1、架构拓扑图
2、环境描述
服务器名称 |
IP地址 |
主DNS服务器 | 192.168.1.107 |
辅助DNS服务器 | 192.168.1.108 |
3、主辅DNS服务器bind安装
[root@dns-S ~]# yum -y install bind bind-chroot ypbind bind-utils caching-nameserver
注意:这里主DNS服务器我们前面已经部署了!
4、配置辅助DNS服务器
A.将主DNS服务器的named.conf同步到辅助DNS服务器。
[root@dns-M ~]# scp /var/named/chroot/etc/* 192.168.1.108:/var/named/chroot/etc/
root@192.168.1.108's password:
localtime 100% 405 0.4KB/s 00:00
named.caching-nameserver.conf 100% 1230 1.2KB/s 00:00
named.conf 100% 1480 1.5KB/s 00:00
named.rfc1912.zones 100% 1138 1.1KB/s 00:00
named.rfc1912.zones.bak 100% 955 0.9KB/s 00:00
B.修改主DNS服务器的配置文件,允许辅助DNS服务器同步数据
[root@dns-M ~]# cat /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; zone "pp.org" IN { type master; file "pp.org.zone"; allow-update { none; }; allow-transfer { 192.168.1.108; }; also-notify { 192.168.1.108; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "pp.org.local"; allow-update { none; }; allow-transfer { 192.168.1.108; }; also-notify { 192.168.1.108; }; }; |
C.修改辅助域名服务器的配置文件
[root@dns-S etc]# cat /var/named/chroot/etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "." IN { type hint; file "named.ca"; }; zone "pp.org" IN { type slave; file "slaves/pp.org.zone"; masters { 192.168.1.107; }; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "slaves/pp.org.local"; masters { 192.168.1.107; }; }; |
D.对文件赋予权限
[root@dns-S etc]#chown -R root.named /var/named/chroot/etc/
E.对配置文件做软链接
[root@dns-S etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
[root@dns-S etc]# ln -s /var/named/chroot/etc/named.rfc1912.zones /etc/named.rfc1912.zones
F.生产named.ca文件
[root@dns-S etc]# dig -t NS . >/var/named/chroot/var/named/named.ca
4、启动服务
[root@dns-S etc]# service named start
Starting named: [ OK ]
5、查看辅助DNS服务器是否同步了主DNS服务器的区域文件
[root@dns-S ~]# cd /var/named/chroot/var/named/slaves/
[root@dns-S slaves]# ls
pp.org.local pp.org.zone
[root@dns-S slaves]# cat pp.org.zone
$ORIGIN .
$TTL 86400 ; 1 day
pp.org IN SOA dns.pp.org. root.pp.org. (
201 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.pp.org.
MX 10 mail.pp.org.
$ORIGIN pp.org.
dns A 192.168.1.107
www A 192.168.1.201
A 192.168.1.202
A 192.168.1.203
[root@dns-S slaves]# cat pp.org.local
$ORIGIN .
$TTL 86400 ; 1 day
1.168.192.in-addr.arpa IN SOA dns.pp.org. root.pp.org. (
1997022700 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS dns.pp.org.
$ORIGIN 1.168.192.in-addr.arpa.
201 PTR www1.pp.org.
202 PTR www2.pp.org.
203 PTR www3.pp.org.
6.记录同步测试
A.主DNS服务器添加一条A记录
[root@dns-M ~]# cat /var/named/chroot/var/named/pp.org.zone $TTL 86400 @ IN SOA dns.pp.org. root.pp.org. ( 202 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS dns.pp.org. IN MX 10 mail.pp.org. dns.pp.org. IN A 192.168.1.107 www IN A 192.168.1.201 www IN A 192.168.1.202 www IN A 192.168.1.203 web1 IN A 192.168.1.204 |
使用rndc重载主DNS服务(当然也可以重启named服务,但是DNS服务器在网络中非常重要,因此最好使用rndc进行管理)
[root@dns-M ~]# rndc reload
server reload successful
B.验证辅助DNS服务器的同步情况
[root@dns-S slaves]# cat pp.org.zone $ORIGIN . $TTL 86400 ; 1 day pp.org IN SOA dns.pp.org. root.pp.org. ( 202 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.pp.org. MX 10 mail.pp.org. $ORIGIN pp.org. dns A 192.168.1.107 web1 A 192.168.1.204 www A 192.168.1.201 A 192.168.1.202 A 192.168.1.203 |
C.主辅不同步的问题
1)辅助DNS不同步(修改主DNS的serial值)
2)允许指定的辅助DNS复制数据allow-transfer语句,指定哪个client可以来复制主的zone文件,这个参数也可以放在options中,放在options全局有效
3)主DNS服务器重启服务立即与辅助DNS服务器进行数据同步(zone中添加了also-notify { 辅助DNSIP地址 };或者在全局options中声明,可以使用notify yes;)