DNS服务部署（三）之高可用主辅架构

更新时间：2022-10-03 18:09:38

1、架构拓扑图

2、环境描述

服务器名称	IP地址
主DNS服务器	192.168.1.107
辅助DNS服务器	192.168.1.108

注意：这里Linux版本是centos5.8。

3、主辅DNS服务器bind安装

[root@dns-S ~]# yum -y install bind bind-chroot ypbind bind-utils caching-nameserver

注意：这里主DNS服务器我们前面已经部署了！

4、配置辅助DNS服务器

A.将主DNS服务器的named.conf同步到辅助DNS服务器。

[root@dns-M ~]# scp /var/named/chroot/etc/* 192.168.1.108:/var/named/chroot/etc/

root@192.168.1.108's password:

localtime 100% 405 0.4KB/s 00:00

named.caching-nameserver.conf 100% 1230 1.2KB/s 00:00

named.conf 100% 1480 1.5KB/s 00:00

named.rfc1912.zones 100% 1138 1.1KB/s 00:00

named.rfc1912.zones.bak 100% 955 0.9KB/s 00:00

B.修改主DNS服务器的配置文件，允许辅助DNS服务器同步数据

[root@dns-M ~]# cat /etc/named.rfc1912.zones

// named.rfc1912.zones:

// Provided by Red Hat caching-nameserver package

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// See /usr/share/doc/bind*/sample/ for example named configuration files.

zone "." IN {

type hint;

file "named.ca";

};

zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};

zone "pp.org" IN {

type master;

file "pp.org.zone";

allow-update { none; };

allow-transfer { 192.168.1.108; };

also-notify { 192.168.1.108; };

};

zone "1.168.192.in-addr.arpa" IN {

type master;

file "pp.org.local";

allow-update { none; };

allow-transfer { 192.168.1.108; };

also-notify { 192.168.1.108; };

};

C.修改辅助域名服务器的配置文件

[root@dns-S etc]# cat /var/named/chroot/etc/named.rfc1912.zones

// named.rfc1912.zones:

// Provided by Red Hat caching-nameserver package

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// See /usr/share/doc/bind*/sample/ for example named configuration files.

zone "." IN {

type hint;

file "named.ca";

};

zone "pp.org" IN {

type slave;

file "slaves/pp.org.zone";

masters { 192.168.1.107; };

};

zone "1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/pp.org.local";

masters { 192.168.1.107; };

};

D.对文件赋予权限

[root@dns-S etc]#chown -R root.named /var/named/chroot/etc/

E.对配置文件做软链接

[root@dns-S etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@dns-S etc]# ln -s /var/named/chroot/etc/named.rfc1912.zones /etc/named.rfc1912.zones

F.生产named.ca文件

[root@dns-S etc]# dig -t NS . >/var/named/chroot/var/named/named.ca

4、启动服务

[root@dns-S etc]# service named start

Starting named: [ OK ]

5、查看辅助DNS服务器是否同步了主DNS服务器的区域文件

[root@dns-S ~]# cd /var/named/chroot/var/named/slaves/

[root@dns-S slaves]# ls

pp.org.local pp.org.zone

[root@dns-S slaves]# cat pp.org.zone

$ORIGIN .

$TTL 86400 ; 1 day

pp.org IN SOA dns.pp.org. root.pp.org. (

201 ; serial

10800 ; refresh (3 hours)

900 ; retry (15 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS dns.pp.org.

MX 10 mail.pp.org.

$ORIGIN pp.org.

dns A 192.168.1.107

www A 192.168.1.201

A 192.168.1.202

A 192.168.1.203

[root@dns-S slaves]# cat pp.org.local

$ORIGIN .

$TTL 86400 ; 1 day

1.168.192.in-addr.arpa IN SOA dns.pp.org. root.pp.org. (

1997022700 ; serial

28800 ; refresh (8 hours)

14400 ; retry (4 hours)

3600000 ; expire (5 weeks 6 days 16 hours)

86400 ; minimum (1 day)

)

NS dns.pp.org.

$ORIGIN 1.168.192.in-addr.arpa.

201 PTR www1.pp.org.

202 PTR www2.pp.org.

203 PTR www3.pp.org.

6.记录同步测试

A.主DNS服务器添加一条A记录

[root@dns-M ~]# cat /var/named/chroot/var/named/pp.org.zone

$TTL 86400

@ IN SOA dns.pp.org. root.pp.org. (

202 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS dns.pp.org.

IN MX 10 mail.pp.org.

dns.pp.org. IN A 192.168.1.107

www IN A 192.168.1.201

www IN A 192.168.1.202

www IN A 192.168.1.203

web1 IN A 192.168.1.204

使用rndc重载主DNS服务（当然也可以重启named服务，但是DNS服务器在网络中非常重要，因此***使用rndc进行管理）

[root@dns-M ~]# rndc reload

server reload successful

B.验证辅助DNS服务器的同步情况

[root@dns-S slaves]# cat pp.org.zone

$ORIGIN .

$TTL 86400 ; 1 day

pp.org IN SOA dns.pp.org. root.pp.org. (

202 ; serial

10800 ; refresh (3 hours)

900 ; retry (15 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS dns.pp.org.

MX 10 mail.pp.org.

$ORIGIN pp.org.

dns A 192.168.1.107

web1 A 192.168.1.204

www A 192.168.1.201

A 192.168.1.202

A 192.168.1.203

C.主辅不同步的问题

1）辅助DNS不同步(修改主DNS的serial值）

2）允许指定的辅助DNS复制数据allow-transfer语句，指定哪个client可以来复制主的zone文件，这个参数也可以放在options中，放在options全局有效

3）主DNS服务器重启服务立即与辅助DNS服务器进行数据同步（zone中添加了also-notify { 辅助DNSIP地址 }；或者在全局options中声明，可以使用notify yes；)

本文转自鹏爱 51CTO博客，原文链接:http://blog.51cto.com/pengai/1705381

上一篇 : ：打印机服务下一篇 : linux 常用技巧脚本分享

DNS服务部署（三）之高可用主辅架构

相关阅读

推荐文章