centos7 部署 DNS 主从
| 名称 |
ip地址 |
cpu |
内存 |
| yz-dns-master |
10.148.100.81 |
4c |
8G |
| yz-dns-slave |
10.148.100.82 |
4c |
8G |
#配置dns 监牢模式
yum install bind bind-chroot -y
#主要文件说明
/var/named/chroot/etc/named.conf #主配置文件
/var/named/chroot/var/named/ #区域数据库文件
#准备配置文件
cp -p /etc/named.conf /var/named/chroot/etc/
cp -p /var/named/named.* /var/named/chroot/var/named/
#修改主配置文件,master 节点主动通知从节点要比从节点拉主节点配置文件要快,因此此处要配置 master 节点主动推配置文件至 从slave 节点。
vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { 10.148.100.81; };
directory "/var/named";
allow-query { any; };
recursion yes;
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders { 114.114.114.114; 219.141.140.10; };
};
//logging {
// channel default_debug {
// file "data/named.run";
// severity dynamic;
// };
//};
logging {
channel query_log {
file "query.log" versions 10 size 2G;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { query_log; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "moviebook.cn" IN {
//hint master slave forward
allow-update { none; };
allow-transfer { 10.148.100.82; };
also-notify { 10.148.100.82; };
check-names ignore;
type master;
file "moviebook.cn.zone";
};
#修改本地解析文件
cat /etc/resolv.conf
nameserver 10.148.100.81
#增加区域数据库文件
cd /var/named/chroot/var/named
cp -p named.localhost moviebook.cn.zone
#修改区域数据库文件
vim /var/named/chroot/var/named/moviebook.cn.zone
$TTL 1D
moviebook.cn. IN SOA ns1.moviebook.cn. rname.invalid. (
21 ; serial
30 ; refresh
20 ; retry
1W ; expire
300 ) ; minimum
NS ns1.moviebook.cn.
;A
;PTR
;MX
;CNAME
ns1 A 10.148.100.88
test-yingpu A 10.148.100.88
sport A 10.148.100.89
news CNAME test-yingpu
www A 122.14.233.94
mytest01 A 10.148.100.99
#检测
named-checkconf /var/named/chroot/etc/named.conf
named-checkzone moviebook.cn /var/named/chroot/var/named/moviebook.cn.zone
#启动
systemctl start named-chroot
systemctl enable named-chroot
#检测 udp
netstat -anput |grep 53
#测试
dig
host
nslookup
#注意
主配置文件不会同步
同步的是区域数据库文件
#配置dns 监牢模式
yum install bind bind-chroot -y
#从named.conf 主配置文件修改,注意查看文件权限
vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { 10.148.100.82; };
directory "/var/named";
allow-query { any; };
recursion yes;
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
masterfile-format text;
forwarders { 114.114.114.114; 219.141.140.10; };
};
//logging {
// channel default_debug {
// file "data/named.run";
// severity dynamic;
// };
//};
logging {
channel query_log {
file "query.log" versions 10 size 2G;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { query_log; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "moviebook.cn" IN {
//hint master slave forward
type slave;
file "moviebook.cn.zone";
masters { 10.148.100.81; };
check-names ignore;
};
#修改本地解析文件
cat /etc/resolv.conf
nameserver 10.148.100.82
#检测
named-checkconf /var/named/chroot/etc/named.conf
named-checkzone moviebook.cn /var/named/chroot/var/named/moviebook.cn.zone
#启动
systemctl start named-chroot
systemctl enable named-chroot
#检测 udp
netstat -anput |grep 53
#查看数据库配置文件均从master 节点同步至从节点
#cd /var/named/chroot/var/named
# ll
drwxr-x--- 7 root named 4096 Mar 20 06:32 chroot
drwxrwx--- 2 named named 4096 Feb 24 01:17 data
drwxrwx--- 2 named named 4096 Feb 24 01:17 dynamic
drwxr-xr-x 2 root root 4096 Mar 21 14:58 logs
-rw-r--r-- 1 named named 479 Mar 22 11:28 moviebook.cn.zone
-rw-r----- 1 root named 2253 Apr 5 2018 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
-rw-r--r-- 1 named named 362555 Mar 22 11:31 query.log
drwxrwx--- 2 named named 4096 Feb 24 01:17 slaves
#测试
dig
host
nslookup
#登录主节点,修改 配置文件新增加A记录 desktop A 122.14.233.93
vim /var/named/chroot/var/named/moviebook.cn.zone
#加载配置文件,使其生效
# rndc reload
server reload successful
#查看从节点
A记录已同步完成,序列号也同步完成
#测试解析
# nslookup desktop.moviebook.cn
Server: 10.148.100.82
Address: 10.148.100.82#53
Name: desktop.moviebook.cn
Address: 122.14.233.93
#查看均已解析成功。
