从服务器可以从主服务器上抓取指定的区域数据文件起到备份解析记录和负载均衡的作用。
主DNS服务器IP:192.168.16.20
从DNS服务器IP:192.168.16.30
1,修改主服务器区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones }; // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "kernel.org" IN { type master; file "kernel.org.zone"; allow-update { 192.168.16.30; }; //将"any"改为允许更新区域信息的从服务器IP地址"192.168.16.30" };
2,修改从服务器区域配置文件
[root@localhost slaves]# !v vim /etc/named.rfc1912.zones // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "kernel.org" IN { type slave; //"slave"表示从服务器 masters { 192.168.16.20;}; //"192.168.16.20"为主服务器的IP地址 file "slaves/kernel.org.zone"; //抓取过来的区域信息文件保存在"/var/named/slaves/kernel.org.zone" };
3,验证从DNS服务器
从服务器抓取过来的信息文件
[root@localhost ~]# ls /var/named/slaves/ 通过"从服务器:192.168.16.30"验证 [root@localhost ~]# systemctl restart named [root@localhost ~]# ls /var/named/slaves/ kernel.org.zone [root@localhost ~]#
在另一台主机上通过从服务器查询"www.kernel.org"信息,DNS配置为从服务器IP地址。
[root@localhost ~]# vim /etc/resolv.conf 通过"客户端主机:192.168.16.40"验证
# Generated by NetworkManager
nameserver 192.168.16.30
[root@localhost ~]# dig www.kernel.org ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.kernel.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4310 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.kernel.org. IN A ;; ANSWER SECTION: www.kernel.org. 86400 IN A 192.168.16.20 ;; AUTHORITY SECTION: kernel.org. 86400 IN NS ns.kernel.org. ;; ADDITIONAL SECTION: ns.kernel.org. 86400 IN A 192.168.16.20 ;; Query time: 3 msec ;; SERVER: 192.168.16.30#53(192.168.16.30) //DNS服务器地址为"192.168.16.30" ;; WHEN: Thu Feb 11 16:13:00 EST 2016 ;; MSG SIZE rcvd: 92