安装的过程完全一样,这里主要是贴上从服务器的配置文件。
一、主配named.conf
options {
directory "/usr/local/named/etc";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
pid-file "/var/run/named/named.pid";
version "Windows 2008 Enterprise Server";
listen-on port 53 { 192.168.2.201; };
allow-query { intranet;external; };
allow-recursion { external; };
forward first;
forwarders { 202.101.172.46;202.101.172.47; };
datasize 128M;
auth-nxdomain no;
rrset-order { order random; };
};
logging {
channel warning {
file "/var/log/dns_warnings.log" versions 5 size 1024K;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_log {
file "/var/log/dns_security.log" versions 5 size 1024K;
severity info;
channel query_log {
file "/var/log/dns_query.log" versions 10 size 1024K;
category default { warning; };
category security { security_log; };
category queries { query_log; };
include "acl.conf";
include "rndc.conf";
view "intranet" { //真正需要同步的是intranet视图中的几个域
match-clients { key intranet-key;intranet; };
match-destinations { any; };
//DNS master服务器的地址,以及主从同步时key配置
server 192.168.2.200 { keys { intranet-key; }; };
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
zone "0.0.127.in-addr.arpa" IN {
file "localhost.rev";
zone "wholesale-dress.net" IN {
type slave;
//该域的类型是slave,本处指定master的地址,下同
masters { 192.168.2.200; };
file "slave/wholesale-dress.net.intranet";
zone "yixiebao.com" IN {
file "slave/yixiebao.com.intranet";
zone "japan-dress.com" IN {
file "slave/japan-dress.com.intranet";
zone "arab-clothes.com" IN {
file "slave/arab-clothes.com.intranet";
zone "stamp-shopping.com" IN {
file "slave/stamp-shopping.com.intranet";
zone "2.168.192.in-addr.arpa" IN {
file "slave/2.168.192.rev";
view "external" { //external这个视图是不需要同步的,都是公网的域名,直接丢给上游DNS处理
match-clients { key external-key;external; };
type forward;
zone "goods-of-china.com" IN {
zone "russia-dress.com" IN {
其他的配置文件只要copy master服务器上的文件到本地即可。
二、验证主从同步是否可以
1)在master上挑选一个域名作测试,就以stamp-shopping.com.intranet为例吧,
原始记录如下:
$TTL 86400
@ IN SOA ns1.stamp-shopping. root.stamp-shopping. (
108 ; serial
1H ; refresh
1M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.stamp-shopping.
; IN MX 10 mail.stamp-shopping.
;mail IN A 192.168.1.14
ns1 IN A 192.168.2.200
slave IN A 192.168.2.201
www IN A 192.168.1.243
;js IN A 192.168.1.15
;css IN A 192.168.1.15
;img IN A 192.168.1.15
;ftp IN A 192.168.1.18
现在将www的A记录IP修改至192.168.2.56吧,同时修改serial值为120(master上的serial值要比slave大,否则无法同步),修改后如下
120 ; serial
www IN A 192.168.2.56
slave上此时的stamp-shopping.com.intranet文件与master上是一样的,这里就不贴了,我们现在重启master上的bind服务吧,看slave上是否有更新过来。
# /etc/init.d/named restart
这个时候,slave上已经更新过来了,贴一下吧
$ORIGIN .
$TTL 86400 ; 1 day
stamp-shopping.com IN SOA ns1.stamp-shopping. root.stamp-shopping. (
120 ; serial
3600 ; refresh (1 hour)
60 ; retry (1 minute)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.stamp-shopping.
$ORIGIN stamp-shopping.com.
ns1 A 192.168.2.200
slave A 192.168.2.201
www A 192.168.2.56
以上就是DNS 从服务器的构建过程,谢谢!
本文转自dongfang_09859 51CTO博客,原文链接:http://blog.51cto.com/hellosa/610671,如需转载请自行联系原作者
![HTTP 错误 403.9 - 禁止访问:连接的用户过多 XP IIS服务器连接数的修改[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)