安装的过程完全一样,这里主要是贴上从服务器的配置文件。
一、主配named.conf
- options {
- directory "/usr/local/named/etc";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- pid-file "/var/run/named/named.pid";
- version "Windows 2008 Enterprise Server";
- listen-on port 53 { 192.168.2.201; };
- allow-query { intranet;external; };
- allow-recursion { external; };
- forward first;
- forwarders { 202.101.172.46;202.101.172.47; };
- datasize 128M;
- auth-nxdomain no;
- rrset-order { order random; };
- };
- logging {
- channel warning {
- file "/var/log/dns_warnings.log" versions 5 size 1024K;
- severity warning;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel security_log {
- file "/var/log/dns_security.log" versions 5 size 1024K;
- severity info;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel query_log {
- file "/var/log/dns_query.log" versions 10 size 1024K;
- severity info;
- print-category yes;
- print-severity yes;
- };
- category default { warning; };
- category security { security_log; };
- category queries { query_log; };
- };
- include "acl.conf";
- include "rndc.conf";
- view "intranet" { //真正需要同步的是intranet视图中的几个域
- match-clients { key intranet-key;intranet; };
- match-destinations { any; };
- //DNS master服务器的地址,以及主从同步时key配置
- server 192.168.2.200 { keys { intranet-key; }; };
- zone "." IN {
- type hint;
- file "named.root";
- };
- zone "localhost" IN {
- type master;
- file "localhost.zone";
- };
- zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "localhost.rev";
- };
- zone "wholesale-dress.net" IN {
- type slave;
- //该域的类型是slave,本处指定master的地址,下同
- masters { 192.168.2.200; };
- file "slave/wholesale-dress.net.intranet";
- };
- zone "yixiebao.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/yixiebao.com.intranet";
- };
- zone "japan-dress.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/japan-dress.com.intranet";
- };
- zone "arab-clothes.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/arab-clothes.com.intranet";
- };
- zone "stamp-shopping.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/stamp-shopping.com.intranet";
- };
- zone "2.168.192.in-addr.arpa" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/2.168.192.rev";
- };
- };
- view "external" { //external这个视图是不需要同步的,都是公网的域名,直接丢给上游DNS处理
- match-clients { key external-key;external; };
- match-destinations { any; };
- zone "." IN {
- type hint;
- file "named.root";
- };
- zone "localhost" IN {
- type master;
- file "localhost.zone";
- };
- zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "localhost.rev";
- };
- zone "wholesale-dress.net" IN {
- type forward;
- };
- zone "goods-of-china.com" IN {
- type forward;
- };
- zone "japan-dress.com" IN {
- type forward;
- };
- zone "russia-dress.com" IN {
- type forward;
- };
- zone "stamp-shopping.com" IN {
- type forward;
- };
- };
其他的配置文件只要copy master服务器上的文件到本地即可。
二、验证主从同步是否可以
1)在master上挑选一个域名作测试,就以stamp-shopping.com.intranet为例吧,
原始记录如下:
- $TTL 86400
- @ IN SOA ns1.stamp-shopping. root.stamp-shopping. (
- 108 ; serial
- 1H ; refresh
- 1M ; retry
- 1W ; expiry
- 1D ) ; minimum
- IN NS ns1.stamp-shopping.
- ; IN MX 10 mail.stamp-shopping.
- ;mail IN A 192.168.1.14
- ns1 IN A 192.168.2.200
- slave IN A 192.168.2.201
- www IN A 192.168.1.243
- ;js IN A 192.168.1.15
- ;css IN A 192.168.1.15
- ;img IN A 192.168.1.15
- ;ftp IN A 192.168.1.18
现在将www的A记录IP修改至192.168.2.56吧,同时修改serial值为120(master上的serial值要比slave大,否则无法同步),修改后如下
- $TTL 86400
- @ IN SOA ns1.stamp-shopping. root.stamp-shopping. (
- 120 ; serial
- 1H ; refresh
- 1M ; retry
- 1W ; expiry
- 1D ) ; minimum
- IN NS ns1.stamp-shopping.
- ; IN MX 10 mail.stamp-shopping.
- ;mail IN A 192.168.1.14
- ns1 IN A 192.168.2.200
- slave IN A 192.168.2.201
- www IN A 192.168.2.56
- ;js IN A 192.168.1.15
- ;css IN A 192.168.1.15
- ;img IN A 192.168.1.15
- ;ftp IN A 192.168.1.18
slave上此时的stamp-shopping.com.intranet文件与master上是一样的,这里就不贴了,我们现在重启master上的bind服务吧,看slave上是否有更新过来。
- # /etc/init.d/named restart
这个时候,slave上已经更新过来了,贴一下吧
- $ORIGIN .
- $TTL 86400 ; 1 day
- stamp-shopping.com IN SOA ns1.stamp-shopping. root.stamp-shopping. (
- 120 ; serial
- 3600 ; refresh (1 hour)
- 60 ; retry (1 minute)
- 604800 ; expire (1 week)
- 86400 ; minimum (1 day)
- )
- NS ns1.stamp-shopping.
- $ORIGIN stamp-shopping.com.
- ns1 A 192.168.2.200
- slave A 192.168.2.201
- www A 192.168.2.56
以上就是DNS 从服务器的构建过程,谢谢!
