Redhat linux DNS配置指南
在oracle 11g的RAC中增加了SCAN IP,而使用 SCAN IP的一種方式就是使用DNS,這裡介紹在Redhat Linux 5.4中DNS的詳細配置操作
在配置DNS之前修改主機名
Redhat linux 5.4 DNS配置操作
在配置DNS之前修改主機名
[root@beiku1 etc]# hostname beiku1.sbyy.com [root@beiku1 etc]# vi /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 beiku1.sbyy.com localhost ::1 localhost6.localdomain6 localhost6 10.138.130.161 beiku1 [root@beiku1 etc]# vi /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=beiku1.sbyy.com GATEWAY=10.138.130.254
一.安裝軟體包
Redhat linux 5.4 下的dns服務所有的bind包如下:
bind-9.3.6-4.P1.el5 bind-libbind-devel-9.3.6-4.P1.el5 kdebindings-devel-3.5.4-6.el5 kdebindings-3.5.4-6.el5 bind-devel-9.3.6-4.P1.el5 bind-utils-9.3.6-4.P1.el5 bind-chroot-9.3.6-4.P1.el5 ypbind-1.19-12.el5 system-config-bind-4.0.3-4.el5 bind-libs-9.3.6-4.P1.el5 bind-sdb-9.3.6-4.P1.el5
使用rpm –qa | grep bind來檢查系統是否已經安裝了以上軟體包:
[root@beiku1 soft]# rpm -qa | grep bind bind-chroot-9.3.6-4.P1.el5 kdebindings-3.5.4-6.el5 ypbind-1.19-12.el5 bind-libs-9.3.6-4.P1.el5 bind-9.3.6-4.P1.el5 system-config-bind-4.0.3-4.el5 bind-utils-9.3.6-4.P1.el5
對於沒有安裝的軟體包執行以下命令進行安裝
[root@beiku1 soft]# rpm -ivh bind-9.3.6-4.P1.el5.i386.rpm
warning: bind-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package bind-9.3.6-4.P1.el5.i386 is already installed
[root@beiku1 soft]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm
warning: caching-nameserver-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:caching-nameserver ########################################### [100%]
[root@beiku1 soft]# rpm -ivh install kdebindings-devel-3.5.4-6.el5.i386.rpm
error: open of install failed: No such file or directory
warning: kdebindings-devel-3.5.4-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
[root@beiku1 soft]# rpm -ivh kdebindings-devel-3.5.4-6.el5.i386.rpm
warning: kdebindings-devel-3.5.4-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:kdebindings-devel ########################################### [100%]
[root@beiku1 soft]# rpm -ivh bind-sdb-9.3.6-4.P1.el5.i386.rpm
warning: bind-sdb-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind-sdb ########################################### [100%]
[root@beiku1 soft]# rpm -ivh bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm
warning: bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind-libbind-devel ########################################### [100%]
[root@beiku1 soft]# rpm -ivh bind-devel-9.3.6-4.P1.el5.i386.rpm
warning: bind-devel-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind-devel ########################################### [100%]
還要手動安裝一個軟體包caching-nameserver-9.3.6-4.P1.el5 ,不安裝這個軟體包named服務不能啟動,會報錯誤資訊 例如:
[root@beiku1 ~]# service named start Locating /var/named/chroot//etc/named.conf failed: [FAILED] [root@beiku1 soft]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm warning: caching-nameserver-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:caching-nameserver ########################################### [100%] [root@beiku1 soft]# service named start Starting named: [ OK ]
二.複製模板檔案
由於安裝了chroot環境,所以我們的DNS主配置檔案應該在/var/named/chroot/etc目錄下面
[root@beiku1 soft]# cd /var/named/chroot/ [root@beiku1 chroot]# ls dev etc proc var [root@beiku1 chroot]# cd etc [root@beiku1 etc]# ls localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@beiku1 etc]#
named.caching-nameserver.conf檔案內容如下:
[root@beiku1 etc]# cat named.caching-nameserver.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost; };
allow-query-cache { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
這個檔案告訴我們不要直接的編輯這個檔案,去建立一個named.conf檔案,然後編輯named.conf檔案,當有了named.conf,將不在讀取這個檔案。現在就將named.caching-nameserver.conf檔案複製成named.conf檔案。
[root@beiku1 etc]# cp -p named.caching-nameserver.conf named.conf [root@beiku1 etc]# ls localtime named.caching-nameserver.conf named.conf named.rfc1912.zones rndc.key
可以看到,named.conf檔案就被建立成功了。最好在copy的時候加上-P的引數,保留許可權。否則啟動服務的時候會報許可權拒絕的。
三.編輯named.conf檔案
[root@beiku1 etc]# vi named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { 10.138.130.0/24; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { 10.138.130.0/24; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
解釋這些語法引數的意思
options
代表全域性配置
listen-on port 53 { any; };
DNS服務監聽在所有介面
listen-on-v6 port 53 { ::1; };
ipv6監聽在本地迴環介面
directory "/var/named";
zone檔案的存放目錄,指的是chroot環境下面的/var/named
dump-file "/var/named/data/cache_dump.db";
存放快取的資訊
statistics-file "/var/named/data/named_stats.txt";
統計使用者的訪問狀態
memstatistics-file "/var/named/data/named_mem_stats.txt";
每一次訪問耗費了多數記憶體的存放檔案
allow-query { 10.138.130.0/24 };
允許查詢的客戶端,現在修改成本地網段,
allow-query-cache {any; };
允許那些客戶端來查詢快取,any表示允許任何人。
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
定義日誌的存放位置在/var/named/chroot/var/named/data/目錄下面
};
view localhost_resolver {
match-clients { 10.138.130.0/24; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
這裡是定義檢視的功能,
Match-clients 是指匹配的客戶端
Match-destination 是指匹配的目標
到這裡,named.conf檔案就已經配置成功了,這個檢視最後寫include "/etc/named.rfc1912.zones";接下面,就去配置這個檔案。當然,我們可以匹配不同的客戶端來建立不同的檢視。
四.定義zone檔案
[root@beiku1 etc]# vi named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "sbyy.com" IN {
type master;
file "sbyy.zone";
allow-update { none; };
};
zone "130.138.10.in-addr.arpa" IN {
type master;
file "named.sbyy";
allow-update { none; };
};
解釋這些語法引數的意思
Zone “.” 根區域
Zone “sbyy.com” 定義正向解析的區域
zone "130.138.10.in-addr.arpa" 定義反向解析的區域
IN Internet記錄
type hint 根區域的型別為hint
type master 區域的型別為主要的
file “named.ca” ; 區域檔案是named,ca
file "sbyy.zone"; 指定正向解析的區域檔案是sbyy.zone
file "named.sbyy"; 指定反向解析的區域檔案是named,sbyy
allow-update { none; }; 預設情況下,是否允許客戶端自動更新
在named.ca檔案中就定義了全球的13臺根伺服器,
在sbyy.com檔案中就定義DNS的正向解析資料庫
在named.sbyy檔案中就定義DNS反向解析的資料庫
定義zone檔案就完成了,下面來編輯DNS的資料庫檔案。
五.使用模板檔案來建立資料庫檔案
[root@beiku1 etc]# cd /var/named/chroot/var/named/ [root@beiku1 named]# ls data localdomain.zone localhost.zone named.broadcast named.ca named.ip6.local named.local named.zero slaves
可以看到,在chroot環境下面的/var/named/有很多模板檔案。Named.ca就是根區域的資料庫檔案,我們將localhost.zone複製成sbyy.zone,這個是正向解析的資料庫檔案,將named.local複製成named.sbyy,這個是反向解析的資料庫檔案。資料庫檔案一定要和/etc/named.rfc1912.zones這個檔案裡面的匹配。
[root@beiku1 named]# cp -p localhost.zone sbyy.zone [root@beiku1 named]# cp -p named.local named.sbyy [root@beiku1 named]# ls data named.broadcast named.local sbyy.zone localdomain.zone named.ca named.sbyy slaves localhost.zone named.ip6.local named.zero
複製成功,正向解析和反向解析的資料庫檔案就建立完成了。
六.定義資料庫檔案
1. 定義正向解析資料庫檔案
[root@beiku1 named]# vi sbyy.zone
$TTL 86400
@ IN SOA beiku1.sbyy.com. root.sbyy.com. (
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS beiku1.sbyy.com.
beikuscan IN A 10.138.130.167
beikuscan IN A 10.138.130.168
beikuscan IN A 10.138.130.169
beiku2 IN A 10.138.130.162
beiku1 IN A 10.138.130.161
關於正向解析資料庫中每一行引數的解釋
$TTL 86400
最小的存活的時間是86400S(24H)
@ IN SOA @ root (
這是一筆SOA記錄,只允許存在一個SOA記錄
@是代表要解析的這個域本身()
IN是Internet記錄。
SOA 是初始授權記錄,指定網路中第一臺DNS Server。
root是指管理員的郵箱。
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
這些部分主要是用來主DNS和輔助DNS做同步用的
44 序列號,當主DNS資料改變時,這個序列號就要被增加1,而輔助DNS透過序列號來和主DNS同步。
3H 重新整理,主DNS和輔助DNS每隔三小時同步一次。
15M 重試,3H之內,沒有同步,每隔15M在嘗試同步
1W 過期,1W之內,還沒有同步,就不同步了
1D 生存期,沒有這條記錄,快取的時間。
@ IN NS beiku1.sbyy.com.
這是一筆NS記錄,指定nameserver為beiku1.sbyy.com至少要有一筆NS記錄
beiku1 IN A 10.138.130.161
指定beiku1的ip地址為10.138.130.161
beikuscan IN A 10.138.130.167
指定beikuscan的ip地址為10.138.130.167
beikuscan IN A 10.138.130.168
指定beikuscan的ip地址為10.138.130.168
beikuscan IN A 10.138.130.169
指定beikuscan的ip地址為10.138.130.169
beiku2 IN A 10.138.130.162
指定beiku2的ip地址為10.138.130.162
正向解析的資料庫就完成了,下面定義反向解析的資料庫。
2. 定義反向解析資料庫
[root@beiku1 named]# vi named.sbyy
$TTL 86400
@ IN SOA beiku1.sbyy.com. root.sbyy.com. (
1997022702 ; Serial
120 ; Refresh
120 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS beiku1.sbyy.com.
167 IN PTR beikuscan.sbyy.com.
168 IN PTR beikuscan.sbyy.com.
169 IN PTR beikuscan.sbyy.com.
162 IN PTR beiku2.sbyy.com.
161 IN PTR beiku1.sbyy.com.
其實反向解析的資料庫檔案的配置和正向解析的差不多,只需要將ip地址和域名換一個位置就可以了,把A換成PTR就ok了。
DNS的基本配置就完成了,在來看看DNS是否能夠正常工作。
我們先重啟一下DNS服務
[root@beiku1 etc]# service named restart Stopping named: [ OK ] Starting named: [ OK ]
可以看到,DNS服務啟動成功了。
在查詢以前,要在客戶端來指定DNS Server,在/etc/resolv.conf這個檔案中指定。
[root@beiku1 etc]# vi /etc/resolv.conf search sbyy.com nameserver 10.138.130.161 [root@beiku1 etc]# service named restart Stopping named: [ OK ] Starting named: [ OK ]
引數及意義:
nameserver 表明dns 伺服器的ip 地址,可以有很多行的nameserver,每一個帶一個ip地址。
在查詢時就按nameserver 在本檔案中的順序進行,且只有當第一個nameserver 沒有反應時才查詢下面的nameserver.
domain 宣告主機的域名。很多程式用到它,如郵件系統;當為沒有域名的主機進行dns 查詢時,也要用到。如果沒有域名,主機名將被使,用刪除所有在第一個點( . )前面的內容。
search 它的多個引數指明域名查詢順序。當要查詢沒有域名的主機,主機將在由search 宣告的域中分別查詢。
domain 和search 不能共存;如果同時存在,後面出現的將會被使用。
sortlist 允許將得到域名結果進行特定的排序。它的引數為網路/掩碼對,允許任意的排列順序。
再來使用nslookup工具來查詢一下
[root@beiku1 named]# nslookup beiku1.sbyy.com Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beiku1.sbyy.com Address: 10.138.130.161 [root@beiku1 named]# nslookup beiku2.sbyy.com Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beiku2.sbyy.com Address: 10.138.130.162 [root@beiku1 named]# nslookup beikuscan.sbyy.com Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beikuscan.sbyy.com Address: 10.138.130.169 Name: beikuscan.sbyy.com Address: 10.138.130.167 Name: beikuscan.sbyy.com Address: 10.138.130.168 [root@beiku1 named]# nslookup beiku1 Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beiku1.sbyy.com Address: 10.138.130.161 [root@beiku1 named]# nslookup beiku2 Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beiku2.sbyy.com Address: 10.138.130.162 [root@beiku1 named]# nslookup beikuscan Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beikuscan.sbyy.com Address: 10.138.130.168 Name: beikuscan.sbyy.com Address: 10.138.130.169 Name: beikuscan.sbyy.com Address: 10.138.130.167 [root@beiku1 named]# nslookup 10.138.130.161 Server: 10.138.130.161 Address: 10.138.130.161#53 161.130.138.10.in-addr.arpa name = beiku1.sbyy.com. [root@beiku1 named]# nslookup 10.138.130.162 Server: 10.138.130.161 Address: 10.138.130.161#53 162.130.138.10.in-addr.arpa name = beiku2.sbyy.com. [root@beiku1 named]# nslookup 10.138.130.167 Server: 10.138.130.161 Address: 10.138.130.161#53 167.130.138.10.in-addr.arpa name = beikuscan.sbyy.com. [root@beiku1 named]# nslookup 10.138.130.168 Server: 10.138.130.161 Address: 10.138.130.161#53 168.130.138.10.in-addr.arpa name = beikuscan.sbyy.com. [root@beiku1 named]# nslookup 10.138.130.169 Server: 10.138.130.161 Address: 10.138.130.161#53 169.130.138.10.in-addr.arpa name = beikuscan.sbyy.com.
可以看到,DNS解析一切正常,上面只是配置了主DNS伺服器,而且主DNS伺服器也工作正常,現在我們來配置一個輔助DNS伺服器
配置輔助DNS伺服器
主DNS的東西和輔助DNS東西其實是相同的
一.安裝軟體包
[root@beiku2 soft]# rpm -qa | grep bind bind-chroot-9.3.6-4.P1.el5 kdebindings-3.5.4-6.el5 system-config-bind-4.0.3-4.el5 ypbind-1.19-12.el5 bind-libs-9.3.6-4.P1.el5 bind-9.3.6-4.P1.el5 bind-utils-9.3.6-4.P1.el5 [root@beiku2 soft]# rpm -ivh kdebindings-devel-3.5.4-6.el5.i386.rpm warning: kdebindings-devel-3.5.4-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:kdebindings-devel ########################################### [100%] [root@beiku2 soft]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm warning: caching-nameserver-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:caching-nameserver ########################################### [100%] [root@beiku2 soft]# rpm -ivh bind-sdb-9.3.6-4.P1.el5.i386.rpm warning: bind-sdb-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:bind-sdb ########################################### [100%] [root@beiku2 soft]# rpm -ivh bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm warning: bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:bind-libbind-devel ########################################### [100%] [root@beiku2 soft]# rpm -ivh bind-devel-9.3.6-4.P1.el5.i386.rpm warning: bind-devel-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:bind-devel ########################################### [100%]
二.複製模板檔案
[root@beiku2 /]# cd /var/named/chroot/etc [root@beiku2 etc]# ls -lrt total 24 -rw-r--r-- 1 root root 3519 Feb 27 2006 localtime -rw-r----- 1 root named 955 Jul 30 2009 named.rfc1912.zones -rw-r----- 1 root named 1230 Jul 30 2009 named.caching-nameserver.conf -rw-r----- 1 root named 113 Nov 15 2014 rndc.key [root@beiku2 etc]# cp -p named.caching-nameserver.conf named.conf
三.編輯named.conf檔案
[root@beiku2 etc]# vi named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { 10.138.130.0/24; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { 10.138.130.0/24; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
和主DNS配置一樣
四.定義zone檔案
[root@beiku2 etc]# vi named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "sbyy.com" IN {
type slave;
masters {10.138.130.161;};
file "slaves/sbyy.com";
};
zone "0.138.10.in-addr.arpa" IN {
type slave;
masters {10.138.130.161;};
file "slaves/named.sbyy";
};
輔助DNS在定義zone檔案的時候和主DNS有些不同
在輔助DNS裡面 type要改為slave
master { 10.138.130.161; }; 而且必須指定主DNS的IP address
file "slaves/sbyy.com";
file "slaves/named.sbyy";
為什麼要指定資料庫檔案在slaves目錄下面呢,是因為slaves目錄是擁有人和擁有組都是named使用者,在啟動DNS服務的時候,只有named有許可權進行操作,所以我們要把資料庫放在這個目錄下面。
[root@beiku2 etc]# cd /var/named/chroot/var/named/ [root@beiku2 named]# ls -lrt total 44 drwxrwx--- 2 named named 4096 Jul 27 2004 slaves drwxrwx--- 2 named named 4096 Aug 26 2004 data -rw-r----- 1 root named 427 Jul 30 2009 named.zero -rw-r----- 1 root named 426 Jul 30 2009 named.local -rw-r----- 1 root named 424 Jul 30 2009 named.ip6.local -rw-r----- 1 root named 1892 Jul 30 2009 named.ca -rw-r----- 1 root named 427 Jul 30 2009 named.broadcast -rw-r----- 1 root named 195 Jul 30 2009 localhost.zone -rw-r----- 1 root named 198 Jul 30 2009 localdomain.zone [root@beiku2 named]# cd slaves [root@beiku2 slaves]# ls -lrt total 0
可以看到,slaves目錄的擁有人和擁有組是named,並且現在的slaves目錄下面是什麼東西都沒有的。
現在我們重啟一下DNS服務
[root@beiku2 slaves]# service named restart Stopping named: [ OK ] Starting named: [ OK ]
可以看到,服務啟動成功了。在啟動服務的同時,我們來檢視一下日誌資訊,看看日誌裡面有什麼提示
[root@beiku2 slaves]# tail /var/log/messages Aug 25 23:41:49 beiku2 named[30421]: the working directory is not writable Aug 25 23:41:49 beiku2 named[30421]: running Aug 25 23:41:49 beiku2 named[30421]: zone 0.138.10.in-addr.arpa/IN/localhost_resolver: Transfer started. Aug 25 23:41:49 beiku2 named[30421]: transfer of '0.138.10.in-addr.arpa/IN' from 10.138.130.161#53: connected using 10.138.130.162#44647 Aug 25 23:41:49 beiku2 named[30421]: zone 0.138.10.in-addr.arpa/IN/localhost_resolver: transferred serial 1997022700 Aug 25 23:41:49 beiku2 named[30421]: transfer of '0.138.10.in-addr.arpa/IN' from 10.138.130.161#53: end of transfer Aug 25 23:41:49 beiku2 named[30421]: zone sbyy.com/IN/localhost_resolver: Transfer started. Aug 25 23:41:49 beiku2 named[30421]: transfer of 'sbyy.com/IN' from 10.138.130.161#53: connected using 10.138.130.162#56490 Aug 25 23:41:49 beiku2 named[30421]: zone sbyy.com/IN/localhost_resolver: transferred serial 42 Aug 25 23:41:49 beiku2 named[30421]: transfer of 'sbyy.com/IN' from 10.138.130.161#53: end of transfer
在日誌裡面可以看到,主DNS與輔助DNS正在同步序列號,同步成功,這個日誌裡面的資訊非常的詳細。
接下來,我們在到slaves目錄下面去看看
[root@beiku2 slaves]# ls -lrt total 8 -rw-r--r-- 1 named named 414 Aug 25 23:41 sbyy.com -rw-r--r-- 1 named named 451 Aug 25 23:41 named.sbyy
剛才slaves目錄下面的是什麼東西都沒有,現在就多了兩個檔案,example.com和named.example這個兩個檔案。這個就是我們剛才在定義zone檔案的時候在slaves目錄下面定義的,檔名是隨意寫的,這個沒有關係,但是裡面東西是和主DNS一樣的。
我們檢視這兩個檔案的具體內容
[root@beiku2 slaves]# cat sbyy.com
$ORIGIN .
$TTL 86400 ; 1 day
sbyy.com IN SOA sbyy.com. root.sbyy.com. (
42 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS sbyy.com.
A 127.0.0.1
AAAA ::1
$ORIGIN sbyy.com.
beiku1 A 10.138.130.161
beikuscan1 A 10.138.130.167
beikuscan2 A 10.138.130.168
beikuscan3 A 10.138.130.169
beiku2 A 10.138.130.162
[root@beiku2 slaves]# cat named.sbyy
$ORIGIN .
$TTL 86400 ; 1 day
0.138.10.in-addr.arpa IN SOA localhost. root.localhost. (
1997022700 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS localhost.
$ORIGIN 0.138.10.in-addr.arpa.
1 PTR localhost.
161 PTR beiku1.sbyy.com
167 PTR beikuscan1.sbyy.com
168 PTR beikuscan2.sbyy.com
169 PTR beikuscan3.sbyy.com
162 PTR beiku2.sbyy.com
這兩個檔案裡面的內容和我們的主DNS的內容都是一樣的。而且還幫我們整理的非常的漂亮。這些都是系統自動生成的。
現在我們來測試一下主DNS和輔助DNS可不可以正常的工作
[root@beiku2 slaves]# vi /etc/resolv.conf search sbyy.com nameserver 10.138.130.161 nameserver 10.138.130.162
現在我們將主DNS和輔助DNS都設定一下。然後在使用nslookup工具來測試
[root@beiku2 slaves]# nslooup beiku1 -bash: nslooup: command not found [root@beiku2 slaves]# nslookup beiku1 Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beiku1.sbyy.com Address: 10.138.130.161 [root@beiku2 slaves]# nslookup beiku2 Server: 10.138.130.161 Address: 10.138.130.161#53 Name: beiku2.sbyy.com Address: 10.138.130.162
現在解析沒有問題,還是有10.138.130.161這臺主DNS來解析的。
接下來,我們將10.138.130.161這臺主DNS給down,看下10.138.130.162這臺輔助DNS能否正常工作。
[root@beiku1 named]# service named stop Stopping named: [ OK ]
用nslookup來測試一下
[root@beiku2 slaves]# nslookup beiku1 Server: 10.138.130.162 Address: 10.138.130.162#53 Name: beiku1.sbyy.com Address: 10.138.130.161
現在解析照樣成功了,現在並不是透過10.138.130.161這臺主DNS來解析出來的,而是透過我們的10.138.130.162這臺輔助DNS來解析出來的。當我們網路中的主DNSdown掉的時候,我們的輔助DNS照樣能夠正常的工作。我們還可以實現負載均衡,可以在網路中的一半客戶端的主DNS指向10.138.130.161,輔助DNS指向10.138.130.161。將網路中的另一半客戶端的主DNS指向10.138.130.162,輔助DNS指向10.138.130.161。這樣兩臺伺服器都可以正常的工作,正常的為客戶端解析,當其中的一臺DNSdown掉後,另一臺DNS也會繼續的工作,這樣就實現了簡單的負載均衡。到目前為止,我們的主DNS Server 和我們的輔助DNS Server都已經設定成功了,並且都可以正常的工作了。
接下來,我們在做一個試驗,我們在主DNS新增一條記錄,看下輔助DNS能否檢測試到這條記錄,不能夠在輔助DNS上面新增記錄,這樣沒有意義,我們的主DNS是檢測不到這條記錄的。
[root@beiku1 named]# vi sbyy.zone
$TTL 86400
@ IN SOA @ root (
43 ; serial (d. adams)
2M ; refresh
2M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1
beiku1 IN A 10.138.130.161
beikuscan IN A 10.138.130.167
beikuscan IN A 10.138.130.168
beikuscan IN A 10.138.130.169
beiku2 IN A 10.138.130.162
www IN A 10.138.130.170
增加了www IN A 10.138.130.170記錄。在主DNS裡面做了新的操作以後,一定要將主DNS的序列號加一。否則輔助DNS是不會來同步我們的主DNS的。我們已經將主DNS的序列號加一了,但是預設情況下,主DNS與輔助DNS的同步時間是3H,這樣我們很難看到效果,我們將它改為2M,然後在將重試時間改為2M,這樣就代表每隔兩分鐘主DNS和輔助DNS進行同步,如果同步不成功,在隔兩分鐘同步一次。接下來我們將反向解析裡面的也來修改一下
[root@beiku1 named]# vi named.sbyy
$TTL 86400
@ IN SOA beiku1.sbyy.com. root.sbyy.com. (
1997022703 ; Serial
120 ; Refresh
120 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS beiku1.sbyy.com.
167 IN PTR beikuscan.sbyy.com.
168 IN PTR beikuscan.sbyy.com.
169 IN PTR beikuscan.sbyy.com.
162 IN PTR beiku2.sbyy.com.
161 IN PTR beiku1.sbyy.com.
170 IN PTR
這樣,反向解析裡面也已經修改完成了。現在將DNS服務重啟
[root@beiku1 named]# service named restart Stopping named: [ OK ] Starting named: [ OK ]
重啟成功,等幾分鐘之後在來看下效果。現在我們檢視輔助DNS的正向解析資料庫檔案的內容
[root@beiku2 slaves]# cat sbyy.com
$ORIGIN .
$TTL 86400 ; 1 day
sbyy.com IN SOA beiku1.sbyy.com. root.sbyy.com. (
45 ; serial
120 ; refresh (2 minutes)
120 ; retry (2 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS beiku1.sbyy.com.
$ORIGIN sbyy.com.
beiku1 A 10.138.130.161
beiku2 A 10.138.130.162
beikuscan A 10.138.130.167
A 10.138.130.168
A 10.138.130.169
www A 10.138.130.170
OK,可以看到,我們剛才在主DNS裡面新增的一條新的記錄現在已經被輔助DNS同步過去了,而且輔助DNS的序列號和重新整理時間,重試時間都同步了。下來我們檢視輔助DNS的反向解析資料庫檔案的內容
[root@beiku2 slaves]# cat named.sbyy
RIGIN .
$TTL 86400 ; 1 day
0.138.10.in-addr.arpa IN SOA localhost. root.localhost. (
1997022702 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS localhost.
$ORIGIN 0.138.10.in-addr.arpa.
1 PTR localhost.
161 PTR beiku1.sbyy.com
167 PTR beikuscan1.sbyy.com
168 PTR beikuscan2.sbyy.com
169 PTR beikuscan3.sbyy.com
162 PTR beiku2.sbyy.com
170 PTR
OK,也可以看到,輔助DNS也已經同步成功了,到此DNS的配置就完成了。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26015009/viewspace-1782491/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- redhat 5 dns配置示例一RedhatDNS
- Redhat9上配置DNS(轉)RedhatDNS
- redhat linux dns反向解析示例RedhatLinuxDNS
- redhat7.2 DNS配置筆記(轉)RedhatDNS筆記
- 配置linux DNSLinuxDNS
- Linux RedHat ftp配置LinuxRedhatFTP
- linux 修改 dns 配置LinuxDNS
- Linux中DNS配置LinuxDNS
- RedHat系統ADSL配置指南(轉)Redhat
- redhat6.5關於rac配置DNS的問題RedhatDNS
- Redhat 5.8 作業系統上DNS詳細配置(DNS resolution for SCAN VIPs)Redhat作業系統DNS
- linux redhat 6.5 多路徑配置LinuxRedhat
- Linux 中檢視 DNS 與 配置LinuxDNS
- linux bind dns簡單配置LinuxDNS
- Redhat(03):Linux 初始化配置RedhatLinux
- redhat linux 6.2 安裝配置GUIRedhatLinuxGUI
- linux vnc配置指南LinuxVNC
- Redhat Linux網路卡配置與繫結RedhatLinux
- RedHat Linux Enterprise 5.4 yum 配置RedhatLinux
- Linux---DNS域名解析如何配置LinuxDNS
- Linux網路配置方法(DNS,IP,GW)LinuxDNS
- redhat6.5 DNS 問題解決RedhatDNS
- Redhat Linux網路卡配置與繫結(zt)RedhatLinux
- RedHat配置IPRedhat
- RedHat 效能調優指南Redhat
- solaris DNS 配置DNS
- Redhat Linux bind round-robin配置的探討RedhatLinux
- redhat linux9.0 telnet的配置說明RedhatLinux
- Redhat(02):yum 配置Redhat
- redhat 6.2 配置 zabbixRedhat
- redhat網路配置Redhat
- redhat 6.0配置yumRedhat
- redhat linux 5 之配置YUM源並安裝包RedhatLinux
- RedHat Linux下防火牆配置入門必學(轉)RedhatLinux防火牆
- Redhat linux AS4 環境下iSCSI協議配置RedhatLinux協議
- scan-dns配置DNS
- 配置dns和apacheDNSApache
- CENTOS下配置DNSCentOSDNS