BIND 主从配置
BIND 主从配置
环境:
master:172.31.182.144
slave:172.31.182.147
一、安装
yum install bind bind-chroot -y
(源码包:https://downloads.isc.org/isc/bind9/9.14.8/bind-9.14.8.tar.gz)
二、master配置
[root@master named]# cat /etc/named.conf |grep -Ev "//|^$"
options {
listen-on port 53 { 172.31.182.144; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "adfile.wifi8.com" {
type master;
file "adfile.wifi8.com.hosts";
allow-transfer {172.31.182.147;};
notify yes;
also-notify { 172.31.182.147; }; //指定slave server的IP位址
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone文件:
[root@master named]# cat /var/named/adfile.wifi8.com.hosts
$TTL 180
@ IN SOA ns1.test.com. root.adfile.wifi8.com. ( ;
22190928 ; serial
10S ; refresh
1H ; retry
1M ; expire
44H ) ; minimum
IN NS ns1.test.com.
IN NS ns2.test.com.
ns1 IN A 172.31.182.144
ns2 IN A 172.31.182.147
adfile.wifi8.com. IN A 10.254.33.32
adfile.wifi8.com. IN A 10.254.33.34
各参数解析:http://dns-learning.twnic.net.tw/bind/intro6.html
启动:
systemctl restart named.service
三、slave配置
[root@node02 named]# cat /etc/named.conf |grep -Ev "//|^$"
options {
listen-on port 53 { 172.31.182.147; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "adfile.wifi8.com" {
type slave;
file "adfile.wifi8.com.hosts";
masters { 172.31.182.144; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
启动后自动同步master解析配置:
systemctl restart named.service
添加域名脚本:
#################master:#################
#!/bin/bash
read -p "Please enter the domain name you need to add:" DOMAIN
read -p "Please enter the domain name corresponding to the IP record:" IP
HOSTS_DIR=/mnt/sscp/data/named/hosts
NAMED_CONFIG_DIR=/mnt/sscp/data/named/conf/named.conf
#Create domain record file
cat >${HOSTS_DIR}/${DOMAIN}.hosts<<EOF
\$TTL 180
@ IN SOA ns1.sscp.mtr.com. root.${DOMAIN}. ( ;
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
44H ) ; minimum
IN NS ns1.sscp.mtr.com.
IN NS ns2.sscp.mtr.com.
ns1 IN A 128.164.250.26
ns2 IN A 128.164.250.27
${DOMAIN}. IN A ${IP}
EOF
#Add named config
cat >>${NAMED_CONFIG_DIR}<<EOF
zone "${DOMAIN}" IN{
type master;
file "${DOMAIN}.hosts";
allow-transfer {128.164.250.27;};
};
EOF
# Checkconf named config
/mnt/sscp/app/named/sbin/named-checkconf
#Restart named server
/mnt/sscp/app/named/sbin/rndc -s 127.0.0.1 reload
if [ $? = 0 ];then
echo "Added successfully!!"
else
echo "Add failed!! Please check"
fi #################slave:#################
#!/bin/bash
read -p "Please enter the domain name you need to add:" DOMAIN
HOSTS_DIR=/mnt/sscp/data/named/hosts
NAMED_CONFIG_DIR=/mnt/sscp/data/named/conf/named.conf
#Add named config
cat >>${NAMED_CONFIG_DIR}<<EOF
zone "${DOMAIN}" IN{
type slave;
file "${DOMAIN}.hosts";
masters { 128.164.250.26; };
};
EOF
# Checkconf named config
/mnt/sscp/app/named/sbin/named-checkconf
#Restart named server
/mnt/sscp/app/named/sbin/rndc -s 127.0.0.1 reload
if [ $? = 0 ];then
echo "Added successfully!!"
else
echo "Add failed!! Please check"
fi
踩坑:
1、最后需要在主DNS服务器上的/var/named/ZONE_NAME.zone 文件里添加将该从服务的NS记录;
2、同时若想要实现主从服务器的数据同步,在修改好主服务器的/var/named/ZONE_NAME.zone 文件时,必须将该文件里的 序列号 增大才行,增大并保存退出后,主服务器会自动向从服务器推送(push)修改后的文件内容;
BIND 主从配置的更多相关文章
- BIND的进程一:DNS简单配置与的主从配置
DNS的简单配置和DNS的主从配置 摘要:DNS(Domain-Name Server) ,DNS的服务起到的作用就是名称解析,在网络通讯来说计算机与计算机是通过IP地址相互通信的, 当是IP地址 ...
- Ubuntu+Redis主从配置
软件环境: OS:ubuntu-12.04-desktop-amd64 Redis:redis-2.8.13.tar.gz TCL:tcl8.6.2-src.tar.gz VMware:vmware ...
- redis 主从配置和集群配置
主从配置 | 集群配置 redis主从 主从配置原因: 1.到达读写分离,读的操作和写操作比例10 : 1读数据频繁,写数据次数少,这样可以配置1个master数据库用来写数据,配置多个slave从 ...
- Redis入门及主从配置
1.Redis入门简介 Redis是一个开源的使用ANSI C语音编写.支持网络.可基于内存亦可持久化的日志型,Key-Value数据库.支持存储的value类型包括 string(字符串).list ...
- python中发布订阅和主从配置
发布订阅 发布者不是计划发送消息给特定的接收者(订阅者),而是发布的消息分到不同的频道,不需要知道什么样的订阅者订阅 订阅者对一个或多个频道感兴趣,只需接收感兴趣的消息,不需要知道什么样的发布者发布的 ...
- CentO7 安装 redis, 主从配置,Sentinel集群故障转移切换
一.Redis的安装(前提是已经安装了EPEL) 安装redis: yum -y install redis 启动/停止/重启 Redis 启动服务: systemctl start re ...
- BIND简易教程(2):BIND视图配置
目录:BIND简易教程(1):安装及基本配置BIND简易教程(2):BIND视图配置(本篇)BIND简易教程(3):DNSSec配置 上文书说到,我们把aaa.apple.tree解析到192.168 ...
- Redis主从配置与数据备份还原
一.主从配置: 1.下载: wget http://download.redis.io/releases/redis-4.0.9.tar.gz tar xzf redis-4.0.9.tar.gz c ...
- Redis学习总结(四)--Redis主从配置
在分布式系统架构设计中高可用是必须考虑的因素之一.高可用通常是指,通过设计减少系统不能提供服务的时间.而单点是系统高可用的最大的败笔,如果单点出现问题的话,那么整个服务就不能使用了,所以应该尽量在系统 ...
随机推荐
- java中静态方法中为什么不能使用this、super和直接调用非静态方法
这个要从java的内存机制去分析,首先当你New 一个对象的时候,并不是先在堆中为对象开辟内存空间,而是先将类中的静态方法(带有static修饰的静态函数)的代码加载到一个叫做方法区的地方,然后再在堆 ...
- Cassandra开发入门文档第一部分
Cassandra的特点 横向可扩展性: Cassandra部署具有几乎无限的存储和处理数据的能力.当需要额外的容量时,可以简单地将更多的机器添加到集群中.当新机器加入集群时,Cassandra需要对 ...
- 转 linux 添加PHP环境变量,/etc/profile 不生效,每次都要 source /etc/profile
http://shanhuxueyuan.com/news/detail/46.html 执行php -v 提示未找到命令,这是因为没有将php路径添加到环境变量 方法一:直接运行命令export P ...
- Windows10 下安装 oracle 客户端,安装 plsql 破解并实现汉化
一,软件准备 1,win10 操作系统 2,oracle_11g_r2 client 这里是 64 位的软件 3, plsql 11.0.6 这里我们下载 64 的,32 位操作系统现在已经很少了, ...
- photoshop7.0 排版一寸照片、2寸照片
说明:必须先照一张一寸电子照片,否则是无法做成 1.本例同样采用photoshop CS5制作,其它版本通用,这里采用上一教程“PS照片处理教程-制作一寸照片并排版”的处理效果图进行排版,首先在PS中 ...
- Git 更新
在向远程仓库推送之前,为避免冲突,通常会先从远程仓库更新,再添加文件,再commit到staging area,最近push. 更新使用命令git pull 1 2 3 4 5 6 7 8 9 10 ...
- linux下的短延迟
nanosleep,sleephttps://www.jianshu.com/p/42abcc2c9e50
- python 异常处理(25)
在python开发中,代码书写时难免有疏忽或者意向不到的bug,导致程序run的过程中有可能会直接崩溃:然后对于程序猿而言,程序因bug崩溃是家常便饭,为了增加程序的健壮性,防止程序崩溃,我们可以对程 ...
- IDEA的java源码文件左边有一个红色的J
解决办法: 如果源码文件这里已经有一个路径,那就添加现在的.java文件所在目录,或者删除了再重新添加
- 选redis还是memcache,源码怎么说
转自: https://mp.weixin.qq.com/s?__biz=MjM5ODYxMDA5OQ==&mid=2651961272&idx=1&sn=79ad515b01 ...