本文共 27865 字,大约阅读时间需要 92 分钟。
随着公司业务的扩大,服务器的数量也随之变大,在管理上如果还是单独的使用ip来管理,十分的麻烦,而且在某些业务或者软件上,比如使用bi使用hadoop来进行数据挖掘与日志分析的时候,hadoop集群需求dns配合,如果集群机器少,可以使用/etc/hosts里设置,但如果多的话,使用dns是更好的选择,puppet的应用也是如此,所以我最近研究了一下bind技术,把我的成果分享给大家。
一.介绍
DNS 是 (Domain Name System) 的缩写,是因特网的一项核心服务,它作为可以将域名和IP地址相互映射的一个,能够使人更方便的访问,而不用去记住能够被机器直接读取的IP数串。
主从的原理为:
原理:主dns服务器上修改完成后重启服务,会主动传送notify值,如果辅助DNS服务器没有收到才参考Refresh,Refresh 不成功,则参考Retry ,Retry 一直不成功, 则参考 Expire,如果Expire也不成功,则选择放弃zone transfer的过程。
二.测试目的
本次测试主要想达到以下2个目的:
1、dns主从;(如master与slave任何一端dns服务断掉,也可以通过从另外一端来解析域名);
2、自动更新;(如果master修改完成信息后,slave也会自动更新);
三.环境
IP status domain name system192.168.56.104 master ns1.test.com centos 6.2 x86_64192.168.56.105 slave ns2.test.com centos 6.2 x86_64
四、安装
在master与slave都是使用yum来安装bindyum install bind*
五、配置
A.在master端配置
1、修改/etc/named.conf
此文件注意是提供bind的配置
下面我的master的配置
[root@master ~]# cat /etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options { //服务器的全局配置选项及一些默认设置listen-on port 53 { any; }; //监听端口,也可写为 { 127.0.0.1; 192.168.56.104; }# listen-on-v6 port 53 { ::1; }; //对ip6支持directory "/var/named"; //区域文件存储目录dump-file "/var/named/data/cache_dump.db"; //dump cach的目录directorystatistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { any; }; //指定允许进行查询的主机,当然是要所有的电脑都可以查啦recursion yes; //设置进行递归查询allow-transfer { 192.168.56.105;}; //指定允许接受区域传送请求的主机,说明白一点就是辅dns的ipdnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging { //指定服务器日志记录的内容和日志信息来源channel default_debug {file "data/named.run";severity dynamic;};};zone "." IN {type hint;file "named.ca";};include "/etc/named.rfc1912.zones"; //包含文件,这里也就是载入/etc/named.rfc1912.zones#include "/etc/named.root.key";
注意:红色字体为需要修改的地方。
2、/etc/named.rfc1912.zones
此文件主要是保存正向解析与反向解决配置
下面是我在master里的配置
[root@master ~]# cat /etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1 : localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c)2007 R W Franks//// See /usr/share/doc/bind*/sample/ for example named configuration files.//#zone "localhost.localdomain" IN {# type master;# file "named.localhost";# allow-update { none; };#};zone "test.com" IN {type master;file "named.test.com";notify yes;also-notify { 192.168.56.105;};allow-update { none;};allow-transfer { 192.168.56.105; };};#zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {# type master;# file "named.loopback";# allow-update { none; };#};zone "56.168.192.in-addr.arpa" IN {type master;file "192.168.56.arpa";# notify yes;# also-notify { 192.168.56.105;};allow-update { none;};allow-transfer { 192.168.56.105; };};#zone "0.in-addr.arpa" IN {# type master;# file "named.empty";# allow-update { none; };#};
说到底也就是2个功能:
1、增加一个正向解析的域名test.com,设置类型为master,同时允许在更新时候通知192.168.56.105;
2、增加一个反向节点的ip,同样设置类型为master,也允许在更新时候通知192.168.56.105;
其他不需要的地方你可以删除与注释掉。
3、到/var/named目录下,添加正向解析与反向解析的文件
cd /var/named/cp –p name.localhost name.test.comcp –p name.localhost 192.168.56.arpa
下面是我的master的正向解析配置
[root@master named]# cat named.test.com$TTL 1D@ IN SOA ns1.test.com. root.localhost. (# SOA字段2013070814 ; serial # 版本号 同步一次 +1,一般格式为年月日+次数,如果想在master修改一次slve就自动更新,每次修改完后必须+1,也就是说每次想slave同步master,必须保证master的serial比slave的大60 ; refresh # 更新时间1H ; retry # 更新失败,重试更新时间1W ; expire#更新失败多长时间后此DNS失效时间3H ) ; minimum # 解析不到请求不予回复时间NS ns1.test.com.NS ns2.test.com.A 192.168.56.104server A 192.168.56.101client1 A 192.168.56.103ubuntu A 192.168.56.102ns1 A 192.168.56.104ns2 A 192.168.56.105
说明
SOA
此记录指定区域的起点。它所包含的信息有区域名、区域管理员地址,以及指示辅 DNS如何更新区域数据文件的设置等。
常用的类型[3]
A 地址 此记录列出特定的 IP 地址。这是名称解析的重要记录。
CNAME 标准名称 此记录指定标准的别名。
MX此记录列出了负责接收发到域中的电子邮件的。
NS此记录指定负责给定区域的名称服务器。
下面是我的master的反向解析配置
[root@master named]# cat 192.168.56.arpa$TTL 1D@ IN SOA ns1.test.com. root.lcoalhost. (2013070814 ; serial60 ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns1.test.com.NS ns2.test.com.101 PTR server.test.com.102 PTR ubuntu.test.com.103 PTR client1.test.com.104 PTR ns1.test.com.105 PTR ns2.test.com.
4、启动bind
/etc/init.d/named start
5、把本机的dns解析指向我们刚建立的
[root@master named]# cat /etc/resolv.confnameserver 192.168.56.104nameserver 192.168.56.105
6、使用nslookup测试
[root@master named]# ifconfig eth0eth0 Link encap:Ethernet HWaddr 08:00:27:59:BB:1Finet addr:192.168.56.104 Bcast:192.168.56.255 Mask:255.255.255.0inet6 addr: fe80::a00:27ff:fe59:bb1f/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:2761 errors:0 dropped:0 overruns:0 frame:0TX packets:3224 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:255523 (249.5 KiB) TX bytes:455771 (445.0 KiB)[root@master named]# nslookup> ns1.test.comServer: 192.168.56.104Address: 192.168.56.104#53Name: ns1.test.comAddress: 192.168.56.104> ns2.test.comServer: 192.168.56.104Address: 192.168.56.104#53Name: ns2.test.comAddress: 192.168.56.105> server.test.comServer: 192.168.56.104Address: 192.168.56.104#53Name: server.test.comAddress: 192.168.56.101> 192.168.56.104Server: 192.168.56.104Address: 192.168.56.104#53104.56.168.192.in-addr.arpa name = ns1.test.com.> 192.168.56.105Server: 192.168.56.104Address: 192.168.56.104#53105.56.168.192.in-addr.arpa name = ns2.test.com.> 192.168.56.101Server: 192.168.56.104Address: 192.168.56.104#53101.56.168.192.in-addr.arpa name = server.test.com.
使用dig测试
[root@master named]# dig ns1.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25723;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns1.test.com. IN A;; ANSWER SECTION:ns1.test.com. 86400 IN A 192.168.56.104;; AUTHORITY SECTION:test.com. 86400 IN NS ns2.test.com.test.com. 86400 IN NS ns1.test.com.;; ADDITIONAL SECTION:ns2.test.com. 86400 IN A 192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul 8 10:11:30 2013;; MSG SIZE rcvd: 94[root@master named]# dig ns2.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16279;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns2.test.com. IN A;; ANSWER SECTION:ns2.test.com. 86400 IN A 192.168.56.105;; AUTHORITY SECTION:test.com. 86400 IN NS ns2.test.com.test.com. 86400 IN NS ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com. 86400 IN A 192.168.56.104;; Query time: 0 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul 8 10:11:33 2013;; MSG SIZE rcvd: 94[root@master named]# dig server.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1422;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;server.test.com. IN A;; ANSWER SECTION:server.test.com. 86400 IN A 192.168.56.101;; AUTHORITY SECTION:test.com. 86400 IN NS ns2.test.com.test.com. 86400 IN NS ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com. 86400 IN A 192.168.56.104ns2.test.com. 86400 IN A 192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul 8 10:11:38 2013;; MSG SIZE rcvd: 117
可以看到这些解析都是从SERVER: 192.168.56.104#53(192.168.56.104)也就是192.168.56.104这dns解析的
B、在slave端配置
1、修改/etc/named.conf
此文件注意是提供bind的配置
下面我的slave的配置
[root@slave named]# cat /etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 { any; };# listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { any; };recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging {channel default_debug {file "data/named.run";severity dynamic;};};zone "." IN {type hint;file "named.ca";};include "/etc/named.rfc1912.zones";#include "/etc/named.root.key";
2、/etc/named.rfc1912.zones
此文件主要是保存正向解析与反向解决配置
下面是我在slave里的配置
[root@slave named]# cat /etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1 : localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c)2007 R W Franks//// See /usr/share/doc/bind*/sample/ for example named configuration files.//#zone "localhost.localdomain" IN {# type master;# file "named.localhost";# allow-update { none; };#};zone "test.com" IN {type slave;file "named.test.com";#allow-update { none;};masters { 192.168.56.104;};allow-update { none;};};#zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {# type master;# file "named.loopback";# allow-update { none; };#};zone "56.168.192.in-addr.arpa" IN {type slave;file "192.168.56.arpa";# allow-update { none; };masters { 192.168.56.104;};allow-update { none; };};#zone "0.in-addr.arpa" IN {# type master;# file "named.empty";# allow-update { none; };#};
3、启动slave的bind服务
由于我使用dns的master与slave的自动更新,所以在slave段不需要配置正向解析与反向解析,slave会在启动时直接从master端获取配置。
先启动bind
/etc/init.d/named start
然后查看master端的/var/log/message的日志
Jul 8 10:16:21 master named-sdb[2060]: client 192.168.56.105#40695: transfer of 'test.com/IN': AXFR startedJul 8 10:16:21 master named-sdb[2060]: client 192.168.56.105#40695: transfer of 'test.com/IN': AXFR endedJul 8 10:16:22 master named-sdb[2060]: client 192.168.56.105#34075: transfer of '56.168.192.in-addr.arpa/IN': AXFR startedJul 8 10:16:22 master named-sdb[2060]: client 192.168.56.105#34075: transfer of '56.168.192.in-addr.arpa/IN': AXFR ended查看slave段的/var/log/message的日志Jul 8 02:16:22 slave named-sdb[5004]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 -u named -t /var/named/chrootJul 8 02:16:22 slave named-sdb[5004]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'Jul 8 02:16:22 slave named-sdb[5004]: ----------------------------------------------------Jul 8 02:16:22 slave named-sdb[5004]: BIND 9 is maintained by Internet Systems Consortium,Jul 8 02:16:22 slave named-sdb[5004]: Inc. (ISC), a non-profit 501(c)(3) public-benefitJul 8 02:16:22 slave named-sdb[5004]: corporation. Support and training for BIND 9 areJul 8 02:16:22 slave named-sdb[5004]: available at https://www.isc.org/supportJul 8 02:16:22 slave named-sdb[5004]: ----------------------------------------------------Jul 8 02:16:22 slave named-sdb[5004]: adjusted limit on open files from 4096 to 1048576Jul 8 02:16:22 slave named-sdb[5004]: found 2 CPUs, using 2 worker threadsJul 8 02:16:22 slave named-sdb[5004]: using up to 4096 socketsJul 8 02:16:22 slave named-sdb[5004]: SDB ldap zone database module loaded.Jul 8 02:16:22 slave named-sdb[5004]: SDB postgreSQL DB zone database module loaded.Jul 8 02:16:22 slave named-sdb[5004]: SDB sqlite3 DB zone database module loaded.Jul 8 02:16:22 slave named-sdb[5004]: SDB directory DB zone database module loaded.Jul 8 02:16:22 slave named-sdb[5004]: loading configuration from '/etc/named.conf'Jul 8 02:16:22 slave named-sdb[5004]: /etc/named.rfc1912.zones:24: option 'allow-update' is not allowed in 'slave' zone 'test.com'Jul 8 02:16:22 slave named-sdb[5004]: /etc/named.rfc1912.zones:38: option 'allow-update' is not allowed in 'slave' zone '56.168.192.in-addr.arpa'Jul 8 02:16:22 slave named-sdb[5004]: reading built-in trusted keys from file '/etc/named.iscdlv.key'Jul 8 02:16:22 slave named-sdb[5004]: using default UDP/IPv4 port range: [1024, 65535]Jul 8 02:16:22 slave named-sdb[5004]: using default UDP/IPv6 port range: [1024, 65535]Jul 8 02:16:22 slave named-sdb[5004]: no IPv6 interfaces foundJul 8 02:16:22 slave named-sdb[5004]: listening on IPv4 interface lo, 127.0.0.1#53Jul 8 02:16:22 slave named-sdb[5004]: listening on IPv4 interface eth0, 192.168.56.105#53Jul 8 02:16:22 slave named-sdb[5004]: generating session key for dynamic DNSJul 8 02:16:22 slave named-sdb[5004]: sizing zone task pool based on 3 zonesJul 8 02:16:22 slave named-sdb[5004]: using built-in DLV key for view _defaultJul 8 02:16:22 slave named-sdb[5004]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'Jul 8 02:16:22 slave named-sdb[5004]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zonesJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 0.IN-ADDR.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 127.IN-ADDR.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 254.169.IN-ADDR.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 2.0.192.IN-ADDR.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 100.51.198.IN-ADDR.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 113.0.203.IN-ADDR.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: D.F.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 8.E.F.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 9.E.F.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: A.E.F.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: B.E.F.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPAJul 8 02:16:22 slave named-sdb[5004]: command channel listening on 127.0.0.1#953Jul 8 02:16:22 slave named-sdb[5004]: managed-keys-zone ./IN: loaded serial 5Jul 8 02:16:22 slave named-sdb[5004]: runningJul 8 02:16:22 slave named-sdb[5004]: zone test.com/IN: Transfer started.Jul 8 02:16:22 slave named-sdb[5004]: transfer of 'test.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#40695Jul 8 02:16:22 slave named-sdb[5004]: zone test.com/IN: transferred serial 2013070814Jul 8 02:16:22 slave named-sdb[5004]: transfer of 'test.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 10 records, 266 bytes, 0.005 secs (53200 bytes/sec)Jul 8 02:16:22 slave named-sdb[5004]: zone test.com/IN: sending notifies (serial 2013070814)Jul 8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: Transfer started.Jul 8 02:16:22 slave named-sdb[5004]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168.56.104#53: connected using 192.168.56.105#34075Jul 8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: transferred serial 2013070814Jul 8 02:16:22 slave named-sdb[5004]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 9 records, 283 bytes, 0.006 secs (47166 bytes/sec)Jul 8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)
可以在日志里看到master已经给slave发送了配置,而slave也收到了。
在系统上查看是否收到了文件
[root@slave ~]# cd /var/named/[root@slave named]# lltotal 40-rw-r--r-- 1 named named 461 Jul 8 02:16 192.168.56.arpadrwxr-x--- 6 named named 4096 Jul 7 21:14 chrootdrwxrwx--- 2 named named 4096 Jul 7 22:01 datadrwxrwx--- 2 named named 4096 Jul 8 02:17 dynamic-rw-r----- 1 named named 1892 Feb 18 2008 named.ca-rw-r----- 1 named named 152 Dec 15 2009 named.empty-rw-r----- 1 named named 152 Jun 21 2007 named.localhost-rw-r----- 1 named named 168 Dec 15 2009 named.loopback-rw-r--r-- 1 named named 447 Jul 8 02:16 named.test.comdrwxrwx--- 2 named named 4096 Mar 29 06:21 slaves
可以看到系统里已经有了正常解析与反向解析
4、在本机指向刚才设置的dns
[root@slave named]# cat /etc/resolv.confnameserver 192.168.56.104nameserver 192.168.56.105
5、使用dig测试
[root@slave named]# dig ns1.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53453;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns1.test.com. IN A;; ANSWER SECTION:ns1.test.com. 86400 IN A 192.168.56.104;; AUTHORITY SECTION:test.com. 86400 IN NS ns1.test.com.test.com. 86400 IN NS ns2.test.com.;; ADDITIONAL SECTION:ns2.test.com. 86400 IN A 192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul 8 02:28:26 2013;; MSG SIZE rcvd: 94[root@slave named]# dig ns2.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15455;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns2.test.com. IN A;; ANSWER SECTION:ns2.test.com. 86400 IN A 192.168.56.105;; AUTHORITY SECTION:test.com. 86400 IN NS ns1.test.com.test.com. 86400 IN NS ns2.test.com.;; ADDITIONAL SECTION:ns1.test.com. 86400 IN A 192.168.56.104;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul 8 02:28:32 2013;; MSG SIZE rcvd: 94[root@slave named]# dig server.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37155;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;server.test.com. IN A;; ANSWER SECTION:server.test.com. 86400 IN A 192.168.56.101;; AUTHORITY SECTION:test.com. 86400 IN NS ns2.test.com.test.com. 86400 IN NS ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com. 86400 IN A 192.168.56.104ns2.test.com. 86400 IN A 192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul 8 02:28:36 2013;; MSG SIZE rcvd: 117
现在dns的master与slave与自动更新配置完成。
6、我们在测试一下,如果master端修改了或者添加了配置slave端是否能接收最新的配置
我现在master端的name.test.com的配置
[root@centos named]# cat named.test.com$TTL 1D@ IN SOA ns1.test.com. root.localhost. (2013070822 ; serial60 ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns1.test.com.NS ns2.test.com.A 192.168.56.104server A 192.168.56.101client1 A 192.168.56.103ubuntu A 192.168.56.102ns1 A 192.168.56.104ns2 A 192.168.56.105test2 A 192.168.8.1test1 A 192.168.8.12test3 A 192.168.8.3
可以看到添加了test1-3的几个正向解析。
然后在master端重启bind
/etc/init.d/named restart
查看master端日志
我只列出传输日志
Jul 8 12:00:49 master named-sdb[4967]: zone 56.168.192.in-addr.arpa/IN: loaded serial 2013070814Jul 8 12:00:49 master named-sdb[4967]: zone test.com/IN: loaded serial 2013070822Jul 8 12:00:49 master named-sdb[4967]: managed-keys-zone ./IN: loaded serial 6Jul 8 12:00:49 master named-sdb[4967]: runningJul 8 12:00:49 master named-sdb[4967]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)Jul 8 12:00:49 master named-sdb[4967]: zone test.com/IN: sending notifies (serial 2013070822)在查看slave端日志Jul 8 04:03:36 slave named-sdb[13688]: client 192.168.56.104#48310: received notify for zone 'test.com'Jul 8 04:03:36 slave named-sdb[13688]: zone test.com/IN: Transfer started.Jul 8 04:03:36 slave named-sdb[13688]: transfer of 'test.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#37661Jul 8 04:03:36 slave named-sdb[13688]: zone test.com/IN: transferred serial 2013070822Jul 8 04:03:36 slave named-sdb[13688]: transfer of 'test.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 13 records, 332 bytes, 0.005 secs (66400 bytes/sec)Jul 8 04:03:36 slave named-sdb[13688]: zone test.com/IN: sending notifies (serial 2013070822)Jul 8 04:03:37 slave named-sdb[13688]: client 192.168.56.104#21155: received notify for zone '56.168.192.in-addr.arpa'Jul 8 04:03:37 slave named-sdb[13688]: zone 56.168.192.in-addr.arpa/IN: notify from 192.168.56.104#21155: zone is up to date
然后在slave里查看name.test.com文件内容
[root@cacti named]# cd /var/named/[root@cacti named]# cat named.test.com$ORIGIN .$TTL 86400 ; 1 daytest.com IN SOA ns1.test.com. root.localhost. (2013070822 ; serial60 ; refresh (1 minute)3600 ; retry (1 hour)604800 ; expire (1 week)10800 ; minimum (3 hours))NS ns1.test.com.NS ns2.test.com.A 192.168.56.104$ORIGIN test.com.client1 A 192.168.56.103ns1 A 192.168.56.104ns2 A 192.168.56.105server A 192.168.56.101test1 A 192.168.8.12test2 A 192.168.8.1test3 A 192.168.8.3ubuntu A 192.168.56.102
可以看到成功更新了。
7、现在我们把master端的dns服务停掉,看看slave是否能解析
[root@slave named]# dig ns1.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38700;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns1.test.com. IN A;; ANSWER SECTION:ns1.test.com. 86400 IN A 192.168.56.104;; AUTHORITY SECTION:test.com. 86400 IN NS ns2.test.com.test.com. 86400 IN NS ns1.test.com.;; ADDITIONAL SECTION:ns2.test.com. 86400 IN A 192.168.56.105;; Query time: 0 msec;; SERVER: 192.168.56.105#53(192.168.56.105);; WHEN: Mon Jul 8 02:30:22 2013;; MSG SIZE rcvd: 94[root@slave named]# dig ns2.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28400;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns2.test.com. IN A;; ANSWER SECTION:ns2.test.com. 86400 IN A 192.168.56.105;; AUTHORITY SECTION:test.com. 86400 IN NS ns2.test.com.test.com. 86400 IN NS ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com. 86400 IN A 192.168.56.104;; Query time: 1 msec;; SERVER: 192.168.56.105#53(192.168.56.105);; WHEN: Mon Jul 8 02:30:29 2013;; MSG SIZE rcvd: 94[root@slave named]# dig server.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26633;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;server.test.com. IN A;; ANSWER SECTION:server.test.com. 86400 IN A 192.168.56.101;; AUTHORITY SECTION:test.com. 86400 IN NS ns1.test.com.test.com. 86400 IN NS ns2.test.com.;; ADDITIONAL SECTION:ns1.test.com. 86400 IN A 192.168.56.104ns2.test.com. 86400 IN A 192.168.56.105;; Query time: 0 msec;; SERVER: 192.168.56.105#53(192.168.56.105);; WHEN: Mon Jul 8 02:30:34 2013;; MSG SIZE rcvd: 117
可以看到master端dbs服务断掉后,域名也可以通过slave端来进行解析。
反之,如果slave端dns服务断掉后,域名也可以通过master端进行解析。
如果测试完成后,可以把bind的服务给添加到开机启动
[root@master named]# chkconfig --list namednamed 0:off 1:off 2:off 3:off 4:off 5:off 6:off[root@master named]# chkconfig --level 345 named on[root@master named]# chkconfig --list namednamed 0:off 1:off 2:off 3:on 4:on 5:on 6:off
同时在生产环境的配置的时候,需要把master与slave的时间弄成一致,比如使用ntp同步时间,而且别再机器上开启ipstables与selinux,否则出现你master发送notify后,slave端无法接收。
而且如果在master端增加新域名的话,需要注意的是
1、在master与slave的/etc/named.rfc1912.zones都添加配置
2、在master与slave都重启bind,如果只是master端重启,而slave端不重启,会出现在master发送配置的时候,slave日志为client 192.168.56.104#11005: received notify for zone 'xxx.com': not authoritative,同时不能接收到更新;
Slave端重启后会成功的同步
Jul 8 04:13:18 cacti named-sdb[14449]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)Jul 8 04:13:18 cacti named-sdb[14449]: zone test.com/IN: sending notifies (serial 2013070822)Jul 8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: Transfer started.Jul 8 04:13:18 cacti named-sdb[14449]: transfer of 'hadoop.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#49804Jul 8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: transferred serial 2013070813Jul 8 04:13:18 cacti named-sdb[14449]: transfer of 'hadoop.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 9 records, 265 bytes, 0.004 secs (66250 bytes/sec)Jul 8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: sending notifies (serial 2013070813)
可以从日志里看到同步成功。
如果在/var/log/message日志里出现一下内容
Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns1.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsc.nic.uk/A/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsc.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns2.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsa.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns6.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul 8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsd.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul 8 13:36:36 master named-sdb[6324]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN': 2001:502:ad09::3#53
原因是try to use IPv6 transport even if the server host does not have IPv6 connectivity
解决方法:可以在直接编译配置文件/etc/sysconfig/named,去除去IPv6的解析,只解析IPv4,OPTIONS="whatever" 改为 OPTIONS="-4",注意OPTIONS选项的值可以是:whatever、-4、-6中的一
转载地址:http://uzedx.baihongyu.com/