随着公司业务的扩大,服务器的数量也随之变大,在管理上如果还是单独的使用ip来管理,十分的麻烦,而且在某些业务或者软件上,比如使用bi使用hadoop来进行数据挖掘与日志分析的时候,hadoop集群需求dns配合,如果集群机器少,可以使用/etc/hosts里设置,但如果多的话,使用dns是更好的选择,puppet的应用也是如此,所以我最近研究了一下bind技术,把我的成果分享给大家。
一.介绍
DNS 是域名系统 (Domain Name System) 的缩写,是因特网的一项核心服务,它作为可以将域名和IP地址相互映射的一个分布式数据库,能够使人更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。
主从的原理为:
原理:主dns服务器上修改完成后重启服务,会主动传送notify值,如果辅助DNS服务器没有收到才参考Refresh,Refresh 不成功,则参考Retry ,Retry 一直不成功, 则参考 Expire,如果Expire也不成功,则选择放弃zone transfer的过程。
二.测试目的
本次测试主要想达到以下2个目的:
1、dns主从;(如master与slave任何一端dns服务断掉,也可以通过从另外一端来解析域名);
2、自动更新;(如果master修改完成信息后,slave也会自动更新);
三.环境
1
2
3
|
IP status domain name system 192.168 . 56.104 master ns1.test.com centos 6.2 x86_64
192.168 . 56.105 slave ns2.test.com centos 6.2 x86_64
|
四、安装
1
2
|
在master与slave都是使用yum来安装bind yum install bind* |
五、配置
A.在master端配置
1、修改/etc/named.conf
此文件注意是提供bind的配置
下面我的master的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
[root@master ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //服务器的全局配置选项及一些默认设置
listen-on port 53 { any; }; //监听端口,也可写为 { 127.0.0.1; 192.168.56.104; }
# listen-on-v6 port 53 { :: 1 ; }; //对ip6支持
directory "/var/named" ; //区域文件存储目录
dump-file "/var/named/data/cache_dump.db" ; //dump cach的目录directory
statistics-file "/var/named/data/named_stats.txt" ;
memstatistics-file "/var/named/data/named_mem_stats.txt" ;
allow-query { any; }; //指定允许进行查询的主机,当然是要所有的电脑都可以查啦
recursion yes; //设置进行递归查询
allow-transfer { 192.168 . 56.105 ;}; //指定允许接受区域传送请求的主机,说明白一点就是辅dns的ip
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key" ;
managed-keys-directory "/var/named/dynamic" ;
}; logging { //指定服务器日志记录的内容和日志信息来源
channel default_debug { file "data/named.run" ;
severity dynamic ;
}; }; zone "." IN {
type hint; file "named.ca" ;
}; include "/etc/named.rfc1912.zones" ; //包含文件,这里也就是载入/etc/named.rfc1912.zones
# include "/etc/named.root.key" ;
|
注意:红色字体为需要修改的地方。
2、/etc/named.rfc1912.zones
此文件主要是保存正向解析与反向解决配置
下面是我在master里的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
[root@master ~]# cat /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // #zone "localhost.localdomain" IN {
# type master; # file "named.localhost" ;
# allow-update { none; }; #}; zone "test.com" IN {
type master; file "named.test.com" ;
notify yes; also-notify { 192.168 . 56.105 ;};
allow-update { none;}; allow-transfer { 192.168 . 56.105 ; };
}; #zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
# type master; # file "named.loopback" ;
# allow-update { none; }; #}; zone "56.168.192.in-addr.arpa" IN {
type master; file "192.168.56.arpa" ;
# notify yes; # also-notify { 192.168 . 56.105 ;};
allow-update { none;}; allow-transfer { 192.168 . 56.105 ; };
}; #zone "0.in-addr.arpa" IN {
# type master; # file "named.empty" ;
# allow-update { none; }; #}; |
说到底也就是2个功能:
1、增加一个正向解析的域名test.com,设置类型为master,同时允许在更新时候通知192.168.56.105;
2、增加一个反向节点的ip,同样设置类型为master,也允许在更新时候通知192.168.56.105;
其他不需要的地方你可以删除与注释掉。
3、到/var/named目录下,添加正向解析与反向解析的文件
1
2
3
|
cd / var /named/
cp –p name.localhost name.test.com cp –p name.localhost 192.168 . 56 .arpa
|
下面是我的master的正向解析配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@master named]# cat named.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. (# SOA字段 2013070814 ; serial # 版本号 同步一次 + 1 ,一般格式为年月日+次数,如果想在master修改一次slve就自动更新,每次修改完后必须+ 1 ,也就是说每次想slave同步master,必须保证master的serial比slave的大
60 ; refresh # 更新时间
1H ; retry # 更新失败,重试更新时间 1W ; expire#更新失败多长时间后此DNS失效时间 3H ) ; minimum # 解析不到请求不予回复时间 NS ns1.test.com. NS ns2.test.com. A 192.168 . 56.104
server A 192.168 . 56.101
client1 A 192.168 . 56.103
ubuntu A 192.168 . 56.102
ns1 A 192.168 . 56.104
ns2 A 192.168 . 56.105
|
说明
SOA
此记录指定区域的起点。它所包含的信息有区域名、区域管理员电子邮件地址,以及指示辅 DNS服务器如何更新区域数据文件的设置等。
常用的资源记录类型[3]
A 地址 此记录列出特定主机名的 IP 地址。这是名称解析的重要记录。
CNAME 标准名称 此记录指定标准主机名的别名。
MX邮件交换器此记录列出了负责接收发到域中的电子邮件的主机。
NS名称服务器此记录指定负责给定区域的名称服务器。
下面是我的master的反向解析配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@master named]# cat 192.168 . 56 .arpa
$TTL 1D @ IN SOA ns1.test.com. root.lcoalhost. ( 2013070814 ; serial
60 ; refresh
1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. 101 PTR server.test.com.
102 PTR ubuntu.test.com.
103 PTR client1.test.com.
104 PTR ns1.test.com.
105 PTR ns2.test.com.
|
4、启动bind
1
|
/etc/init.d/named start |
5、把本机的dns解析指向我们刚建立的
1
2
3
|
[root@master named]# cat /etc/resolv.conf nameserver 192.168 . 56.104
nameserver 192.168 . 56.105
|
6、使用nslookup测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@master named]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08 : 00 : 27 : 59 :BB:1F
inet addr: 192.168 . 56.104 Bcast: 192.168 . 56.255 Mask: 255.255 . 255.0
inet6 addr: fe80::a00:27ff:fe59:bb1f/ 64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX packets: 2761 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 3224 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 1000
RX bytes: 255523 ( 249.5 KiB) TX bytes: 455771 ( 445.0 KiB)
[root@master named]# nslookup > ns1.test.com Server: 192.168 . 56.104
Address: 192.168 . 56.104 # 53
Name: ns1.test.com Address: 192.168 . 56.104
> ns2.test.com Server: 192.168 . 56.104
Address: 192.168 . 56.104 # 53
Name: ns2.test.com Address: 192.168 . 56.105
> server.test.com Server: 192.168 . 56.104
Address: 192.168 . 56.104 # 53
Name: server.test.com Address: 192.168 . 56.101
> 192.168 . 56.104
Server: 192.168 . 56.104
Address: 192.168 . 56.104 # 53
104.56 . 168.192 . in -addr.arpa name = ns1.test.com.
> 192.168 . 56.105
Server: 192.168 . 56.104
Address: 192.168 . 56.104 # 53
105.56 . 168.192 . in -addr.arpa name = ns2.test.com.
> 192.168 . 56.101
Server: 192.168 . 56.104
Address: 192.168 . 56.104 # 53
101.56 . 168.192 . in -addr.arpa name = server.test.com.
|
使用dig测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
[root@master named]# dig ns1.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> ns1.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25723
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 1
;; QUESTION SECTION: ;ns1.test.com. IN A ;; ANSWER SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com.
test.com. 86400 IN NS ns1.test.com.
;; ADDITIONAL SECTION: ns2.test.com. 86400 IN A 192.168 . 56.105
;; Query time: 1 msec
;; SERVER: 192.168 . 56.104 # 53 ( 192.168 . 56.104 )
;; WHEN: Mon Jul 8 10 : 11 : 30 2013
;; MSG SIZE rcvd: 94
[root@master named]# dig ns2.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> ns2.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16279
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 1
;; QUESTION SECTION: ;ns2.test.com. IN A ;; ANSWER SECTION: ns2.test.com. 86400 IN A 192.168 . 56.105
;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com.
test.com. 86400 IN NS ns1.test.com.
;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
;; Query time: 0 msec
;; SERVER: 192.168 . 56.104 # 53 ( 192.168 . 56.104 )
;; WHEN: Mon Jul 8 10 : 11 : 33 2013
;; MSG SIZE rcvd: 94
[root@master named]# dig server.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> server.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1422
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 2
;; QUESTION SECTION: ;server.test.com. IN A ;; ANSWER SECTION: server.test.com. 86400 IN A 192.168 . 56.101
;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com.
test.com. 86400 IN NS ns1.test.com.
;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
ns2.test.com. 86400 IN A 192.168 . 56.105
;; Query time: 1 msec
;; SERVER: 192.168 . 56.104 # 53 ( 192.168 . 56.104 )
;; WHEN: Mon Jul 8 10 : 11 : 38 2013
;; MSG SIZE rcvd: 117
|
可以看到这些解析都是从SERVER: 192.168.56.104#53(192.168.56.104)也就是192.168.56.104这dns解析的
B、在slave端配置
1、修改/etc/named.conf
此文件注意是提供bind的配置
下面我的slave的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@slave named]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; };
# listen-on-v6 port 53 { :: 1 ; };
directory "/var/named" ;
dump-file "/var/named/data/cache_dump.db" ;
statistics-file "/var/named/data/named_stats.txt" ;
memstatistics-file "/var/named/data/named_mem_stats.txt" ;
allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key" ;
managed-keys-directory "/var/named/dynamic" ;
}; logging { channel default_debug { file "data/named.run" ;
severity dynamic ;
}; }; zone "." IN {
type hint; file "named.ca" ;
}; include "/etc/named.rfc1912.zones" ;
# include "/etc/named.root.key" ;
|
2、/etc/named.rfc1912.zones
此文件主要是保存正向解析与反向解决配置
下面是我在slave里的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[root@slave named]# cat /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // #zone "localhost.localdomain" IN {
# type master; # file "named.localhost" ;
# allow-update { none; }; #}; zone "test.com" IN {
type slave; file "named.test.com" ;
#allow-update { none;}; masters { 192.168 . 56.104 ;};
allow-update { none;}; }; #zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
# type master; # file "named.loopback" ;
# allow-update { none; }; #}; zone "56.168.192.in-addr.arpa" IN {
type slave; file "192.168.56.arpa" ;
# allow-update { none; }; masters { 192.168 . 56.104 ;};
allow-update { none; }; }; #zone "0.in-addr.arpa" IN {
# type master; # file "named.empty" ;
# allow-update { none; }; #}; |
3、启动slave的bind服务
由于我使用dns的master与slave的自动更新,所以在slave段不需要配置正向解析与反向解析,slave会在启动时直接从master端获取配置。
先启动bind
1
|
/etc/init.d/named start |
然后查看master端的/var/log/message的日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
Jul 8 10 : 16 : 21 master named-sdb[ 2060 ]: client 192.168 . 56.105 # 40695 : transfer of 'test.com/IN' : AXFR started
Jul 8 10 : 16 : 21 master named-sdb[ 2060 ]: client 192.168 . 56.105 # 40695 : transfer of 'test.com/IN' : AXFR ended
Jul 8 10 : 16 : 22 master named-sdb[ 2060 ]: client 192.168 . 56.105 # 34075 : transfer of '56.168.192.in-addr.arpa/IN' : AXFR started
Jul 8 10 : 16 : 22 master named-sdb[ 2060 ]: client 192.168 . 56.105 # 34075 : transfer of '56.168.192.in-addr.arpa/IN' : AXFR ended
查看slave段的/ var /log/message的日志
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: starting BIND 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 -u named -t / var /named/chroot
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: ----------------------------------------------------
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: BIND 9 is maintained by Internet Systems Consortium,
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: Inc. (ISC), a non-profit 501 (c)( 3 ) public -benefit
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: corporation. Support and training for BIND 9 are
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: available at https: //www.isc.org/support
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: ----------------------------------------------------
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: adjusted limit on open files from 4096 to 1048576
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: found 2 CPUs, using 2 worker threads
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: using up to 4096 sockets
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: SDB ldap zone database module loaded.
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: SDB postgreSQL DB zone database module loaded.
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: SDB sqlite3 DB zone database module loaded.
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: SDB directory DB zone database module loaded.
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: loading configuration from '/etc/named.conf'
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: /etc/named.rfc1912.zones: 24 : option 'allow-update' is not allowed in 'slave' zone 'test.com'
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: /etc/named.rfc1912.zones: 38 : option 'allow-update' is not allowed in 'slave' zone '56.168.192.in-addr.arpa'
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: reading built- in trusted keys from file '/etc/named.iscdlv.key'
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: using default UDP/IPv4 port range: [ 1024 , 65535 ]
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: using default UDP/IPv6 port range: [ 1024 , 65535 ]
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: no IPv6 interfaces found
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: listening on IPv4 interface lo, 127.0 . 0.1 # 53
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: listening on IPv4 interface eth0, 192.168 . 56.105 # 53
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: generating session key for dynamic DNS
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: sizing zone task pool based on 3 zones
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: using built- in DLV key for view _default
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: Warning: 'empty-zones-enable/disable-empty-zone' not set : disabling RFC 1918 empty zones
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 0 .IN-ADDR.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 127 .IN-ADDR.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 254.169 .IN-ADDR.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 2.0 . 192 .IN-ADDR.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 100.51 . 198 .IN-ADDR.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 113.0 . 203 .IN-ADDR.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 255.255 . 255.255 .IN-ADDR.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 .IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 1.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 . 0.0 .IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: D.F.IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 8 .E.F.IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 9 .E.F.IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: A.E.F.IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: B.E.F.IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: automatic empty zone: 8 .B.D. 0.1 . 0.0 . 2 .IP6.ARPA
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: command channel listening on 127.0 . 0.1 # 953
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: managed-keys-zone ./IN: loaded serial 5
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: running
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: zone test.com/IN: Transfer started.
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: transfer of 'test.com/IN' from 192.168 . 56.104 # 53 : connected using 192.168 . 56.105 # 40695
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: zone test.com/IN: transferred serial 2013070814
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: transfer of 'test.com/IN' from 192.168 . 56.104 # 53 : Transfer completed: 1 messages, 10 records, 266 bytes, 0.005 secs ( 53200 bytes/sec)
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: zone test.com/IN: sending notifies (serial 2013070814 )
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: zone 56.168 . 192 . in -addr.arpa/IN: Transfer started.
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168 . 56.104 # 53 : connected using 192.168 . 56.105 # 34075
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: zone 56.168 . 192 . in -addr.arpa/IN: transferred serial 2013070814
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: transfer of '56.168.192.in-addr.arpa/IN' from 192.168 . 56.104 # 53 : Transfer completed: 1 messages, 9 records, 283 bytes, 0.006 secs ( 47166 bytes/sec)
Jul 8 02 : 16 : 22 slave named-sdb[ 5004 ]: zone 56.168 . 192 . in -addr.arpa/IN: sending notifies (serial 2013070814 )
|
可以在日志里看到master已经给slave发送了配置,而slave也收到了。
在系统上查看是否收到了文件
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@slave ~]# cd / var /named/
[root@slave named]# ll total 40
-rw-r--r-- 1 named named 461 Jul 8 02 : 16 192.168 . 56 .arpa
drwxr-x--- 6 named named 4096 Jul 7 21 : 14 chroot
drwxrwx--- 2 named named 4096 Jul 7 22 : 01 data
drwxrwx--- 2 named named 4096 Jul 8 02 : 17 dynamic
-rw-r----- 1 named named 1892 Feb 18 2008 named.ca
-rw-r----- 1 named named 152 Dec 15 2009 named.empty
-rw-r----- 1 named named 152 Jun 21 2007 named.localhost
-rw-r----- 1 named named 168 Dec 15 2009 named.loopback
-rw-r--r-- 1 named named 447 Jul 8 02 : 16 named.test.com
drwxrwx--- 2 named named 4096 Mar 29 06 : 21 slaves
|
可以看到系统里已经有了正常解析与反向解析
4、在本机指向刚才设置的dns
1
2
3
|
[root@slave named]# cat /etc/resolv.conf nameserver 192.168 . 56.104
nameserver 192.168 . 56.105
|
5、使用dig测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
[root@slave named]# dig ns1.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> ns1.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53453
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 1
;; QUESTION SECTION: ;ns1.test.com. IN A ;; ANSWER SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com.
test.com. 86400 IN NS ns2.test.com.
;; ADDITIONAL SECTION: ns2.test.com. 86400 IN A 192.168 . 56.105
;; Query time: 1 msec
;; SERVER: 192.168 . 56.104 # 53 ( 192.168 . 56.104 )
;; WHEN: Mon Jul 8 02 : 28 : 26 2013
;; MSG SIZE rcvd: 94
[root@slave named]# dig ns2.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> ns2.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15455
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 1
;; QUESTION SECTION: ;ns2.test.com. IN A ;; ANSWER SECTION: ns2.test.com. 86400 IN A 192.168 . 56.105
;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com.
test.com. 86400 IN NS ns2.test.com.
;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
;; Query time: 1 msec
;; SERVER: 192.168 . 56.104 # 53 ( 192.168 . 56.104 )
;; WHEN: Mon Jul 8 02 : 28 : 32 2013
;; MSG SIZE rcvd: 94
[root@slave named]# dig server.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> server.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37155
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 2
;; QUESTION SECTION: ;server.test.com. IN A ;; ANSWER SECTION: server.test.com. 86400 IN A 192.168 . 56.101
;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com.
test.com. 86400 IN NS ns1.test.com.
;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
ns2.test.com. 86400 IN A 192.168 . 56.105
;; Query time: 1 msec
;; SERVER: 192.168 . 56.104 # 53 ( 192.168 . 56.104 )
;; WHEN: Mon Jul 8 02 : 28 : 36 2013
;; MSG SIZE rcvd: 117
|
现在dns的master与slave与自动更新配置完成。
6、我们在测试一下,如果master端修改了或者添加了配置slave端是否能接收最新的配置
我现在master端的name.test.com的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
[root@centos named]# cat named.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. ( 2013070822 ; serial
60 ; refresh
1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. A 192.168 . 56.104
server A 192.168 . 56.101
client1 A 192.168 . 56.103
ubuntu A 192.168 . 56.102
ns1 A 192.168 . 56.104
ns2 A 192.168 . 56.105
test2 A 192.168 . 8.1
test1 A 192.168 . 8.12
test3 A 192.168 . 8.3
|
可以看到添加了test1-3的几个正向解析。
然后在master端重启bind
1
|
/etc/init.d/named restart |
查看master端日志
我只列出传输日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Jul 8 12 : 00 : 49 master named-sdb[ 4967 ]: zone 56.168 . 192 . in -addr.arpa/IN: loaded serial 2013070814
Jul 8 12 : 00 : 49 master named-sdb[ 4967 ]: zone test.com/IN: loaded serial 2013070822
Jul 8 12 : 00 : 49 master named-sdb[ 4967 ]: managed-keys-zone ./IN: loaded serial 6
Jul 8 12 : 00 : 49 master named-sdb[ 4967 ]: running
Jul 8 12 : 00 : 49 master named-sdb[ 4967 ]: zone 56.168 . 192 . in -addr.arpa/IN: sending notifies (serial 2013070814 )
Jul 8 12 : 00 : 49 master named-sdb[ 4967 ]: zone test.com/IN: sending notifies (serial 2013070822 )
在查看slave端日志 Jul 8 04 : 03 : 36 slave named-sdb[ 13688 ]: client 192.168 . 56.104 # 48310 : received notify for zone 'test.com'
Jul 8 04 : 03 : 36 slave named-sdb[ 13688 ]: zone test.com/IN: Transfer started.
Jul 8 04 : 03 : 36 slave named-sdb[ 13688 ]: transfer of 'test.com/IN' from 192.168 . 56.104 # 53 : connected using 192.168 . 56.105 # 37661
Jul 8 04 : 03 : 36 slave named-sdb[ 13688 ]: zone test.com/IN: transferred serial 2013070822
Jul 8 04 : 03 : 36 slave named-sdb[ 13688 ]: transfer of 'test.com/IN' from 192.168 . 56.104 # 53 : Transfer completed: 1 messages, 13 records, 332 bytes, 0.005 secs ( 66400 bytes/sec)
Jul 8 04 : 03 : 36 slave named-sdb[ 13688 ]: zone test.com/IN: sending notifies (serial 2013070822 )
Jul 8 04 : 03 : 37 slave named-sdb[ 13688 ]: client 192.168 . 56.104 # 21155 : received notify for zone '56.168.192.in-addr.arpa'
Jul 8 04 : 03 : 37 slave named-sdb[ 13688 ]: zone 56.168 . 192 . in -addr.arpa/IN: notify from 192.168 . 56.104 # 21155 : zone is up to date
|
然后在slave里查看name.test.com文件内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@cacti named]# cd / var /named/
[root@cacti named]# cat named.test.com $ORIGIN . $TTL 86400 ; 1 day
test.com IN SOA ns1.test.com. root.localhost. ( 2013070822 ; serial
60 ; refresh ( 1 minute)
3600 ; retry ( 1 hour)
604800 ; expire ( 1 week)
10800 ; minimum ( 3 hours)
) NS ns1.test.com. NS ns2.test.com. A 192.168 . 56.104
$ORIGIN test.com. client1 A 192.168 . 56.103
ns1 A 192.168 . 56.104
ns2 A 192.168 . 56.105
server A 192.168 . 56.101
test1 A 192.168 . 8.12
test2 A 192.168 . 8.1
test3 A 192.168 . 8.3
ubuntu A 192.168 . 56.102
|
可以看到成功更新了。
7、现在我们把master端的dns服务停掉,看看slave是否能解析
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
[root@slave named]# dig ns1.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> ns1.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38700
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 1
;; QUESTION SECTION: ;ns1.test.com. IN A ;; ANSWER SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com.
test.com. 86400 IN NS ns1.test.com.
;; ADDITIONAL SECTION: ns2.test.com. 86400 IN A 192.168 . 56.105
;; Query time: 0 msec
;; SERVER: 192.168 . 56.105 # 53 ( 192.168 . 56.105 )
;; WHEN: Mon Jul 8 02 : 30 : 22 2013
;; MSG SIZE rcvd: 94
[root@slave named]# dig ns2.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> ns2.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28400
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 1
;; QUESTION SECTION: ;ns2.test.com. IN A ;; ANSWER SECTION: ns2.test.com. 86400 IN A 192.168 . 56.105
;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com.
test.com. 86400 IN NS ns1.test.com.
;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
;; Query time: 1 msec
;; SERVER: 192.168 . 56.105 # 53 ( 192.168 . 56.105 )
;; WHEN: Mon Jul 8 02 : 30 : 29 2013
;; MSG SIZE rcvd: 94
[root@slave named]# dig server.test.com ; <<>> DiG 9.8 .2rc1-RedHat- 9.8 . 2 - 0.17 .rc1.el6_4. 4 <<>> server.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26633
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 1 , AUTHORITY: 2 , ADDITIONAL: 2
;; QUESTION SECTION: ;server.test.com. IN A ;; ANSWER SECTION: server.test.com. 86400 IN A 192.168 . 56.101
;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com.
test.com. 86400 IN NS ns2.test.com.
;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168 . 56.104
ns2.test.com. 86400 IN A 192.168 . 56.105
;; Query time: 0 msec
;; SERVER: 192.168 . 56.105 # 53 ( 192.168 . 56.105 )
;; WHEN: Mon Jul 8 02 : 30 : 34 2013
;; MSG SIZE rcvd: 117
|
可以看到master端dbs服务断掉后,域名也可以通过slave端来进行解析。
反之,如果slave端dns服务断掉后,域名也可以通过master端进行解析。
如果测试完成后,可以把bind的服务给添加到开机启动
1
2
3
4
5
|
[root@master named]# chkconfig --list named named 0 :off 1 :off 2 :off 3 :off 4 :off 5 :off 6 :off
[root@master named]# chkconfig --level 345 named on
[root@master named]# chkconfig --list named named 0 :off 1 :off 2 :off 3 :on 4 :on 5 :on 6 :off
|
同时在生产环境的配置的时候,需要把master与slave的时间弄成一致,比如使用ntp同步时间,而且别再机器上开启ipstables与selinux,否则出现你master发送notify后,slave端无法接收。
而且如果在master端增加新域名的话,需要注意的是
1、在master与slave的/etc/named.rfc1912.zones都添加配置
2、在master与slave都重启bind,如果只是master端重启,而slave端不重启,会出现在master发送配置的时候,slave日志为client 192.168.56.104#11005: received notify for zone 'xxx.com': not authoritative,同时不能接收到更新;
Slave端重启后会成功的同步
1
2
3
4
5
6
7
|
Jul 8 04 : 13 : 18 cacti named-sdb[ 14449 ]: zone 56.168 . 192 . in -addr.arpa/IN: sending notifies (serial 2013070814 )
Jul 8 04 : 13 : 18 cacti named-sdb[ 14449 ]: zone test.com/IN: sending notifies (serial 2013070822 )
Jul 8 04 : 13 : 18 cacti named-sdb[ 14449 ]: zone hadoop.com/IN: Transfer started.
Jul 8 04 : 13 : 18 cacti named-sdb[ 14449 ]: transfer of 'hadoop.com/IN' from 192.168 . 56.104 # 53 : connected using 192.168 . 56.105 # 49804
Jul 8 04 : 13 : 18 cacti named-sdb[ 14449 ]: zone hadoop.com/IN: transferred serial 2013070813
Jul 8 04 : 13 : 18 cacti named-sdb[ 14449 ]: transfer of 'hadoop.com/IN' from 192.168 . 56.104 # 53 : Transfer completed: 1 messages, 9 records, 265 bytes, 0.004 secs ( 66250 bytes/sec)
Jul 8 04 : 13 : 18 cacti named-sdb[ 14449 ]: zone hadoop.com/IN: sending notifies (serial 2013070813 )
|
可以从日志里看到同步成功。
如果在/var/log/message日志里出现一下内容
1
2
3
4
5
6
7
8
9
10
|
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'ns1.nic.uk/AAAA/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'nsc.nic.uk/A/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'nsc.nic.uk/AAAA/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'ns2.nic.uk/AAAA/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'nsa.nic.uk/AAAA/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving './NS/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'ns6.nic.uk/AAAA/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 34 master named-sdb[ 6324 ]: error (network unreachable) resolving 'nsd.nic.uk/AAAA/IN' : 2001 : 500 :2f::f# 53
Jul 8 13 : 36 : 36 master named-sdb[ 6324 ]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN' : 2001 : 502 :ad09:: 3 # 53
|
原因是try to use IPv6 transport even if the server host does not have IPv6 connectivity
解决方法:可以在直接编译配置文件/etc/sysconfig/named,去除去IPv6的解析,只解析IPv4,OPTIONS="whatever" 改为 OPTIONS="-4",注意OPTIONS选项的值可以是:whatever、-4、-6中的一
本文出自 “吟—技术交流” 博客,请务必保留此出处http://dl528888.blog.51cto.com/2382721/1249311