• 基于bind搭建DNS主从


    使用bind的主从复制功能可以实现的功能:
    提供冗余,避免单点故障;
    均衡负载查询需求,从而提高系统可用性。

    一、安装

    #bind-chroot 负责DNS安全作用,将bind进程严格限制在特定的目录中
    yum install bind bind-chroot bind-utils
    

    二、配置文件

    • bind主服务器
    #bind主配置文件
    cat /etc/named.conf
    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 {:1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    };
    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };
    zone "." IN {
    type hint;
    file "named.ca";
    };
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    #bind正向解析配置
    cat /etc/named.rfc1912.zones
    zone "ms.com" IN {
    type master;
    file "openapi-dev.ms.com.zone";
    allow-update { none;};
    allow-transfer { 172.20.16.3;};
    };
    
    cd /var/named/
    cat openapi-dev.ms.com.zone 
    $TTL 1D
    @       IN SOA  ms.com. admin.ms.com. (
                                            0       ; serial
                                            1D      ; refresh
                                            1H      ; retry
                                            1W      ; expire
                                            3H )    ; minimum
                            NS      dns1.ms.com.
                            NS      dns2.ms.com.
    dns1      IN A 172.20.16.2
    dns2      IN A 172.20.16.3
    
    mysql    IN A 172.20.16.2
    rabbitmq IN A 172.20.16.2
    eureka   IN A 172.20.16.2
    redis    IN A 172.20.16.2
    oauth    IN A 172.20.16.2
    config   IN A 172.20.16.2
    • bind从服务器
    #bind从节点配置文件
    cat /etc/named.conf
    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 {:1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    };
    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };
    zone "." IN {
    type hint;
    file "named.ca";
    };
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    #bind正向解析配置
    cat /etc/named.rfc1912.zones 
    zone "ms.com" IN {
    type slave;
    file "slaves/openapi-dev.ms.com.zone";
    masters {172.20.16.2;};
    masterfile-format text;
    allow-transfer { none; };
    };
    
    #说明:masterfile-format text;(格式可以是text或者是raw格式,默认不用添加此行,但是本次出现乱码后,添加此行后,乱码消失)
    

    三、启动服务

    #检查配置文件是否有语法错误:
    named-checkconf
    
    #启动bind服务
    systemctl start named
    

    四、更改腾讯云服务器DNS解析

    sed -i '$aDNS1=172.20.16.2
    DNS2=172.20.16.3' /etc/sysconfig/network-scripts/ifcfg-eth0
    sed -i '2,3d' /etc/resolv.conf
    sed -i '$a
    ameserver=172.20.16.2
    nameserver=172.20.16.3' /etc/resolv.conf
    
  • 相关阅读:
    C/C++程序员应聘常见面试题剖析(经典)
    连续几个数组在内存中的存储地址
    虚析构函数
    c++中的函数模版和类模版
    C++多态性(续)
    malloc和new的区别和联系
    深入浅出多线程系列之四:简单的同步 lock
    Silverlight_Rest_WCF系列之六:跨线程
    深入浅出多线程系列之五:一些同步构造(下篇)
    深入浅出多线程系列之五:一些同步构造(上篇)
  • 原文地址:https://www.cnblogs.com/luchuangao/p/9291198.html
Copyright © 2020-2023  润新知