基于bind搭建DNS主从

使用bind的主从复制功能可以实现的功能:
提供冗余,避免单点故障;
均衡负载查询需求,从而提高系统可用性。

一、安装

#bind-chroot 负责DNS安全作用,将bind进程严格限制在特定的目录中
yum install bind bind-chroot bind-utils

二、配置文件

  • bind主服务器
#bind主配置文件
cat /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 {:1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

#bind正向解析配置
cat /etc/named.rfc1912.zones
zone "ms.com" IN {
type master;
file "openapi-dev.ms.com.zone";
allow-update { none;};
allow-transfer { 172.20.16.3;};
};

cd /var/named/
cat openapi-dev.ms.com.zone 
$TTL 1D
@       IN SOA  ms.com. admin.ms.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                        NS      dns1.ms.com.
                        NS      dns2.ms.com.
dns1      IN A 172.20.16.2
dns2      IN A 172.20.16.3

mysql    IN A 172.20.16.2
rabbitmq IN A 172.20.16.2
eureka   IN A 172.20.16.2
redis    IN A 172.20.16.2
oauth    IN A 172.20.16.2
config   IN A 172.20.16.2
  • bind从服务器
#bind从节点配置文件
cat /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 {:1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

#bind正向解析配置
cat /etc/named.rfc1912.zones 
zone "ms.com" IN {
type slave;
file "slaves/openapi-dev.ms.com.zone";
masters {172.20.16.2;};
masterfile-format text;
allow-transfer { none; };
};

#说明:masterfile-format text;(格式可以是text或者是raw格式,默认不用添加此行,但是本次出现乱码后,添加此行后,乱码消失)

三、启动服务

#检查配置文件是否有语法错误:
named-checkconf

#启动bind服务
systemctl start named

四、更改腾讯云服务器DNS解析

sed -i '$a\DNS1=172.20.16.2\nDNS2=172.20.16.3' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '2,3d' /etc/resolv.conf
sed -i '$a\nameserver=172.20.16.2\nnameserver=172.20.16.3' /etc/resolv.conf

 

posted @ 2018-07-10 20:05  luchuangao  阅读(677)  评论(0编辑  收藏  举报