使用bind搭建高可用DNS服务器
作者:陆文举
2010-11-26 |
主DNS:192.168.1.101 备DNS:192.168.1.102 OS版本:CentOS 5.4 Bind版本:bind-9.6.2-P2.tar.gz Bind下载地址:http://www.isc.org/downloads/all 一、主DNS安装及配置 安装bind #tar zxvf bind-9.6.2-P2.tar.gz #cd bind-9.6.2-P2 #./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check #make && make install 注:编译选项--enable-threads意为开启多线程模式,--disable-openssl-version-check意为禁止openssl检测 创建配置文件rndc.conf #/usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf 注:rndc是bind的一个管理工具,通过rndc我们可以查看bind的状态、刷新bind缓存、查看bind日志等 创建配置文件named.conf #cd /usr/local/named/etc/ #tail -n10 rndc.conf | head -n9 | sed -es/#\//g > named.conf 注:named.conf是bind的主配置文件,在此文件可以设置bind的工作目录、日志、要解析的域等 主配置文件named.conf配置 修改主配置文件,添加根区域、luwenju.com正向区域和反向区域 #vi /usr/local/named/etc/named.conf ,在文件尾部添加如下内 options { directory "/usr/local/named/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "luwenju.com" IN { type master; file "luwenju.zone"; allow-transfer { 192.168.1.102; }; notify yes; also-notify { 192.168.1.102; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.arpa"; allow-transfer { 192.168.1.102; }; notify yes; also-notify { 192.168.1.102; }; }; |
关于配置文件中的一些注释: 创建根区域配置文件 #mkdir /usr/local/named/var/named #/usr/local/named/bin/dig -t NS .>/usr/local/named/var/named/named.ca 创建luwenju.com正向解析区域文件 # vi /usr/local/named/var/named/luwenju.zone $ORIGIN luwenju.com. @
3600
IN
SOA
luwenju.com. root.luwenju.com. (
10
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100 dns1
IN
A
192.168.1.101 dns2
IN
A
192.168.1.102 www
IN
A
192.168.1.103 bbs
IN
A
192.168.1.104 blog
IN
A
192.168.1.105 |
创建luwenju.com 的反向区域文件 # vi/usr/local/named/var/named/1.168.192.arpa $TTL 3600 1.168.192.in-addr.arpa.
3600
IN
SOA
luwenju.com.
root.luwenju.com. (
20
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX 5
luwenju.com. 100
IN
PTR
luwenju.com. 101
IN
PTR
dns1.luwenju.com. 102
IN
PTR
dns2.luwenju.com. 103
IN
PTR
www.luwenju.com. 104
IN
PTR
bbs.luwenju.com. 105
IN
PTR
blog.luwenju.com. |
启动bind # /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf&
正向解析测试 将本机DNS指向192.168.1.101,然后使用nslookup进行测试,测试结果如下 # /usr/local/named/bin/nslookup > luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
luwenju.com Address: 192.168.1.100 > dns1.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
dns1.luwenju.com Address: 192.168.1.101 > dns2.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
dns2.luwenju.com Address: 192.168.1.102 > www.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
www.luwenju.com Address: 192.168.1.103 > bbs.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
bbs.luwenju.com Address: 192.168.1.104 > blog.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
blog.luwenju.com Address: 192.168.1.105 |
反向解析测试 # /usr/local/named/bin/nslookup > 192.168.1.100 Server:
192.168.1.101 Address:
192.168.1.101#53 100.1.168.192.in-addr.arpa
name = luwenju.com. > 192.168.1.101 Server:
192.168.1.101 Address:
192.168.1.101#53 101.1.168.192.in-addr.arpa
name = dns1.luwenju.com. > 192.168.1.102 Server:
192.168.1.101 Address:
192.168.1.101#53 102.1.168.192.in-addr.arpa
name = dns2.luwenju.com. > 192.168.1.103 Server:
192.168.1.101 Address:
192.168.1.101#53 103.1.168.192.in-addr.arpa
name = www.luwenju.com. > 192.168.1.104 Server:
192.168.1.101 Address:
192.168.1.101#53 104.1.168.192.in-addr.arpa
name = bbs.luwenju.com. > 192.168.1.105 Server:
192.168.1.101 Address:
192.168.1.101#53 105.1.168.192.in-addr.arpa
name = blog.luwenju.com. |
二、备DNS搭建及配置 1、安装bind #tar zxvf bind-9.6.2-P2.tar.gz #cd bind-9.6.2-P2 #./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check #make && make install 注:编译选项--enable-threads意为开启多线程模式,--disable-openssl-version-check意为禁止openssl检测 2、将主DNS上的 named.conf和rndc.conf拷贝到备DNS服务器的/usr/local/named/etc目录下 3、将主DNS上的/usr/local/named/var/named整个目录拷贝到备DNS的/usr/local/named/var下 4、修改备DNS服务器的 named.conf配置文件 #vi/usr/local/named/etc/named.conf
注:只修改luwenju.com的正向、反向区域即可,因为我们只对luwenju.com进行主备DNS同步,在named.conf中修改后luwenju.com正向、反向区域配置内容如下 zone "luwenju.com" IN { type slave; file "luwenju.zone"; masters { 192.168.1.101; }; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "1.168.192.arpa"; masters { 192.168.1.101; }; }; |
5、启动bind /usr/local/named/sbin/named -gc/usr/local/named/etc/named.conf & 6、正向解析测试 将本机DNS指向192.168.1.102,然后使用nslookup进行测试,测试结果显示如下 # /usr/local/named/bin/nslookup > luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
luwenju.com Address: 192.168.1.100 > dns1.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
dns1.luwenju.com Address: 192.168.1.101 > dns2.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
dns2.luwenju.com Address: 192.168.1.102 > www.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
www.luwenju.com Address: 192.168.1.103 > bbs.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
bbs.luwenju.com Address: 192.168.1.104 > blog.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
blog.luwenju.com Address: 192.168.1.105 |
7、反向解析测试 > 192.168.1.100 Server:
192.168.1.102 Address:
192.168.1.102#53 100.1.168.192.in-addr.arpa
name = luwenju.com. > 192.168.1.101 Server:
192.168.1.102 Address:
192.168.1.102#53 101.1.168.192.in-addr.arpa
name = dns1.luwenju.com. > 192.168.1.102 Server:
192.168.1.102 Address:
192.168.1.102#53 102.1.168.192.in-addr.arpa
name = dns2.luwenju.com. > 192.168.1.103 Server:
192.168.1.102 Address:
192.168.1.102#53 103.1.168.192.in-addr.arpa
name = www.luwenju.com. > 192.168.1.104 Server:
192.168.1.102 Address:
192.168.1.102#53 104.1.168.192.in-addr.arpa
name = bbs.luwenju.com. > 192.168.1.105 Server:
192.168.1.102 Address:
192.168.1.102#53 105.1.168.192.in-addr.arpa
name = blog.luwenju.com. |
三、主备DNS同步测试 1、在主DNS的/usr/local/named/var/named/luwenju.zone文件中添加一条主机记录(A记录),主机记录如下 2、在主DNS服务器上增大所要同步区域的serial值(以后主备DNS同步时加1即可,但要高于备DNS),修改后主DNS服务器的luwenju.com正向区域文件内容如下 $ORIGIN luwenju.com. @
3600
IN
SOA
luwenju.com. root.luwenju.com. (
11
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100 dns1
IN
A
192.168.1.101 dns2
IN
A
192.168.1.102 www
IN
A
192.168.1.103 bbs
IN
A
192.168.1.104 blog
IN
A
192.168.1.105 test
IN
A
192.168.1.106 |
3、重载bind 在主DNS上执行如下命令 # /usr/local/named/sbin/rndc reload
4、检测备DNS是否得到同步 [root@DNS-slave ~]# more /usr/local/named/var/named/luwenju.zone $ORIGIN . $TTL 3600
; 1 hour luwenju.com
IN SOA
luwenju.com. root.luwenju.com. (
11
; serial
3600
; refresh (1 hour)
900
; retry (15 minutes)
1209600
; expire (2 weeks)
3600
; minimum (1 hour)
)
NS
dns1.luwenju.com.
NS
dns2.luwenju.com.
A
192.168.1.100
MX
5 luwenju.com. $ORIGIN luwenju.com. bbs
A
192.168.1.104 blog
A
192.168.1.105 dns1
A
192.168.1.101 dns2
A
192.168.1.102 test
A
192.168.1.106 www
A
192.168.1.103 |
|