博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
centos 6.2安装bind 9.8.2 master、slave与自动修改后更新
阅读量:5830 次
发布时间:2019-06-18

本文共 27865 字,大约阅读时间需要 92 分钟。

随着公司业务的扩大,服务器的数量也随之变大,在管理上如果还是单独的使用ip来管理,十分的麻烦,而且在某些业务或者软件上,比如使用bi使用hadoop来进行数据挖掘与日志分析的时候,hadoop集群需求dns配合,如果集群机器少,可以使用/etc/hosts里设置,但如果多的话,使用dns是更好的选择,puppet的应用也是如此,所以我最近研究了一下bind技术,把我的成果分享给大家。

一.介绍

DNS  (Domain Name System) 的缩写,是因特网的一项核心服务,它作为可以将域名和IP地址相互映射的一个,能够使人更方便的访问,而不用去记住能够被机器直接读取的IP数串。

主从的原理为:

原理:主dns服务器上修改完成后重启服务,会主动传送notify值,如果辅助DNS服务器没有收到才参考RefreshRefresh 不成功,则参考Retry Retry 一直不成功则参考 Expire,如果Expire也不成功,则选择放弃zone transfer的过程。

测试目的

本次测试主要想达到以下2个目的:

1、dns主从;(masterslave任何一端dns服务断掉也可以通过从另外一端来解析域名);

2、自动更新;(如果master修改完成信息后,slave也会自动更新);

三.环境

IP              status          domain name         system192.168.56.104      master          ns1.test.com        centos 6.2 x86_64192.168.56.105      slave           ns2.test.com        centos 6.2 x86_64

四、安装

在master与slave都是使用yum来安装bindyum install bind*

五、配置

A.在master端配置

1、修改/etc/named.conf

此文件注意是提供bind的配置

下面我的master的配置

[root@master ~]# cat /etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options { //服务器的全局配置选项及一些默认设置listen-on port 53 { any; }; //监听端口,也可写为 { 127.0.0.1; 192.168.56.104; }#   listen-on-v6 port 53 { ::1; }; //对ip6支持directory   "/var/named"; //区域文件存储目录dump-file   "/var/named/data/cache_dump.db"; //dump cach的目录directorystatistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query     { any; }; //指定允许进行查询的主机,当然是要所有的电脑都可以查啦recursion yes; //设置进行递归查询allow-transfer  { 192.168.56.105;}; //指定允许接受区域传送请求的主机,说明白一点就是辅dns的ipdnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging { //指定服务器日志记录的内容和日志信息来源channel default_debug {file "data/named.run";severity dynamic;};};zone "." IN {type hint;file "named.ca";};include "/etc/named.rfc1912.zones"; //包含文件,这里也就是载入/etc/named.rfc1912.zones#include "/etc/named.root.key";

注意:红色字体为需要修改的地方。

2/etc/named.rfc1912.zones

此文件主要是保存正向解析与反向解决配置

下面是我在master里的配置

[root@master ~]# cat /etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1 : localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c)2007 R W Franks//// See /usr/share/doc/bind*/sample/ for example named configuration files.//#zone "localhost.localdomain" IN {#   type master;#   file "named.localhost";#   allow-update { none; };#};zone "test.com" IN {type master;file "named.test.com";notify yes;also-notify { 192.168.56.105;};allow-update { none;};allow-transfer { 192.168.56.105; };};#zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {#   type master;#   file "named.loopback";#   allow-update { none; };#};zone "56.168.192.in-addr.arpa" IN {type master;file "192.168.56.arpa";#   notify yes;#   also-notify { 192.168.56.105;};allow-update { none;};allow-transfer { 192.168.56.105; };};#zone "0.in-addr.arpa" IN {#   type master;#   file "named.empty";#   allow-update { none; };#};

说到底也就是2个功能:

1、增加一个正向解析的域名test.com,设置类型为master,同时允许在更新时候通知192.168.56.105

2、增加一个反向节点的ip,同样设置类型为master,也允许在更新时候通知192.168.56.105

其他不需要的地方你可以删除与注释掉。

3、/var/named目录下,添加正向解析与反向解析的文件

cd /var/named/cp –p name.localhost  name.test.comcp –p name.localhost  192.168.56.arpa

下面是我的master的正向解析配置

[root@master named]# cat named.test.com$TTL 1D@   IN SOA  ns1.test.com.  root.localhost. (# SOA字段2013070814  ; serial # 版本号 同步一次 +1,一般格式为年月日+次数,如果想在master修改一次slve就自动更新,每次修改完后必须+1,也就是说每次想slave同步master,必须保证master的serial比slave的大60  ; refresh # 更新时间1H  ; retry # 更新失败,重试更新时间1W  ; expire#更新失败多长时间后此DNS失效时间3H )    ; minimum # 解析不到请求不予回复时间NS  ns1.test.com.NS  ns2.test.com.A   192.168.56.104server  A   192.168.56.101client1 A   192.168.56.103ubuntu  A   192.168.56.102ns1 A   192.168.56.104ns2 A   192.168.56.105

说明

SOA

此记录指定区域的起点。它所包含的信息有区域名、区域管理员地址,以及指示辅 DNS如何更新区域数据文件的设置等。

常用的类型[3]

地址 此记录列出特定的 IP 地址。这是名称解析的重要记录。

CNAME 标准名称 此记录指定标准的别名。

MX此记录列出了负责接收发到域中的电子邮件的

NS此记录指定负责给定区域的名称服务器。

下面是我的master的反向解析配置

[root@master named]# cat 192.168.56.arpa$TTL 1D@   IN SOA  ns1.test.com.   root.lcoalhost. (2013070814  ; serial60  ; refresh1H  ; retry1W  ; expire3H )    ; minimumNS  ns1.test.com.NS  ns2.test.com.101 PTR server.test.com.102 PTR ubuntu.test.com.103 PTR client1.test.com.104 PTR ns1.test.com.105 PTR ns2.test.com.

4、启动bind

/etc/init.d/named start

5、把本机的dns解析指向我们刚建立的

[root@master named]# cat /etc/resolv.confnameserver 192.168.56.104nameserver 192.168.56.105

6、使用nslookup测试

[root@master named]# ifconfig eth0eth0      Link encap:Ethernet  HWaddr 08:00:27:59:BB:1Finet addr:192.168.56.104  Bcast:192.168.56.255  Mask:255.255.255.0inet6 addr: fe80::a00:27ff:fe59:bb1f/64 Scope:LinkUP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1RX packets:2761 errors:0 dropped:0 overruns:0 frame:0TX packets:3224 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:255523 (249.5 KiB)  TX bytes:455771 (445.0 KiB)[root@master named]# nslookup> ns1.test.comServer:     192.168.56.104Address:    192.168.56.104#53Name:   ns1.test.comAddress: 192.168.56.104> ns2.test.comServer:     192.168.56.104Address:    192.168.56.104#53Name:   ns2.test.comAddress: 192.168.56.105> server.test.comServer:     192.168.56.104Address:    192.168.56.104#53Name:   server.test.comAddress: 192.168.56.101> 192.168.56.104Server:     192.168.56.104Address:    192.168.56.104#53104.56.168.192.in-addr.arpa name = ns1.test.com.> 192.168.56.105Server:     192.168.56.104Address:    192.168.56.104#53105.56.168.192.in-addr.arpa name = ns2.test.com.> 192.168.56.101Server:     192.168.56.104Address:    192.168.56.104#53101.56.168.192.in-addr.arpa name = server.test.com.

使用dig测试

[root@master named]# dig ns1.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25723;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns1.test.com.          IN  A;; ANSWER SECTION:ns1.test.com.       86400   IN  A   192.168.56.104;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns2.test.com.test.com.       86400   IN  NS  ns1.test.com.;; ADDITIONAL SECTION:ns2.test.com.       86400   IN  A   192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul  8 10:11:30 2013;; MSG SIZE  rcvd: 94[root@master named]# dig ns2.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16279;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns2.test.com.          IN  A;; ANSWER SECTION:ns2.test.com.       86400   IN  A   192.168.56.105;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns2.test.com.test.com.       86400   IN  NS  ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com.       86400   IN  A   192.168.56.104;; Query time: 0 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul  8 10:11:33 2013;; MSG SIZE  rcvd: 94[root@master named]# dig server.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1422;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;server.test.com.       IN  A;; ANSWER SECTION:server.test.com.    86400   IN  A   192.168.56.101;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns2.test.com.test.com.       86400   IN  NS  ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com.       86400   IN  A   192.168.56.104ns2.test.com.       86400   IN  A   192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul  8 10:11:38 2013;; MSG SIZE  rcvd: 117

可以看到这些解析都是从SERVER: 192.168.56.104#53(192.168.56.104)也就是192.168.56.104dns解析的

B、在slave端配置

1、修改/etc/named.conf

此文件注意是提供bind的配置

下面我的slave的配置

[root@slave named]# cat /etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 { any; };#   listen-on-v6 port 53 { ::1; };directory   "/var/named";dump-file   "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query     { any; };recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging {channel default_debug {file "data/named.run";severity dynamic;};};zone "." IN {type hint;file "named.ca";};include "/etc/named.rfc1912.zones";#include "/etc/named.root.key";

2/etc/named.rfc1912.zones

此文件主要是保存正向解析与反向解决配置

下面是我在slave里的配置

[root@slave named]# cat /etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1 : localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c)2007 R W Franks//// See /usr/share/doc/bind*/sample/ for example named configuration files.//#zone "localhost.localdomain" IN {#   type master;#   file "named.localhost";#   allow-update { none; };#};zone "test.com" IN {type slave;file "named.test.com";#allow-update { none;};masters { 192.168.56.104;};allow-update { none;};};#zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {#   type master;#   file "named.loopback";#   allow-update { none; };#};zone "56.168.192.in-addr.arpa" IN {type slave;file "192.168.56.arpa";#   allow-update { none; };masters { 192.168.56.104;};allow-update { none; };};#zone "0.in-addr.arpa" IN {#   type master;#   file "named.empty";#   allow-update { none; };#};

3、启动slavebind服务

由于我使用dnsmasterslave的自动更新,所以在slave段不需要配置正向解析与反向解析,slave会在启动时直接从master端获取配置。

先启动bind

/etc/init.d/named start

然后查看master端的/var/log/message的日志

Jul  8 10:16:21 master named-sdb[2060]: client 192.168.56.105#40695: transfer of 'test.com/IN': AXFR startedJul  8 10:16:21 master named-sdb[2060]: client 192.168.56.105#40695: transfer of 'test.com/IN': AXFR endedJul  8 10:16:22 master named-sdb[2060]: client 192.168.56.105#34075: transfer of '56.168.192.in-addr.arpa/IN': AXFR startedJul  8 10:16:22 master named-sdb[2060]: client 192.168.56.105#34075: transfer of '56.168.192.in-addr.arpa/IN': AXFR ended查看slave段的/var/log/message的日志Jul  8 02:16:22 slave named-sdb[5004]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 -u named -t /var/named/chrootJul  8 02:16:22 slave named-sdb[5004]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'Jul  8 02:16:22 slave named-sdb[5004]: ----------------------------------------------------Jul  8 02:16:22 slave named-sdb[5004]: BIND 9 is maintained by Internet Systems Consortium,Jul  8 02:16:22 slave named-sdb[5004]: Inc. (ISC), a non-profit 501(c)(3) public-benefitJul  8 02:16:22 slave named-sdb[5004]: corporation.  Support and training for BIND 9 areJul  8 02:16:22 slave named-sdb[5004]: available at https://www.isc.org/supportJul  8 02:16:22 slave named-sdb[5004]: ----------------------------------------------------Jul  8 02:16:22 slave named-sdb[5004]: adjusted limit on open files from 4096 to 1048576Jul  8 02:16:22 slave named-sdb[5004]: found 2 CPUs, using 2 worker threadsJul  8 02:16:22 slave named-sdb[5004]: using up to 4096 socketsJul  8 02:16:22 slave named-sdb[5004]: SDB ldap zone database module loaded.Jul  8 02:16:22 slave named-sdb[5004]: SDB postgreSQL DB zone database module loaded.Jul  8 02:16:22 slave named-sdb[5004]: SDB sqlite3 DB zone database module loaded.Jul  8 02:16:22 slave named-sdb[5004]: SDB directory DB zone database module loaded.Jul  8 02:16:22 slave named-sdb[5004]: loading configuration from '/etc/named.conf'Jul  8 02:16:22 slave named-sdb[5004]: /etc/named.rfc1912.zones:24: option 'allow-update' is not allowed in 'slave' zone 'test.com'Jul  8 02:16:22 slave named-sdb[5004]: /etc/named.rfc1912.zones:38: option 'allow-update' is not allowed in 'slave' zone '56.168.192.in-addr.arpa'Jul  8 02:16:22 slave named-sdb[5004]: reading built-in trusted keys from file '/etc/named.iscdlv.key'Jul  8 02:16:22 slave named-sdb[5004]: using default UDP/IPv4 port range: [1024, 65535]Jul  8 02:16:22 slave named-sdb[5004]: using default UDP/IPv6 port range: [1024, 65535]Jul  8 02:16:22 slave named-sdb[5004]: no IPv6 interfaces foundJul  8 02:16:22 slave named-sdb[5004]: listening on IPv4 interface lo, 127.0.0.1#53Jul  8 02:16:22 slave named-sdb[5004]: listening on IPv4 interface eth0, 192.168.56.105#53Jul  8 02:16:22 slave named-sdb[5004]: generating session key for dynamic DNSJul  8 02:16:22 slave named-sdb[5004]: sizing zone task pool based on 3 zonesJul  8 02:16:22 slave named-sdb[5004]: using built-in DLV key for view _defaultJul  8 02:16:22 slave named-sdb[5004]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'Jul  8 02:16:22 slave named-sdb[5004]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zonesJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 0.IN-ADDR.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 127.IN-ADDR.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 254.169.IN-ADDR.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 2.0.192.IN-ADDR.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 100.51.198.IN-ADDR.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 113.0.203.IN-ADDR.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: D.F.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 8.E.F.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 9.E.F.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: A.E.F.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: B.E.F.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPAJul  8 02:16:22 slave named-sdb[5004]: command channel listening on 127.0.0.1#953Jul  8 02:16:22 slave named-sdb[5004]: managed-keys-zone ./IN: loaded serial 5Jul  8 02:16:22 slave named-sdb[5004]: runningJul  8 02:16:22 slave named-sdb[5004]: zone test.com/IN: Transfer started.Jul  8 02:16:22 slave named-sdb[5004]: transfer of 'test.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#40695Jul  8 02:16:22 slave named-sdb[5004]: zone test.com/IN: transferred serial 2013070814Jul  8 02:16:22 slave named-sdb[5004]: transfer of 'test.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 10 records, 266 bytes, 0.005 secs (53200 bytes/sec)Jul  8 02:16:22 slave named-sdb[5004]: zone test.com/IN: sending notifies (serial 2013070814)Jul  8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: Transfer started.Jul  8 02:16:22 slave named-sdb[5004]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168.56.104#53: connected using 192.168.56.105#34075Jul  8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: transferred serial 2013070814Jul  8 02:16:22 slave named-sdb[5004]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 9 records, 283 bytes, 0.006 secs (47166 bytes/sec)Jul  8 02:16:22 slave named-sdb[5004]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)

可以在日志里看到master已经给slave发送了配置,而slave也收到了。

在系统上查看是否收到了文件

[root@slave ~]# cd /var/named/[root@slave named]# lltotal 40-rw-r--r-- 1 named named  461 Jul  8 02:16 192.168.56.arpadrwxr-x--- 6 named named 4096 Jul  7 21:14 chrootdrwxrwx--- 2 named named 4096 Jul  7 22:01 datadrwxrwx--- 2 named named 4096 Jul  8 02:17 dynamic-rw-r----- 1 named named 1892 Feb 18  2008 named.ca-rw-r----- 1 named named  152 Dec 15  2009 named.empty-rw-r----- 1 named named  152 Jun 21  2007 named.localhost-rw-r----- 1 named named  168 Dec 15  2009 named.loopback-rw-r--r-- 1 named named  447 Jul  8 02:16 named.test.comdrwxrwx--- 2 named named 4096 Mar 29 06:21 slaves

可以看到系统里已经有了正常解析与反向解析

4、在本机指向刚才设置的dns

[root@slave named]# cat /etc/resolv.confnameserver 192.168.56.104nameserver 192.168.56.105

5、使用dig测试

[root@slave named]# dig ns1.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53453;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns1.test.com.          IN  A;; ANSWER SECTION:ns1.test.com.       86400   IN  A   192.168.56.104;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns1.test.com.test.com.       86400   IN  NS  ns2.test.com.;; ADDITIONAL SECTION:ns2.test.com.       86400   IN  A   192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul  8 02:28:26 2013;; MSG SIZE  rcvd: 94[root@slave named]# dig ns2.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15455;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns2.test.com.          IN  A;; ANSWER SECTION:ns2.test.com.       86400   IN  A   192.168.56.105;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns1.test.com.test.com.       86400   IN  NS  ns2.test.com.;; ADDITIONAL SECTION:ns1.test.com.       86400   IN  A   192.168.56.104;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul  8 02:28:32 2013;; MSG SIZE  rcvd: 94[root@slave named]# dig server.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37155;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;server.test.com.       IN  A;; ANSWER SECTION:server.test.com.    86400   IN  A   192.168.56.101;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns2.test.com.test.com.       86400   IN  NS  ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com.       86400   IN  A   192.168.56.104ns2.test.com.       86400   IN  A   192.168.56.105;; Query time: 1 msec;; SERVER: 192.168.56.104#53(192.168.56.104);; WHEN: Mon Jul  8 02:28:36 2013;; MSG SIZE  rcvd: 117

现在dnsmasterslave与自动更新配置完成。

6、我们在测试一下,如果master端修改了或者添加了配置slave端是否能接收最新的配置

我现在master端的name.test.com的配置

[root@centos named]# cat named.test.com$TTL 1D@   IN SOA  ns1.test.com.  root.localhost. (2013070822  ; serial60  ; refresh1H  ; retry1W  ; expire3H )    ; minimumNS  ns1.test.com.NS  ns2.test.com.A   192.168.56.104server  A   192.168.56.101client1 A   192.168.56.103ubuntu  A   192.168.56.102ns1 A   192.168.56.104ns2 A   192.168.56.105test2   A   192.168.8.1test1   A   192.168.8.12test3   A   192.168.8.3

可以看到添加了test1-3的几个正向解析。

然后在master端重启bind

/etc/init.d/named restart

查看master端日志

我只列出传输日志

Jul  8 12:00:49 master named-sdb[4967]: zone 56.168.192.in-addr.arpa/IN: loaded serial 2013070814Jul  8 12:00:49 master named-sdb[4967]: zone test.com/IN: loaded serial 2013070822Jul  8 12:00:49 master named-sdb[4967]: managed-keys-zone ./IN: loaded serial 6Jul  8 12:00:49 master named-sdb[4967]: runningJul  8 12:00:49 master named-sdb[4967]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)Jul  8 12:00:49 master named-sdb[4967]: zone test.com/IN: sending notifies (serial 2013070822)在查看slave端日志Jul  8 04:03:36 slave named-sdb[13688]: client 192.168.56.104#48310: received notify for zone 'test.com'Jul  8 04:03:36 slave named-sdb[13688]: zone test.com/IN: Transfer started.Jul  8 04:03:36 slave named-sdb[13688]: transfer of 'test.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#37661Jul  8 04:03:36 slave named-sdb[13688]: zone test.com/IN: transferred serial 2013070822Jul  8 04:03:36 slave named-sdb[13688]: transfer of 'test.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 13 records, 332 bytes, 0.005 secs (66400 bytes/sec)Jul  8 04:03:36 slave named-sdb[13688]: zone test.com/IN: sending notifies (serial 2013070822)Jul  8 04:03:37 slave named-sdb[13688]: client 192.168.56.104#21155: received notify for zone '56.168.192.in-addr.arpa'Jul  8 04:03:37 slave named-sdb[13688]: zone 56.168.192.in-addr.arpa/IN: notify from 192.168.56.104#21155: zone is up to date

然后在slave里查看name.test.com文件内容

[root@cacti named]# cd /var/named/[root@cacti named]# cat named.test.com$ORIGIN .$TTL 86400  ; 1 daytest.com        IN SOA  ns1.test.com. root.localhost. (2013070822 ; serial60         ; refresh (1 minute)3600       ; retry (1 hour)604800     ; expire (1 week)10800      ; minimum (3 hours))NS  ns1.test.com.NS  ns2.test.com.A   192.168.56.104$ORIGIN test.com.client1         A   192.168.56.103ns1         A   192.168.56.104ns2         A   192.168.56.105server          A   192.168.56.101test1           A   192.168.8.12test2           A   192.168.8.1test3           A   192.168.8.3ubuntu          A   192.168.56.102

可以看到成功更新了。

7、现在我们把master端的dns服务停掉,看看slave是否能解析

[root@slave named]# dig ns1.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38700;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns1.test.com.          IN  A;; ANSWER SECTION:ns1.test.com.       86400   IN  A   192.168.56.104;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns2.test.com.test.com.       86400   IN  NS  ns1.test.com.;; ADDITIONAL SECTION:ns2.test.com.       86400   IN  A   192.168.56.105;; Query time: 0 msec;; SERVER: 192.168.56.105#53(192.168.56.105);; WHEN: Mon Jul  8 02:30:22 2013;; MSG SIZE  rcvd: 94[root@slave named]# dig ns2.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28400;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;ns2.test.com.          IN  A;; ANSWER SECTION:ns2.test.com.       86400   IN  A   192.168.56.105;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns2.test.com.test.com.       86400   IN  NS  ns1.test.com.;; ADDITIONAL SECTION:ns1.test.com.       86400   IN  A   192.168.56.104;; Query time: 1 msec;; SERVER: 192.168.56.105#53(192.168.56.105);; WHEN: Mon Jul  8 02:30:29 2013;; MSG SIZE  rcvd: 94[root@slave named]# dig server.test.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26633;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;server.test.com.       IN  A;; ANSWER SECTION:server.test.com.    86400   IN  A   192.168.56.101;; AUTHORITY SECTION:test.com.       86400   IN  NS  ns1.test.com.test.com.       86400   IN  NS  ns2.test.com.;; ADDITIONAL SECTION:ns1.test.com.       86400   IN  A   192.168.56.104ns2.test.com.       86400   IN  A   192.168.56.105;; Query time: 0 msec;; SERVER: 192.168.56.105#53(192.168.56.105);; WHEN: Mon Jul  8 02:30:34 2013;; MSG SIZE  rcvd: 117

可以看到masterdbs服务断掉后,域名也可以通过slave端来进行解析。

反之,如果slavedns服务断掉后,域名也可以通过master端进行解析。

如果测试完成后,可以把bind的服务给添加到开机启动

[root@master named]# chkconfig --list namednamed           0:off   1:off   2:off   3:off   4:off   5:off   6:off[root@master named]# chkconfig --level 345 named on[root@master named]# chkconfig --list namednamed           0:off   1:off   2:off   3:on    4:on    5:on    6:off

同时在生产环境的配置的时候,需要把masterslave的时间弄成一致,比如使用ntp同步时间,而且别再机器上开启ipstablesselinux,否则出现你master发送notify后,slave端无法接收。

而且如果在master端增加新域名的话,需要注意的是

1、masterslave/etc/named.rfc1912.zones都添加配置

2、masterslave都重启bind,如果只是master端重启,而slave端不重启,会出现在master发送配置的时候,slave日志为client 192.168.56.104#11005: received notify for zone 'xxx.com': not authoritative,同时不能接收到更新;

Slave端重启后会成功的同步

Jul  8 04:13:18 cacti named-sdb[14449]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)Jul  8 04:13:18 cacti named-sdb[14449]: zone test.com/IN: sending notifies (serial 2013070822)Jul  8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: Transfer started.Jul  8 04:13:18 cacti named-sdb[14449]: transfer of 'hadoop.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#49804Jul  8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: transferred serial 2013070813Jul  8 04:13:18 cacti named-sdb[14449]: transfer of 'hadoop.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 9 records, 265 bytes, 0.004 secs (66250 bytes/sec)Jul  8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: sending notifies (serial 2013070813)

可以从日志里看到同步成功。

如果在/var/log/message日志里出现一下内容

Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns1.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsc.nic.uk/A/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsc.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns2.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsa.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns6.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsd.nic.uk/AAAA/IN': 2001:500:2f::f#53Jul  8 13:36:36 master named-sdb[6324]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN': 2001:502:ad09::3#53

原因是try to use IPv6 transport even if the server host does not have IPv6 connectivity

解决方法:可以在直接编译配置文件/etc/sysconfig/named,去除去IPv6的解析,只解析IPv4,OPTIONS="whatever" 改为 OPTIONS="-4",注意OPTIONS选项的值可以是:whatever、-4、-6中的一

转载地址:http://uzedx.baihongyu.com/

你可能感兴趣的文章
d3 v4实现饼状图,折线标注
查看>>
微软的云策略
查看>>
Valid Parentheses
查看>>
windows下Python 3.x图形图像处理库PIL的安装
查看>>
【IL】IL生成exe的方法
查看>>
没有JS的前端:体积更小、速度更快!
查看>>
数据指标/表现度量系统(Performance Measurement System)综述
查看>>
GitHub宣布推出Electron 1.0和Devtron,并将提供无限制的私有代码库
查看>>
论模式在领域驱动设计中的重要性
查看>>
四、配置开机自动启动Nginx + PHP【LNMP安装 】
查看>>
Linux 目录结构及内容详解
查看>>
OCP读书笔记(24) - 题库(ExamD)
查看>>
.net excel利用NPOI导入oracle
查看>>
$_SERVER['SCRIPT_FLENAME']与__FILE__
查看>>
html5纲要,细谈HTML 5新增的元素
查看>>
Android应用集成支付宝接口的简化
查看>>
[分享]Ubuntu12.04安装基础教程(图文)
查看>>
django 目录结构修改
查看>>
win8 关闭防火墙
查看>>
CSS——(2)与标准流盒模型
查看>>