为什么要做DNS主从同步服务器
当主解析服务器出现了故障从服务器一样嫩够提供正常的解析服务
DNS主从同步实验
实验环境
主服务器:20.0.0.10
从服务器:20.0.0.11
测试机:20.0.0.12
关闭防火墙核心防护,搭建yum仓库,这里直接用脚本一键完成
注意一点:虚拟机那个镜像连接的钩一定要打上
vi yum.sh
#!/bin/bash
#TARFILE=schj-'date +%s'.tgz
mount /dev/cdrom /mnt/
touch /etc/yum.repos.d/local.repo
mkdir /etc/yum.repos.d/bak
cd /etc/yum.repos.d && \
mv C* bak/
echo -e '[base]\nname=CentOS7.6\nbaseurl=file:///mnt\nenabled=1\ngpgcheck=0\n#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7'>/etc/yum.repos.d/local.repo
echo '/dev/cdrom iso9660 defaults 0 0' >>/etc/fstab
yum clean all
yum makecache
systemctl stop firewalld
systemctl disable firewalld
se_cnf="/etc/selinux/config"
find_key="SELINUX="
setenforce 0 &>/dev/null
sed -ri "/^$find_key/c${find_key}disabled" $se_cnf
result="`getenforce`"
if [ $result = Enforing ];then
echo "selinux关闭失败!"
exit 10
else
echo "selinux关闭成功!"
fi
bash yum.sh ##无需授权直接执行
主服务器配置
yum -y install bind bind-utils bind-chroot bind-libs
配置文件一
vi /etc/named.conf
options {
listen-on port 53 { 20.0.0.10; };
...
allow-query { any; };
配置文件二
vi /etc/named.rfc1912.zones
zone "lai.com" IN {
type master;
file "lai.com.zone";
allow-transfer { 20.0.0.11; };
also-notify { 20.0.0.11; };
};
zone "1.0.0.0.0.0.0.0.0.0.00.0.0.0.0.0.0.ip6.arpa" IN {
zone "0.0.20.in-addr.arpa" IN {
type master;
file "20.0.0.arpa";
allow-transfer { 20.0.0.11; };
also-notify { 20.0.0.11; };
};
配置文件三1
vim /var/named/lai.com.zon
$TTL 1D
@ IN SOA lai.com. admin. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.10.88
www IN A 192.168.10.88
ftp IN A 192.168.10.99
mail IN A 192.168.10.100
#mail IN CNAME www
配置文件三2
vim /var/named/20.0.0.arpa
$TTL 1D
@ IN SOA lai.com. admin.lai.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 20.0.0.88
188 IN PTR www.lai.com
199 IN PTR ftp.lai.com
125 IN PTR bbs.lai.com
启动
systemctl restart named
或是出现错误用下面方法检查
named-checkconf /etc/named.conf
named-checkzone lai.com /var/named/20.0.0.arpa
named-checkzone lai.com /var/named/lai.com.zone
named-checkconf /etc/named.rfc1912.zones
从服务器配置
安装
yum -y install bind bind-utils bind-chroot bind-libs
配置文件一
vi /etc/named.conf
options {
listen-on port 53 { 20.0.0.11; };
...
allow-query { any; };
配置文件二
vim /etc/named.rfc1912.zones
zone "lai.com" IN {
type slave;
masters { 20.0.0.10; };
also-notify { 20.0.0.10; };
file "slaves/lai.com.zone";
};
zone "1.0.0.0.0.0.0.0.0.0.00.0.0.0.0.0.0.ip6.arpa" IN {
zone "0.0.20.in-addr.arpa" IN {
type slave;
masters { 20.0.0.10; };
also-notify { 20.0.0.10; };
file "slaves/lai.com.zone";
};
不需要配置文件三直接开启后能看到同步结果
systemctl start named
cd /var/named/
[root@lai2 named]# ls slaves/
lai.com.zone
测试结果
vim /etc/resolv.conf 先订了解析的地址
# Generated by NetworkManager
#nameserver 8.8.8.8
#nameserver 114.114.114.114
nameserver 20.0.0.10
nameserver 20.0.0.11
测试
[root@localhost ~]# nslookup www.lai.com
Server: 20.0.0.10
Address: 20.0.0.10#53
Name: www.lai.com
Address: 192.168.10.88
[root@localhost ~]# nslookup 20.0.0.188
Server: 20.0.0.10
Address: 20.0.0.10#53
188.0.0.20.in-addr.arpa name = www.lai.com.0.0.20.in-addr.arpa.
[root@localhost ~]# nslookup 20.0.0.199
Server: 20.0.0.10
Address: 20.0.0.10#53
199.0.0.20.in-addr.arpa name = ftp.lai.com.0.0.20.in-addr.arpa.
当主服务挂了在测试
systemctl stop named
[root@localhost ~]# nslookup www.lai.com
Server: 20.0.0.10
Address: 20.0.0.10#53
Name: www.lai.com
Address: 192.168.10.88