RHEL6上配置DNS服务以及主从复制

Site出现一个critical issue，内网DNS宕机了。想起来还没在RHEL6上配置过，今天测试了一下，发现与在RHEL5上配置略有不同。

一．配置单节点DNS
1)安装bind软件包
yum -y install bind-*
在RHEL6中没有caching-namedserver这个包了，配置文件遵守默认的系统规范，放在了/etc里

2)cd /etc
cp -p named.conf named.conf.`date +%Y%m%d`

3)配置DNS主配置文件，named.conf
cat named.conf
options {
        listen-on port 53 { 192.168.0.254; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.0.0/24; };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "sys.com" IN {
        type master;
        file "sys.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "0.168.192.in-addr.arpa.zone";
};

4)配置正向解析域zone文件
cd /var/named/
cp -p localhost.zone sys.com.zonevim sys.com.zone
$TTL    86400
@               IN SOA  sys.com  root.sys.com (
                                        2009040500      ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
@               IN NS           sys.com.
                IN A            192.168.0.254
ldap            IN A            192.168.0.254
server          IN A            192.168.0.254
stu1            IN A            192.168.0.2

5)配置反向解析zone文件
在配置反向解析时候也要加入A记录，www.codesky.net 这个在RHEL5中配置DNS时候不是必须的。
cd /var/named/
cp -p sys.com.zone 0.168.192.in-addr.arpa.zone
vi 0.168.192.in-addr.arpa.zone
$TTL    86400
@               IN SOA  sys.com.  root.sys.com (
                                        2009040500      ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
@               IN NS           sys.com.
                IN A            127.0.0.1
254             IN PTR          ldap.sys.com.
254             IN PTR          server.sys.com.
2               IN PTR          stu1.sys.com.

6) 检查配置文件
named-checkconf /etc/named.conf
[root@server named]# named-checkzone sys.com 0.168.192.in-addr.arpa.zone
zone sys.com/IN: loaded serial 2009040500
OK
[root@server named]# named-checkzone sys.com sys.com.zone
zone sys.com/IN: loaded serial 2009040500
OK

7)重启服务，完成。
/etc/init.d/named restart
/etc/init.d/named reload 只是重新读却zone文件，如果修改了named.conf那就需要restart。

二．Master-Slave复制部分（主DNS 192.168.0.254， 从DNS 192.168.0.2）
1）登录第一部分配好DNS的机器，修改named.conf，增加参数
cd /etc
cp -p named.conf named.conf.`date +%Y%m%d`
vim named.conf

[root@servers named]# cat /etc/named.conf
options {
        listen-on port 53 { 192.168.0.254; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.0.0/24; };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "sys.com" IN {
        type master;
        file "sys.com.zone";
        allow-transfer { 192.168.0.2; };};
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "0.168.192.in-addr.arpa.zone";
        allow-transfer { 192.168.0.2; };};

2)修改主DNS正向解析zone文件
vim sys.com.zone

refresh是每隔15M同步一次，retry是如果出错，5分钟之后重试

[root@servers named]# cat /var/named/sys.com.zone
$TTL    86400
@               IN SOA  sys.com  root.sys.com (
                                        2009040500      ; serial (d. adams)
                                        15M             ; refresh
                                        5M              ; retry  
                                        1W              ; expiry                                        1D )            ; minimum
@               IN NS           sys.com.
                IN A            192.168.0.254
ldap            IN A            192.168.0.254
server          IN A            192.168.0.254
stu1            IN A            192.168.0.2
stu2            IN A            192.168.0.3

3)修改反向解析zone文件
vi 0.168.192.in-addr.arpa.zone

[root@servers named]# cat 0.168.192.in-addr.arpa.zone
$TTL    86400
@               IN SOA  sys.com.  root.sys.com (
                                        2009040500      ; serial (d. adams)
                                        15M             ; refresh
                                        5M              ; retry                                        1W              ; expiry
                                        1D )            ; minimum
@               IN NS           sys.com.
                IN A            127.0.0.1
254             IN PTR          ldap.sys.com.
254             IN PTR          server.sys.com.
2               IN PTR          stu1.sys.com.
3               IN PTR          stu2.sys.com.

4)登录Slave DNS,安装bind软件

 yum –y install bind*

5)配置slave dns的named.conf

[root@stu1 slaves]# cat /etc/named.conf
options {
        listen-on port 53 { 192.168.0.2; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.0.0/24; };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "sys.com" IN {
        type slave;
        file "slaves/sys.com.zone";
        masters { 192.168.0.254; };};
zone "0.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/0.168.192.in-addr.arpa.zone";
        masters { 192.168.0.254; };};

6)重启slave dns服务，正确的话在/var/named/slave/里可以看到复制过来的zone文件
[root@stu1 slaves]# /etc/init.d/named restart
[root@stu1 slaves]# ls
0.168.192.in-addr.arpa.zone  sys.com.zone

7)测试
在第三台机器的/etc/resolve.conf里写入
# cat /etc/resolve.conf
nameserver 192.168.0.254
nameserver 192.168.0.2
关闭192.168.0.254上的named服务。然后在第三台机器上nslookup，会稍有延迟的出现解析结果。