续bind98-内网智能DNS之slave服务器构建

安装的过程完全一样，这里主要是贴上从服务器的配置文件。

一、主配named.conf

options {
         directory "/usr/local/named/etc";
         dump-file "/var/named/data/cache_dump.db";
         statistics-file "/var/named/data/named_stats.txt";
         memstatistics-file "/var/named/data/named_mem_stats.txt";
         pid-file "/var/run/named/named.pid";
         version  "Windows 2008 Enterprise Server";
         listen-on port 53 { 192.168.2.201; };
         allow-query { intranet;external; };
         allow-recursion { external; };
         forward   first;
         forwarders  { 202.101.172.46;202.101.172.47; };
         datasize 128M;
         auth-nxdomain no;
         rrset-order { order random; };
};

logging {
         channel warning {
                 file "/var/log/dns_warnings.log" versions 5 size 1024K;
                 severity warning;
                 print-category yes;
                 print-severity yes;
                 print-time     yes;
         };
         channel security_log {
                 file "/var/log/dns_security.log" versions 5 size 1024K;
                 severity info;
                 print-category yes;
                 print-severity yes;
                 print-time     yes;
         };
         channel query_log {
                 file "/var/log/dns_query.log" versions 10 size 1024K;
                 severity info;
                 print-category yes;
                 print-severity yes;
         };
         category default { warning; };
         category security { security_log; };
         category queries { query_log; };
};

include "acl.conf";
include "rndc.conf";

view "intranet" { //真正需要同步的是intranet视图中的几个域
      match-clients { key intranet-key;intranet; };
      match-destinations { any; };
  //DNS master服务器的地址，以及主从同步时key配置
      server 192.168.2.200 { keys { intranet-key; }; };

      zone "." IN {
           type hint;
           file "named.root";
      };
      zone "localhost" IN {
            type master;
            file "localhost.zone";
      };
      zone "0.0.127.in-addr.arpa" IN {
            type master;
            file "localhost.rev";
      };
      zone "wholesale-dress.net" IN {
            type slave;
  //该域的类型是slave,本处指定master的地址，下同
            masters { 192.168.2.200; };
            file "slave/wholesale-dress.net.intranet";
      };
      zone "yixiebao.com" IN {
            type slave;
            masters { 192.168.2.200; };
            file "slave/yixiebao.com.intranet";
      };
      zone "japan-dress.com" IN {
            type slave;
            masters { 192.168.2.200; };
            file "slave/japan-dress.com.intranet";
      };
      zone "arab-clothes.com" IN {
            type slave;
            masters { 192.168.2.200; };
            file "slave/arab-clothes.com.intranet";
      };
      zone "stamp-shopping.com" IN {
            type slave;
            masters { 192.168.2.200; };
            file "slave/stamp-shopping.com.intranet";
      };
      zone "2.168.192.in-addr.arpa" IN {
            type slave;
            masters { 192.168.2.200; };
            file "slave/2.168.192.rev";
      };

};

view "external" { //external这个视图是不需要同步的，都是公网的域名，直接丢给上游DNS处理
      match-clients { key external-key;external; };
      match-destinations { any; };

      zone "." IN {
           type hint;
           file "named.root";
      };
      zone "localhost" IN {
            type master;
            file "localhost.zone";
      };
      zone "0.0.127.in-addr.arpa" IN {
            type master;
            file "localhost.rev";
 };
      zone "wholesale-dress.net" IN {
            type forward;
      };
      zone "goods-of-china.com" IN {
            type forward;
      };
      zone "japan-dress.com" IN {
            type forward;
      };
      zone "russia-dress.com" IN {
            type forward;
      };
      zone "stamp-shopping.com" IN {
            type forward;
      };

};

其他的配置文件只要copy master服务器上的文件到本地即可。

二、验证主从同步是否可以

1)在master上挑选一个域名作测试，就以stamp-shopping.com.intranet为例吧，

原始记录如下：

$TTL            86400
@            IN       SOA    ns1.stamp-shopping.  root.stamp-shopping. (
                                                               108    ; serial
                                                               1H      ; refresh
                                                               1M      ; retry
                                                               1W      ; expiry
                                                               1D )    ; minimum
             IN       NS      ns1.stamp-shopping.
;            IN       MX  10  mail.stamp-shopping.
;mail        IN       A       192.168.1.14
ns1          IN       A       192.168.2.200
slave        IN       A       192.168.2.201
www          IN       A       192.168.1.243
;js           IN       A       192.168.1.15
;css          IN       A       192.168.1.15
;img          IN       A       192.168.1.15
;ftp          IN       A       192.168.1.18

现在将www的A记录IP修改至192.168.2.56吧，同时修改serial值为120（master上的serial值要比slave大，否则无法同步），修改后如下

$TTL            86400
@            IN       SOA    ns1.stamp-shopping.  root.stamp-shopping. (
                                                               120    ; serial
                                                               1H      ; refresh
                                                               1M      ; retry
                                                               1W      ; expiry
                                                               1D )    ; minimum
             IN       NS      ns1.stamp-shopping.
;            IN       MX  10  mail.stamp-shopping.
;mail        IN       A       192.168.1.14
ns1          IN       A       192.168.2.200
slave        IN       A       192.168.2.201
www          IN       A       192.168.2.56
;js           IN       A       192.168.1.15
;css          IN       A       192.168.1.15
;img          IN       A       192.168.1.15
;ftp          IN       A       192.168.1.18

slave上此时的stamp-shopping.com.intranet文件与master上是一样的，这里就不贴了，我们现在重启master上的bind服务吧，看slave上是否有更新过来。

# /etc/init.d/named restart

这个时候，slave上已经更新过来了，贴一下吧

$ORIGIN .
$TTL 86400      ; 1 day
stamp-shopping.com      IN SOA  ns1.stamp-shopping. root.stamp-shopping. (
                                120        ; serial
                                3600       ; refresh (1 hour)
                                60         ; retry (1 minute)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      ns1.stamp-shopping.
$ORIGIN stamp-shopping.com.
ns1                     A       192.168.2.200
slave                   A       192.168.2.201
www                     A       192.168.2.56

以上就是DNS 从服务器的构建过程，谢谢！