====== TSIG CentOS ======
**Cenário:**
* ns1 => 203.0.113.200
* ns2 => 203.0.113.201
* domain => example.com
====== Configuração do master ======
[root@ns1 ~]# yum install bind bind-utils
[root@ns1 ~]# yum list installed | grep ^bind
bind.x86_64 32:9.9.4-29.el7_2.3 @updates
bind-libs.x86_64 32:9.9.4-29.el7_2.3 @updates
bind-libs-lite.x86_64 32:9.9.4-29.el7_2.3 @updates
bind-license.noarch 32:9.9.4-29.el7_2.3 @updates
bind-utils.x86_64 32:9.9.4-29.el7_2.3 @updates
[root@ns1 ~]# echo "nameserver 127.0.0.1" > /etc/resolv.conf
[root@ns1 ~]# chattr +i /etc/resolv.conf
[root@ns1 ~]# systemctl enable named.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@ns1 ~]# systemctl start named.service
[root@ns1 ~]# systemctl list-unit-files --type=service | grep -e ^named.service
named.service enabled
[root@ns1 ~]# systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Ter 2016-09-20 17:47:06 BRT; 1min 31s ago
Process: 2237 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2235 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 2240 (named)
CGroup: /system.slice/named.service
└─2240 /usr/sbin/named -u named
Set 20 17:47:06 ns1 named[2240]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Set 20 17:47:06 ns1 named[2240]: zone localhost.localdomain/IN: loaded serial 0
Set 20 17:47:06 ns1 named[2240]: zone localhost/IN: loaded serial 0
Set 20 17:47:06 ns1 named[2240]: all zones loaded
Set 20 17:47:06 ns1 named[2240]: running
Set 20 17:47:06 ns1 named[2240]: error (network unreachable) resolving './DNSKEY/IN': 2001:dc3::35#53
Set 20 17:47:06 ns1 named[2240]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Set 20 17:47:06 ns1 named[2240]: error (network unreachable) resolving './DNSKEY/IN': 2001:500:2f::f#53
Set 20 17:47:06 ns1 named[2240]: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53
Set 20 17:47:06 ns1 systemd[1]: Started Berkeley Internet Name Domain (DNS).
[root@ns1 ~]# ps -eZ | grep named
system_u:system_r:named_t:s0 2240 ? 00:00:00 named
[root@ns1 ~]# ls -Zd /etc/named.conf /etc/named.rfc1912.zones /var/named/
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.conf
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.rfc1912.zones
drwxr-x---. root named system_u:object_r:named_zone_t:s0 /var/named/
[root@ns1 ~]# semanage port -l | grep dns_
dns_port_t tcp 53
dns_port_t udp 53
[root@ns1 ~]# getsebool -a | grep ^named
named_tcp_bind_http_port --> off
named_write_master_zones --> off
[root@ns1 ~]# cat /etc/named.conf
acl master { 127.0.0.1; 203.0.113.200; };
acl lan { 203.0.113.0/24; };
options {
listen-on port 53 { master; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { master; lan; };
allow-query-cache { master; lan; };
//recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "master/db.example.com";
};
zone "113.0.203.in-addr.arpa" IN {
type master;
file "master/db.113-0-203";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@ns1 ~]# mkdir /var/named/master
[root@ns1 ~]# cat /var/named/master/db.example.com
$TTL 1D
@ IN SOA ns1.example.com. hostmaster.example.com. (
2016092001 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS example.com.
example.com. IN TXT "v=spf1 a mx ip4:203.0.113.240 -all"
example.com. IN SPF "v=spf1 a mx ip4:203.0.113.240 -all"
;
NS ns1.example.com.
NS ns2.example.com.
MX 10 mx1.example.com.
;
ns1 IN A 203.0.113.200
ns2 IN A 203.0.113.201
mx1 IN A 203.0.113.240
imap IN CNAME mx1
pop IN CNAME mx1
smtp IN CNAME mx1
webmail IN CNAME mx1
@ IN A 203.0.113.80
[root@ns1 ~]# cat /var/named/master/db.113-0-203
$TTL 1D
@ IN SOA ns1.example.com. hostmaster.example.com. (
2016192001 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
IN NS ns2.example.com.
200 IN PTR ns1.example.com.
201 IN PTR ns2.example.com.
240 IN PTR mx1.example.com.
[root@ns1 ~]# chown named:named /var/named/master
[root@ns1 ~]# chown root:named /var/named/master/db.*
[root@ns1 ~]# chcon -t named_zone_t /var/named/master/db.*
[root@ns1 ~]# semanage fcontext -a -t named_zone_t "/var/named/master(/.*)?"
[root@ns1 ~]# named-checkzone example.com /var/named/master/db.example.com
zone example.com/IN: loaded serial 2016092001
OK
[root@ns1 ~]# named-checkzone 113.0.203.in-addr.arpa /var/named/master/db.113-0-203
zone 113.0.203.in-addr.arpa/IN: loaded serial 2016192001
OK
[root@ns1 ~]# systemctl restart named.service
[root@ns1 ~]# systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Ter 2016-09-20 18:09:35 BRT; 30s ago
Process: 2321 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 2332 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2330 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 2335 (named)
CGroup: /system.slice/named.service
└─2335 /usr/sbin/named -u named
Set 20 18:09:35 ns1 named[2335]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Set 20 18:09:35 ns1 named[2335]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Set 20 18:09:35 ns1 named[2335]: zone localhost.localdomain/IN: loaded serial 0
Set 20 18:09:35 ns1 named[2335]: zone example.com/IN: loaded serial 2016092001
Set 20 18:09:35 ns1 named[2335]: zone localhost/IN: loaded serial 0
Set 20 18:09:35 ns1 named[2335]: all zones loaded
Set 20 18:09:35 ns1 named[2335]: running
Set 20 18:09:35 ns1 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Set 20 18:09:36 ns1 named[2335]: zone example.com/IN: sending notifies (serial 2016092001)
Set 20 18:09:36 ns1 named[2335]: zone 113.0.203.in-addr.arpa/IN: sending notifies (serial 2016192001)
[root@ns1 ~]# host -a example.com
Trying "example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;example.com. IN ANY
;; ANSWER SECTION:
example.com. 86400 IN A 203.0.113.80
example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. 2016092001 86400 3600 604800 10800
example.com. 86400 IN NS example.com.
example.com. 86400 IN NS ns1.example.com.
example.com. 86400 IN NS ns2.example.com.
example.com. 86400 IN TXT "v=spf1 a mx ip4:203.0.113.240 -all"
example.com. 86400 IN SPF "v=spf1 a mx ip4:203.0.113.240 -all"
example.com. 86400 IN MX 10 mx1.example.com.
;; ADDITIONAL SECTION:
ns1.example.com. 86400 IN A 203.0.113.200
ns2.example.com. 86400 IN A 203.0.113.201
mx1.example.com. 86400 IN A 203.0.113.240
Received 304 bytes from 127.0.0.1#53 in 1 ms
====== Configuração do slave ======
[root@ns2 ~]# yum install bind bind-utils
[root@ns2 ~]# yum list installed | grep ^bind
bind.x86_64 32:9.9.4-29.el7_2.3 @updates
bind-libs.x86_64 32:9.9.4-29.el7_2.3 @updates
bind-libs-lite.x86_64 32:9.9.4-29.el7_2.3 @updates
bind-license.noarch 32:9.9.4-29.el7_2.3 @updates
bind-utils.x86_64 32:9.9.4-29.el7_2.3 @updates
[root@ns2 ~]# echo "nameserver 127.0.0.1" > /etc/resolv.conf
[root@ns2 ~]# chattr +i /etc/resolv.conf
[root@ns2 ~]# systemctl enable named.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@ns2 ~]# systemctl start named.service
[root@ns2 ~]# systemctl list-unit-files --type=service | grep -e ^named.service
named.service enabled
[root@ns2 ~]# systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Ter 2016-09-20 17:46:59 BRT; 2min 21s ago
Process: 2214 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2212 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 2217 (named)
CGroup: /system.slice/named.service
└─2217 /usr/sbin/named -u named
Set 20 17:46:59 ns2 named[2217]: managed-keys-zone: loaded serial 0
Set 20 17:46:59 ns2 named[2217]: zone 0.in-addr.arpa/IN: loaded serial 0
Set 20 17:46:59 ns2 named[2217]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Set 20 17:46:59 ns2 named[2217]: zone localhost.localdomain/IN: loaded serial 0
Set 20 17:46:59 ns2 named[2217]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Set 20 17:46:59 ns2 named[2217]: zone localhost/IN: loaded serial 0
Set 20 17:46:59 ns2 named[2217]: all zones loaded
Set 20 17:46:59 ns2 named[2217]: running
Set 20 17:46:59 ns2 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Set 20 17:46:59 ns2 named[2217]: error (network unreachable) resolving './DNSKEY/IN': 2001:7fe::53#53
[root@ns2 ~]# ps -eZ | grep named
system_u:system_r:named_t:s0 2240 ? 00:00:00 named
[root@ns2 ~]# ls -Zd /etc/named.conf /etc/named.rfc1912.zones /var/named/
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.conf
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.rfc1912.zones
drwxr-x---. root named system_u:object_r:named_zone_t:s0 /var/named/
[root@ns2 ~]# semanage port -l | grep dns_
dns_port_t tcp 53
dns_port_t udp 53
[root@ns2 ~]# getsebool -a | grep ^named
named_tcp_bind_http_port --> off
named_write_master_zones --> off
[root@ns2 ~]# cat /etc/named.conf
acl slave { 127.0.0.1; 203.0.113.201; };
acl lan { 203.0.113.0/24; };
options {
listen-on port 53 { slave; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { slave; lan; };
allow-query-cache { slave; lan; };
//recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type slave;
file "slaves/db.example.com";
masters { 203.0.113.200; };
};
zone "113.0.203.in-addr.arpa" IN {
type slave;
file "slaves/db.113-0-203";
masters { 203.0.113.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@ns2 ~]# systemctl restart named.service
[root@ns2 ~]# systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Qua 2016-09-21 09:55:20 BRT; 7s ago
Process: 12133 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 12143 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 12141 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 12146 (named)
CGroup: /system.slice/named.service
└─12146 /usr/sbin/named -u named
Set 21 09:55:20 ns2 named[12146]: zone 113.0.203.in-addr.arpa/IN: loaded serial 2016192001
Set 21 09:55:20 ns2 named[12146]: zone localhost/IN: loaded serial 0
Set 21 09:55:20 ns2 named[12146]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Set 21 09:55:20 ns2 named[12146]: zone localhost.localdomain/IN: loaded serial 0
Set 21 09:55:20 ns2 named[12146]: zone example.com/IN: loaded serial 2016092001
Set 21 09:55:20 ns2 named[12146]: all zones loaded
Set 21 09:55:20 ns2 named[12146]: running
Set 21 09:55:20 ns2 named[12146]: zone example.com/IN: sending notifies (serial 2016092001)
Set 21 09:55:20 ns2 named[12146]: zone 113.0.203.in-addr.arpa/IN: sending notifies (serial 2016192001)
Set 21 09:55:20 ns2 systemd[1]: Started Berkeley Internet Name Domain (DNS).
[root@ns2 ~]# ls -l /var/named/slaves/
total 8
-rw-r--r--. 1 named named 414 Set 21 08:37 db.113-0-203
-rw-r--r--. 1 named named 798 Set 21 08:37 db.example.com
[root@ns2 ~]# host -a example.com
Trying "example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18340
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;example.com. IN ANY
;; ANSWER SECTION:
example.com. 86400 IN A 203.0.113.80
example.com. 86400 IN NS example.com.
example.com. 86400 IN NS ns1.example.com.
example.com. 86400 IN NS ns2.example.com.
example.com. 86400 IN TXT "v=spf1 a mx ip4:203.0.113.240 -all"
example.com. 86400 IN SPF "v=spf1 a mx ip4:203.0.113.240 -all"
example.com. 86400 IN MX 10 mx1.example.com.
example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. 2016092001 86400 3600 604800 10800
;; ADDITIONAL SECTION:
ns1.example.com. 86400 IN A 203.0.113.200
ns2.example.com. 86400 IN A 203.0.113.201
mx1.example.com. 86400 IN A 203.0.113.240
Received 304 bytes from 127.0.0.1#53 in 1 ms
====== Implementando o TSIG ======
==== No Master ====
[root@ns1 ~]# cd /etc/named
[root@ns1 named]# dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n HOST example.com
Kexample.com.+157+17778
[root@ns1 named]# ls -l
total 8
-rw-------. 1 root root 55 Set 21 10:03 Kexample.com.+157+17778.key
-rw-------. 1 root root 165 Set 21 10:03 Kexample.com.+157+17778.private
[root@ns1 named]# cat Kexample.com.+157+17778.key
example.com. IN KEY 512 3 157 13cf4dANsf6pVJLs/AeOJg==
[root@ns1 named]# cat Kexample.com.+157+17778.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: 13cf4dANsf6pVJLs/AeOJg==
Bits: AAA=
Created: 20160921130334
Publish: 20160921130334
Activate: 20160921130334
[root@ns1 ~]# cat /etc/named.conf
acl master { 127.0.0.1; 203.0.113.200; };
acl lan { 203.0.113.0/24; };
options {
listen-on port 53 { master; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { master; lan; };
allow-query-cache { master; lan; };
allow-transfer { key example.com; };
//recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
# Transferencia de zona TSIG
key "example.com" {
algorithm hmac-md5;
secret "13cf4dANsf6pVJLs/AeOJg==";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "master/db.example.com";
};
zone "113.0.203.in-addr.arpa" IN {
type master;
file "master/db.113-0-203";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
**Alterações realizadas:**
[...]
allow-transfer { key example.com; };
[...]
# Transferencia de zona TSIG
key "example.com" {
algorithm hmac-md5;
secret "13cf4dANsf6pVJLs/AeOJg==";
};
[...]
==== No Slave ====
[root@ns2 ~]# cat /etc/named.conf
acl slave { 127.0.0.1; 203.0.113.201; };
acl lan { 203.0.113.0/24; };
options {
listen-on port 53 { slave; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { slave; lan; };
allow-query-cache { slave; lan; };
//recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
# Transferencia de zona TSIG
key "example.com" {
algorithm hmac-md5;
secret "13cf4dANsf6pVJLs/AeOJg==";
};
server 203.0.113.200 {
keys { example.com; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type slave;
file "slaves/db.example.com";
masters { 203.0.113.200; };
};
zone "113.0.203.in-addr.arpa" IN {
type slave;
file "slaves/db.113-0-203";
masters { 203.0.113.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
**Alterações:**
[...]
# Transferencia de zona TSIG
key "example.com" {
algorithm hmac-md5;
secret "13cf4dANsf6pVJLs/AeOJg==";
};
server 203.0.113.200 {
keys { example.com; };
};
[...]
==== Testando a transferência ====
[root@ns1 ~]# cat /var/named/master/db.example.com
$TTL 1D
@ IN SOA ns1.example.com. hostmaster.example.com. (
2016092102 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS example.com.
example.com. IN TXT "v=spf1 a mx ip4:203.0.113.240 -all"
example.com. IN SPF "v=spf1 a mx ip4:203.0.113.240 -all"
;
NS ns1.example.com.
NS ns2.example.com.
MX 10 mx1.example.com.
;
ns1 IN A 203.0.113.200
ns2 IN A 203.0.113.201
mx1 IN A 203.0.113.240
imap IN CNAME mx1
pop IN CNAME mx1
smtp IN CNAME mx1
webmail IN CNAME mx1
@ IN A 203.0.113.80
ldap IN A 203.0.113.89
Alterações:
[...]
2016092102 ; serial
[...]
ldap IN A 203.0.113.89
[root@ns1 ~]# systemctl restart named.service
[root@ns2 ~]# systemctl restart named.service
[root@ns1 ~]# cat /var/log/messages | egrep -i tsig
Sep 21 10:19:12 ns1 named[12279]: client 203.0.113.201#37465/key example.com (example.com): transfer of 'example.com/IN': AXFR-style IXFR started: TSIG example.com
==== Possíveis erros ====
**Caso a transferência não ocorra, seguir os seguintes passos:**
Sincronizar o ntp
[root@ns1 ~]# ntpdate -u a.ntp.br
[root@ns2 ~]# ntpdate -u a.ntp.br
Verificar o SElinux no Slave
[root@ns2 ~]# getsebool -a | grep named
named_tcp_bind_http_port --> off
named_write_master_zones --> off
[root@ns2 ~]# setsebool -P named_write_master_zones 1
[root@ns2 ~]# getsebool -a | grep named
named_tcp_bind_http_port --> off
named_write_master_zones --> on