基于bind搭建DNS主从
使用bind的主从复制功能可以实现的功能:
提供冗余,避免单点故障;
均衡负载查询需求,从而提高系统可用性。
一、安装
#bind-chroot 负责DNS安全作用,将bind进程严格限制在特定的目录中 yum install bind bind-chroot bind-utils
二、配置文件
- bind主服务器
#bind主配置文件 cat /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 {:1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; #bind正向解析配置 cat /etc/named.rfc1912.zones zone "ms.com" IN { type master; file "openapi-dev.ms.com.zone"; allow-update { none;}; allow-transfer { 172.20.16.3;}; }; cd /var/named/ cat openapi-dev.ms.com.zone $TTL 1D @ IN SOA ms.com. admin.ms.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns1.ms.com. NS dns2.ms.com. dns1 IN A 172.20.16.2 dns2 IN A 172.20.16.3 mysql IN A 172.20.16.2 rabbitmq IN A 172.20.16.2 eureka IN A 172.20.16.2 redis IN A 172.20.16.2 oauth IN A 172.20.16.2 config IN A 172.20.16.2
- bind从服务器
#bind从节点配置文件 cat /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 {:1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; #bind正向解析配置 cat /etc/named.rfc1912.zones zone "ms.com" IN { type slave; file "slaves/openapi-dev.ms.com.zone"; masters {172.20.16.2;}; masterfile-format text; allow-transfer { none; }; }; #说明:masterfile-format text;(格式可以是text或者是raw格式,默认不用添加此行,但是本次出现乱码后,添加此行后,乱码消失)
三、启动服务
#检查配置文件是否有语法错误: named-checkconf #启动bind服务 systemctl start named
四、更改腾讯云服务器DNS解析
sed -i '$a\DNS1=172.20.16.2\nDNS2=172.20.16.3' /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i '2,3d' /etc/resolv.conf sed -i '$a\nameserver=172.20.16.2\nnameserver=172.20.16.3' /etc/resolv.conf