使用bind搭建高可用DNS服务器
|
主DNS:192.168.1.101
备DNS:192.168.1.102
OS版本:CentOS 5.4
Bind版本:bind-9.6.2-P2.tar.gz
Bind下载地址:http://www.isc.org/downloads/all
一、主DNS安装及配置
安装bind
#tar zxvf bind-9.6.2-P2.tar.gz
#cd bind-9.6.2-P2
#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check
#make && make install
注:编译选项--enable-threads意为开启多线程模式,--disable-openssl-version-check意为禁止openssl检测
创建配置文件rndc.conf
#/usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
注:rndc是bind的一个管理工具,通过rndc我们可以查看bind的状态、刷新bind缓存、查看bind日志等
创建配置文件named.conf
#cd /usr/local/named/etc/
#tail -n10 rndc.conf | head -n9 | sed -es/#\//g > named.conf
注:named.conf是bind的主配置文件,在此文件可以设置bind的工作目录、日志、要解析的域等
主配置文件named.conf配置
修改主配置文件,添加根区域、luwenju.com正向区域和反向区域
#vi /usr/local/named/etc/named.conf ,在文件尾部添加如下内
options { directory "/usr/local/named/var/named"; };
zone "." IN { type hint; file "named.ca"; };
zone "luwenju.com" IN { type master; file "luwenju.zone"; allow-transfer { 192.168.1.102; }; notify yes; also-notify { 192.168.1.102; }; };
zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.arpa"; allow-transfer { 192.168.1.102; }; notify yes; also-notify { 192.168.1.102; }; }; |
关于配置文件中的一些注释:
创建根区域配置文件
#mkdir /usr/local/named/var/named
#/usr/local/named/bin/dig -t NS .>/usr/local/named/var/named/named.ca
创建luwenju.com正向解析区域文件
# vi /usr/local/named/var/named/luwenju.zone
$ORIGIN luwenju.com. @
dns1 dns2 www bbs blog |
创建luwenju.com 的反向区域文件
# vi/usr/local/named/var/named/1.168.192.arpa
$TTL 3600 1.168.192.in-addr.arpa.
100 101 102 103 104 105 |
启动bind
# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf&
正向解析测试
将本机DNS指向192.168.1.101,然后使用nslookup进行测试,测试结果如下
# /usr/local/named/bin/nslookup
> luwenju.com Server: Address:
Name: Address: 192.168.1.100 > dns1.luwenju.com Server: Address:
Name: Address: 192.168.1.101 > dns2.luwenju.com Server: Address:
Name: Address: 192.168.1.102 Server: Address:
Name: Address: 192.168.1.103 > bbs.luwenju.com Server: Address:
Name: Address: 192.168.1.104 > blog.luwenju.com Server: Address:
Name: Address: 192.168.1.105 |
反向解析测试
# /usr/local/named/bin/nslookup
> 192.168.1.100 Server: Address:
100.1.168.192.in-addr.arpa > 192.168.1.101 Server: Address:
101.1.168.192.in-addr.arpa > 192.168.1.102 Server: Address:
102.1.168.192.in-addr.arpa > 192.168.1.103 Server: Address:
103.1.168.192.in-addr.arpa > 192.168.1.104 Server: Address:
104.1.168.192.in-addr.arpa > 192.168.1.105 Server: Address:
105.1.168.192.in-addr.arpa |
二、备DNS搭建及配置
1、安装bind
#tar zxvf bind-9.6.2-P2.tar.gz
#cd bind-9.6.2-P2
#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check
#make && make install
注:编译选项--enable-threads意为开启多线程模式,--disable-openssl-version-check意为禁止openssl检测
2、将主DNS上的 named.conf和rndc.conf拷贝到备DNS服务器的/usr/local/named/etc目录下
3、将主DNS上的/usr/local/named/var/named整个目录拷贝到备DNS的/usr/local/named/var下
4、修改备DNS服务器的 named.conf配置文件
#vi/usr/local/named/etc/named.conf
注:只修改luwenju.com的正向、反向区域即可,因为我们只对luwenju.com进行主备DNS同步,在named.conf中修改后luwenju.com正向、反向区域配置内容如下
zone "luwenju.com" IN { type slave; file "luwenju.zone"; masters { 192.168.1.101; }; };
zone "1.168.192.in-addr.arpa" IN { type slave; file "1.168.192.arpa"; masters { 192.168.1.101; }; }; |
5、启动bind
/usr/local/named/sbin/named -gc/usr/local/named/etc/named.conf &
6、正向解析测试
将本机DNS指向192.168.1.102,然后使用nslookup进行测试,测试结果显示如下
# /usr/local/named/bin/nslookup
> luwenju.com Server: Address:
Name: Address: 192.168.1.100 > dns1.luwenju.com Server: Address:
Name: Address: 192.168.1.101 > dns2.luwenju.com Server: Address:
Name: Address: 192.168.1.102 Server: Address:
Name: Address: 192.168.1.103 > bbs.luwenju.com Server: Address:
Name: Address: 192.168.1.104 > blog.luwenju.com Server: Address:
Name: Address: 192.168.1.105 |
7、反向解析测试
> 192.168.1.100 Server: Address:
100.1.168.192.in-addr.arpa > 192.168.1.101 Server: Address:
101.1.168.192.in-addr.arpa > 192.168.1.102 Server: Address:
102.1.168.192.in-addr.arpa > 192.168.1.103 Server: Address:
103.1.168.192.in-addr.arpa > 192.168.1.104 Server: Address:
104.1.168.192.in-addr.arpa > 192.168.1.105 Server: Address:
105.1.168.192.in-addr.arpa |
三、主备DNS同步测试
1、在主DNS的/usr/local/named/var/named/luwenju.zone文件中添加一条主机记录(A记录),主机记录如下
test |
2、在主DNS服务器上增大所要同步区域的serial值(以后主备DNS同步时加1即可,但要高于备DNS),修改后主DNS服务器的luwenju.com正向区域文件内容如下
$ORIGIN luwenju.com. @
dns1 dns2 www bbs blog test |
3、重载bind
在主DNS上执行如下命令
# /usr/local/named/sbin/rndc reload
4、检测备DNS是否得到同步
[root@DNS-slave ~]# more /usr/local/named/var/named/luwenju.zone $ORIGIN . $TTL 3600 luwenju.com
$ORIGIN luwenju.com. bbs blog dns1 dns2 test www |
欢迎光临 Chinaunix (http://bbs.chinaunix.net/) | Powered by Discuz! X3.2 |