一、DNS主从简介
DNS的Slave端从Master端获取zone的文件信息到本地,slave获取之后即可为该区域的解析提供服务,可作为良好的DNS区域文件备份方式,但是slave端中同步的zone文件不可修改。
二、DNS区域文件同步的架构图:
三、DNS的主从同步根据传送的方式分为:
1.axfr:完全传送
2.ixfr:增量传送
四、Master端配置:
主配置文件的修改:/etc/named.conf
options {
directory "/var/named/";
notify yes; ##开启全局推送机制
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "jeffery.org" IN {
type master;
file "jeffery.org.zone";
allow-transfer{ 192.168.220.101; }; ##该区域允许192.168.220.101来同步,也可以options中定义则表示所有区域都允许被同步
};
定义区域文件:/var/named/jeffery.org.zone
$TTL 1D @ IN SOA ns1.jeffery.org. admin.jeffery.com. ( 301 ; serial ##版本号 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.jeffery.org. IN NS ns2.jeffery.org. ##slave的NS记录,至关重要 ns1 IN A 192.168.220.100 ns2 IN A 192.168.220.101 ##slave的A记录,至关重要 jeffery.com IN MX 10 mail.jeffery.com. mail IN A 9.9.9.9 www IN A 8.8.8.8 ftp IN A 2.2.2.2
slave端的配置:
主配置文件:/etc/named.conf
options {
directory "/var/named/";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "jeffery.org" IN {
type slave; ##设置为slave类型
file "slaves/jeffery.org.zone"; ##同步文件保存位置
masters { 192.168.220.100; }; ##master位置
};
结果测试:
五、增量更新修改,测试
Master端区域文件配置:/var/named/jeffery.org.zone
$TTL 1D @ IN SOA ns1.jeffery.org. admin.jeffery.com. ( 1 ; serial ##版本号增加 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.jeffery.org. IN NS ns2.jeffery.org. ns1 IN A 192.168.220.100 ns2 IN A 192.168.220.101 jeffery.com IN MX 10 mail.jeffery.com. mail IN A 9.9.9.9 www IN A 10.10.10.10 ##www服务器ip更改 ftp IN A 2.2.2.2
如果需要快速看到结果则需要重读配置文件(/etc/named.conf)
Slave端收到的区域文件:/var/named/slaves/jeffery.org.zone
表明测试成功,增量更新完毕!
转载于:https://blog.51cto.com/jefferyyu/1313659
1781
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
