zoukankan      html  css  js  c++  java
  • Centos7 下配置主从dns(bind)

    dns 主备搭建

    环境说明

    系统:CentOS 7.6 x86_64
    主master:10.0.0.182
    备slave:10.0.0.115
     

    1、安装主要包,在主备机器都执行如下命令

    yum install bind bind-utils bind-chroot -y

    2、进行配置配置

     
    主master上配置
    /etc/named.conf

    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
    
    options {
            listen-on port 53 { any; };
            listen-on-v6 port 53 { ::1; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            recursing-file  "/var/named/data/named.recursing";
            secroots-file   "/var/named/data/named.secroots";
            allow-query     { any; };
            notify yes;
            recursion yes;
            dnssec-enable yes;
            dnssec-validation yes;
            bindkeys-file "/etc/named/named.root.key";
            managed-keys-directory "/var/named/dynamic";
            pid-file "/run/named/named.pid";
            session-keyfile "/run/named/session.key";
            masterfile-format text ;
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
            type hint;
            file "named.ca";
    };
    
    #include "/etc/named/named.rfc1912.zones";
    include "/etc/named/named.sx.zones";
    include "/etc/named/named.root.key";
    

      

    /etc/named/named.sx.zones,由于该文件是自定义的文件,需要手动更改下文件权限,
    chown root.named /etc/named/named.sx.zones

    zone "sx" IN {
            type master;
            file "zones/sx.zone";
            allow-update { 10.0.0.115; };
            also-notify { 10.0.0.115; };
            allow-transfer { 10.0.0.115; };
    };
    zone "sx.com" IN {
            type master;
            file "zones/sx.com.zone";
            allow-update { 10.0.0.115; };
            also-notify { 10.0.0.115; };
            allow-transfer { 10.0.0.115; };
    };
    
    在/var/named/ 下创建zones目录,并更改用户属主和属组
    mkdir /var/named/zones
    chown named.named /var/named/zones
    cat /var/named/zones/sx.zone

    $TTL 600
    @       IN SOA  @ rname.invalid. (
                                            2       ; serial
                                            1M      ; refresh
                                            1M      ; retry
                                            1M      ; expire
                                            3H )    ; minimum
    @       NS      ns1
    @       NS      ns2
    ns1     A       10.0.0.182
    ns2     A       10.0.0.115
    *     A       10.0.0.184
    
     
    从slave上的配置
    cat /etc/named.conf

    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
    
    options {
            listen-on port 53 { any; };
            listen-on-v6 port 53 { ::1; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            recursing-file  "/var/named/data/named.recursing";
            secroots-file   "/var/named/data/named.secroots";
            allow-query     { any; };
            recursion yes;
            dnssec-enable yes;
            dnssec-validation yes;
            bindkeys-file "/etc/named/named.root.key";
            managed-keys-directory "/var/named/dynamic";
            pid-file "/run/named/named.pid";
            session-keyfile "/run/named/session.key";
            masterfile-format text ;
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
            type hint;
            file "named.ca";
    };
    
    #include "/etc/named/named.rfc1912.zones";
    include "/etc/named/named.sx.zones";
    include "/etc/named/named.root.key";
    
    cat /etc/named/named.sx.zones
    注意自定义文件属组和属主

    zone "sx" IN {
            type slave;
            masters { 10.0.0.182; };
            file "slaves/sx.zone";
    };
    zone "sx.com" IN {
            type slave;
            masters { 10.0.0.182; };
            file "slaves/sx.com.zone";
    };
    

    3、启动(主备上分别操作)

    systemctl start named
    systemctl enable named
    备上启动后,配置文件会自动同步过来
    启动成功标识包含进程和端口

    4、主从测试

    在主上编辑zone配置文件

      

    每次执行完之后serial 值增加1
    然后主上执行systectl restart named
    在备机上验证配置是否同步过来
    先看备机上的日志,tail -n 100 /var/log/message,正常同步会有如下类似提示日志信息

     在看配置文件

    cat /var/named/slaves/sx.com.zone ,看到配置已经同步,serial 值也同步变更过来

    5、客户端配置解析测试

    在内网的其他机器上配置/etc/resolv.conf 添加该dns
    然后进行解析对应域名,可以正常解析
    echo "nameserver 10.0.0.115" >> /etc/resolv.conf

    配置调试过程中问题总结:

    问题一:
    配置完成后备机上zone同步过来的显示的乱码文件
    主要原因:主从解析文件类型不同
    解析方法:
    从服务器配置文件(/etc/named.conf )添加并重启服务
    masterfile-format text ;
    问题二:
    配置完成后发现不会自动主从同步
    主从同步配置需要添加如下配置
    主上需要配置通知服务开启(/etc/named.conf ),添加如下配置
    notify yes;
    在该配置文件上添加如下内容/etc/named/named.sx.zones
    also-notify { 10.0.0.115; }; #配置备机的IP
    allow-transfer { 10.0.0.115; }; #允许备机进行同步数据,同步刷新时间间隔根据zone配置的refresh的时间,进行刷新

  • 相关阅读:
    sfs2x 连接 mongodb
    java websocket
    webstorm 4.0 注册码
    解决 sfs2 admin tool 找不到扩展
    window 注册表五大类
    opengl 学习第二日
    java google Protobuf
    扩展 java sencha touch PhonegapPlugin
    sencha touch2 kryonet socket phonegap 通信 作者:围城
    sencha touch2 layout 笔记
  • 原文地址:https://www.cnblogs.com/Jabe/p/11951959.html
Copyright © 2011-2022 走看看