bind9.3配置疑

sky_551

实验环境：master ip:192.168.233.128
  slave ip:192.168.233.130
我对allow-notify这个参数的使用上有疑惑，在百度文库里找到相关资料说这个参数是与“notify yes;”结合使用的，且例子里是配置为如下：
options
{
notify yes;
allow-notify {从DNS地址};
};
但是这样配置后在从DNS重新启动服务时日志文件会报错，便于说得清楚点，我把主从DNS的配置文件贴出来。
master named.conf:
options {
  directory "/var/named";
  allow-query {any;};
  listen-on port 53 {any;};
  forwarders {61.128.128.68;61.192.128.68;};
  allow-recursion {192.168.233.0/24;};
  notify yes;
allow-notify {192.168.233.130;};
};
logging {
  category lame-servers {null;};
};
  zone "." {
  type hint;
  file "named.root";
  };
  zone "localhost" {
  type master;
  file "localhost.zone";
  };
  zone "0.0.127.in-addr.arpa"{
  type master;
  file "named.local";
  };
  zone "zhaochj.org" {
  type master;
  file "named.zhaochj.org";
  allow-transfer {192.168.233.130;};
  };
  zone "233.168.192.in-addr.arpa" {
  type master;
  file "named.192.168.233";
  allow-transfer {192.168.233.130;};
  };
key "rndckey" {
  algorithm hmac-md5;
  secret "v7WVnhnsZ/PmspO8Xesd+g==";
};
  
controls {
  inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndckey"; };
};

slave named.conf:
options {
  directory "/var/named";
  allow-query {any;};
  listen-on port 53 {any;};
  allow-recursion {192.168.233.0/24;};
  forwarders {61.128.128.68;61.192.128.68;};
};
logging {
  category lame-servers {null;};
};
  zone "." {
  type hint;
  file "named.root";
  };
  zone "localhost" {
  type master;
  file "localhost.zone";
  };
  zone "0.0.127.in-addr.arpa"{
  type master;
  file "named.local";
  };
  zone "zhaochj.org" {
  type slave;
  file "slaves/named.zhaochj.org";
  masters {192.168.233.128;};
  };
  zone "233.168.192.in-addr.arpa" {
  type slave;
  file "slaves/named.192.168.233";
  masters {192.168.233.128;};
  };
key "rndckey" {
  algorithm hmac-md5;
  secret "vEfapQb6CYHbCU8KoSv9BQ==";
};
  
controls {
  inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndckey"; };
};
如此配置后，分别重新启动主从DNS服务观察日志文件，在从DNS日志文件中是这样的：

[root@zcj ~]# tail -f /var/log/messages
Oct 20 02:25:29 zcj named[12215]: zone 233.168.192.in-addr.arpa/IN: loaded serial 1997022706
Oct 20 02:25:29 zcj named[12215]: zone localhost/IN: loaded serial 42
Oct 20 02:25:29 zcj named[12215]: zone zhaochj.org/IN: loaded serial 57
Oct 20 02:25:29 zcj named[12215]: running
Oct 20 02:25:29 zcj named[12215]: zone zhaochj.org/IN: sending notifies (serial 57)
Oct 20 02:25:29 zcj named[12215]: zone 233.168.192.in-addr.arpa/IN: sending notifies (serial 1997022706)
Oct 20 02:25:29 zcj named[12215]: client 192.168.233.130#29959: received notify for zone 'zhaochj.org'
Oct 20 02:25:29 zcj named[12215]: zone zhaochj.org/IN: refused notify from non-master: 192.168.233.130#29959
Oct 20 02:25:30 zcj named[12215]: client 192.168.233.130#27652: received notify for zone '233.168.192.in-addr.arpa'
Oct 20 02:25:30 zcj named[12215]: zone 233.168.192.in-addr.arpa/IN: refused notify from non-master: 192.168.233.130#27652
看见吧，有“refused notify from non-master”这样的错误信息，好像是说从master那里的通告被拒绝了！
然后我把主从DNS的配置文件进行如下更改后，日志文件里就没有问题了，但是这样的配置我自己都不能理解。
master named.conf,去掉了notify的参数：
options {
  directory "/var/named";
  allow-query {any;};
  listen-on port 53 {any;};
  forwarders {61.128.128.68;61.192.128.68;};
  allow-recursion {192.168.233.0/24;};
};
logging {
  category lame-servers {null;};
};
  zone "." {
  type hint;
  file "named.root";
  };
  zone "localhost" {
  type master;
  file "localhost.zone";
  };
  zone "0.0.127.in-addr.arpa"{
  type master;
  file "named.local";
  };
  zone "zhaochj.org" {
  type master;
  file "named.zhaochj.org";
  allow-transfer {192.168.233.130;};
  };
  zone "233.168.192.in-addr.arpa" {
  type master;
  file "named.192.168.233";
  allow-transfer {192.168.233.130;};
  };
key "rndckey" {
  algorithm hmac-md5;
  secret "v7WVnhnsZ/PmspO8Xesd+g==";
};
  
controls {
  inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndckey"; };
};
slave named.conf,加上notify的参数，且后边的Ip还是自己的ip：
options {
  directory "/var/named";
  allow-query {any;};
  listen-on port 53 {any;};
  allow-recursion {192.168.233.0/24;};
  forwarders {61.128.128.68;61.192.128.68;};
allow-notify {192.168.233.130;};
};
logging {
  category lame-servers {null;};
};
  zone "." {
  type hint;
  file "named.root";
  };
  zone "localhost" {
  type master;
  file "localhost.zone";
  };
  zone "0.0.127.in-addr.arpa"{
  type master;
  file "named.local";
  };
  zone "zhaochj.org" {
  type slave;
  file "slaves/named.zhaochj.org";
  masters {192.168.233.128;};
  };
  zone "233.168.192.in-addr.arpa" {
  type slave;
  file "slaves/named.192.168.233";
  masters {192.168.233.128;};
  };
key "rndckey" {
  algorithm hmac-md5;
  secret "vEfapQb6CYHbCU8KoSv9BQ==";
};
  
controls {
  inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndckey"; };
};
分别重新启动主从DNS的服务，再来看从DNS服务器的日志文件：
[root@zcj ~]# tail -f /var/log/messages
Oct 20 02:30:01 zcj named[12275]: zone 233.168.192.in-addr.arpa/IN: sending notifies (serial 1997022706)
Oct 20 02:30:01 zcj named[12275]: zone zhaochj.org/IN: sending notifies (serial 57)
Oct 20 02:30:01 zcj named[12275]: client 192.168.233.130#12459: received notify for zone '233.168.192.in-addr.arpa'
Oct 20 02:30:01 zcj named[12275]: zone 233.168.192.in-addr.arpa/IN: notify from 192.168.233.130#12459: zone is up to date
Oct 20 02:30:01 zcj named[12275]: client 192.168.233.130#3369: received notify for zone 'zhaochj.org'
Oct 20 02:30:01 zcj named[12275]: zone zhaochj.org/IN: notify from 192.168.233.130#3369: zone is up to date
Oct 20 02:30:07 zcj named[12275]: client 192.168.233.128#52554: received notify for zone 'zhaochj.org'
Oct 20 02:30:07 zcj named[12275]: zone zhaochj.org/IN: notify from 192.168.233.128#52554: zone is up to date
Oct 20 02:30:08 zcj named[12275]: client 192.168.233.128#40378: received notify for zone '233.168.192.in-addr.arpa'
Oct 20 02:30:08 zcj named[12275]: zone 233.168.192.in-addr.arpa/IN: notify from 192.168.233.128#40378: zone is up to date

看见吗？这样才是正常的，我就是没有弄明白了，这个notify参数到底要怎么用，怎么会配置在从dns的配置文件里，后边还是自己的ip地址，请各位解答的我疑惑，这事情困扰我好久了！谢谢！