作者:陸文舉
2010-11-26
主DNS:192.168.1.101備DNS:192.168.1.102 OS版本:CentOS 5.4Bind版本:bind-9.6.2-P2.tar.gzBind下載地址:http://www.isc.org/downloads/all 一、主DNS安裝及配置安裝bind#tar zxvf bind-9.6.2-P2.tar.gz#cd bind-9.6.2-P2#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check#make && make install註:編譯選項--enable-threads意為開啟多線程模式,--disable-openssl-version-check意為禁止openssl檢測 創建配置文件rndc.conf#/usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf註:rndc是bind的一個管理工具,通過rndc我們可以查看bind的狀態、刷新bind緩存、查看bind日誌等 創建配置文件named.conf#cd /usr/local/named/etc/#tail -n10 rndc.conf | head -n9 | sed -es/#\//g > named.conf註:named.conf是bind的主配置文件,在此文件可以設置bind的工作目錄、日誌、要解析的域等 主配置文件named.conf配置修改主配置文件,添加根區域、luwenju.com正向區域和反向區域#vi /usr/local/named/etc/named.conf ,在文件尾部添加如下內
options { directory "/usr/local/named/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "luwenju.com" IN { type master; file "luwenju.zone"; allow-transfer { 192.168.1.102; }; notify yes; also-notify { 192.168.1.102; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.arpa"; allow-transfer { 192.168.1.102; }; notify yes; also-notify { 192.168.1.102; }; };
關於配置文件中的一些註釋: 創建根區域配置文件#mkdir /usr/local/named/var/named#/usr/local/named/bin/dig -t NS .>/usr/local/named/var/named/named.ca 創建luwenju.com正向解析區域文件# vi /usr/local/named/var/named/luwenju.zone
$ORIGIN luwenju.com. @
3600
IN
SOA
luwenju.com. root.luwenju.com. (
10
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100 dns1
IN
A
192.168.1.101 dns2
IN
A
192.168.1.102 www
IN
A
192.168.1.103 bbs
IN
A
192.168.1.104 blog
IN
A
192.168.1.105
創建luwenju.com 的反向區域文件# vi/usr/local/named/var/named/1.168.192.arpa
$TTL 3600 1.168.192.in-addr.arpa.
3600
IN
SOA
luwenju.com.
root.luwenju.com. (
20
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX 5
luwenju.com. 100
IN
PTR
luwenju.com. 101
IN
PTR
dns1.luwenju.com. 102
IN
PTR
dns2.luwenju.com. 103
IN
PTR
www.luwenju.com. 104
IN
PTR
bbs.luwenju.com. 105
IN
PTR
blog.luwenju.com.
啟動bind# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf&
正向解析測試將本機DNS指向192.168.1.101,然後使用nslookup進行測試,測試結果如下# /usr/local/named/bin/nslookup
> luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
luwenju.com Address: 192.168.1.100 > dns1.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
dns1.luwenju.com Address: 192.168.1.101 > dns2.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
dns2.luwenju.com Address: 192.168.1.102 > www.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
www.luwenju.com Address: 192.168.1.103 > bbs.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
bbs.luwenju.com Address: 192.168.1.104 > blog.luwenju.com Server:
192.168.1.101 Address:
192.168.1.101#53 Name:
blog.luwenju.com Address: 192.168.1.105
反向解析測試# /usr/local/named/bin/nslookup
> 192.168.1.100 Server:
192.168.1.101 Address:
192.168.1.101#53 100.1.168.192.in-addr.arpa
name = luwenju.com. > 192.168.1.101 Server:
192.168.1.101 Address:
192.168.1.101#53 101.1.168.192.in-addr.arpa
name = dns1.luwenju.com. > 192.168.1.102 Server:
192.168.1.101 Address:
192.168.1.101#53 102.1.168.192.in-addr.arpa
name = dns2.luwenju.com. > 192.168.1.103 Server:
192.168.1.101 Address:
192.168.1.101#53 103.1.168.192.in-addr.arpa
name = www.luwenju.com. > 192.168.1.104 Server:
192.168.1.101 Address:
192.168.1.101#53 104.1.168.192.in-addr.arpa
name = bbs.luwenju.com. > 192.168.1.105 Server:
192.168.1.101 Address:
192.168.1.101#53 105.1.168.192.in-addr.arpa
name = blog.luwenju.com.
二、備DNS搭建及配置1、安裝bind#tar zxvf bind-9.6.2-P2.tar.gz#cd bind-9.6.2-P2#./configure --prefix=/usr/local/named--enable-threads --disable-openssl-version-check#make && make install註:編譯選項--enable-threads意為開啟多線程模式,--disable-openssl-version-check意為禁止openssl檢測2、將主DNS上的 named.conf和rndc.conf拷貝到備DNS伺服器的/usr/local/named/etc目錄下3、將主DNS上的/usr/local/named/var/named整個目錄拷貝到備DNS的/usr/local/named/var下4、修改備DNS伺服器的 named.conf配置文件#vi/usr/local/named/etc/named.conf
註:只修改luwenju.com的正向、反向區域即可,因為我們只對luwenju.com進行主備DNS同步,在named.conf中修改後luwenju.com正向、反向區域配置內容如下
zone "luwenju.com" IN { type slave; file "luwenju.zone"; masters { 192.168.1.101; }; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "1.168.192.arpa"; masters { 192.168.1.101; }; };
5、啟動bind/usr/local/named/sbin/named -gc/usr/local/named/etc/named.conf & 6、正向解析測試將本機DNS指向192.168.1.102,然後使用nslookup進行測試,測試結果顯示如下# /usr/local/named/bin/nslookup
> luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
luwenju.com Address: 192.168.1.100 > dns1.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
dns1.luwenju.com Address: 192.168.1.101 > dns2.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
dns2.luwenju.com Address: 192.168.1.102 > www.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
www.luwenju.com Address: 192.168.1.103 > bbs.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
bbs.luwenju.com Address: 192.168.1.104 > blog.luwenju.com Server:
192.168.1.102 Address:
192.168.1.102#53 Name:
blog.luwenju.com Address: 192.168.1.105
7、反向解析測試
> 192.168.1.100 Server:
192.168.1.102 Address:
192.168.1.102#53 100.1.168.192.in-addr.arpa
name = luwenju.com. > 192.168.1.101 Server:
192.168.1.102 Address:
192.168.1.102#53 101.1.168.192.in-addr.arpa
name = dns1.luwenju.com. > 192.168.1.102 Server:
192.168.1.102 Address:
192.168.1.102#53 102.1.168.192.in-addr.arpa
name = dns2.luwenju.com. > 192.168.1.103 Server:
192.168.1.102 Address:
192.168.1.102#53 103.1.168.192.in-addr.arpa
name = www.luwenju.com. > 192.168.1.104 Server:
192.168.1.102 Address:
192.168.1.102#53 104.1.168.192.in-addr.arpa
name = bbs.luwenju.com. > 192.168.1.105 Server:
192.168.1.102 Address:
192.168.1.102#53 105.1.168.192.in-addr.arpa
name = blog.luwenju.com.
三、主備DNS同步測試1、在主DNS的/usr/local/named/var/named/luwenju.zone文件中添加一條主機記錄(A記錄),主機記錄如下
test
IN
A
192.168.1.106
2、在主DNS伺服器上增大所要同步區域的serial值(以後主備DNS同步時加1即可,但要高於備DNS),修改後主DNS伺服器的luwenju.com正向區域文件內容如下
$ORIGIN luwenju.com. @
3600
IN
SOA
luwenju.com. root.luwenju.com. (
11
3600
900
1209600
3600 )
3600
IN
NS
dns1.luwenju.com.
3600
IN
NS
dns2.luwenju.com.
3600
IN
MX
5
luwenju.com.
IN
A
192.168.1.100 dns1
IN
A
192.168.1.101 dns2
IN
A
192.168.1.102 www
IN
A
192.168.1.103 bbs
IN
A
192.168.1.104 blog
IN
A
192.168.1.105 test
IN
A
192.168.1.106
3、重載bind在主DNS上執行如下命令# /usr/local/named/sbin/rndc reload
4、檢測備DNS是否得到同步
# more /usr/local/named/var/named/luwenju.zone $ORIGIN . $TTL 3600
; 1 hour luwenju.com
IN SOA
luwenju.com. root.luwenju.com. (
11
; serial
3600
; refresh (1 hour)
900
; retry (15 minutes)
1209600
; expire (2 weeks)
3600
; minimum (1 hour)
)
NS
dns1.luwenju.com.
NS
dns2.luwenju.com.
A
192.168.1.100
MX
5 luwenju.com. $ORIGIN luwenju.com. bbs
A
192.168.1.104 blog
A
192.168.1.105 dns1
A
192.168.1.101 dns2
A
192.168.1.102 test
A
192.168.1.106 www
A
192.168.1.103
[火星人 ] 使用bind搭建高可用DNS伺服器已經有1665次圍觀