 /var/named/linux.com.zone  

chmod 777 /var/named/