BIND（一）—— BIND主从

BIND（一）-- BIND主从

系统环境

Distribution : CentOS 6.5 
minimal Bind version : 9.8.2 
Init system : sysvinit 

安装之前

1.关闭selinux 
2.清空防火墙 

安装步骤

- 安装操作系统 
- 安装bind和bind工具 
- 安装bind master 
- 安装bind slave 
- 同步区域记录 

演示环境

master：node128 
slave ：node129 

step1：安装bind

[root@node128 ~]# yum list all | grep '^bind' 
bind.x86_64 32:9.8.2-0.23.rc1.el6_5.1 updates 
bind-chroot.x86_64 32:9.8.2-0.23.rc1.el6_5.1 updates 
bind-devel.i686 32:9.8.2-0.23.rc1.el6_5.1 updates 
bind-devel.x86_64 32:9.8.2-0.23.rc1.el6_5.1 updates 
bind-dyndb-ldap.x86_64 2.3-5.el6 base 
bind-libs.i686 32:9.8.2-0.23.rc1.el6_5.1 updates 
bind-libs.x86_64 32:9.8.2-0.23.rc1.el6_5.1 updates 
bind-sdb.x86_64 32:9.8.2-0.23.rc1.el6_5.1 updates 
bind-utils.x86_64 

//作为最基本的dns服务器，就需要安装bind基本包和bind-utils工具包 
# yum install bind bind-utils -y 

[root@node128 ~]# rpm -qc bind 
/etc/logrotate.d/named 
/etc/named.conf //主配置文件 
/etc/named.iscdlv.key 
/etc/named.rfc1912.zones //区域配置文件 
/etc/named.root.key 
/etc/rndc.conf //接管bind的工具 
/etc/rndc.key //区域传输的key 
/etc/sysconfig/named 
/var/named/named.ca 
/var/named/named.empty 
/var/named/named.localhost 
/var/named/named.loopback 

step2：最小化的master配置

#修改主配置文件 
[root@node128 ~]# vim /etc/named.conf 

options { 
// listen-on port 53 { 127.0.0.1; }; 
// listen-on-v6 port 53 { ::1; }; 
// allow-query { localhost;}; 

//ps：此时就可以启动了，这时候启动的dns服务器只能起到缓存dns作用，即缓存dns服务器 

#修改区域配置文件 
[root@node128 ~]# /etc/named.rfc1912.zones 
//新增一个区域 
zone "test.com" IN { //这个正向区域名称就是自定义的，公司内部的域名 
type master; 
file "test.com.zone" //指定正向区域文件 
}; 

//type类型：{master | slave | forward} 

#修改区域文件，新增正向解析文件，这个名称就是上面指定的名称 
$TTL 600 
@ IN SOA dns.test.com. admin.test.com. ( 
20140601 
2H 
10M 
7D 
6H) 
IN NS dns 
IN MX 10 mail 
dns IN A 172.16.213.128 
mail IN A 172.16.213.140 
www IN A 172.16.213.130 
www IN A 172.16.213.131 
ftp IN CNAME www 

//注： 
1.每个区域文件中必须要有一个NS记录，用来告知到某台机器上查询该区域信息 
2.上面的NS的值dns是省略写法，完整写法可以是 dns.test.com.（后面的“.”不可省略） 
3.zone的记录开头如果省略，表示和上面的一条zone_name相同 
4.邮件中10为优先级，另外邮件记录中的@必须要用“.”代替 
5.可以为同一个host定义两个A记录，实现了负载均衡的作用，默认采用轮训机制 
6.CNAME就是别名设置 

//新增反向区域 
[root@node128 ~]# cp /var/named/test.com.zone /var/named/172.16.213.zone 

$TTL 600 
@ IN SOA dns.test.com. admin.test.com. ( 
20140601 
2H 
10M 
7D 
6H) 
IN NS dns.test.com. 
128 IN PTR dns.test.com. 
129 IN PTR mail.test.com. 
130 IN PTR www.test.com. 
131 IN PTR www.test.com.

//区域文件权限和属组的设定 
[root@node128 named]# chown :named test.com.zone 172.16.213.zone 
[root@node128 named]# chmod 640 test.com.zone 172.16.213.zone 

//检查区域配置文件语法 
[root@node128 ~]# named-checkzone test.com /var/named/test.com.zone 
zone test.com/IN: loaded serial 20140601 
OK 

[root@node128 named]# named-checkzone "213.16.172.in-addr.arpa" 172.16.213.zone 
zone 213.16.172.in-addr.arpa/IN: loaded serial 20140601 
OK 

//检查主配置文件语法错误 
[root@node128 ~]# named-checkconf //不报错就是正确 
[root@node128 ~]# /etc/init.d/named reload 

step3：测试

#常规检测使用dig，hostname，nslookup即可 
#dig完全区域传送 
[root@node128 named]# dig -t axfr test.com @172.16.213.128 

test.com. 600 IN SOA dns.test.com. admin.test.com. 20140601 7200 600 604800 21600 
test.com. 600 IN NS dns.test.com. 
test.com. 600 IN MX 10 mail.test.com. 
dns.test.com. 600 IN A 172.16.213.128 
ftp.test.com. 600 IN CNAME www.test.com. 
mail.test.com. 600 IN A 172.16.213.129 
www.test.com. 600 IN A 172.16.213.130 
www.test.com. 600 IN A 172.16.213.131 
test.com. 600 IN SOA dns.test.com. admin.test.com. 20140601 7200 600 604800 21600 

;; Query time: 1 msec 
;; SERVER: 172.16.213.128#53(172.16.213.128) 
;; WHEN: Sat May 31 23:29:17 2014 
;; XFR size: 9 records (messages 1, bytes 229) 

[root@node128 named]# dig -x 172.16.213.128 
;; QUESTION SECTION: 
;128.213.16.172.in-addr.arpa. IN PTR 

;; AUTHORITY SECTION: 
16.172.in-addr.arpa. 5 IN SOA 16.172.in-addr.arpa. . 0 28800 7200 604800 86400 

安装slave

这里的slave是针对某个区域而言，这里只演示了正向区域的slave，反向解析的slave同理

step1：安装bind

[root@node129 ~]# yum install bind bind-utils -y 

step2：编辑配置文件

如果有多台DNS服务器，必须为每个DNS服务器建立NS记录，否则master将不会向slave发送通知

1.在master上新增关于从的NS解析 
[root@node129 ~]# vim /var/named/test.com.zone 
IN NS dns2 
dns2 IN A 172.16.213.129 

2.修改主配置文件 
[root@node129 ~]# vim /etc/named.conf 
// listen-on port 53 { 127.0.0.1; }; 
// listen-on-v6 port 53 { ::1; }; 
// allow-query { localhost; }; 

3.新增从服务器区域配置 
[root@node129 ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN { 
type slave; 
file "slaves/test.com.zone"; 
masters { 172.16.213.128; }; 
}; 

4.master上修改区域配置文件 
[root@node128 ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN { 
type master; 
file "test.com.zone"; 
notify yes; //给区域内解析的NS发送通知 
allow-transfer { 172.16.213.129; }; //允许传送的地址，也就是slave的地址 
also-notify { 172.16.213.129; }; //只通知到某台机器 
}; 

5.启动 
[root@node128 ~]# /etc/init.d/named start 

step3：测试

1.区域文件是否正确同步过来 
[root@node129 ~]# ll /var/named/slaves/ 
total 4 
-rw-r--r-- 1 named named 418 Jun 1 15:34 test.com.zone 

2.完成一次完全区域传送 
[root@node129 ~]# dig -t axfr test.com @172.16.213.129 

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t axfr test.com @172.16.213.129 
;; global options: +cmd 
test.com. 600 IN SOA dns.test.com. admin.test.com. 20140601 7200 600 604800 21600 
test.com. 600 IN MX 10 mail.test.com. 
test.com. 600 IN NS dns.test.com. 
dns.test.com. 600 IN A 172.16.213.128 
ftp.test.com. 600 IN CNAME www.test.com. 
mail.test.com. 600 IN A 172.16.213.129 
www.test.com. 600 IN A 172.16.213.130 
www.test.com. 600 IN A 172.16.213.131 
test.com. 600 IN SOA dns.test.com. admin.test.com. 20140601 7200 600 604800 21600 
;; Query time: 0 msec 
;; SERVER: 172.16.213.129#53(172.16.213.129) 
;; WHEN: Sun Jun 1 15:38:51 2014 
;; XFR size: 9 records (messages 1, bytes 229) 

3.使用nslookup进行解析测试 
[root@node129 ~]# nslookup 
> server 172.16.213.129 //指定查询服务器为slave 
Default server: 172.16.213.129 
Address: 172.16.213.129#53 
> set q=A //查询A记录 
> www.test.com 
Server: 172.16.213.129 
Address: 172.16.213.129#53 

Name: www.test.com 
Address: 172.16.213.131 
Name: www.test.com 
Address: 172.16.213.130 
> set q=NS //NS记录 
> test.com 
Server: 172.16.213.129 
Address: 172.16.213.129#53 

test.com nameserver = dns2.test.com. 
test.com nameserver = dns.test.com. 
> set q=MX //MX记录 
> test.com 
Server: 172.16.213.129 
Address: 172.16.213.129#53 

test.com mail exchanger = 10 mail.test.com. 

4.日志 
master更新配置文件，BIND日志记录在/var/log/messages中 
master上 
Jun 1 17:02:52 node128 named[1137]: reloading configuration succeeded 
Jun 1 17:02:52 node128 named[1137]: reloading zones succeeded 
Jun 1 17:02:52 node128 named[1137]: zone test.com/IN: loaded serial 20140606 
Jun 1 17:02:52 node128 named[1137]: zone test.com/IN: sending notifies (serial 20140606) 
Jun 1 17:02:52 node128 named[1137]: client 172.16.213.129#36692: transfer of 'test.com/IN': AXFR-style IXFR started 
Jun 1 17:02:52 node128 named[1137]: client 172.16.213.129#36692: transfer of 'test.com/IN': AXFR-style IXFR ended 

slave上 
Jun 1 17:12:45 node129 named[1432]: client 172.16.213.128#40901: received notify for zone 'test.com' 
Jun 1 17:12:45 node129 named[1432]: zone test.com/IN: Transfer started. 
Jun 1 17:12:45 node129 named[1432]: transfer of 'test.com/IN' from 172.16.213.128#53: connected using 172.16.213.129#36692 
Jun 1 17:12:45 node129 named[1432]: zone test.com/IN: transferred serial 20140606 
Jun 1 17:12:45 node129 named[1432]: transfer of 'test.com/IN' from 172.16.213.128#53: Transfer completed: 1 messages, 12 records, 285 bytes, 0.001 secs (285000 bytes/sec) 
Jun 1 17:12:45 node129 named[1432]: zone test.com/IN: sending notifies (serial 20140606) 

到了这里，简单的主从就完成了，后面紧接着进行BIND的view和ACL