部署主从dns
主机部署:
yum安装DNS服务和依赖
[admin@haifly-bj-dns1 ~]$ sudo yum install bind-chroot
启动named-chroot服务
[admin@haifly-bj-dns1 ~]$ sudo systemctl start named
[admin@haifly-bj-dns1 ~]$ sudo systemctl enable named
修改/etc/named.conf配置
[admin@haifly-bj-dns1 ~]$ sudo cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
allow-recursion { 0.0.0.0/0; };
forward first;
forwarders {
180.76.76.76;
114.114.114.114;
};
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "feiersmart.local" IN {
type master;
file "feiersmart.local.zone";
allow-transfer { 192.168.1.219; };
allow-query { any; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
备机部署:
修改/etc/named.conf
[admin@haifly-bj-dns2 ~]$ sudo cat /etc/named.conf
[sudo] password for admin:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
allow-recursion { 0.0.0.0/0; };
forward first;
forwarders {
119.29.29.29;
114.114.114.114;
};
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "feiersmart.local" IN {
type slave;
file "slaves/feiersmart.local.zone";
masters { 192.168.5.244; };
allow-query { any; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
配置修改:
每次修改 DNS 配置之后,只需要修改主机的配置,一定要修改时间戳,否则会导致配置备机配置不生效。
配置修改完成后,重启服务
[admin@haifly-bj-dns1 ~]$ sudo systemctl restart named
监控脚本
#!/usr/bin/python
#coding=utf-8
import dns.resolver
import sys
def query_domain(nameserverIP,domainName):
resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = [nameserverIP]
try:
answer = resolver.query(domainName, 'A')
if len(answer) >= 1:
return(True)
else:
return(False)
except:
return(False)
def main():
nameserverIPs = ['192.168.1.5','192.168.1.6']
domainNames = ['www.baidu.com',\
'api.weixin.qq.com','graph.qq.com','proxy-ling.jd.com','api.ximalaya.com',\
'vboxmongodb1.linglongtech.com','logs.linglongtech.com',\
'vboxdb.linglongtech.local','vboxmem.linglongtech.local','vboxdns1.linglongtech.local','vboxdns2.
linglongtech.local']
for x in nameserverIPs:
for y in domainNames:
#print(x,y)
#print(query_domain(x,y))
if query_domain(x,y):
continue
else:
print(1)
sys.exit(0)
print(0)
if __name__ == '__main__':
main()
部署主从dns的更多相关文章
- 架构师成长之路6.4 DNS服务器搭建(部署主从DNS)
点击返回架构师成长之路 架构师成长之路6.3 DNS服务器搭建(部署主从DNS) 部署主DNS : 点击 部署从DNS : 如下步骤 1.与主DNS一样,安装bind yum -y install ...
- 使用bind实现主从DNS服务器数据同步
一.bind简介 Linux中通常使用bind来实现DNS服务器的架设,bind软件由isc(www.isc.org)维护.在yum仓库中可以找到软件,配置好yum源,直接使用命令yum instal ...
- 基于Bind实现的DNS正反向解析及主从DNS的配置
一.什么是DNS? 1.1 简单的理解,Domain Name System,是互联网一项核心的服务,他作为一个桥梁可以将域名和IP地址相互因素的一个分布式数据库,能够使人更加方便的访问互联网,而不用 ...
- 使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建
参考网址:http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/ DNS(Domain Name S ...
- Centos7搭建主从DNS服务器
1.准备 例:两台192.168.11.10(主),192.168.11.11(从),域名www.test1.com # 主从DNS服务器均需要安装bind.bind-chroot.bind-util ...
- centos7 主从dns配置 bind服务
一,配置前请先关闭防火墙selinux 防火墙关闭方法,参见上一篇文章. setenforce 0 #临时关闭 修改/etc/selinux/config 文件 将SELINUX=enforc ...
- Redis 部署主从哨兵 C#使用,实现自动获取redis缓存 实例1
源码示例下载链接: https://pan.baidu.com/s/1eTA63T4 密码: un96 实现目标:windows 下安装 一台master服务 一台salve redis服务器 并且哨 ...
- 主从DNS服务器的搭建
一.DNS主从的理解 主从服务器,在一开始的理解中,以为是主的dns服务器挂掉后,(dns服务自动转向辅助dns服务器),客户端还能继续解析.事实貌似不是这样的.当我把主dns停掉的时候,客户端只设一 ...
- 企业运维 | MySQL关系型数据库在Docker与Kubernetes容器环境中快速搭建部署主从实践
[点击 关注「 WeiyiGeek」公众号 ] 设为「️ 星标」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 本章目录 目录 ...
随机推荐
- 洛谷 P1980【计数问题】 题解(2)
还有一种办法,就是用stringstream函数将每一次的数全都转化成char一维数组样式的字符串,然后逐位扫一遍即可. (记得判断字符时将规定数字+48) //Stand up for the fa ...
- WebGL简易教程(四):颜色
目录 1. 概述 2. 示例:绘制三角形 1) 数据的组织 2) varying变量 3. 结果 4. 理解 1) 图形装配和光栅化 2) 内插过程 5. 参考 1. 概述 在上一篇教程<Web ...
- 解决android splash 启动白屏问题
有时我们会发现 ,在splash 页面启动之前会有那么零点几秒的白屏, 真的很让人抓狂 解决办法其实也很简单 . 1.在style.xml中定义一个样式, 这里引入 splash页面的 图片, 注意不 ...
- 利用maven命令将外部jar包导进maven仓库
命令如下:mvn install:install-file -DgroupId=com.zebra -DartifactId=ZSDK_API -Dversion=v2.12.3782 -Dpacka ...
- dart 大文件读取
dart 中不可避免会出现文件读取的情况, 甚至是很大的文件, 比如 200M 的文件 如果一次性读入内存,虽然也行得通, 但是如果在 flutter 中开启个 200M 大小的字节数组, 一不小心可 ...
- DBCP
DBCP(DataBase Connection Pool)数据库连接池,由Apache公司开发.连接池的运用避免了反复建立连接造成的资源浪费,预先建立一些连接放在数据库连接池中,需要时取出,不需要时 ...
- 01.Django基础一之web框架的本质
一 web框架的本质及自定义web框架 我们可以这样理解:所有的Web应用本质上就是一个socket服务端,而用户的浏览器就是一个socket客户端,基于请求做出响应,客户都先请求,服务端做出对应的响 ...
- 排列组合算法的Java实现
转载于:http://cgs1999.iteye.com/blog/2327664
- 云服务器 ECS Linux 系统 MySQL 备份的导入导出
MySQL 备份的导出 注意: 如果您使用的是帮助中心的一键环境配置,那么 MySQL 的安装目录是 /alidata/server/mysql. 如果您将 MySQL 安装到其他目录,您需要输入您 ...
- FlagCounter被封杀?自己实现一个简单的多国访客计数器
起因 前段时间发现博客右边的FlagCounter计数器突然没了,又看到了博客园封杀了FlagCounter的消息,有点摸不着头脑.于是上FlagCounter的网站上看了一眼,发现最近出现的来自新国 ...