环境:
1、master: 192.168.1.13, freebsd 10
2、slave: 192.168.1.153, freesbsd 10
实验目标:
1、配置主从,实现多台dns服务器自动同步
2、找出排除故障工具
3、在不重启named服务时,如何触发dns记录更新。
步骤一:
在主从服务器上都安装bind软件。我的是bind99. 具体操作略。提示,通过ports安装或通过pkg install bind99安装。并确保两台服务器之间网络连通性,并关闭防火墙。本机的dns服务器IP地址设置为本地IP。
步骤二:配置master
配置内容如下:
$ cat /usr/local/etc/namedb/named.conf
options { directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-query { any; };
notify yes;
allow-transfer { any; };
listen-on { 192.168.1.13; };
also-notify { 192.168.1.153; };
forwarders {
114.114.114.114;
};
};
logging {
channel error_log {
file "/var/log/named/error.log" versions 10 size 32m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "/var/log/named/query.log" versions 10 size 32m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel update_debug {
file "/var/log/named/update-debug.log" versions 10 size 32m;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named/named-auth.log" versions 10 size 32m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel notify_log {
file "/var/log/named/notify.log" versions 10 size 32m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel xfer-out_log {
file "/var/log/named/xfer-out.log" versions 10 size 32m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
category default { error_log; };
category queries { query_log; };
category notify { notify_log; };
category xfer-out { xfer-out_log; };
};
zone "umg.com.cn" {
type master;
file "/usr/local/etc/namedb/master/umg.com.cn";
};
备注:把不需要的内容删除吧。
随便添加几个记录吧,已测试同步过程。
$ cat /usr/local/etc/namedb/master/umg.com.cn
$TTL 1h ; 1 hours
@ IN SOA ns1.umg.com.cn. hostmaster.umg.com.cn. (
2015031907 ; serial
3H ; refresh
15 ; retry
1w ; expire
600 ; minimum
)
IN NS ns1.umg.com.cn.
ns1 IN A 192.168.1.13
file IN A 192.168.1.13
TESTSER IN A 192.168.1.11
umg-dc-vcenter IN A 192.168.1.31
zhaoxw1 IN A 192.168.0.221
liangsc IN A 192.168.0.222
chenqh IN A 192.168.0.223
shenp IN A 192.168.0.224
liyong IN A 192.168.0.225
步骤三,配置slave
# cat /usr/local/etc/namedb/named.conf
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 192.168.1.153; };
forwarders {
114.114.114.114;
};
};
logging {
channel error_log {
file "/var/log/named/error.log" versions 10 size 32m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "/var/log/named/query.log" versions 10 size 32m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel update_debug {
file "/var/log/named/update-debug.log" versions 10 size 32m;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named/named-auth.log" versions 10 size 32m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel notify_log {
file "/var/log/named/notify.log" versions 10 size 32m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel xfer-out_log {
file "/var/log/named/xfer-out.log" versions 10 size 32m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
category default { error_log; };
category queries { query_log; };
category notify { notify_log; };
category xfer-out { xfer-out_log; };
};
zone "umg.com.cn" {
type slave;
file "/usr/local/etc/namedb/slave/umg.com.cn.slave";
masters {
192.168.1.13;
};
notify no;
};
步骤四,准备启动named服务进行测试。
master和slave服务器的rc.conf文件中,都添加如下内容:
named_enable="YES"
在两台服务器上创建目录,并赋权限:
mkdir /var/log/named
chmod 777 /var/log/named
在两台服务器上都启动named服务:
service named start
在master上测试dns记录。
$ dig file.umg.com.cn
; <<>> DiG 9.9.6-P1 <<>> file.umg.com.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4032
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;file.umg.com.cn. IN A
;; ANSWER SECTION:
file.umg.com.cn. 3600 IN A 192.168.1.13
;; AUTHORITY SECTION:
umg.com.cn. 3600 IN NS ns1.umg.com.cn.
;; ADDITIONAL SECTION:
ns1.umg.com.cn. 3600 IN A 192.168.1.13
;; Query time: 0 msec
;; SERVER: 192.168.1.13#53(192.168.1.13)
;; WHEN: Tue May 19 08:36:53 CST 2015
;; MSG SIZE rcvd: 94
在slave服务器上,查看是否已经同步dns记录了。
# ls -l /usr/local/etc/namedb/slave/
total 5
-rw-r--r-- 1 bind bind 577 May 19 07:18 umg.com.cn.slave
可以发现,slave已经同步dns记录到本地了。能使用cat命令查看umg.com.cn.slave文件吗?
# file /usr/local/etc/namedb/slave/umg.com.cn.slave
/usr/local/etc/namedb/slave/umg.com.cn.slave: data
原来该文件是个data类型的文件。无法使用cat命令查看。那如何查看呢?其实方法和上面一样。使用dig命令查看。
# dig zhaoxw1.umg.com.cn
; <<>> DiG 9.9.7 <<>> zhaoxw1.umg.com.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6142
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zhaoxw1.umg.com.cn. IN A
;; ANSWER SECTION:
zhaoxw1.umg.com.cn. 3600 IN A 192.168.0.221
;; AUTHORITY SECTION:
umg.com.cn. 3600 IN NS ns1.umg.com.cn.
;; ADDITIONAL SECTION:
ns1.umg.com.cn. 3600 IN A 192.168.1.13
;; Query time: 0 msec
;; SERVER: 192.168.1.153#53(192.168.1.153)
;; WHEN: Tue May 19 09:36:18 CST 2015
;; MSG SIZE rcvd: 97
使用本地的DNS可以解析A记录。
步骤五,故障排除
我们经常会遇到这种情况,master端修改了记录,可客户端并没有同步记录。为啥?
一般有几个原因。
1、修改记录后,要把master中的serial number数字增大,一般以日期进行编号,比如第一次是2015031901,修改后的编号名称可以为2015031902或2015031903等等。编辑好后,重启named服务或者执行rndc reload. 触发dns同步。
2、修改记录时,格式有错误,比如把IP地址写成218.4.2.3,1. 其中一个实心圆点写成了逗号。
3、修改serialnumber时,把后面的封号删除了。
如果上述问题都没有发生,还是无法同步。测试,我们必须要通过log来查看到底问题出现在什么地方。其实上面的配置中,已经启用了log功能。可以清晰的看到同步过程。根据上面的配置,log都放在了/var/log/named目录下。
我们在master上查看同步记录:
$ cat /var/log/named/notify.log
18-May-2015 16:52:43.193 notify: info: zone umg.com.cn/IN: sending notifies (serial 2015031905)
18-May-2015 16:53:48.598 notify: info: zone umg.com.cn/IN: sending notifies (serial 2015031906)
18-May-2015 17:12:23.703 notify: info: zone umg.com.cn/IN: sending notifies (serial 2015031907)
其中可以清楚的看到同步时间和serial 2015031907。
在slave上查看:
# cat /var/log/named/notify.log
18-May-2015 17:47:46.902 notify: info: client 192.168.1.13#54628: received notify for zone 'umg.com.cn'
18-May-2015 17:48:52.305 notify: info: client 192.168.1.13#53931: received notify for zone 'umg.com.cn'
18-May-2015 18:07:27.395 notify: info: client 192.168.1.13#58539: received notify for zone 'umg.com.cn
也可以看到同步记录,但这里没有serial。
我们还可以查看error日志,看看问题在哪里:
$ tail /var/log/named/error.log