|
使用bind搭建高可用DNS服务器
作者:陆文举 2010-11-26
|
主DNS:192.168.1.101
备DNS:192.168.1.102
OS版本:CentOS 5.4
Bind版本:bind-9.6.2-P2.tar.gz
Bind下载地址:
一、主DNS安装及配置
安装bind
#tar zxvf bind-9.6.2-P2.tar.gz
#cd bind-9.6.2-P2
#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check
#make && make install
注:编译选项--enable-threads意为开启多线程模式,--disable-openssl-version-check意为禁止openssl检测
创建配置文件rndc.conf
#/usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
注:rndc是bind的一个管理工具,通过rndc我们可以查看bind的状态、刷新bind缓存、查看bind日志等
创建配置文件named.conf
#cd /usr/local/named/etc/
#tail -n10 rndc.conf | head -n9 | sed -es/#\//g > named.conf
注:named.conf是bind的主配置文件,在此文件可以设置bind的工作目录、日志、要解析的域等
主配置文件named.conf配置
修改主配置文件,添加根区域、luwenju.com正向区域和反向区域
#vi /usr/local/named/etc/named.conf ,在文件尾部添加如下内
|
options {
directory "/usr/local/named/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luwenju.com" IN {
type master;
file "luwenju.zone";
allow-transfer { 192.168.1.102; };
notify yes;
also-notify { 192.168.1.102; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.arpa";
allow-transfer { 192.168.1.102; };
notify yes;
also-notify { 192.168.1.102; };
};
|
关于配置文件中的一些注释:
创建根区域配置文件
#mkdir /usr/local/named/var/named
#/usr/local/named/bin/dig -t NS .>/usr/local/named/var/named/named.ca
创建luwenju.com正向解析区域文件
# vi /usr/local/named/var/named/luwenju.zone
|
$ORIGIN luwenju.com.
@
3600
IN
SOA
luwenju.com. root.luwenju.com. (
10
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100
dns1
IN
A
192.168.1.101
dns2
IN
A
192.168.1.102
www
IN
A
192.168.1.103
bbs
IN
A
192.168.1.104
blog
IN
A
192.168.1.105
|
创建luwenju.com 的反向区域文件
# vi/usr/local/named/var/named/1.168.192.arpa
|
$TTL 3600
1.168.192.in-addr.arpa.
3600
IN
SOA
luwenju.com.
root.luwenju.com. (
20
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX 5
luwenju.com.
100
IN
PTR
luwenju.com.
101
IN
PTR
dns1.luwenju.com.
102
IN
PTR
dns2.luwenju.com.
103
IN
PTR
104
IN
PTR
bbs.luwenju.com.
105
IN
PTR
blog.luwenju.com.
|
启动bind
# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf&
正向解析测试
将本机DNS指向192.168.1.101,然后使用nslookup进行测试,测试结果如下
# /usr/local/named/bin/nslookup
|
> luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
luwenju.com
Address: 192.168.1.100
> dns1.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
dns1.luwenju.com
Address: 192.168.1.101
> dns2.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
dns2.luwenju.com
Address: 192.168.1.102
>
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
Address: 192.168.1.103
> bbs.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
bbs.luwenju.com
Address: 192.168.1.104
> blog.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
blog.luwenju.com
Address: 192.168.1.105
|
反向解析测试
# /usr/local/named/bin/nslookup
|
> 192.168.1.100
Server:
192.168.1.101
Address:
192.168.1.101#53
100.1.168.192.in-addr.arpa
name = luwenju.com.
> 192.168.1.101
Server:
192.168.1.101
Address:
192.168.1.101#53
101.1.168.192.in-addr.arpa
name = dns1.luwenju.com.
> 192.168.1.102
Server:
192.168.1.101
Address:
192.168.1.101#53
102.1.168.192.in-addr.arpa
name = dns2.luwenju.com.
> 192.168.1.103
Server:
192.168.1.101
Address:
192.168.1.101#53
103.1.168.192.in-addr.arpa
name =
> 192.168.1.104
Server:
192.168.1.101
Address:
192.168.1.101#53
104.1.168.192.in-addr.arpa
name = bbs.luwenju.com.
> 192.168.1.105
Server:
192.168.1.101
Address:
192.168.1.101#53
105.1.168.192.in-addr.arpa
name = blog.luwenju.com.
|
二、备DNS搭建及配置
1、安装bind
#tar zxvf bind-9.6.2-P2.tar.gz
#cd bind-9.6.2-P2
#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check
#make && make install
注:编译选项--enable-threads意为开启多线程模式,--disable-openssl-version-check意为禁止openssl检测
2、将主DNS上的 named.conf和rndc.conf拷贝到备DNS服务器的/usr/local/named/etc目录下
3、将主DNS上的/usr/local/named/var/named整个目录拷贝到备DNS的/usr/local/named/var下
4、修改备DNS服务器的 named.conf配置文件
#vi/usr/local/named/etc/named.conf
注:只修改luwenju.com的正向、反向区域即可,因为我们只对luwenju.com进行主备DNS同步,在named.conf中修改后luwenju.com正向、反向区域配置内容如下
|
zone "luwenju.com" IN {
type slave;
file "luwenju.zone";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "1.168.192.arpa";
masters { 192.168.1.101; };
};
|
5、启动bind
/usr/local/named/sbin/named -gc/usr/local/named/etc/named.conf &
6、正向解析测试
将本机DNS指向192.168.1.102,然后使用nslookup进行测试,测试结果显示如下
# /usr/local/named/bin/nslookup
|
> luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
luwenju.com
Address: 192.168.1.100
> dns1.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
dns1.luwenju.com
Address: 192.168.1.101
> dns2.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
dns2.luwenju.com
Address: 192.168.1.102
>
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
Address: 192.168.1.103
> bbs.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
bbs.luwenju.com
Address: 192.168.1.104
> blog.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
blog.luwenju.com
Address: 192.168.1.105
|
7、反向解析测试
|
> 192.168.1.100
Server:
192.168.1.102
Address:
192.168.1.102#53
100.1.168.192.in-addr.arpa
name = luwenju.com.
> 192.168.1.101
Server:
192.168.1.102
Address:
192.168.1.102#53
101.1.168.192.in-addr.arpa
name = dns1.luwenju.com.
> 192.168.1.102
Server:
192.168.1.102
Address:
192.168.1.102#53
102.1.168.192.in-addr.arpa
name = dns2.luwenju.com.
> 192.168.1.103
Server:
192.168.1.102
Address:
192.168.1.102#53
103.1.168.192.in-addr.arpa
name =
> 192.168.1.104
Server:
192.168.1.102
Address:
192.168.1.102#53
104.1.168.192.in-addr.arpa
name = bbs.luwenju.com.
> 192.168.1.105
Server:
192.168.1.102
Address:
192.168.1.102#53
105.1.168.192.in-addr.arpa
name = blog.luwenju.com.
|
三、主备DNS同步测试
1、在主DNS的/usr/local/named/var/named/luwenju.zone文件中添加一条主机记录(A记录),主机记录如下
2、在主DNS服务器上增大所要同步区域的serial值(以后主备DNS同步时加1即可,但要高于备DNS),修改后主DNS服务器的luwenju.com正向区域文件内容如下
|
$ORIGIN luwenju.com.
@
3600
IN
SOA
luwenju.com. root.luwenju.com. (
11
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100
dns1
IN
A
192.168.1.101
dns2
IN
A
192.168.1.102
www
IN
A
192.168.1.103
bbs
IN
A
192.168.1.104
blog
IN
A
192.168.1.105
test
IN
A
192.168.1.106
|
3、重载bind
在主DNS上执行如下命令
# /usr/local/named/sbin/rndc reload
4、检测备DNS是否得到同步
|
[root@DNS-slave ~]# more /usr/local/named/var/named/luwenju.zone
$ORIGIN .
$TTL 3600
; 1 hour
luwenju.com
IN SOA
luwenju.com. root.luwenju.com. (
11
; serial
3600
; refresh (1 hour)
900
; retry (15 minutes)
1209600
; expire (2 weeks)
3600
; minimum (1 hour)
)
NS
dns1.luwenju.com.
NS
dns2.luwenju.com.
A
192.168.1.100
MX
5 luwenju.com.
$ORIGIN luwenju.com.
bbs
A
192.168.1.104
blog
A
192.168.1.105
dns1
A
192.168.1.101
dns2
A
192.168.1.102
test
A
192.168.1.106
www
A
192.168.1.103
|
阅读(1137) | 评论(0) | 转发(0) |
