DNS主從自動同步

http://blog.sina.com.cn/s/blog_474edf960100vstt.html

自動同步使用到rndc這個指令

需要配置key

rndc-confgen -a -k rndckey

cat /etc/rndc.key

key "rndckey" {

       algorithm hmac-md5;

       secret "3WLdA3MK8gLdpg2QSvixEQ==";     

};

将這個key複制到named.conf中

cat /etc/named.conf

key "rndckey" {

       algorithm hmac-md5;

       secret "3WLdA3MK8gLdpg2QSvixEQ==";     //使用rndc的本地key，從/etc/rndc.key中複制

};

controls {

       inet 127.0.0.1 port 953                //本地管理端口

       allow { 127.0.0.1; } keys {"rndckey"; }; //允許管理的key名

};

options {

       directory       "/var/named";

};

zone "." IN {

       type hint;

       file "named.ca";

};

zone "localhost" IN {

       type master;

       file "localhost.zone";

};

zone "0.0.127.in-addr.arpa" IN {

       type master ;

       file "named.local";

};

zone "a.com" IN {

       type master;

       file "a.com.zone";

       allow-transfer { 192.168.1.248;192.168.1.164; };   //允許同步的從機IP或者key

       notify yes;                                         //允許檢視

       also-notify { 192.168.1.248;192.168.1.164; };        //允許檢視的從機IP或者key

};

執行指令

[[email protected] named]# rndc status

number of zones: 3                  

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/1000

tcp clients: 0/100

server is up and running

===================================從機===============================================

cat /etc/named.conf

key "rndckey" {

       algorithm hmac-md5;

       secret "lC06g8EXoKiUB8XEdcoJ4Q==";              //跟主機一樣生成自己的key，非主機

};

controls {

       inet 127.0.0.1 port 953

       allow { 127.0.0.1; } keys {"rndckey"; };

};

options {

       directory       "/var/named";

};

zone "." IN {

       type hint;

       file "named.ca";

};

zone "localhost" IN {

       type master;

       file "localhost.zone";

};

zone "0.0.127.in-addr.arpa" IN {

       type master ;

       file "named.local";

};

zone "a.com" IN {

       type slave;

       file "slaves/a.com.zone";

       masters { 192.168.1.248; };            //同步主機的IP

};

================================實驗===========================================

在主機上進行操作

修改a.com.zone

添加一條A記錄，然後修改serial值，隻有當主機的值比從機大時，才會同步。

然後儲存

執行rndc reload

看日志

tail /var/log/message

Nov 2 17:20:18 bogon named[26969]: zone a.com/IN: loaded serial 20111104  //加載最新的serial日期

Nov 2 17:20:18 bogon named[26969]: zone a.com/IN: sending notifies (serial 20111104)

Nov 2 17:20:18 bogon named[26969]: client 192.168.1.248#50765: received notify for zone 'a.com'

Nov 2 17:20:18 bogon named[26969]: client 192.168.1.164#33437: transfer of 'a.com/IN': AXFR-style IXFR started //從機164開始同步

Nov 2 17:20:18 bogon named[26969]: client 192.168.1.164#33437: transfer of 'a.com/IN': AXFR-style IXFR ended  //從機164同步完成

Nov 2 17:20:19 bogon named[26969]: client 192.168.1.164#30060: received notify for zone 'a.com' //從機檢查a.com域

再看從機上的日志，從檢查到同步的過程

Nov 2 17:19:21 bogon named[8956]: client 192.168.1.248#38637: received notify for zone 'a.com'

Nov 2 17:19:21 bogon named[8956]: zone a.com/IN: Transfer started.

Nov 2 17:19:21 bogon named[8956]: transfer of 'a.com/IN' from 192.168.1.248#53: connected using 192.168.1.164#33437

Nov 2 17:19:21 bogon named[8956]: zone a.com/IN: transferred serial 20111104

Nov 2 17:19:21 bogon named[8956]: transfer of 'a.com/IN' from 192.168.1.248#53: end of transfer

Nov 2 17:19:21 bogon named[8956]: zone a.com/IN: sending notifies (serial 20111104)

轉載于:https://blog.51cto.com/shuichuanshi/1752931