什么是DNS主从复制?
简单说一下,所谓DNS主从复制,就是将主DNS服务器的解析库复制传送至从DNS服务器,进而从服务器就可以进行正向、反向解析了。
这里提一下DNS服务器类型有以下几种:
主DNS服务器
辅DNS服务器
缓存服务器(默认)
转发器
需要注意的是:
1、做主从的时候时间同步非常重要,必须保持时间的一致性;
2、DNS(bind)的版本问题,最好使用同一版本,或者从DNS版本比主DNS版本高。
什么是区域传送?
区域传送有两种类型:
完全区域传送:axfr
增量区域传送:ixfr
辅助域名服务器每隔一定时间向主域名服务器发送查询更新,以保证数据一致性,这个过程就叫做区域传送。当一个新的DNS服务器添加到区域中并配置为辅DNS服务器时,它则会执行完全区域传送,从主DNS服务器上获取一份完整的资源记录副本;同时,为了保证数据同步,主域名服务器有更新时也会及时通知辅助域名服务器从而进行更新(增量区域传送)。
区域的类型:
主区域:master
从区域:slave
提示区域:hint
转发区域:forward
注:配置只允许某从服务器进行区域传送,其它任何主机都不可以传送,可在区域内配置,下面会有示例:
allow-transfer { IP | none };
# 相关配置示例:
系统约定:
主DNS:192.168.101.168
辅DNS:192.168.101.169
# 注:DNS服务器搭建配置请看上一篇文章。
1、主DNS服务器修改相关配置
vim /etc/named.conf
zone "redhat.com" IN {
type master;
file "redhat.com.zone";
allow-transfer { 192.168.101.169; }; # 增加允许区域传送的从DNS服务器地址
};
zone "101.168.192.in-addr.arpa" IN {
type master;
file "192.168.101.zone";
allow-transfer { 192.168.101.169; }; # 同上
};
2、修改主DNS正向、反向区域配置文件
vim /var/named/redhat.com.zone
$TTL 86400
@ IN SOA ns1.redhat.com. admin.redhat.com. (
2015010101 ; serial
1H ; refresh
5M ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN NS ns2 # 增加从服务器
IN MX 10 mail
ns1 IN A 192.168.101.168
ns2 IN A 192.168.101.169 # 增加从服务器正向解析
mail IN A 192.168.101.10
www IN A 192.168.101.11
www IN A 192.168.101.12
vim /var/named/192.168.101.zone
$TTL 86400
@ IN SOA ns1.redhat.com. admin.redhat.com. (
2015010101 ; serial
1H ; refresh
5M ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.redhat.com.
IN NS ns2.redhat.com. # 增加从服务器
168 IN PTR ns1.redhat.com.
169 IN PTR ns2.redhat.com. # 增加从服务器反向解析
10 IN PTR mail.redhat.com.
11 IN PTR www.redhat.com.
12 IN PTR www.redhat.com.
3、重新加载named服务
service named reload
# 至此,主DNS服务器完全区域传送配置完成。
4、从DNS服务器安装配置bind
# 配置IP:192.168.101.169
# 配置DNS:192.168.101.169
yum install bind-libs bind-utils bind
scp 192.168.101.168:/etc/named.conf /etc/
vim /etc/named.conf
zone "redhat.com" IN {
type slave; # 此处修改为slave
file "slaves/redhat.com.zone"; # 修改文件保存路径
masters { 192.168.101.168; }; # 添加主DNS服务器地址
allow-transfer { none; }; # 修改为none
};
zone "101.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.101.zone";
masters { 192.168.101.168; };
allow-transfer { none };
};
5、启动并在主DNS服务器查看相关日志
service named start
# 成功则/var/named/slaves/目录下成功传送所有主服务器区域配置文件
# 以下是主DNS服务器日志信息
tail /var/log/messages
Jan 1 01:32:41 node named[2539]: client 192.168.101.169#55412: transfer of '101.168.192.in-addr.arpa/IN': AXFR started
Jan 1 01:32:41 node named[2539]: client 192.168.101.169#55412: transfer of '101.168.192.in-addr.arpa/IN': AXFR ended
Jan 1 01:32:41 node named[2539]: client 192.168.101.169#40342: transfer of 'redhat.com/IN': AXFR started
Jan 1 01:32:41 node named[2539]: client 192.168.101.169#40342: transfer of 'redhat.com/IN': AXFR ended
# 至此,从DNS服务器完全区域传送完成。
6、增量区域传送
# 以下操作均在主DNS服务器进行
vim /var/named/redhat.com.zone
$TTL 86400
@ IN SOA ns1.redhat.com. admin.redhat.com. (
2015010102 ; serial # 修改序列号+1
1H ; refresh
5M ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 192.168.101.168
ns2 IN A 192.168.101.169
mail IN A 192.168.101.10
www IN A 192.168.101.11
www IN A 192.168.101.12
test IN A 192.168.101.13 # 添加一条正向解析记录
vim /var/named/192.168.101.zone
$TTL 86400
@ IN SOA ns1.redhat.com. admin.redhat.com. (
2015010102 ; serial # 修改序列号+1
1H ; refresh
5M ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.redhat.com.
IN NS ns2.redhat.com.
168 IN PTR ns1.redhat.com.
169 IN PTR ns2.redhat.com.
10 IN PTR mail.redhat.com.
11 IN PTR www.redhat.com.
12 IN PTR www.redhat.com.
13 IN PTR test.redhat.com. # 添加一条反向解析记录
7、重新加载named配置
service named reload
# 可在从DNS服务器/var/named/slaves/目录下查看对应文件是否传送正确
# 主DNS服务器查看日志
tail /var/log/messages
Jan 1 01:37:27 node named[2539]: zone 101.168.192.in-addr.arpa/IN: loaded serial 2015010102
Jan 1 01:37:27 node named[2539]: zone 101.168.192.in-addr.arpa/IN: sending notifies (serial 2015010102)
Jan 1 01:37:27 node named[2539]: zone redhat.com/IN: loaded serial 2015010102
Jan 1 01:37:27 node named[2539]: zone redhat.com/IN: sending notifies (serial 2015010102)
Jan 1 01:37:27 node named[2539]: client 192.168.101.169#45819: transfer of '101.168.192.in-addr.arpa/IN': AXFR-style IXFR started
Jan 1 01:37:27 node named[2539]: client 192.168.101.169#45819: transfer of '101.168.192.in-addr.arpa/IN': AXFR-style IXFR ended
Jan 1 01:37:28 node named[2539]: client 192.168.101.169#41348: transfer of 'redhat.com/IN': AXFR-style IXFR started
Jan 1 01:37:28 node named[2539]: client 192.168.101.169#41348: transfer of 'redhat.com/IN':AXFR-style IXFR ended
# 至此,DNS主从复制及区域传送配置完成。