在搭建好DNS服务器的基础上(过程见“搭建DNS服务器”),实现主从服务比较简单。
试验环境:
redhat6.1 64bit(主) ip:192.169.1.100
redhat6.1 32bit(从) ip:192.169.1.98
实验过程如下(接“搭建DNS服务器”):
[root@localhost named]# pwd
/var/named/chroot/var/named
[root@localhost named]# cd /var/named/chroot/etc/
[root@localhost etc]# ls
localtime named named.conf named.iscdlv.key named.rfc1912.zones pki rndc.key
[root@localhost etc]# vim named.rfc1912.zones
#把刚才搭建的注释掉
//zone "example.com" IN {
// type master;
// file "1.zone";
// allow-update { none; };
//};
#加上以下几行
zone "example.com" IN {
type slave; #本DNS为从
#把主DNS对应的主机名对应ip地址文件同步过来,并命名为slave.zone,这里前面的slaves是一定要写的,
#这里路径其实是/var/named/chroot/var/named/slaves/同步过来后会在这个目录下看到slave.zone文件,
#其内容和主DNS的对应文件内容相同
file "slaves/slave.zone";
allow-update { none; };
masters { 192.169.1.100; }; #指定主DNS的ip
};
[root@localhost etc]# vim named.conf
options {
listen-on port 53 { 192.169.1.98; }; #这里一定要写本机ip地址,不能写any了,其他不变
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
[root@localhost etc]# iptables -F #关闭防火墙
[root@localhost etc]# service named restart
停止 named: [确定]
启动 named: [确定]
#这里在主DNS那里重启服务,以下是主DNS操作
[root@localhost ~]# iptables -F #关掉防火墙
[root@localhost ~]# service named restart #若启动服务卡死
停止 named:..^C
[root@localhost ~]# ps -aux|grep named #先关掉进程,然后从新启动
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
named 25591 0.0 1.8 236484 19316 ? Ssl Aug10 0:03 /usr/sbin/named -u named -t /var/named/chroot
root 30680 0.0 0.0 103244 860 pts/12 S+ 15:35 0:00 grep named
[root@localhost ~]# kill -9 25591
[root@localhost ~]# service named restart
停止 named: [确定]
启动 named: [确定]
#回到从DNS服务器
[root@localhost etc]# cd /var/named/chroot/var/named/
[root@localhost named]# ls
1.zone data named.ca named.localhost slaves
chroot dynamic named.empty named.loopback
[root@localhost named]# cd slaves/
[root@localhost slaves]# ls #可以看到这里有一个slave.zone文件
slave.zone
[root@localhost slaves]# cat slave.zone #cat下里面的内容
$ORIGIN .
$TTL 86400 ; 1 day
example.com IN SOA example.com. root. (
0 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS chen.example.com.
A 192.169.1.100
$ORIGIN example.com.
chen A 192.169.1.100
ftp CNAME www
station1 A 192.169.1.100
www A 192.169.1.100
[root@localhost slaves]#
#以下是主DNS对应文件的内容,可以看到里面内容是一样的
[root@localhost named]# cat 1.zone
$TTL 1D
@ IN SOA example.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS chen
example.com. A 192.169.1.100
station1 A 192.169.1.100
www A 192.169.1.100
chen A 192.169.1.100
ftp CNAME www
[root@localhost named]#