• 幕客老师召集小伙伴
  • 运维高手36项修炼
  • python自动化运维项目实战
  • nginx从入门到实战
  • 阿里云与Centos7实战

DNS-主从配置

辅助DNS服务器

作用:备份、负载
========================================================
一、主DNS服务器
正向区:
                IN      NS      dns1
                  IN      NS      dns2
dns1            IN      A       192.168.10.66
dns2            IN      A       192.168.10.100

反向区:
                  IN      NS       dns1.com.
                  IN      NS       dns2.com.
66               IN      PTR     dns1.com.
100 IN      PTR     dns2.com.
# service named restart             

二、实现jeson.com正向/反向的辅助
1. 安装软件包
[root@slave ~]# yum -y install bind bind-chroot 

2. 主配置文件
[root@slave ~]# vim /etc/named.conf

zone “jeson.com” {
        type slave;
        file “slaves/jeson.com.zone”;
        masters { 192.168.10.66; };
};

zone “10.168.192.in-addr.arpa” {
        type slave;
        file “slaves/192.168.10.zone”;
        masters { 192.168.10.66; };
};

3. 自动从主服务器传输数据库文件
[root@slave ~]# service named restart
[root@slave ~]# ls /var/named/slaves/
192.168.10.zone  jeson.com.zone
[root@slave ~]# tail /var/log/messages

========================================================
辅助DNS区域传输失败后检查方法:
1. Master阻止(例如防火墙)
2. Slave本身的问题,比如写入目录没有权限(因为DNS进程是以named用户运行)

[root@slave etc]# tail /var/log/messages
Mar 22 18:08:23 localhost named[8738]: transfer of ‘2.168.192.in-addr.arpa/IN’ from 192.168.2.180#53: failed while receiving responses: permission denied
Mar 22 18:08:23 localhost named[8738]: transfer of ‘2.168.192.in-addr.arpa/IN’ from 192.168.2.180#53: end of transfer

[root@slave etc]# ps aux |grep named
named     8738  0.0  0.6  38920  3328 ?        Ssl  18:08   0:00 /usr/sbin/named -u named -t /var/named/chroot
root      8751  0.0  0.1   4264   704 pts/3    R+   18:10   0:00 grep named
[root@slave etc]# ll -d /var/named
drwxr-x— 4 root named 4096 03-22 18:01 /var/named

[root@slave etc]# ll -d /var/named/slaves/ //named用户可以写入
drwxrwx— 2 named named 4096 2004-07-27 /var/named/slaves/
========================================================

4. 辅助DNS服务器端测试
能否正常解析
[root@dc ~]# # dig @192.168.10.66 www.jeson.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37190
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; ANSWER SECTION:
www.jeson.com. 3600 IN A 192.168.10.33

[root@dc ~]# # dig @192.168.10.100 www.jeson.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37190
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; ANSWER SECTION:
www.jeson.com. 3600 IN A 192.168.10.33

三、测试
能否自动更新(当主DNS服务器数据库更新后)
主DNS服务器: 
修改主DNS的数据库(jeson.com),一定要手动增加其serial number版本号
[root@master ~]# vim /var/named/jeson.com.zone
$TTL 3600
@               IN      SOA     dns1.jeson.com. root ( 
                                2014012201 //增大版本号
                                1H  
                                15M 
                                1W  
                                1D )
                IN      NS       dns1
                IN      NS       dns2
dns1        IN      A       192.168.10.66
dns2        IN      A       192.168.10.100
www        IN      A       192.168.10.44 //修改
yum IN A 192.168.10.55 //增加

反向区操作同上

[root@master ~]# service named restart
[root@master ~]# tail -3 /var/log/messages
Sep 28 06:24:19 jeson named[5989]: zone jeson.com/IN: sending notifies (serial 2013081301)
Sep 28 06:24:19 jeson named[5989]: client 192.168.5.2#55692: transfer of ‘jeson.com/IN': AXFR-style IXFR started
Sep 28 06:24:19 jeson named[5989]: client 192.168.5.2#55692: transfer of ‘jeson.com/IN': AXFR-style IXFR ended

继续查询测试:
[root@dc ~]# dig @192.168.10.66 www.jeson.com
[root@dc ~]# dig @192.168.10.66 yum.jeson.com
[root@dc ~]# dig @192.168.10.100 www.jeson.com
[root@dc ~]# dig @192.168.10.100 yum.jeson.com

 

四、实践遇到问题

1、seria在主调的值和从上实际接收到的值不一样。

tail -f /var/log/message

amed[13799]: zone sys.okooo.com/IN/localhost_resolver: serial number (2894207636) received from master 192.168.10.55#53 < ours (3725394600)

原因:

怀疑serial number本身有一个数值范围,如果超出named会自动缩减,求证中。

DNS-主从配置

Pingbacks已打开。

引用地址

暂无评论

发表评论