DNS BIND主辅同步配置
之前我们介绍了单点的bind搭建,但是作为企业内部的DNS,单点节点肯定无法满足需要。所以我们需要考虑主备节点高可用,以防止单台节点出现故障的问题。
建议做主辅同步之前看一下单节点的配置
详解DNS BIND配置及原理
新闻联播老司机
DNS主辅同步配置要点:
DNS主辅环境
DNS主 192.168.31.113 DNS辅 192.168.31.114
主DNS我们已经安装过bind了,接下来在辅助DNS安装bind
具体安装详解可以查看下面的文章
yum install -y bind
接下来修改辅助DNS配置文件
#默认配置如下
[root@dns02-114 ~]# cat /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
===========================================
===========================================
修改后配置 (请根据实际情况进行修改)
[root@dns02-114 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.31.114; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
masterfile-format text;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
接下来修改主dns配置文件
#编辑192.168.31.113 /etc/named.conf
添加允许同步IP
allow-transfer { 192.168.31.114; };
also-notify { 192.168.31.114; };
dns master完整配置文件如下
[root@dns01-113 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.31.113; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
allow-transfer { 192.168.31.114; };
also-notify { 192.168.31.114; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
现在我们将dns01 和dns02执行下面的命令,检查配置文件是否有错误
named-checkconf
重启主dns
[root@dns01-113 ~]# systemctl restart named
接下来我们去辅助dns,检查完全区域数据传送。目前看到主配置文件有的解析列表如下。
[root@dns02-114 ~]# dig -t AXFR host.com @192.168.31.113 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> -t AXFR host.com @192.168.31.113 ;; global options: +cmd host.com. 600 IN SOA dns.host.com. 604419314.qq.com. 20200817 10800 900 604800 86400 host.com. 600 IN NS dns.host.com. dns.host.com. 60 IN A 192.168.31.113 dns01-113.host.com. 60 IN A 192.168.31.113 dns02-114.host.com. 60 IN A 192.168.31.114 dns03-114.host.com. 60 IN A 192.168.31.114 host.com. 600 IN SOA dns.host.com. 604419314.qq.com. 20200817 10800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 192.168.31.113#53(192.168.31.113) ;; WHEN: Mon Aug 24 08:14:05 EDT 2020 ;; XFR size: 7 records (messages 1, bytes 234)
接下来我们需要到/etc/named.rfc1912.zones创建自定义的正解域配置
vim /etc/named.rfc1912.zones
zone "host.com" IN {
type slave; #类型为辅助节点
masters { 192.168.31.113; }; #这里需要输入主dns ip
file "slaves/host.com.zone"; #host.com.zone文件存放路径(默认slaves目录是已经存在的,想使用另外的目录需要单独创建)
};
#配置完毕检查配置文件
[root@dns02-114 ~]# named-checkconf
启动辅助DNS,并检查
[root@dns02-114 slaves]# systemctl start named
#接下来我们到/var/named/slaves目录下就可以看到一个名称为host.com.zone的文件,并且已经将master节点的配置同步过来
[root@dns02-114 ~]# cd /var/named/slaves
[root@dns02-114 slaves]# cat host.com.zone
$ORIGIN .
$TTL 600 ; 10 minutes
host.com IN SOA dns.host.com. 604419314.qq.com. (
20200817 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.host.com.
$ORIGIN host.com.
$TTL 60 ; 1 minute
dns A 192.168.31.113
dns01-113 A 192.168.31.113
dns02-114 A 192.168.31.114
dns03-114 A 192.168.31.114
我们可以用命令检查一下之前配置的主机域是否可以通过辅助dns解析
[root@dns01-113 ~]# dig -t A dns02-114.host.com @192.168.31.114 +short 192.168.31.114
到这里我们的主辅同步已经成功!
说明
我们只有在/etc/named.rfc1912.zone中添加了需要同步的域名,辅助dns才会进行同步。不添加的域名dns是不会进行同步
静态域维护
如果是静态域,需要每次同步都要到主DNS上修改serial(相当于版本号)
(需要在主dns修改此参数,通知辅助dns同步。如果不添加只能都过了refresh时间,辅助dns才会进行同步)
实战主辅同步业务域维护
接下来我们要构建一个自定义的区域,并且实现动态dns主辅同步
192.168.31.113 主dns 192.168.31.114 辅dns 解析域 abcdocker.com
第一步: 到主DNS中添加区域配置文件
[root@dns01-113 ~]# vim /etc/named.rfc1912.zones
zone "abcdocker.com" IN {
type master;
file "abcdocker.com.zone";
allow-update { none; };
};
#allow-update none代表不是一个动态域
第二步: 创建区域数据库文件
#区域数据库文件默认在/var/named/
[root@dns01-113 ~]# vim /var/named/abcdocker.com.zone
[root@dns01-113 ~]# cat /var/named/abcdocker.com.zone
$ORIGIN .
$TTL 600 ;10 minutes
abcdocker.com IN SOA ns1.abcdocker.com. 604419314.qq.com. (
20200824 ;serial number 序列号(开启主从同步修改文件后序号需+1)
10800 ;refresh time 刷新时间 3 hours
900 ;retry time 重试时间 15 minutes
604800 ;expire time 过期时间1 week
86400 ;negative answer ttl 非权威应答时间 1day
)
NS ns1.abcdocker.com. ;ns记录地址
NS ns2.abcdocker.com.
$ORIGIN abcdocker.com. ;宏定义配置
$TTL 60 ;1 minute 解析生效时间1分钟
;下面为A记录配置
ns1 A 192.168.31.113
ns2 A 192.168.31.114
wifi A 192.168.31.1
esxi A 192.168.31.101
#修改属组权限,否则同步容易出现问题
[root@dns01-113 ~]# chgrp named /var/named/abcdocker.com.zone
[root@dns01-113 ~]# chmod 640 /var/named/abcdocker.com.zone
第三步: 重启主服务
[root@dns01-113 ~]# systemctl restart named #检查主dns是否可以正常解析 [root@dns01-113 ~]# dig -t A ns1.abcdocker.com @192.168.31.113 +short 192.168.31.113 #目前辅助dns无法解析,接下来配置辅助dns [root@dns01-113 ~]# dig -t A ns1.abcdocker.com @192.168.31.114 +short all.abcdocker.com.w.kunlungr.com.
第四步:辅DNS配置
#在辅助DNS上创建自定义正解区域配置
vim /etc/named.rfc1912.zones
zone "abcdocker.com" IN {
type slave;
file "slaves/abcdocker.com.zone";
masters { 192.168.31.113; };
};
#masters 为主dns地址
#file 这里的目录为相对路径slaves目录默认创建
#重启辅助dns
systemctl restart named
第五步: 测试主dns与辅助dns
[root@dns01-113 ~]# dig -t A ns2.abcdocker.com @192.168.31.114 +short 192.168.31.114 [root@dns01-113 ~]# dig -t A ns2.abcdocker.com @192.168.31.113 +short 192.168.31.114 [root@dns01-113 ~]# dig -t A ns1.abcdocker.com @192.168.31.113 +short 192.168.31.113 [root@dns01-113 ~]# dig -t A ns1.abcdocker.com @192.168.31.114 +short 192.168.31.113 #这里已经可以获取到ip地址,说明主从同步已经完成
第六步: 增删改查
#当我们需要对域名进行增删该查时,步骤如下
#需求: 添加一个nas.abcdocker.com A记录IP地址为192.168.31.101
[root@dns01-113 ~]# vim /var/named/abcdocker.com.zone
$ORIGIN .
$TTL 600 ;10 minutes
abcdocker.com IN SOA ns1.abcdocker.com. 604419314.qq.com. (
20200825 ;serial number 序列号(开启主从同步修改文件后序号需+1)
10800 ;refresh time 刷新时间 3 hours
900 ;retry time 重试时间 15 minutes
604800 ;expire time 过期时间1 week
86400 ;negative answer ttl 非权威应答时间 1day
)
NS ns1.abcdocker.com. ;ns记录地址
NS ns2.abcdocker.com.
$ORIGIN abcdocker.com. ;宏定义配置
$TTL 60 ;1 minute 解析生效时间1分钟
;下面为A记录配置
ns1 A 192.168.31.113
ns2 A 192.168.31.114
wifi A 192.168.31.1
esxi A 192.168.31.101
nas A 192.168.31.101
#最下方添加A记录,同时serial ID需+1
修改完毕后需要重启主named
[root@dns01-113 ~]# systemctl restart named #检查 [root@dns01-113 ~]# dig -t A nas.abcdocker.com @192.168.31.113 +short 192.168.31.101 [root@dns01-113 ~]# dig -t A nas.abcdocker.com @192.168.31.114 +short 192.168.31.101
辅助DNS不存在手动读写的步骤,主从节点开启后,所有的修改都在主节点进行!
并且建议在DNS主从中NS记录与SOA记录使用其中一个解析就可以,不需要在额外添加
相关文章:
- 架构师之DNS实战
- 详解DNS BIND配置及原理
- CentOS 7 ETCD集群配置大全
- Xtrabackup安装以及应用
