DNS主辅同步配置

DNS-学习目录

1、DNS Master服务的配置

1.1、/etc/named.conf配置

1.1.1、修改主配置文件

]# vi /etc/named.conf
...
options {
...
        allow-transfer { 192.168.10.18; }; //允许哪个地址同步master配置信息
        also-notify { 192.168.10.18; };     //主动通知辅助DNS域名变更
...
};
...

1.1.2、添加区域配置文件

]# vi /etc/named.conf 
...
zone "example.com" IN {
  type master;
  file "example.com.zone";
  notify yes;
};
...

1.2、添加区域数据文件

cat << 'CAT_END' >/var/named/example.com.zone 
example.com. 600 IN SOA ns.example.com. sa.example.com. (
2023051644
10800
900
604800
86400)

;ns服务器配置
example.com. IN NS ns1.example.com.
example.com. IN NS ns2.example.com.
ns1.example.com. IN A 192.168.10.19
ns2.example.com. IN A 192.168.10.18

;域名A记录解析,末尾需要.结尾，不然解析不出来
www.example.com. IN A 1.1.1.1
CAT_END

1.3、检测语法，重启服务

named-checkzone example.com /var/named/example.com.zone 
rndc reload

2、DNS Slave服务的配置

2.1、安装bind软件

yum install bind-utils -y
systemctl restart named
systemctl enable named

2.2、/etc/named.conf配置

2.2.1、修改主配置文件

]# vi /etc/named.conf
...
options {
...
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        allow-query     { any; };
        masterfile-format text;
...
}
...

2.2.2、添加区域配置文件

]# vi /etc/named.conf 
...
zone "example.com" IN {
  type slave;
  file "slaves/example.com.zone";
  masters { 192.168.10.19; };
};
...

2.3、检测语法，重启服务

named-checkconf 
rndc reload

3、测试主从解析

3.1、测试 master解析

]# dig www.example.com @192.168.10.19
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        600     IN      A       1.1.1.1

;; AUTHORITY SECTION:
example.com.            600     IN      NS      ns2.example.com.
example.com.            600     IN      NS      ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com.        600     IN      A       192.168.10.19
ns2.example.com.        600     IN      A       192.168.10.18

;; Query time: 0 msec
;; SERVER: 192.168.10.19#53(192.168.10.19)
;; WHEN: Mon May 08 11:51:51 CST 2023
;; MSG SIZE  rcvd: 128

3.2、测试slave解析

]# dig www.example.com @192.168.10.18
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        600     IN      A       1.1.1.1

;; AUTHORITY SECTION:
example.com.            600     IN      NS      ns1.example.com.
example.com.            600     IN      NS      ns2.example.com.

;; ADDITIONAL SECTION:
ns1.example.com.        600     IN      A       192.168.10.19
ns2.example.com.        600     IN      A       192.168.10.18

3.3、测试主从同步

3.3.1、dns master新增一条记录；然后滚动 serial

cat << 'CAT_END' >/var/named/example.com.zone 
example.com. 600 IN SOA ns.example.com. sa.example.com. (
2023051646 ;serial 自增1
10800
900
604800
86400)

;ns服务器配置
example.com. IN NS ns1.example.com.
example.com. IN NS ns2.example.com.
ns1.example.com. IN A 192.168.10.19
ns2.example.com. IN A 192.168.10.18

;域名A记录解析,末尾需要.结尾，不然解析不出来
www.example.com. IN A 1.1.1.1

;增加如下记录
test.example.com. IN A 2.2.2.2
ftp.example.com. IN A 3.3.3.3
CAT_END
rndc reload

3.3.2、master、back测试DNS解析

]# dig test.example.com @192.168.10.18 +short
2.2.2.2

]# dig ftp.example.com @192.168.10.18 +short
3.3.3.3

]# dig test.example.com @192.168.10.19 +short
2.2.2.2

]# dig ftp.example.com @192.168.10.19 +short
3.3.3.3

4、客户端高可用配置

4.1、linux

]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
...
DNS1=192.168.10.18
DNS2=192.168.10.19
...

4.2、windows