bind主从搭建
安装主节点bind
yum -y install gcc gcc-c++ openssl-devel openssh-clients wget net-tools pcre-devel make lrzsz unzip zip xz ntpdate lsof python-setuptools python-devel telnet vim tree wget ftp://ftp.isc.org/isc/bind9/9.6.1/bind-9.6.1.tar.gz ./configure --prefix=/data/server/bind --enable-threads --enable-largefile Make && make install /data/server/bind/sbin/rndc-confgen > /data/server/bind/etc/rndc.conf cd /data/server/bind/etc tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
vim /data/server/bind/etc/named.conf
key "rndc-key" { algorithm hmac-md5; secret "/HtAntfnCIY55pG8+RM7aQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/data/server/bind/etc"; pid-file "/data/server/bind/var/run/named.pid"; allow-query { any; }; version "unsupported on this platform"; // 隐藏版本信息 recursion yes; // 允许递归 allow-transfer { 10.9.180.152; }; // 允许从节点同步zone also-notify { 10.9.180.152; }; // 当新的zone文件被调入系统,通知从节点 managed-keys-directory "/data/server/bind/var/run/named"; }; logging{ channel named.log { file "/data/logs/bind/named.log" versions 5 size 20m; severity info; print-time yes; print-severity yes; print-category yes; }; category default { named.log; }; category lame-servers { null; }; }; zone "." IN { type hint; file "/data/server/bind/etc/named.root"; }; include "/data/server/bind/etc/named.dns.missfresh.zones"; include "/data/server/bind/etc/named.root.key";
cat /data/server/bind/etc/named.dns.missfresh.zones
zone "dns.missfresh.net" IN { type master; file "/data/server/bind/etc/named.dns.missfresh.net"; allow-update { none; }; notify yes; }; zone "10.in-addr.arpa" IN { type master; file "/data/server/bind/etc/named.dns.missfresh.local"; allow-update { none; }; }; zone "dns.missfresh.cn" IN { type master; file "/data/server/bind/etc/named.dns.missfresh.cn"; allow-update { none; }; notify yes; }; zone "2.10.in-addr.arpa" IN { type master; file "/data/server/bind/etc/named.dns.missfresh.cn.local"; allow-update { none; }; };
cat /data/server/bind/etc/named.dns.missfresh.net
$TTL 1D @ IN SOA ns.dns.missfresh.net. root.dns.missfresh.net. ( 2017040503 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.dns.missfresh.net. ns IN A 10.9.183.92 idc01-sre-dns-00 IN A 10.9.183.92 idc01-sre-dns-01 IN A 10.9.180.152 idc01-as-web-00 IN A 10.10.101.246 idc01-as-web-01 IN A 10.10.112.46
cat /data/server/bind/etc/named.dns.missfresh.local
$TTL 1D @ IN SOA ns.dns.missfresh.net. root.dns.missfresh.net. ( 2017040503 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.dns.missfresh.net. 92.183.9 IN PTR idc01-sre-dns-00.dns.missfresh.net. 152.180.9 IN PTR idc01-sre-dns-01.dns.missfresh.net. 246.101.10 IN PTR idc01-as-web-00.dns.missfresh.net. 46.112.10 IN PTR idc01-as-web-01.dns.missfresh.net.
测试bind启动:
/data/server/bind/sbin/named -gc /data/server/bind/etc/named.conf
启动bind服务:
/data/server/bind/sbin/named -c /data/server/bind/etc/named.conf
注意一:每次更改完master节点解析配置时,2017040503 ; serial +1 注意二:需配置search
cat /etc/resolv.conf
options timeout:2
search dns.missfresh.net
从节点配置
vim /data/server/bind/etc/named.conf
key "rndc-key" { algorithm hmac-md5; secret "/HtAntfnCIY55pG8+RM7aQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/data/server/bind/etc"; pid-file "/data/server/bind/var/run/named.pid"; allow-query { any; }; version "unsupported on this platform"; // 隐藏版本信息 recursion yes; // 允许递归 managed-keys-directory "/data/server/bind/var/run/named"; }; logging{ channel named.log { file "/data/logs/bind/named.log" versions 5 size 20m; severity info; print-time yes; print-severity yes; print-category yes; }; category default { named.log; }; category lame-servers { null; }; }; zone "." IN { type hint; file "/data/server/bind/etc/named.root"; }; include "/data/server/bind/etc/named.dns.missfresh.zones"; include "/data/server/bind/etc/named.root.key";
vim /data/server/bind/etc/named.dns.missfresh.zones
zone "dns.missfresh.net" IN { type slave; file "/data/server/bind/etc/named.dns.missfresh.net"; masters { 10.9.183.92; }; }; zone "10.in-addr.arpa" IN { type slave; file "/data/server/bind/etc/named.dns.missfresh.local"; masters { 10.9.183.92; }; }; zone "dns.missfresh.cn" IN { type slave; file "/data/server/bind/etc/named.dns.missfresh.cn"; masters { 10.9.183.92; }; }; zone "2.10.in-addr.arpa" IN { type slave; file "/data/server/bind/etc/named.dns.missfresh.cn.local"; masters { 10.9.183.92; }; };
配置named以服务启动:
vim /etc/init.d/named
#!/bin/bash # # named This shell script takes care of starting and stopping # named (BIND DNS server). # # chkconfig: - 13 87 # description: named (BIND) is a Domain Name Server (DNS) \ # that is used to resolve host names to IP addresses. # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. [ -r /etc/sysconfig/network ] && . /etc/sysconfig/network named=named ROOTDIR="/data/server/bind" CHKCONF="$ROOTDIR/sbin/named-checkconf" CHKZONE="$ROOTDIR/sbin/named-checkzone" named_conf="$ROOTDIR/etc/named.conf" RNDC="$ROOTDIR/sbin/rndc" start() { echo -n $"Starting $named: " if [ -n "`/sbin/pidof -o %PPID $named`" ]; then echo -n $"$named: already running" failure echo return 1 fi conf_ok=0; if [ -x $CHKCONF ] && [ -x $CHKZONE ] && $CHKCONF ${named_conf} >/dev/null 2>&1; then conf_ok=1; else RETVAL=$?; fi if [ $conf_ok -eq 1 ]; then daemon $ROOTDIR/sbin/$named -c $named_conf RETVAL=$?; [ $RETVAL -eq 0 ] && touch /var/lock/subsys/named echo return $RETVAL fi } stop() { echo -n $"Stopping $named: " $RNDC stop >/dev/null 2>&1 RETVAL=$? [ "$RETVAL" -eq 0 ] || killproc "$named" -TERM >/dev/null 2>&1 if [ $RETVAL -eq 0 ]; then rm -f /var/lock/subsys/named &> /dev/null rm -f $ROOTDIR/var/run/named.pid &> /dev/null fi; if [ $RETVAL -eq 0 ]; then success else failure fi; echo return $RETVAL } restart() { stop sleep 2 start } status() { $RNDC status return $? } reload() { echo -n $"Reloading $named: " p=`/sbin/pidof -o %PPID $named` RETVAL=$? if [ "$RETVAL" -eq 0 ]; then $RNDC reload >/dev/null 2>&1 || /bin/kill -HUP $p; RETVAL=$? fi [ "$RETVAL" -eq 0 ] && success $"$named reload" || failure $"$named reload" echo return $RETVAL } checkconfig() { if [ -x $CHKCONF ] && [ -x $CHKZONE ] && $CHKCONF ${named_conf} ; then return 0; else return 1; fi } case "$1" in start) start ;; stop) stop ;; status) status ;; restart) restart ;; reload) reload ;; checkconfig|configtest|check|test) checkconfig ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|configtest|probe}" exit 2 ;; esac exit $?
