Linux DNS 主从复制
设置主从DNS的主要是为了冗余,分担压力,防止服务器宕机后,DNS无法正常解析。
配置 master
正常配置
DNS服务。
设置主机名
[root@localhost ~]# hostnamectl set-hostname master
[root@localhost ~]# bash
安装 bind 包
[root@master ~]# yum install bind bind-utils -y
编辑主配置文件
[root@master ~]# vim /etc/named.conf
- 配置监听网段、允许查询网段
listen-on port 53 { 192.168.28.128; };
allow-query { any; };
编辑区域配置文件
[root@master ~]# vim /etc/named.rfc1912.zones
zone "yun.com" IN {
type master;
file "yun.com.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "100.168.192.zone";
allow-update { none; };
};
编辑区域数据配置文件
[root@master ~]# cd /var/named/
- 编辑正向区域数据文件
[root@master named]# cp -p named.localhost yun.com.zone
[root@master named]# vim yun.com.zone
$TTL 1D
@ IN SOA yun.com admin.yun.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS yun.com.
IN A 192.168.28.128
IN MX 10 mail.yun.com.
www IN A 192.168.100.10
ftp IN A 192.168.100.20
bbs IN CNAME www
* IN A 8.8.8.8
- 编辑反向区域数据文件
[root@master named]# cp -p yun.com.zone 100.168.192.zone
[root@master named]# vim 100.168.192.zone
$TTL 1D
@ IN SOA yun.com admin.yun.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS yun.com.
IN A 192.168.28.128
10 IN PTR www.yun.com.
20 IN PTR ftp.yun.com.
启动服务
[root@master ~]# systemctl start named
[root@master ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@master ~]# netstat -ntuap | grep named
tcp 0 0 192.168.28.128:53 0.0.0.0:* LISTEN 34822/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 34822/named
tcp6 0 0 ::1:53 :::* LISTEN 34822/named
tcp6 0 0 ::1:953 :::* LISTEN 34822/named
udp 0 0 192.168.28.128:53 0.0.0.0:* 34822/named
udp6 0 0 ::1:53 :::* 34822/named
关闭防火墙
[root@master ~]# systemctl stop firewalld
[root@master ~]# setenforce 0
nslookup
- 设置
DNS地址
[root@master ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.28.128
- 正向查询
[root@master ~]# nslookup www.yun.com
Server: 192.168.28.128
Address: 192.168.28.128#53
Name: www.yun.com
Address: 192.168.100.10
[root@master ~]# nslookup ftp.yun.com
Server: 192.168.28.128
Address: 192.168.28.128#53
Name: ftp.yun.com
Address: 192.168.100.20
[root@master ~]# nslookup bbs.yun.com
Server: 192.168.28.128
Address: 192.168.28.128#53
bbs.yun.com canonical name = www.yun.com.
Name: www.yun.com
Address: 192.168.100.10
[root@master ~]# nslookup asd.yun.com
Server: 192.168.28.128
Address: 192.168.28.128#53
Name: asd.yun.com
Address: 8.8.8.8
- 反向查询
[root@master ~]# nslookup 192.168.100.10
Server: 192.168.28.128
Address: 192.168.28.128#53
10.100.168.192.in-addr.arpa name = www.yun.com.
[root@master ~]# nslookup 192.168.100.20
Server: 192.168.28.128
Address: 192.168.28.128#53
20.100.168.192.in-addr.arpa name = ftp.yun.com.
allow-transfer
这是最重要的一步,允许传送。配置好后重启服务。
[root@master ~]# vim /etc/named.rfc1912.zones
zone "yun.com" IN {
type master;
file "yun.com.zone";
allow-transfer { 192.168.28.129; };
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "100.168.192.zone";
allow-transfer { 192.168.28.129; };
allow-update { none; };
};
配置 slave
设置主机名
[root@localhost ~]# hostnamectl set-hostname slave
[root@localhost ~]# bash
安装 bind 包
[root@slave ~]# yum install bind bind-utils -y
编辑主配置文件
[root@slave ~]# vim /etc/named.conf
- 配置监听网段、允许查询网段
listen-on port 53 { 192.168.28.129; };
allow-query { any; };
编辑区域配置文件
[root@slave ~]# vim /etc/named.rfc1912.zones
zone "yun.com" IN {
type slave;
file "slaves/yun.com.zone";
masters { 192.168.28.128; };
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/100.168.192.zone";
masters { 192.168.28.128; };
allow-update { none; };
};
启动服务
[root@slave ~]# systemctl start named
[root@slave ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@slave ~]# netstat -ntuap | grep named
tcp 0 0 192.168.28.129:53 0.0.0.0:* LISTEN 1661/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1661/named
tcp6 0 0 ::1:53 :::* LISTEN 1661/named
tcp6 0 0 ::1:953 :::* LISTEN 1661/named
udp 0 0 192.168.28.129:53 0.0.0.0:* 1661/named
udp6 0 0 ::1:53 :::* 1661/named
关闭防火墙
[root@slave ~]# systemctl stop firewalld
[root@slave ~]# setenforce 0
- 区域数据文件自动传送到从服务器
[root@slave ~]# ll /var/named/slaves/
total 8
-rw-r--r--. 1 named named 378 Sep 12 02:11 100.168.192.zone
-rw-r--r--. 1 named named 392 Sep 12 02:11 yun.com.zone
nslookup
- 设置
DNS地址
[root@slave ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.28.129
- 正向查询
[root@slave ~]# nslookup www.yun.com
Server: 192.168.28.129
Address: 192.168.28.129#53
Name: www.yun.com
Address: 192.168.100.10
[root@slave ~]# nslookup ftp.yun.com
Server: 192.168.28.129
Address: 192.168.28.129#53
Name: ftp.yun.com
Address: 192.168.100.20
[root@slave ~]# nslookup bbs.yun.com
Server: 192.168.28.129
Address: 192.168.28.129#53
bbs.yun.com canonical name = www.yun.com.
Name: www.yun.com
Address: 192.168.100.10
[root@slave ~]# nslookup asd.yun.com
Server: 192.168.28.129
Address: 192.168.28.129#53
Name: asd.yun.com
Address: 8.8.8.8
- 反向查询
[root@slave ~]# nslookup 192.168.100.10
Server: 192.168.28.129
Address: 192.168.28.129#53
10.100.168.192.in-addr.arpa name = www.yun.com.
[root@slave ~]# nslookup 192.168.100.20
Server: 192.168.28.129
Address: 192.168.28.129#53
20.100.168.192.in-addr.arpa name = ftp.yun.com.
