现在的位置: 首页 > IT运维 > 正文

Bing9主从(Master/Slave)服务器配置

2010年07月31日 IT运维 ⁄ 共 4738字 暂无评论 ⁄ 被围观 0+

在linux下提供DNS服务的软件用的最多的是bind,在工作中,一般公司不会自己建立一个DNS服务器,一般解析都交给万网、新网,这些代理商他们做。就等于外包把,减轻自己的工作量。但这些代理商通常限制子域名解析数量为20个,我们需要超过20个子域名解析的时候,就必须自建DNS服务器,一般安装Bing9主从(Master/Slave)服务器以保障DNS解析安全可靠。以下为基本安装配置方法

主:
[root@linux src]#yum -y install bind*

生成rndc控制命令的key文件
[root@linux usr]# sbin/rndc-confgen > /etc/rndc.conf
从rndc.conf文件中提取named.conf用的key
[root@linux usr]# cd /etc
[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g >

/var/named/chroot/etc/named.conf
自动在/var/named/chroot/etc下生成named.conf文件

进入/var/named/chroot/etc
[root@linux etc]# cd /var/named/chroot/etc
现在named.conf文件中有了rndc-key区段
[root@linux etc]# more named.conf
key "rndc-key" {

algorithm hmac-md5;

secret "Nd0nLoL8t4Mv0iSpqP1noA==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};
然后我们来完善它:
[root@linux etc]#vi named.conf
options {
directory "/var/named";

};

zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};

zone "opensoce.com" IN {
type master;
file "learningsky.zone";
allow-transfer { 192.168.22.155 ; };
notify yes;
also-notify { 192.168.22.155 ; };
//使用notify指令会自动通知所有这个域的所有在ns记录上的机器,also-notify指令可以用来通知所有不在ns记录上的dns服务器.
};

zone "22.168.192.in-addr.arpa" IN {
type master;
file "22.168.192";
allow-transfer { 192.168.22.155 ; };
notify yes;
also-notify { 192.168.22.155 ; };

};

key "rndc-key" {

algorithm hmac-md5;

secret "Nd0nLoL8t4Mv0iSpqP1noA==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

进入/var/named/chroot/var/named
[root@linux etc]# cd /var/named/chroot/var/named

建立localhost.zone文件
[root@linux named]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

1D IN NS @
1D IN A 127.0.0.1

建立named.local文件
[root@linux named]#vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost.(
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.

dig命令直接生成named.ca文件
[root@linux named]#dig > named.ca
建立opensoce.com域名正向解析文件
[root@linux named]#vi learningsky.zone
$TTL 86400
$ORIGIN opensoce.com.
@ 1D IN SOAdns.opensoce.com.root.mail.opensoce.com. (

1053891162
3H
15M
1W
1D )

1DIN NS dns.opensoce.com.
1DIN MX 5 mail.learningsky.com.
dns IN A 192.168.22.150
mail IN A 192.168.22.150
www IN A 192.168.22.150

建立opensoce.com域名反向解析文件
[root@linux named]#vi 22.168.192
$TTL 86400
@ IN SOA dns.opensoce.com. root.mail.opensoce.com.(
20031001;
7200;
3600;
43200;
86400);
@ IN NS dns.opensoce.com.
150 IN PTR dns.opensoce.com.
150 IN PTR mail.opensoce.com.
150 IN PTR www.opensoce.com.

[root@linux named]#netstat -an |grep :53
tcp 0 0 192.168.22.150:53 0.0.0.0:* LISTEN

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN

udp 0 0 192.168.22.150:53 0.0.0.0:*

udp 0 0 127.0.0.1:53 0.0.0.0:*

修给reslov.conf
[root@linux named]#vi /etc/reslov.conf
nameserver 192.168.22.150
search opensoce.com

[root@linux etc]# ps -aux|grep named
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
named 133100.00.5381602900 ? Ssl14:53 0:00 /usr/sbin/named -u

named -t /var/named/chroot
root 133750.00.1 5212 688 pts/1 R+ 16:08 0:00 grep named

[root@linux etc]#more nsswitch.conf
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files
shadow: files
group: files

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols:nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files

[root@linux etc]# more host.conf
order hosts,bind

启动named
/[root@linux etc]# usr/local/sbin/named

测试DNS
[root@linux etc]# nslookup
>www.opensoce.com
Server: 192.168.22.150
Address: 192.168.22.150#53

Name: www.opensoce.com
Address: 192.168.0.244

>192.168.22.250
Server: 192.168.22.250
Address: 192.168.22.250#53

150.22.168.192.in-addr.arpa name = dns.opensoce.com.
150.22.168.192.in-addr.arpa name = www.opensoce.com.
150.22.168.192.in-addr.arpa name = mail.opensoce.com.

>set type=MX
>opensoce.com
Server: 192.168.22.150
Address: 192.168.22.150#53

opensoce.com mail exchanger = 5 mail.learningsky.com.
>exit

主DNS配置完成。

从:
安装跟主的一样,不同的就是named.conf
named.conf内容:
options {
directory "/var/named";

};

zone "." IN {
type hint;
file "named.root";
};

zone "localhost" IN {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};

zone "opensoce.com" IN {
type slave;
file "learningsky.zone";
masters { 192.168.22.150; };
};

zone "22.168.192.in-addr.arpa" IN {
type slave;
file "22.168.192";
masters { 192.168.22.150; };
};

key "rndc-key" {
algorithm hmac-md5;
secret "80hKqo5bkGMAqHqeAlaLCA==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};

注:
1、主从同步的两台机器要在同一个时区,时间相差不要太大。
2、主的dns服务器在修改了正向解析文件跟反向分解析文件时,要修改相应的 serial(通常是加数值,这个值必须主的要大于从的,要不同步不了)
3、/var/named/chroot这个文件的宿主要是named,不是那权限other也要是7
4、红色字体一定要注意,同步关键……

给我留言

您必须 [ 登录 ] 才能发表留言!

×
#