天天看點
傳回

bind 跟伺服器修改,使用bind搭建高可用DNS伺服器

使用bind搭建高可用DNS伺服器

作者:陸文舉2010-11-26

主DNS:192.168.1.101

備DNS:192.168.1.102

OS版本:CentOS 5.4

Bind版本:bind-9.6.2-P2.tar.gz

Bind下載下傳位址:

一、主DNS安裝及配置

安裝bind

#tar zxvf bind-9.6.2-P2.tar.gz

#cd bind-9.6.2-P2

#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check

#make && make install

注:編譯選項--enable-threads意為開啟多線程模式,--disable-openssl-version-check意為禁止openssl檢測

建立配置檔案rndc.conf

#/usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf

注:rndc是bind的一個管理工具,通過rndc我們可以檢視bind的狀态、重新整理bind緩存、檢視bind日志等

建立配置檔案named.conf

#cd /usr/local/named/etc/

#tail -n10 rndc.conf | head -n9 | sed -es/#\//g > named.conf

注:named.conf是bind的主配置檔案,在此檔案可以設定bind的工作目錄、日志、要解析的域等

主配置檔案named.conf配置

修改主配置檔案,添加根區域、luwenju.com正向區域和反向區域

#vi /usr/local/named/etc/named.conf ,在檔案尾部添加如下内

options {

directory  "/usr/local/named/var/named";

};

zone "." IN {

type hint;

file "named.ca";

};

zone "luwenju.com" IN {

type master;

file "luwenju.zone";

allow-transfer { 192.168.1.102; };

notify yes;

also-notify { 192.168.1.102; };

};

zone "1.168.192.in-addr.arpa"  IN {

type master;

file "1.168.192.arpa";

allow-transfer { 192.168.1.102; };

notify yes;

also-notify { 192.168.1.102; };

};

關于配置檔案中的一些注釋:

建立根區域配置檔案

#mkdir /usr/local/named/var/named

#/usr/local/named/bin/dig -t NS .>/usr/local/named/var/named/named.ca

建立luwenju.com正向解析區域檔案

# vi /usr/local/named/var/named/luwenju.zone

$ORIGIN luwenju.com.

@

3600

IN

SOA

luwenju.com. root.luwenju.com. (

10

3600

900

1209600

3600 )

3600

IN

NS

dns1.luwenju.com.

3600

IN

NS

dns2.luwenju.com.

3600

IN

MX

5

luwenju.com.

IN

A

192.168.1.100

dns1

IN

A

192.168.1.101

dns2

IN

A

192.168.1.102

www

IN

A

192.168.1.103

bbs

IN

A

192.168.1.104

blog

IN

A

192.168.1.105

建立luwenju.com 的反向區域檔案

# vi/usr/local/named/var/named/1.168.192.arpa

$TTL 3600

1.168.192.in-addr.arpa.

3600

IN

SOA

luwenju.com.

root.luwenju.com. (

20

3600

900

1209600

3600 )

3600

IN

NS

dns1.luwenju.com.

3600

IN

NS

dns2.luwenju.com.

3600

IN

MX 5

luwenju.com.

100

IN

PTR

luwenju.com.

101

IN

PTR

dns1.luwenju.com.

102

IN

PTR

dns2.luwenju.com.

103

IN

PTR

104

IN

PTR

bbs.luwenju.com.

105

IN

PTR

blog.luwenju.com.

啟動bind

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf&

正向解析測試

将本機DNS指向192.168.1.101,然後使用nslookup進行測試,測試結果如下

# /usr/local/named/bin/nslookup

> luwenju.com

Server:

192.168.1.101

Address:

192.168.1.101#53

Name:

luwenju.com

Address: 192.168.1.100

> dns1.luwenju.com

Server:

192.168.1.101

Address:

192.168.1.101#53

Name:

dns1.luwenju.com

Address: 192.168.1.101

> dns2.luwenju.com

Server:

192.168.1.101

Address:

192.168.1.101#53

Name:

dns2.luwenju.com

Address: 192.168.1.102

>

Server:

192.168.1.101

Address:

192.168.1.101#53

Name:

Address: 192.168.1.103

> bbs.luwenju.com

Server:

192.168.1.101

Address:

192.168.1.101#53

Name:

bbs.luwenju.com

Address: 192.168.1.104

> blog.luwenju.com

Server:

192.168.1.101

Address:

192.168.1.101#53

Name:

blog.luwenju.com

Address: 192.168.1.105

反向解析測試

# /usr/local/named/bin/nslookup

> 192.168.1.100

Server:

192.168.1.101

Address:

192.168.1.101#53

100.1.168.192.in-addr.arpa

name = luwenju.com.

> 192.168.1.101

Server:

192.168.1.101

Address:

192.168.1.101#53

101.1.168.192.in-addr.arpa

name = dns1.luwenju.com.

> 192.168.1.102

Server:

192.168.1.101

Address:

192.168.1.101#53

102.1.168.192.in-addr.arpa

name = dns2.luwenju.com.

> 192.168.1.103

Server:

192.168.1.101

Address:

192.168.1.101#53

103.1.168.192.in-addr.arpa

name =

> 192.168.1.104

Server:

192.168.1.101

Address:

192.168.1.101#53

104.1.168.192.in-addr.arpa

name = bbs.luwenju.com.

> 192.168.1.105

Server:

192.168.1.101

Address:

192.168.1.101#53

105.1.168.192.in-addr.arpa

name = blog.luwenju.com.

二、備DNS搭建及配置

1、安裝bind

#tar zxvf bind-9.6.2-P2.tar.gz

#cd bind-9.6.2-P2

#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check

#make && make install

注:編譯選項--enable-threads意為開啟多線程模式,--disable-openssl-version-check意為禁止openssl檢測

2、将主DNS上的 named.conf和rndc.conf拷貝到備DNS伺服器的/usr/local/named/etc目錄下

3、将主DNS上的/usr/local/named/var/named整個目錄拷貝到備DNS的/usr/local/named/var下

4、修改備DNS伺服器的named.conf配置檔案

#vi/usr/local/named/etc/named.conf注:隻修改luwenju.com的正向、反向區域即可,因為我們隻對luwenju.com進行主備DNS同步,在named.conf中修改後luwenju.com正向、反向區域配置内容如下

zone  "luwenju.com" IN {

type slave;

file  "luwenju.zone";

masters {  192.168.1.101; };

};

zone  "1.168.192.in-addr.arpa" IN {

type slave;

file  "1.168.192.arpa";

masters {  192.168.1.101; };

};

5、啟動bind

/usr/local/named/sbin/named -gc/usr/local/named/etc/named.conf &

6、正向解析測試

将本機DNS指向192.168.1.102,然後使用nslookup進行測試,測試結果顯示如下

# /usr/local/named/bin/nslookup

> luwenju.com

Server:

192.168.1.102

Address:

192.168.1.102#53

Name:

luwenju.com

Address: 192.168.1.100

> dns1.luwenju.com

Server:

192.168.1.102

Address:

192.168.1.102#53

Name:

dns1.luwenju.com

Address: 192.168.1.101

> dns2.luwenju.com

Server:

192.168.1.102

Address:

192.168.1.102#53

Name:

dns2.luwenju.com

Address: 192.168.1.102

>

Server:

192.168.1.102

Address:

192.168.1.102#53

Name:

Address: 192.168.1.103

> bbs.luwenju.com

Server:

192.168.1.102

Address:

192.168.1.102#53

Name:

bbs.luwenju.com

Address: 192.168.1.104

> blog.luwenju.com

Server:

192.168.1.102

Address:

192.168.1.102#53

Name:

blog.luwenju.com

Address: 192.168.1.105

7、反向解析測試

> 192.168.1.100

Server:

192.168.1.102

Address:

192.168.1.102#53

100.1.168.192.in-addr.arpa

name = luwenju.com.

> 192.168.1.101

Server:

192.168.1.102

Address:

192.168.1.102#53

101.1.168.192.in-addr.arpa

name = dns1.luwenju.com.

> 192.168.1.102

Server:

192.168.1.102

Address:

192.168.1.102#53

102.1.168.192.in-addr.arpa

name = dns2.luwenju.com.

> 192.168.1.103

Server:

192.168.1.102

Address:

192.168.1.102#53

103.1.168.192.in-addr.arpa

name =

> 192.168.1.104

Server:

192.168.1.102

Address:

192.168.1.102#53

104.1.168.192.in-addr.arpa

name = bbs.luwenju.com.

> 192.168.1.105

Server:

192.168.1.102

Address:

192.168.1.102#53

105.1.168.192.in-addr.arpa

name = blog.luwenju.com.

三、主備DNS同步測試

1、在主DNS的/usr/local/named/var/named/luwenju.zone檔案中添加一條主機記錄(A記錄),主機記錄如下

test

IN

A

192.168.1.106

2、在主DNS伺服器上增大所要同步區域的serial值(以後主備DNS同步時加1即可,但要高于備DNS),修改後主DNS伺服器的luwenju.com正向區域檔案内容如下

$ORIGIN luwenju.com.

@

3600

IN

SOA

luwenju.com. root.luwenju.com. (

11

3600

900

1209600

3600 )

3600

IN

NS

dns1.luwenju.com.

3600

IN

NS

dns2.luwenju.com.

3600

IN

MX

5

luwenju.com.

IN

A

192.168.1.100

dns1

IN

A

192.168.1.101

dns2

IN

A

192.168.1.102

www

IN

A

192.168.1.103

bbs

IN

A

192.168.1.104

blog

IN

A

192.168.1.105

test

IN

A

192.168.1.106

3、重載bind

在主DNS上執行如下指令

# /usr/local/named/sbin/rndc reload

4、檢測備DNS是否得到同步

[[email protected]  ~]# more /usr/local/named/var/named/luwenju.zone

$ORIGIN  .

$TTL  3600

; 1 hour

luwenju.com

IN SOA

luwenju.com. root.luwenju.com. (

11; serial

3600

; refresh (1 hour)

900

; retry (15 minutes)

1209600

; expire (2 weeks)

3600

; minimum (1 hour)

)

NS

dns1.luwenju.com.

NS

dns2.luwenju.com.

A

192.168.1.100

MX

5 luwenju.com.

$ORIGIN  luwenju.com.

bbs

A

192.168.1.104

blog

A

192.168.1.105

dns1

A

192.168.1.101

dns2

A

192.168.1.102

test

A

192.168.1.106

www

A

192.168.1.103

bind 跟伺服器修改
上一篇: docker的幾種圖形管理工具:1、dockerUI,是最簡單的單機管理docker的工具,鏡像為ui-for-dock
下一篇: 【GANs學習筆記】目錄

繼續閱讀