使用bind搭建高可用DNS伺服器
作者:陸文舉2010-11-26
主DNS:192.168.1.101
備DNS:192.168.1.102
OS版本:CentOS 5.4
Bind版本:bind-9.6.2-P2.tar.gz
Bind下載下傳位址:
一、主DNS安裝及配置
安裝bind
#tar zxvf bind-9.6.2-P2.tar.gz
#cd bind-9.6.2-P2
#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check
#make && make install
注:編譯選項--enable-threads意為開啟多線程模式,--disable-openssl-version-check意為禁止openssl檢測
建立配置檔案rndc.conf
#/usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
注:rndc是bind的一個管理工具,通過rndc我們可以檢視bind的狀态、重新整理bind緩存、檢視bind日志等
建立配置檔案named.conf
#cd /usr/local/named/etc/
#tail -n10 rndc.conf | head -n9 | sed -es/#\//g > named.conf
注:named.conf是bind的主配置檔案,在此檔案可以設定bind的工作目錄、日志、要解析的域等
主配置檔案named.conf配置
修改主配置檔案,添加根區域、luwenju.com正向區域和反向區域
#vi /usr/local/named/etc/named.conf ,在檔案尾部添加如下内
options {
directory "/usr/local/named/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luwenju.com" IN {
type master;
file "luwenju.zone";
allow-transfer { 192.168.1.102; };
notify yes;
also-notify { 192.168.1.102; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.arpa";
allow-transfer { 192.168.1.102; };
notify yes;
also-notify { 192.168.1.102; };
};
關于配置檔案中的一些注釋:
建立根區域配置檔案
#mkdir /usr/local/named/var/named
#/usr/local/named/bin/dig -t NS .>/usr/local/named/var/named/named.ca
建立luwenju.com正向解析區域檔案
# vi /usr/local/named/var/named/luwenju.zone
$ORIGIN luwenju.com.
@
3600
IN
SOA
luwenju.com. root.luwenju.com. (
10
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100
dns1
IN
A
192.168.1.101
dns2
IN
A
192.168.1.102
www
IN
A
192.168.1.103
bbs
IN
A
192.168.1.104
blog
IN
A
192.168.1.105
建立luwenju.com 的反向區域檔案
# vi/usr/local/named/var/named/1.168.192.arpa
$TTL 3600
1.168.192.in-addr.arpa.
3600
IN
SOA
luwenju.com.
root.luwenju.com. (
20
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX 5
luwenju.com.
100
IN
PTR
luwenju.com.
101
IN
PTR
dns1.luwenju.com.
102
IN
PTR
dns2.luwenju.com.
103
IN
PTR
104
IN
PTR
bbs.luwenju.com.
105
IN
PTR
blog.luwenju.com.
啟動bind
# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf&
正向解析測試
将本機DNS指向192.168.1.101,然後使用nslookup進行測試,測試結果如下
# /usr/local/named/bin/nslookup
> luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
luwenju.com
Address: 192.168.1.100
> dns1.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
dns1.luwenju.com
Address: 192.168.1.101
> dns2.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
dns2.luwenju.com
Address: 192.168.1.102
>
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
Address: 192.168.1.103
> bbs.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
bbs.luwenju.com
Address: 192.168.1.104
> blog.luwenju.com
Server:
192.168.1.101
Address:
192.168.1.101#53
Name:
blog.luwenju.com
Address: 192.168.1.105
反向解析測試
# /usr/local/named/bin/nslookup
> 192.168.1.100
Server:
192.168.1.101
Address:
192.168.1.101#53
100.1.168.192.in-addr.arpa
name = luwenju.com.
> 192.168.1.101
Server:
192.168.1.101
Address:
192.168.1.101#53
101.1.168.192.in-addr.arpa
name = dns1.luwenju.com.
> 192.168.1.102
Server:
192.168.1.101
Address:
192.168.1.101#53
102.1.168.192.in-addr.arpa
name = dns2.luwenju.com.
> 192.168.1.103
Server:
192.168.1.101
Address:
192.168.1.101#53
103.1.168.192.in-addr.arpa
name =
> 192.168.1.104
Server:
192.168.1.101
Address:
192.168.1.101#53
104.1.168.192.in-addr.arpa
name = bbs.luwenju.com.
> 192.168.1.105
Server:
192.168.1.101
Address:
192.168.1.101#53
105.1.168.192.in-addr.arpa
name = blog.luwenju.com.
二、備DNS搭建及配置
1、安裝bind
#tar zxvf bind-9.6.2-P2.tar.gz
#cd bind-9.6.2-P2
#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check
#make && make install
注:編譯選項--enable-threads意為開啟多線程模式,--disable-openssl-version-check意為禁止openssl檢測
2、将主DNS上的 named.conf和rndc.conf拷貝到備DNS伺服器的/usr/local/named/etc目錄下
3、将主DNS上的/usr/local/named/var/named整個目錄拷貝到備DNS的/usr/local/named/var下
4、修改備DNS伺服器的named.conf配置檔案
#vi/usr/local/named/etc/named.conf注:隻修改luwenju.com的正向、反向區域即可,因為我們隻對luwenju.com進行主備DNS同步,在named.conf中修改後luwenju.com正向、反向區域配置内容如下
zone "luwenju.com" IN {
type slave;
file "luwenju.zone";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "1.168.192.arpa";
masters { 192.168.1.101; };
};
5、啟動bind
/usr/local/named/sbin/named -gc/usr/local/named/etc/named.conf &
6、正向解析測試
将本機DNS指向192.168.1.102,然後使用nslookup進行測試,測試結果顯示如下
# /usr/local/named/bin/nslookup
> luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
luwenju.com
Address: 192.168.1.100
> dns1.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
dns1.luwenju.com
Address: 192.168.1.101
> dns2.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
dns2.luwenju.com
Address: 192.168.1.102
>
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
Address: 192.168.1.103
> bbs.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
bbs.luwenju.com
Address: 192.168.1.104
> blog.luwenju.com
Server:
192.168.1.102
Address:
192.168.1.102#53
Name:
blog.luwenju.com
Address: 192.168.1.105
7、反向解析測試
> 192.168.1.100
Server:
192.168.1.102
Address:
192.168.1.102#53
100.1.168.192.in-addr.arpa
name = luwenju.com.
> 192.168.1.101
Server:
192.168.1.102
Address:
192.168.1.102#53
101.1.168.192.in-addr.arpa
name = dns1.luwenju.com.
> 192.168.1.102
Server:
192.168.1.102
Address:
192.168.1.102#53
102.1.168.192.in-addr.arpa
name = dns2.luwenju.com.
> 192.168.1.103
Server:
192.168.1.102
Address:
192.168.1.102#53
103.1.168.192.in-addr.arpa
name =
> 192.168.1.104
Server:
192.168.1.102
Address:
192.168.1.102#53
104.1.168.192.in-addr.arpa
name = bbs.luwenju.com.
> 192.168.1.105
Server:
192.168.1.102
Address:
192.168.1.102#53
105.1.168.192.in-addr.arpa
name = blog.luwenju.com.
三、主備DNS同步測試
1、在主DNS的/usr/local/named/var/named/luwenju.zone檔案中添加一條主機記錄(A記錄),主機記錄如下
test
IN
A
192.168.1.106
2、在主DNS伺服器上增大所要同步區域的serial值(以後主備DNS同步時加1即可,但要高于備DNS),修改後主DNS伺服器的luwenju.com正向區域檔案内容如下
$ORIGIN luwenju.com.
@
3600
IN
SOA
luwenju.com. root.luwenju.com. (
11
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100
dns1
IN
A
192.168.1.101
dns2
IN
A
192.168.1.102
www
IN
A
192.168.1.103
bbs
IN
A
192.168.1.104
blog
IN
A
192.168.1.105
test
IN
A
192.168.1.106
3、重載bind
在主DNS上執行如下指令
# /usr/local/named/sbin/rndc reload
4、檢測備DNS是否得到同步
[[email protected] ~]# more /usr/local/named/var/named/luwenju.zone
$ORIGIN .
$TTL 3600
; 1 hour
luwenju.com
IN SOA
luwenju.com. root.luwenju.com. (
11; serial
3600
; refresh (1 hour)
900
; retry (15 minutes)
1209600
; expire (2 weeks)
3600
; minimum (1 hour)
)
NS
dns1.luwenju.com.
NS
dns2.luwenju.com.
A
192.168.1.100
MX
5 luwenju.com.
$ORIGIN luwenju.com.
bbs
A
192.168.1.104
blog
A
192.168.1.105
dns1
A
192.168.1.101
dns2
A
192.168.1.102
test
A
192.168.1.106
www
A
192.168.1.103