前言
DNS服务器搭建参考上一篇;
DNS主从复制,就是将主DNS服务器的解析库复制传送至从DNS服务器,进而从服务器就可以进行正向、反向解析了。从服务器向主服务器更新查询数据,保证数据一致性,此为区域传送。也可以说,DNS区域传送,就是DNS主从复制的实现方法,DNS主从复制是DNS区域传送的表现形式。
DNS区域传送的两种方式:
- zxfr:完全区域传送
- ixfr:增量区域传送
当一个新的DNS服务器添加到区域中并配置为从DNS服务器时,它则会执行完全区域传送,在主DNS服务器上获取完整的资源记录副本;同时为了保证数据同步,主域名服务器有更新时也会及时通知辅助域名服务器从而进行更新(增量区域传送)。
区域传送
主服务器:192.168.2.72
从服务器: 192.168.2.104
两台服务器都提前安装好named服务
完全区域传送
1.对主服务器/etc/named.conf配置进行修改,在options配置段内增加:
notify yes;
2.在主服务器上正向、反向文件中增加从服务器的NS记录
正向区域
@ NS dns2
dns2 A 192.168.2.104
反向区域
IN NS dns2.magedu.com.
104 IN PTR dns2.magedu.com.
3.复制主服务器上配置文件至从服务器
#scp 192.168.1.72:/etc/named.rfc1912.zones /etc/
#scp 192.168.1.72:/etc/named.conf /etc/
4.修改从服务器上/etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters { 192.168.2.72; };
file "magedu.com.zone";
};
zone "2.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.2.72; };
file "2.168.192.zone";
};
5.启动从服务器DNS服务,查看日志,及/var/named/目录下是否已同步成功主服务器区域文件
增量区域传送
1.修改主服务器正向解析文件,增加一条A记录,将序列号加1后保存退出
2.reload主DNS服务器,查看日志
主服务器日志:
Jan 20 02:12:55 agent named[35582]: zone 2.168.192.in-addr.arpa/IN: sending notifies (serial 2019011301)
Jan 20 02:12:55 agent named[35582]: client 192.168.2.104#39669 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR started
Jan 20 02:12:55 agent named[35582]: client 192.168.2.104#39669 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR ended
Jan 20 02:12:56 agent named[35582]: client 192.168.2.104#34346: received notify for zone 'magedu.com'
从服务器日志:
Jan 20 03:02:25 zabbix named[100773]: client 192.168.2.72#60290: received notify for zone 'magedu.com'
Jan 20 03:02:25 zabbix named[100773]: zone magedu.com/IN: Transfer started.
Jan 20 03:02:25 zabbix named[100773]: transfer of 'magedu.com/IN' from 192.168.2.72#53: connected using 192.168.2.104#39669
Jan 20 03:02:25 zabbix named[100773]: zone magedu.com/IN: transferred serial 2019012001
Jan 20 03:02:25 zabbix named[100773]: transfer of 'magedu.com/IN' from 192.168.2.72#53: Transfer completed: 1 messages, 10 records, 268 bytes, 0.001 secs (268000 bytes/sec)
Jan 20 03:02:25 zabbix named[100773]: zone magedu.com/IN: sending notifies (serial 2019012001)
Jan 20 03:02:25 zabbix named[100773]: client 192.168.2.72#4595: received notify for zone '2.168.192.in-addr.arpa'
Jan 20 03:02:25 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: notify from 192.168.2.72#4595: zone is up to date
3.在反向解析文件增加一条PTR记录,同样序列号加1
主DNS服务器日志:
Jan 20 02:17:44 agent named[35582]: zone 2.168.192.in-addr.arpa/IN: sending notifies (serial 2019012001)
Jan 20 02:17:44 agent named[35582]: client 192.168.2.104#57041 (2.168.192.in-addr.arpa): transfer of '2.168.192.in-addr.arpa/IN': AXFR-style IXFR started
Jan 20 02:17:44 agent named[35582]: client 192.168.2.104#57041 (2.168.192.in-addr.arpa): transfer of '2.168.192.in-addr.arpa/IN': AXFR-style IXFR ended
从DNS服务器日志:
Jan 20 03:07:38 zabbix named[100773]: client 192.168.2.72#17270: received notify for zone '2.168.192.in-addr.arpa'
Jan 20 03:07:38 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: Transfer started.
Jan 20 03:07:38 zabbix named[100773]: transfer of '2.168.192.in-addr.arpa/IN' from 192.168.2.72#53: connected using 192.168.2.104#57041
Jan 20 03:07:38 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: transferred serial 2019012001
Jan 20 03:07:38 zabbix named[100773]: transfer of '2.168.192.in-addr.arpa/IN' from 192.168.2.72#53: Transfer completed: 1 messages, 8 records, 242 bytes, 0.001 secs (242000 bytes/sec)
Jan 20 03:07:38 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: sending notifies (serial 2019012001)
4.通过dig命令验证
root@node2:~# dig -t A ftp.magedu.com @192.168.2.104
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A ftp.magedu.com @192.168.2.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2878
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.magedu.com. IN A
;; ANSWER SECTION:
ftp.magedu.com. 600 IN A 192.168.2.1
;; AUTHORITY SECTION:
magedu.com. 600 IN NS dns2.magedu.com.
magedu.com. 600 IN NS dns1.magedu.com.
;; ADDITIONAL SECTION:
dns1.magedu.com. 600 IN A 192.168.2.72
dns2.magedu.com. 600 IN A 192.168.2.104
;; Query time: 5 msec
;; SERVER: 192.168.2.104#53(192.168.2.104)
;; WHEN: Sun Jan 20 15:19:47 CST 2019
;; MSG SIZE rcvd: 129
测试通过从服务器反向解析
root@node2:~# dig -x 192.168.2.1 @192.168.2.104
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -x 192.168.2.1 @192.168.2.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14837
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.2.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.2.168.192.in-addr.arpa. 600 IN PTR ftp.magedu.com.
;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 600 IN NS dns1.magedu.com.
2.168.192.in-addr.arpa. 600 IN NS dns2.magedu.com.
;; ADDITIONAL SECTION:
dns1.magedu.com. 600 IN A 192.168.2.72
dns2.magedu.com. 600 IN A 192.168.2.104
;; Query time: 2 msec
;; SERVER: 192.168.2.104#53(192.168.2.104)
;; WHEN: Sun Jan 20 15:24:38 CST 2019
;; MSG SIZE rcvd: 151
DNS子域授权
当一个域很大时,而且还有上下层关系,如果所有的记录变更都由某一台服务来管理的话会很不方便。因此DNS也会域和子域,上层DNS可以将子域的管理授权给子域中的NDS服务器来管理记录的变更,这种做法叫子域授权。
子域授权配置
规划如下:
父域为:magedu.com
NS地址:ns1.magedu.com
子域为:dev.magedu.com
NS地址为:ns1.dev.magedu.com
父域服务器配置
只需在区域解析库文件中添加下层DNS服务器的NS与A记录即可
dev.magedu.com. NS dns1.dev.magedu.com.
dns1.dev.magedu.com. A 192.168.2.165
子域服务器配置
子域需要有完整的区域相关配置
在/etc/named.rfc1912.zones中加入子域定义
zone "dev.magedu.com" IN {
type master;
file "dev.magedu.com.zone";
};
创建dev.magedu.com.zone区域解析文件
$TTL 600
@ IN SOA dns1.dev.magedu.com. admin.dev.magedu.com. (
2019012002;
2H;
15M;
1W;
1D);
@ IN NS dns1
dns1 IN A 192.168.2.165
www IN A 192.168.2.18
在子域DNS服务器添加指向父域的转发器
//将查询父域的请求转发给父域DNS
zone "magedu.com" IN {
type forward;
forward only;
forwarders { 192.168.2.72; };
};
配置完成重启服务。
通过dig命令测试解析结果:
通过子域解析 www.dev.magedu.com
root@node2:~# dig -t A www.dev.magedu.com @192.168.2.165
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A www.dev.magedu.com @192.168.2.165
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36922
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.dev.magedu.com. IN A
;; ANSWER SECTION:
www.dev.magedu.com. 600 IN A 192.168.2.18
;; AUTHORITY SECTION:
dev.magedu.com. 600 IN NS dns1.dev.magedu.com.
;; ADDITIONAL SECTION:
dns1.dev.magedu.com. 600 IN A 192.168.2.165
;; Query time: 17 msec
;; SERVER: 192.168.2.165#53(192.168.2.165)
;; WHEN: Sun Jan 20 16:09:31 CST
通过父域解析 www.dev.magedu.com
root@node2:~# dig -t A www.dev.magedu.com @192.168.2.72
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A www.dev.magedu.com @192.168.2.72
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61135
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.dev.magedu.com. IN A
;; ANSWER SECTION:
www.dev.magedu.com. 600 IN A 192.168.2.18
;; AUTHORITY SECTION:
dev.magedu.com. 600 IN NS dns1.dev.magedu.com.
;; Query time: 318 msec
;; SERVER: 192.168.2.72#53(192.168.2.72)
;; WHEN: Sun Jan 20 16:19:13 CST 2019
;; MSG SIZE rcvd: 82
通过子域DNS服务器解析父域的A记录
root@node2:~# dig -t A www.magedu.com @192.168.2.165
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A www.magedu.com @192.168.2.165
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47969
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 301 IN CNAME web.magedu.com.
web.magedu.com. 301 IN A 192.168.2.21
;; Query time: 2 msec
;; SERVER: 192.168.2.165#53(192.168.2.165)
;; WHEN: Sun Jan 20 16:21:30 CST 2019
;; MSG SIZE rcvd: 873