随着公司业务的扩大,服务器的数量也随之变大,在管理上如果还是单独的使用ip来管理,十分的麻烦,而且在某些业务或者软件上,比如使用bi使用hadoop来进行数据挖掘与日志分析的时候,hadoop集群需求dns配合,如果集群机器少,可以使用/etc/hosts里设置,但如果多的话,使用dns是更好的选择,puppet的应用也是如此,所以我最近研究了一下bind技术,把我的成果分享给大家。
一.介绍
DNS 是域名系统 (Domain Name System) 的缩写,是因特网的一项核心服务,它作为可以将域名和IP地址相互映射的一个分布式数据库,能够使人更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。
主从的原理为:
原理:主dns服务器上修改完成后重启服务,会主动传送notify值,如果辅助DNS服务器没有收到才参考Refresh,Refresh 不成功,则参考Retry ,Retry 一直不成功, 则参考 Expire,如果Expire也不成功,则选择放弃zone transfer的过程。
二.测试目的
本次测试主要想达到以下2个目的:
1、dns主从;(如master与slave任何一端dns服务断掉,也可以通过从另外一端来解析域名);
2、自动更新;(如果master修改完成信息后,slave也会自动更新);
三.环境
1
2
3
|
IP status domain name system
192.168
.
56.104
master ns1.test.com centos
6.2
x86_64
192.168
.
56.105
slave ns2.test.com centos
6.2
x86_64
|
四、安装
1
2
|
在master与slave都是使用yum来安装bind
yum install bind*
|
五、配置
A.在master端配置
1、修改/etc/named.conf
此文件注意是提供bind的配置
下面我的master的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
[root@master ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
//服务器的全局配置选项及一些默认设置
listen-on port
53
{ any; };
//监听端口,也可写为 { 127.0.0.1; 192.168.56.104; }
# listen-on-v6 port
53
{ ::
1
; };
//对ip6支持
directory
"/var/named"
;
//区域文件存储目录
dump-file
"/var/named/data/cache_dump.db"
;
//dump cach的目录directory
statistics-file
"/var/named/data/named_stats.txt"
;
memstatistics-file
"/var/named/data/named_mem_stats.txt"
;
allow-query { any; };
//指定允许进行查询的主机,当然是要所有的电脑都可以查啦
recursion yes;
//设置进行递归查询
allow-transfer {
192.168
.
56.105
;};
//指定允许接受区域传送请求的主机,说明白一点就是辅dns的ip
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file
"/etc/named.iscdlv.key"
;
managed-keys-directory
"/var/named/dynamic"
;
};
logging {
//指定服务器日志记录的内容和日志信息来源
channel default_debug {
file
"data/named.run"
;
severity
dynamic
;
};
};
zone
"."
IN {
type hint;
file
"named.ca"
;
};
include
"/etc/named.rfc1912.zones"
;
//包含文件,这里也就是载入/etc/named.rfc1912.zones
#
include
"/etc/named.root.key"
;
|
注意:红色字体为需要修改的地方。
2、/etc/named.rfc1912.zones
此文件主要是保存正向解析与反向解决配置
下面是我在master里的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
[root@master ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
#zone
"localhost.localdomain"
IN {
# type master;
# file
"named.localhost"
;
# allow-update { none; };
#};
zone
"test.com"
IN {
type master;
file
"named.test.com"
;
notify yes;
also-notify {
192.168
.
56.105
;};
allow-update { none;};
allow-transfer {
192.168
.
56.105
; };
};
#zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
# type master;
# file
"named.loopback"
;
# allow-update { none; };
#};
zone
"56.168.192.in-addr.arpa"
IN {
type master;
file
"192.168.56.arpa"
;
# notify yes;
# also-notify {
192.168
.
56.105
;};
allow-update { none;};
allow-transfer {
192.168
.
56.105
; };
};
#zone
"0.in-addr.arpa"
IN {
# type master;
# file
"named.empty"
;
# allow-update { none; };
#};
|
说到底也就是2个功能:
1、增加一个正向解析的域名test.com,设置类型为master,同时允许在更新时候通知192.168.56.105;
2、增加一个反向节点的ip,同样设置类型为master,也允许在更新时候通知192.168.56.105;
其他不需要的地方你可以删除与注释掉。
3、到/var/named目录下,添加正向解析与反向解析的文件
1
2
3
|
cd /
var
/named/
cp –p name.localhost name.test.com
cp –p name.localhost
192.168
.
56
.arpa
|
下面是我的master的正向解析配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@master named]# cat named.test.com
$TTL 1D
@ IN SOA ns1.test.com. root.localhost. (# SOA字段
2013070814
; serial # 版本号 同步一次 +
1
,一般格式为年月日+次数,如果想在master修改一次slve就自动更新,每次修改完后必须+
1
,也就是说每次想slave同步master,必须保证master的serial比slave的大
60
; refresh # 更新时间
1H ; retry # 更新失败,重试更新时间
1W ; expire#更新失败多长时间后此DNS失效时间
3H ) ; minimum # 解析不到请求不予回复时间
NS ns1.test.com.
NS ns2.test.com.
A
192.168
.
56.104
server A
192.168
.
56.101
client1 A
192.168
.
56.103
ubuntu A
192.168
.
56.102
ns1 A
192.168
.
56.104
ns2 A
192.168
.
56.105
|
说明
SOA
此记录指定区域的起点。它所包含的信息有区域名、区域管理员电子邮件地址,以及指示辅 DNS服务器如何更新区域数据文件的设置等。
常用的资源记录类型[3]
A 地址 此记录列出特定主机名的 IP 地址。这是名称解析的重要记录。
CNAME 标准名称 此记录指定标准主机名的别名。
MX邮件交换器此记录列出了负责接收发到域中的电子邮件的主机。
NS名称服务器此记录指定负责给定区域的名称服务器。
下面是我的master的反向解析配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@master named]# cat
192.168
.
56
.arpa
$TTL 1D
@ IN SOA ns1.test.com. root.lcoalhost. (
2013070814
; serial
60
; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
NS ns2.test.com.
101
PTR server.test.com.
102
PTR ubuntu.test.com.
103
PTR client1.test.com.
104
PTR ns1.test.com.
105
PTR ns2.test.com.
|
4、启动bind
1
|
/etc/init.d/named start
|
5、把本机的dns解析指向我们刚建立的
1
2
3
|
[root@master named]# cat /etc/resolv.conf
nameserver
192.168
.
56.104
nameserver
192.168
.
56.105
|
6、使用nslookup测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@master named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr
08
:
00
:
27
:
59
:BB:1F
inet addr:
192.168
.
56.104
Bcast:
192.168
.
56.255
Mask:
255.255
.
255.0
inet6 addr: fe80::a00:27ff:fe59:bb1f/
64
Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:
1500
Metric:
1
RX packets:
2761
errors:
0
dropped:
0
overruns:
0
frame:
0
TX packets:
3224
errors:
0
dropped:
0
overruns:
0
carrier:
0
collisions:
0
txqueuelen:
1000
RX bytes:
255523
(
249.5
KiB) TX bytes:
455771
(
445.0
KiB)
[root@master named]# nslookup
> ns1.test.com
Server:
192.168
.
56.104
Address:
192.168
.
56.104
#
53
Name: ns1.test.com
Address:
192.168
.
56.104
> ns2.test.com
Server:
192.168
.
56.104
Address:
192.168
.
56.104
#
53
Name: ns2.test.com
Address:
192.168
.
56.105
> server.test.com
Server:
192.168
.
56.104
Address:
192.168
.
56.104
#
53
Name: server.test.com
Address:
192.168
.
56.101
>
192.168
.
56.104
Server:
192.168
.
56.104
Address:
192.168
.
56.104
#
53
104.56
.
168.192
.
in
-addr.arpa name = ns1.test.com.
>
192.168
.
56.105
Server:
192.168
.
56.104
Address:
192.168
.
56.104
#
53
105.56
.
168.192
.
in
-addr.arpa name = ns2.test.com.
>
192.168
.
56.101
Server:
192.168
.
56.104
Address:
192.168
.
56.104
#
53
101.56
.
168.192
.
in
-addr.arpa name = server.test.com.
|
使用dig测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
[root@master named]# dig ns1.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> ns1.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
25723
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
1
;; QUESTION SECTION:
;ns1.test.com. IN A
;; ANSWER SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns2.test.com.
test.com.
86400
IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns2.test.com.
86400
IN A
192.168
.
56.105
;; Query time:
1
msec
;; SERVER:
192.168
.
56.104
#
53
(
192.168
.
56.104
)
;; WHEN: Mon Jul
8
10
:
11
:
30
2013
;; MSG SIZE rcvd:
94
[root@master named]# dig ns2.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> ns2.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
16279
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
1
;; QUESTION SECTION:
;ns2.test.com. IN A
;; ANSWER SECTION:
ns2.test.com.
86400
IN A
192.168
.
56.105
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns2.test.com.
test.com.
86400
IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
;; Query time:
0
msec
;; SERVER:
192.168
.
56.104
#
53
(
192.168
.
56.104
)
;; WHEN: Mon Jul
8
10
:
11
:
33
2013
;; MSG SIZE rcvd:
94
[root@master named]# dig server.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> server.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
1422
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
2
;; QUESTION SECTION:
;server.test.com. IN A
;; ANSWER SECTION:
server.test.com.
86400
IN A
192.168
.
56.101
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns2.test.com.
test.com.
86400
IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
ns2.test.com.
86400
IN A
192.168
.
56.105
;; Query time:
1
msec
;; SERVER:
192.168
.
56.104
#
53
(
192.168
.
56.104
)
;; WHEN: Mon Jul
8
10
:
11
:
38
2013
;; MSG SIZE rcvd:
117
|
可以看到这些解析都是从SERVER: 192.168.56.104#53(192.168.56.104)也就是192.168.56.104这dns解析的
B、在slave端配置
1、修改/etc/named.conf
此文件注意是提供bind的配置
下面我的slave的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@slave named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port
53
{ any; };
# listen-on-v6 port
53
{ ::
1
; };
directory
"/var/named"
;
dump-file
"/var/named/data/cache_dump.db"
;
statistics-file
"/var/named/data/named_stats.txt"
;
memstatistics-file
"/var/named/data/named_mem_stats.txt"
;
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file
"/etc/named.iscdlv.key"
;
managed-keys-directory
"/var/named/dynamic"
;
};
logging {
channel default_debug {
file
"data/named.run"
;
severity
dynamic
;
};
};
zone
"."
IN {
type hint;
file
"named.ca"
;
};
include
"/etc/named.rfc1912.zones"
;
#
include
"/etc/named.root.key"
;
|
2、/etc/named.rfc1912.zones
此文件主要是保存正向解析与反向解决配置
下面是我在slave里的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[root@slave named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
#zone
"localhost.localdomain"
IN {
# type master;
# file
"named.localhost"
;
# allow-update { none; };
#};
zone
"test.com"
IN {
type slave;
file
"named.test.com"
;
#allow-update { none;};
masters {
192.168
.
56.104
;};
allow-update { none;};
};
#zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
# type master;
# file
"named.loopback"
;
# allow-update { none; };
#};
zone
"56.168.192.in-addr.arpa"
IN {
type slave;
file
"192.168.56.arpa"
;
# allow-update { none; };
masters {
192.168
.
56.104
;};
allow-update { none; };
};
#zone
"0.in-addr.arpa"
IN {
# type master;
# file
"named.empty"
;
# allow-update { none; };
#};
|
3、启动slave的bind服务
由于我使用dns的master与slave的自动更新,所以在slave段不需要配置正向解析与反向解析,slave会在启动时直接从master端获取配置。
先启动bind
1
|
/etc/init.d/named start
|
然后查看master端的/var/log/message的日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
Jul
8
10
:
16
:
21
master named-sdb[
2060
]: client
192.168
.
56.105
#
40695
: transfer of
'test.com/IN'
: AXFR started
Jul
8
10
:
16
:
21
master named-sdb[
2060
]: client
192.168
.
56.105
#
40695
: transfer of
'test.com/IN'
: AXFR ended
Jul
8
10
:
16
:
22
master named-sdb[
2060
]: client
192.168
.
56.105
#
34075
: transfer of
'56.168.192.in-addr.arpa/IN'
: AXFR started
Jul
8
10
:
16
:
22
master named-sdb[
2060
]: client
192.168
.
56.105
#
34075
: transfer of
'56.168.192.in-addr.arpa/IN'
: AXFR ended
查看slave段的/
var
/log/message的日志
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: starting BIND
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
-u named -t /
var
/named/chroot
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: built
with
'--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu'
'--target=x86_64-redhat-linux-gnu'
'--program-prefix='
'--prefix=/usr'
'--exec-prefix=/usr'
'--bindir=/usr/bin'
'--sbindir=/usr/sbin'
'--sysconfdir=/etc'
'--datadir=/usr/share'
'--includedir=/usr/include'
'--libdir=/usr/lib64'
'--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib'
'--mandir=/usr/share/man'
'--infodir=/usr/share/info'
'--with-libtool'
'--localstatedir=/var'
'--enable-threads'
'--enable-ipv6'
'--with-pic'
'--disable-static'
'--disable-openssl-version-check'
'--with-dlz-ldap=yes'
'--with-dlz-postgres=yes'
'--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes'
'--with-gssapi=yes'
'--disable-isc-spnego'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'--enable-fixed-rrset'
'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu'
'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
'CPPFLAGS= -DDIG_SIGCHASE'
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: ----------------------------------------------------
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: BIND
9
is
maintained by Internet Systems Consortium,
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: Inc. (ISC), a non-profit
501
(c)(
3
)
public
-benefit
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: corporation. Support and training
for
BIND
9
are
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: available at https:
//www.isc.org/support
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: ----------------------------------------------------
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: adjusted limit on open files from
4096
to
1048576
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: found
2
CPUs, using
2
worker threads
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: using up to
4096
sockets
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: SDB ldap zone database module loaded.
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: SDB postgreSQL DB zone database module loaded.
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: SDB sqlite3 DB zone database module loaded.
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: SDB directory DB zone database module loaded.
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: loading configuration from
'/etc/named.conf'
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: /etc/named.rfc1912.zones:
24
: option
'allow-update'
is
not allowed
in
'slave'
zone
'test.com'
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: /etc/named.rfc1912.zones:
38
: option
'allow-update'
is
not allowed
in
'slave'
zone
'56.168.192.in-addr.arpa'
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: reading built-
in
trusted keys from file
'/etc/named.iscdlv.key'
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: using
default
UDP/IPv4 port range: [
1024
,
65535
]
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: using
default
UDP/IPv6 port range: [
1024
,
65535
]
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: no IPv6 interfaces found
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: listening on IPv4
interface
lo,
127.0
.
0.1
#
53
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: listening on IPv4
interface
eth0,
192.168
.
56.105
#
53
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: generating session key
for
dynamic
DNS
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: sizing zone task pool based on
3
zones
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: using built-
in
DLV key
for
view _default
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]:
set
up managed keys zone
for
view _default, file
'/var/named/dynamic/managed-keys.bind'
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: Warning:
'empty-zones-enable/disable-empty-zone'
not
set
: disabling RFC
1918
empty zones
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
0
.IN-ADDR.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
127
.IN-ADDR.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
254.169
.IN-ADDR.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
2.0
.
192
.IN-ADDR.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
100.51
.
198
.IN-ADDR.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
113.0
.
203
.IN-ADDR.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
255.255
.
255.255
.IN-ADDR.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
1.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.
0.0
.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone: D.F.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
8
.E.F.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
9
.E.F.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone: A.E.F.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone: B.E.F.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: automatic empty zone:
8
.B.D.
0.1
.
0.0
.
2
.IP6.ARPA
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: command channel listening on
127.0
.
0.1
#
953
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: managed-keys-zone ./IN: loaded serial
5
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: running
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: zone test.com/IN: Transfer started.
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: transfer of
'test.com/IN'
from
192.168
.
56.104
#
53
: connected using
192.168
.
56.105
#
40695
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: zone test.com/IN: transferred serial
2013070814
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: transfer of
'test.com/IN'
from
192.168
.
56.104
#
53
: Transfer completed:
1
messages,
10
records,
266
bytes,
0.005
secs (
53200
bytes/sec)
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: zone test.com/IN: sending notifies (serial
2013070814
)
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: zone
56.168
.
192
.
in
-addr.arpa/IN: Transfer started.
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: transfer of
'56.168.192.in-addr.arpa/IN'
from
192.168
.
56.104
#
53
: connected using
192.168
.
56.105
#
34075
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: zone
56.168
.
192
.
in
-addr.arpa/IN: transferred serial
2013070814
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: transfer of
'56.168.192.in-addr.arpa/IN'
from
192.168
.
56.104
#
53
: Transfer completed:
1
messages,
9
records,
283
bytes,
0.006
secs (
47166
bytes/sec)
Jul
8
02
:
16
:
22
slave named-sdb[
5004
]: zone
56.168
.
192
.
in
-addr.arpa/IN: sending notifies (serial
2013070814
)
|
可以在日志里看到master已经给slave发送了配置,而slave也收到了。
在系统上查看是否收到了文件
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@slave ~]# cd /
var
/named/
[root@slave named]# ll
total
40
-rw-r--r--
1
named named
461
Jul
8
02
:
16
192.168
.
56
.arpa
drwxr-x---
6
named named
4096
Jul
7
21
:
14
chroot
drwxrwx---
2
named named
4096
Jul
7
22
:
01
data
drwxrwx---
2
named named
4096
Jul
8
02
:
17
dynamic
-rw-r-----
1
named named
1892
Feb
18
2008
named.ca
-rw-r-----
1
named named
152
Dec
15
2009
named.empty
-rw-r-----
1
named named
152
Jun
21
2007
named.localhost
-rw-r-----
1
named named
168
Dec
15
2009
named.loopback
-rw-r--r--
1
named named
447
Jul
8
02
:
16
named.test.com
drwxrwx---
2
named named
4096
Mar
29
06
:
21
slaves
|
可以看到系统里已经有了正常解析与反向解析
4、在本机指向刚才设置的dns
1
2
3
|
[root@slave named]# cat /etc/resolv.conf
nameserver
192.168
.
56.104
nameserver
192.168
.
56.105
|
5、使用dig测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
[root@slave named]# dig ns1.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> ns1.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
53453
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
1
;; QUESTION SECTION:
;ns1.test.com. IN A
;; ANSWER SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns1.test.com.
test.com.
86400
IN NS ns2.test.com.
;; ADDITIONAL SECTION:
ns2.test.com.
86400
IN A
192.168
.
56.105
;; Query time:
1
msec
;; SERVER:
192.168
.
56.104
#
53
(
192.168
.
56.104
)
;; WHEN: Mon Jul
8
02
:
28
:
26
2013
;; MSG SIZE rcvd:
94
[root@slave named]# dig ns2.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> ns2.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
15455
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
1
;; QUESTION SECTION:
;ns2.test.com. IN A
;; ANSWER SECTION:
ns2.test.com.
86400
IN A
192.168
.
56.105
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns1.test.com.
test.com.
86400
IN NS ns2.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
;; Query time:
1
msec
;; SERVER:
192.168
.
56.104
#
53
(
192.168
.
56.104
)
;; WHEN: Mon Jul
8
02
:
28
:
32
2013
;; MSG SIZE rcvd:
94
[root@slave named]# dig server.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> server.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
37155
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
2
;; QUESTION SECTION:
;server.test.com. IN A
;; ANSWER SECTION:
server.test.com.
86400
IN A
192.168
.
56.101
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns2.test.com.
test.com.
86400
IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
ns2.test.com.
86400
IN A
192.168
.
56.105
;; Query time:
1
msec
;; SERVER:
192.168
.
56.104
#
53
(
192.168
.
56.104
)
;; WHEN: Mon Jul
8
02
:
28
:
36
2013
;; MSG SIZE rcvd:
117
|
现在dns的master与slave与自动更新配置完成。
6、我们在测试一下,如果master端修改了或者添加了配置slave端是否能接收最新的配置
我现在master端的name.test.com的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
[root@centos named]# cat named.test.com
$TTL 1D
@ IN SOA ns1.test.com. root.localhost. (
2013070822
; serial
60
; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
NS ns2.test.com.
A
192.168
.
56.104
server A
192.168
.
56.101
client1 A
192.168
.
56.103
ubuntu A
192.168
.
56.102
ns1 A
192.168
.
56.104
ns2 A
192.168
.
56.105
test2 A
192.168
.
8.1
test1 A
192.168
.
8.12
test3 A
192.168
.
8.3
|
可以看到添加了test1-3的几个正向解析。
然后在master端重启bind
1
|
/etc/init.d/named restart
|
查看master端日志
我只列出传输日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Jul
8
12
:
00
:
49
master named-sdb[
4967
]: zone
56.168
.
192
.
in
-addr.arpa/IN: loaded serial
2013070814
Jul
8
12
:
00
:
49
master named-sdb[
4967
]: zone test.com/IN: loaded serial
2013070822
Jul
8
12
:
00
:
49
master named-sdb[
4967
]: managed-keys-zone ./IN: loaded serial
6
Jul
8
12
:
00
:
49
master named-sdb[
4967
]: running
Jul
8
12
:
00
:
49
master named-sdb[
4967
]: zone
56.168
.
192
.
in
-addr.arpa/IN: sending notifies (serial
2013070814
)
Jul
8
12
:
00
:
49
master named-sdb[
4967
]: zone test.com/IN: sending notifies (serial
2013070822
)
在查看slave端日志
Jul
8
04
:
03
:
36
slave named-sdb[
13688
]: client
192.168
.
56.104
#
48310
: received notify
for
zone
'test.com'
Jul
8
04
:
03
:
36
slave named-sdb[
13688
]: zone test.com/IN: Transfer started.
Jul
8
04
:
03
:
36
slave named-sdb[
13688
]: transfer of
'test.com/IN'
from
192.168
.
56.104
#
53
: connected using
192.168
.
56.105
#
37661
Jul
8
04
:
03
:
36
slave named-sdb[
13688
]: zone test.com/IN: transferred serial
2013070822
Jul
8
04
:
03
:
36
slave named-sdb[
13688
]: transfer of
'test.com/IN'
from
192.168
.
56.104
#
53
: Transfer completed:
1
messages,
13
records,
332
bytes,
0.005
secs (
66400
bytes/sec)
Jul
8
04
:
03
:
36
slave named-sdb[
13688
]: zone test.com/IN: sending notifies (serial
2013070822
)
Jul
8
04
:
03
:
37
slave named-sdb[
13688
]: client
192.168
.
56.104
#
21155
: received notify
for
zone
'56.168.192.in-addr.arpa'
Jul
8
04
:
03
:
37
slave named-sdb[
13688
]: zone
56.168
.
192
.
in
-addr.arpa/IN: notify from
192.168
.
56.104
#
21155
: zone
is
up to date
|
然后在slave里查看name.test.com文件内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@cacti named]# cd /
var
/named/
[root@cacti named]# cat named.test.com
$ORIGIN .
$TTL
86400
;
1
day
test.com IN SOA ns1.test.com. root.localhost. (
2013070822
; serial
60
; refresh (
1
minute)
3600
; retry (
1
hour)
604800
; expire (
1
week)
10800
; minimum (
3
hours)
)
NS ns1.test.com.
NS ns2.test.com.
A
192.168
.
56.104
$ORIGIN test.com.
client1 A
192.168
.
56.103
ns1 A
192.168
.
56.104
ns2 A
192.168
.
56.105
server A
192.168
.
56.101
test1 A
192.168
.
8.12
test2 A
192.168
.
8.1
test3 A
192.168
.
8.3
ubuntu A
192.168
.
56.102
|
可以看到成功更新了。
7、现在我们把master端的dns服务停掉,看看slave是否能解析
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
[root@slave named]# dig ns1.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> ns1.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
38700
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
1
;; QUESTION SECTION:
;ns1.test.com. IN A
;; ANSWER SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns2.test.com.
test.com.
86400
IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns2.test.com.
86400
IN A
192.168
.
56.105
;; Query time:
0
msec
;; SERVER:
192.168
.
56.105
#
53
(
192.168
.
56.105
)
;; WHEN: Mon Jul
8
02
:
30
:
22
2013
;; MSG SIZE rcvd:
94
[root@slave named]# dig ns2.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> ns2.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
28400
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
1
;; QUESTION SECTION:
;ns2.test.com. IN A
;; ANSWER SECTION:
ns2.test.com.
86400
IN A
192.168
.
56.105
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns2.test.com.
test.com.
86400
IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
;; Query time:
1
msec
;; SERVER:
192.168
.
56.105
#
53
(
192.168
.
56.105
)
;; WHEN: Mon Jul
8
02
:
30
:
29
2013
;; MSG SIZE rcvd:
94
[root@slave named]# dig server.test.com
; <<>> DiG
9.8
.2rc1-RedHat-
9.8
.
2
-
0.17
.rc1.el6_4.
4
<<>> server.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
26633
;; flags: qr aa rd ra; QUERY:
1
, ANSWER:
1
, AUTHORITY:
2
, ADDITIONAL:
2
;; QUESTION SECTION:
;server.test.com. IN A
;; ANSWER SECTION:
server.test.com.
86400
IN A
192.168
.
56.101
;; AUTHORITY SECTION:
test.com.
86400
IN NS ns1.test.com.
test.com.
86400
IN NS ns2.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.
86400
IN A
192.168
.
56.104
ns2.test.com.
86400
IN A
192.168
.
56.105
;; Query time:
0
msec
;; SERVER:
192.168
.
56.105
#
53
(
192.168
.
56.105
)
;; WHEN: Mon Jul
8
02
:
30
:
34
2013
;; MSG SIZE rcvd:
117
|
可以看到master端dbs服务断掉后,域名也可以通过slave端来进行解析。
反之,如果slave端dns服务断掉后,域名也可以通过master端进行解析。
如果测试完成后,可以把bind的服务给添加到开机启动
1
2
3
4
5
|
[root@master named]# chkconfig --list named
named
0
:off
1
:off
2
:off
3
:off
4
:off
5
:off
6
:off
[root@master named]# chkconfig --level
345
named on
[root@master named]# chkconfig --list named
named
0
:off
1
:off
2
:off
3
:on
4
:on
5
:on
6
:off
|
同时在生产环境的配置的时候,需要把master与slave的时间弄成一致,比如使用ntp同步时间,而且别再机器上开启ipstables与selinux,否则出现你master发送notify后,slave端无法接收。
而且如果在master端增加新域名的话,需要注意的是
1、在master与slave的/etc/named.rfc1912.zones都添加配置
2、在master与slave都重启bind,如果只是master端重启,而slave端不重启,会出现在master发送配置的时候,slave日志为client 192.168.56.104#11005: received notify for zone 'xxx.com': not authoritative,同时不能接收到更新;
Slave端重启后会成功的同步
1
2
3
4
5
6
7
|
Jul
8
04
:
13
:
18
cacti named-sdb[
14449
]: zone
56.168
.
192
.
in
-addr.arpa/IN: sending notifies (serial
2013070814
)
Jul
8
04
:
13
:
18
cacti named-sdb[
14449
]: zone test.com/IN: sending notifies (serial
2013070822
)
Jul
8
04
:
13
:
18
cacti named-sdb[
14449
]: zone hadoop.com/IN: Transfer started.
Jul
8
04
:
13
:
18
cacti named-sdb[
14449
]: transfer of
'hadoop.com/IN'
from
192.168
.
56.104
#
53
: connected using
192.168
.
56.105
#
49804
Jul
8
04
:
13
:
18
cacti named-sdb[
14449
]: zone hadoop.com/IN: transferred serial
2013070813
Jul
8
04
:
13
:
18
cacti named-sdb[
14449
]: transfer of
'hadoop.com/IN'
from
192.168
.
56.104
#
53
: Transfer completed:
1
messages,
9
records,
265
bytes,
0.004
secs (
66250
bytes/sec)
Jul
8
04
:
13
:
18
cacti named-sdb[
14449
]: zone hadoop.com/IN: sending notifies (serial
2013070813
)
|
可以从日志里看到同步成功。
如果在/var/log/message日志里出现一下内容
1
2
3
4
5
6
7
8
9
10
|
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'ns1.nic.uk/AAAA/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'nsc.nic.uk/A/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'nsc.nic.uk/AAAA/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'ns2.nic.uk/AAAA/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'ns3.nic.uk/AAAA/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'nsa.nic.uk/AAAA/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'./NS/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'ns6.nic.uk/AAAA/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
34
master named-sdb[
6324
]: error (network unreachable) resolving
'nsd.nic.uk/AAAA/IN'
:
2001
:
500
:2f::f#
53
Jul
8
13
:
36
:
36
master named-sdb[
6324
]: error (network unreachable) resolving
'ns3.nic.uk/AAAA/IN'
:
2001
:
502
:ad09::
3
#
53
|
原因是try to use IPv6 transport even if the server host does not have IPv6 connectivity
解决方法:可以在直接编译配置文件/etc/sysconfig/named,去除去IPv6的解析,只解析IPv4,OPTIONS="whatever" 改为 OPTIONS="-4",注意OPTIONS选项的值可以是:whatever、-4、-6中的一
本文出自 “吟—技术交流” 博客,请务必保留此出处http://dl528888.blog.51cto.com/2382721/1249311