BIND 主从配置

环境:
master:172.31.182.144
slave:172.31.182.147

一、安装
yum install bind bind-chroot  -y

(源码包:https://downloads.isc.org/isc/bind9/9.14.8/bind-9.14.8.tar.gz)

二、master配置

[root@master named]# cat /etc/named.conf |grep -Ev "//|^$"

options {

    listen-on port 53 { 172.31.182.144; };

    listen-on-v6 port 53 { ::1; };

    directory     "/var/named";

    dump-file     "/var/named/data/cache_dump.db";

    statistics-file "/var/named/data/named_stats.txt";

    memstatistics-file "/var/named/data/named_mem_stats.txt";

    recursing-file  "/var/named/data/named.recursing";

    secroots-file   "/var/named/data/named.secroots";

    /*

     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

     - If you are building a RECURSIVE (caching) DNS server, you need to enable

       recursion.

     - If your recursive DNS server has a public IP address, you MUST enable access

       control to limit queries to your legitimate users. Failing to do so will

       cause your server to become part of large scale DNS amplification

       attacks. Implementing BCP38 within your network would greatly

       reduce such attack surface

    */

    recursion yes;

    dnssec-enable yes;

    dnssec-validation yes;

    /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";

    session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "adfile.wifi8.com" {

        type master;

        file "adfile.wifi8.com.hosts";

        allow-transfer {172.31.182.147;};

	notify yes;

	also-notify { 172.31.182.147; }; //指定slave server的IP位址

        };

zone "." IN {

    type hint;

    file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

zone文件:

[root@master named]# cat /var/named/adfile.wifi8.com.hosts

$TTL 180

@       IN SOA  ns1.test.com. root.adfile.wifi8.com. ( ;

                                        22190928       ; serial

                                        10S      ; refresh

                                        1H      ; retry

                                        1M      ; expire

                                        44H )    ; minimum

                IN      NS      ns1.test.com.

                IN      NS      ns2.test.com.

ns1             IN      A       172.31.182.144

ns2             IN      A       172.31.182.147

adfile.wifi8.com. IN A 10.254.33.32

adfile.wifi8.com. IN A 10.254.33.34

各参数解析:http://dns-learning.twnic.net.tw/bind/intro6.html

启动:
systemctl  restart  named.service

三、slave配置

[root@node02 named]# cat /etc/named.conf |grep -Ev "//|^$"

options {

    listen-on port 53 { 172.31.182.147; };

    listen-on-v6 port 53 { ::1; };

    directory     "/var/named";

    dump-file     "/var/named/data/cache_dump.db";

    statistics-file "/var/named/data/named_stats.txt";

    memstatistics-file "/var/named/data/named_mem_stats.txt";

    recursing-file  "/var/named/data/named.recursing";

    secroots-file   "/var/named/data/named.secroots";

    /*

     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

     - If you are building a RECURSIVE (caching) DNS server, you need to enable

       recursion.

     - If your recursive DNS server has a public IP address, you MUST enable access

       control to limit queries to your legitimate users. Failing to do so will

       cause your server to become part of large scale DNS amplification

       attacks. Implementing BCP38 within your network would greatly

       reduce such attack surface

    */

    recursion yes;

    dnssec-enable yes;

    dnssec-validation yes;

    /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";

    session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "adfile.wifi8.com" {

        type slave;

        file "adfile.wifi8.com.hosts";

        masters { 172.31.182.144; };

        };

zone "." IN {

    type hint;

    file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

启动后自动同步master解析配置:
systemctl  restart  named.service

添加域名脚本:

#################master:#################

#!/bin/bash

read -p "Please enter the domain name you need to add:" DOMAIN

read -p "Please enter the domain name corresponding to the IP record:" IP

HOSTS_DIR=/mnt/sscp/data/named/hosts

NAMED_CONFIG_DIR=/mnt/sscp/data/named/conf/named.conf

#Create domain record file

cat >${HOSTS_DIR}/${DOMAIN}.hosts<<EOF

\$TTL 180

@       IN SOA  ns1.sscp.mtr.com. root.${DOMAIN}. ( ;

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        44H )    ; minimum

                IN      NS      ns1.sscp.mtr.com.

                IN      NS      ns2.sscp.mtr.com.

ns1             IN      A       128.164.250.26

ns2             IN      A       128.164.250.27

${DOMAIN}. IN A ${IP}

EOF

#Add named config

cat >>${NAMED_CONFIG_DIR}<<EOF

zone "${DOMAIN}" IN{

        type master;

        file "${DOMAIN}.hosts";

        allow-transfer {128.164.250.27;};

};

EOF

# Checkconf named config

/mnt/sscp/app/named/sbin/named-checkconf

#Restart named server

/mnt/sscp/app/named/sbin/rndc -s 127.0.0.1 reload

if [ $? = 0 ];then

  echo "Added successfully!!"

else

  echo "Add failed!! Please check"

fi

#################slave:#################

#!/bin/bash

read -p "Please enter the domain name you need to add:" DOMAIN

HOSTS_DIR=/mnt/sscp/data/named/hosts

NAMED_CONFIG_DIR=/mnt/sscp/data/named/conf/named.conf

#Add named config

cat >>${NAMED_CONFIG_DIR}<<EOF

zone "${DOMAIN}" IN{

        type slave;

        file "${DOMAIN}.hosts";

        masters { 128.164.250.26; };

};

EOF

# Checkconf named config

/mnt/sscp/app/named/sbin/named-checkconf

#Restart named server

/mnt/sscp/app/named/sbin/rndc -s 127.0.0.1 reload

if [ $? = 0 ];then

  echo "Added successfully!!"

else

  echo "Add failed!! Please check"

fi

踩坑:
1、最后需要在主DNS服务器上的/var/named/ZONE_NAME.zone 文件里添加将该从服务的NS记录;
2、同时若想要实现主从服务器的数据同步,在修改好主服务器的/var/named/ZONE_NAME.zone 文件时,必须将该文件里的 序列号 增大才行,增大并保存退出后,主服务器会自动向从服务器推送(push)修改后的文件内容;

BIND 主从配置的更多相关文章

  1. BIND的进程一:DNS简单配置与的主从配置

    DNS的简单配置和DNS的主从配置   摘要:DNS(Domain-Name Server) ,DNS的服务起到的作用就是名称解析,在网络通讯来说计算机与计算机是通过IP地址相互通信的, 当是IP地址 ...

  2. Ubuntu+Redis主从配置

    软件环境: OS:ubuntu-12.04-desktop-amd64 Redis:redis-2.8.13.tar.gz TCL:tcl8.6.2-src.tar.gz VMware:vmware ...

  3. redis 主从配置和集群配置

    主从配置 |  集群配置 redis主从 主从配置原因: 1.到达读写分离,读的操作和写操作比例10 : 1读数据频繁,写数据次数少,这样可以配置1个master数据库用来写数据,配置多个slave从 ...

  4. Redis入门及主从配置

    1.Redis入门简介 Redis是一个开源的使用ANSI C语音编写.支持网络.可基于内存亦可持久化的日志型,Key-Value数据库.支持存储的value类型包括 string(字符串).list ...

  5. python中发布订阅和主从配置

    发布订阅 发布者不是计划发送消息给特定的接收者(订阅者),而是发布的消息分到不同的频道,不需要知道什么样的订阅者订阅 订阅者对一个或多个频道感兴趣,只需接收感兴趣的消息,不需要知道什么样的发布者发布的 ...

  6. CentO7 安装 redis, 主从配置,Sentinel集群故障转移切换

        一.Redis的安装(前提是已经安装了EPEL)   安装redis: yum -y install redis 启动/停止/重启 Redis 启动服务: systemctl start re ...

  7. BIND简易教程(2):BIND视图配置

    目录:BIND简易教程(1):安装及基本配置BIND简易教程(2):BIND视图配置(本篇)BIND简易教程(3):DNSSec配置 上文书说到,我们把aaa.apple.tree解析到192.168 ...

  8. Redis主从配置与数据备份还原

    一.主从配置: 1.下载: wget http://download.redis.io/releases/redis-4.0.9.tar.gz tar xzf redis-4.0.9.tar.gz c ...

  9. Redis学习总结(四)--Redis主从配置

    在分布式系统架构设计中高可用是必须考虑的因素之一.高可用通常是指,通过设计减少系统不能提供服务的时间.而单点是系统高可用的最大的败笔,如果单点出现问题的话,那么整个服务就不能使用了,所以应该尽量在系统 ...

随机推荐

  1. log-structured-merge-trees

    https://juejin.im/post/5bbbf7615188255c59672125 https://www.cnblogs.com/siegfang/archive/2013/01/12/ ...

  2. jvm 性能调优工具之 jmap 命令详解

    jmap名称:Java Memory Map(内存映射) 官方文档:https://docs.oracle.com/javase/1.5.0/docs/tooldocs/share/jmap.html ...

  3. 在nginx环境下搭建基于ssl证书的websocket服务转发,wss

    1.证书准备 本地调试,可以安装自签名证书,安装方法参考https本地自签名证书添加到信任证书访问 2.修改配置文件 将上面的配置文件拷贝到conf目录,添加或者修改节点如下 # HTTPS serv ...

  4. Spring Cloud 微服务技术整合

    微服务架构风格是一种使用一套小服务来开发单个应用的方式途径,每个服务运行在自己的进程中,并使用轻量级机制通信,通常是HTTP API,这些服务基于业务能力构建,并能够通过自动化部署机制来独立部署,这些 ...

  5. mysql 导入txt数据到数据表【原创】

    1.如何将数据表导入到mysql的表中,可以使用:load data infile ... into table  ... 示例: load data infile 'e:\datainfo.txt' ...

  6. html遮罩层实现

    html文件内容如下 <!--调出子窗口按钮--> <button class="add" onclick="addClick();"> ...

  7. SQL Server sp_monitor使用

    SQL Server提供了sp_monitor存储过程可以方便我们查看SQL Server性能统计信息,包括CPU/Network/IO,通过这些信息可以对自己的数据库性能状况有一个大致的了解. 下面 ...

  8. 测试代码的练习2——python编程从入门到实践

    11-3 雇员:编写一个名为Employee的类,其方法__init__() 接受名.姓和年薪,并将它们都存储在属性中.编写一个名为give_raise()的方法,它默认将年薪增加5000美元,但也能 ...

  9. 【实战经验】Xilinx时钟从普通IO输出问题

    Xilinx芯片的时钟信号从普通IO输出时,在map过程中会出错,对此有两种解决方案: 1.在ucf文件中,添加对应的约束文件: 例如[PIN "U0_1/clkout2_buf.O&quo ...

  10. nmon2influxdb+grafana:服务监控可视化部署

    在工作中,无论是定位线上问题,还是性能优化,都需要对前端.后台服务进行监控.而及时的获取监控数据,能更好的帮助技术人员排查定位问题. 前面的博客介绍过服务端监控工具:Nmon使用方法及利用easyNm ...