Centos7 下配置主从dns(bind)

dns 主备搭建

环境说明

系统:CentOS 7.6 x86_64

主master：10.0.0.182

备slave：10.0.0.115

 

1、安装主要包，在主备机器都执行如下命令

yum install bind bind-utils bind-chroot -y

2、进行配置配置

 

主master上配置

/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        notify yes;
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named/named.root.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        masterfile-format text ;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

#include "/etc/named/named.rfc1912.zones";
include "/etc/named/named.sx.zones";
include "/etc/named/named.root.key";

　　

/etc/named/named.sx.zones，由于该文件是自定义的文件，需要手动更改下文件权限，

chown root.named /etc/named/named.sx.zones

zone "sx" IN {
        type master;
        file "zones/sx.zone";
        allow-update { 10.0.0.115; };
        also-notify { 10.0.0.115; };
        allow-transfer { 10.0.0.115; };
};
zone "sx.com" IN {
        type master;
        file "zones/sx.com.zone";
        allow-update { 10.0.0.115; };
        also-notify { 10.0.0.115; };
        allow-transfer { 10.0.0.115; };
};

在/var/named/ 下创建zones目录，并更改用户属主和属组

mkdir /var/named/zones

chown named.named /var/named/zones

cat /var/named/zones/sx.zone

$TTL 600
@       IN SOA  @ rname.invalid. (
                                        2       ; serial
                                        1M      ; refresh
                                        1M      ; retry
                                        1M      ; expire
                                        3H )    ; minimum
@       NS      ns1
@       NS      ns2
ns1     A       10.0.0.182
ns2     A       10.0.0.115
*     A       10.0.0.184

 

从slave上的配置

cat /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named/named.root.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        masterfile-format text ;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

#include "/etc/named/named.rfc1912.zones";
include "/etc/named/named.sx.zones";
include "/etc/named/named.root.key";

cat /etc/named/named.sx.zones

注意自定义文件属组和属主

zone "sx" IN {
        type slave;
        masters { 10.0.0.182; };
        file "slaves/sx.zone";
};
zone "sx.com" IN {
        type slave;
        masters { 10.0.0.182; };
        file "slaves/sx.com.zone";
};

3、启动(主备上分别操作)

systemctl start named

systemctl enable named

备上启动后，配置文件会自动同步过来

启动成功标识包含进程和端口

4、主从测试

在主上编辑zone配置文件

　　

每次执行完之后serial 值增加1

然后主上执行systectl restart named

在备机上验证配置是否同步过来

先看备机上的日志，tail -n 100 /var/log/message，正常同步会有如下类似提示日志信息

 在看配置文件

cat /var/named/slaves/sx.com.zone ，看到配置已经同步，serial 值也同步变更过来

5、客户端配置解析测试

在内网的其他机器上配置/etc/resolv.conf 添加该dns

然后进行解析对应域名，可以正常解析

echo "nameserver 10.0.0.115" >> /etc/resolv.conf

配置调试过程中问题总结：

问题一：

配置完成后备机上zone同步过来的显示的乱码文件

主要原因：主从解析文件类型不同

解析方法：

从服务器配置文件（/etc/named.conf ）添加并重启服务

masterfile-format text ;

问题二：

配置完成后发现不会自动主从同步

主从同步配置需要添加如下配置

主上需要配置通知服务开启（/etc/named.conf ），添加如下配置

notify yes;

在该配置文件上添加如下内容/etc/named/named.sx.zones

also-notify { 10.0.0.115; }; #配置备机的IP

allow-transfer { 10.0.0.115; }; #允许备机进行同步数据，同步刷新时间间隔根据zone配置的refresh的时间，进行刷新