安裝的過程完全一樣,這裏主要是貼上從服務器的配置文件。
一、主配named.conf
- options {
- directory "/usr/local/named/etc";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- pid-file "/var/run/named/named.pid";
- version "Windows 2008 Enterprise Server";
- listen-on port 53 { 192.168.2.201; };
- allow-query { intranet;external; };
- allow-recursion { external; };
- forward first;
- forwarders { 202.101.172.46;202.101.172.47; };
- datasize 128M;
- auth-nxdomain no;
- rrset-order { order random; };
- };
- logging {
- channel warning {
- file "/var/log/dns_warnings.log" versions 5 size 1024K;
- severity warning;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel security_log {
- file "/var/log/dns_security.log" versions 5 size 1024K;
- severity info;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel query_log {
- file "/var/log/dns_query.log" versions 10 size 1024K;
- severity info;
- print-category yes;
- print-severity yes;
- };
- category default { warning; };
- category security { security_log; };
- category queries { query_log; };
- };
- include "acl.conf";
- include "rndc.conf";
- view "intranet" { //真正需要同步的是intranet視圖中的幾個域
- match-clients { key intranet-key;intranet; };
- match-destinations { any; };
- //DNS master服務器的地址,以及主從同步時key配置
- server 192.168.2.200 { keys { intranet-key; }; };
- zone "." IN {
- type hint;
- file "named.root";
- };
- zone "localhost" IN {
- type master;
- file "localhost.zone";
- };
- zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "localhost.rev";
- };
- zone "wholesale-dress.net" IN {
- type slave;
- //該域的類型是slave,本處指定master的地址,下同
- masters { 192.168.2.200; };
- file "slave/wholesale-dress.net.intranet";
- };
- zone "yixiebao.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/yixiebao.com.intranet";
- };
- zone "japan-dress.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/japan-dress.com.intranet";
- };
- zone "arab-clothes.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/arab-clothes.com.intranet";
- };
- zone "stamp-shopping.com" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/stamp-shopping.com.intranet";
- };
- zone "2.168.192.in-addr.arpa" IN {
- type slave;
- masters { 192.168.2.200; };
- file "slave/2.168.192.rev";
- };
- };
- view "external" { //external這個視圖是不需要同步的,都是公網的域名,直接丟給上游DNS處理
- match-clients { key external-key;external; };
- match-destinations { any; };
- zone "." IN {
- type hint;
- file "named.root";
- };
- zone "localhost" IN {
- type master;
- file "localhost.zone";
- };
- zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "localhost.rev";
- };
- zone "wholesale-dress.net" IN {
- type forward;
- };
- zone "goods-of-china.com" IN {
- type forward;
- };
- zone "japan-dress.com" IN {
- type forward;
- };
- zone "russia-dress.com" IN {
- type forward;
- };
- zone "stamp-shopping.com" IN {
- type forward;
- };
- };
其他的配置文件只要copy master服務器上的文件到本地即可。
二、驗證主從同步是否可以
1)在master上挑選一個域名作測試,就以stamp-shopping.com.intranet爲例吧,
原始記錄如下:
- $TTL 86400
- @ IN SOA ns1.stamp-shopping. root.stamp-shopping. (
- 108 ; serial
- 1H ; refresh
- 1M ; retry
- 1W ; expiry
- 1D ) ; minimum
- IN NS ns1.stamp-shopping.
- ; IN MX 10 mail.stamp-shopping.
- ;mail IN A 192.168.1.14
- ns1 IN A 192.168.2.200
- slave IN A 192.168.2.201
- www IN A 192.168.1.243
- ;js IN A 192.168.1.15
- ;css IN A 192.168.1.15
- ;img IN A 192.168.1.15
- ;ftp IN A 192.168.1.18
現在將www的A記錄IP修改至192.168.2.56吧,同時修改serial值爲120(master上的serial值要比slave大,否則無法同步),修改後如下
- $TTL 86400
- @ IN SOA ns1.stamp-shopping. root.stamp-shopping. (
- 120 ; serial
- 1H ; refresh
- 1M ; retry
- 1W ; expiry
- 1D ) ; minimum
- IN NS ns1.stamp-shopping.
- ; IN MX 10 mail.stamp-shopping.
- ;mail IN A 192.168.1.14
- ns1 IN A 192.168.2.200
- slave IN A 192.168.2.201
- www IN A 192.168.2.56
- ;js IN A 192.168.1.15
- ;css IN A 192.168.1.15
- ;img IN A 192.168.1.15
- ;ftp IN A 192.168.1.18
slave上此時的stamp-shopping.com.intranet文件與master上是一樣的,這裏就不貼了,我們現在重啓master上的bind服務吧,看slave上是否有更新過來。
- # /etc/init.d/named restart
這個時候,slave上已經更新過來了,貼一下吧
- $ORIGIN .
- $TTL 86400 ; 1 day
- stamp-shopping.com IN SOA ns1.stamp-shopping. root.stamp-shopping. (
- 120 ; serial
- 3600 ; refresh (1 hour)
- 60 ; retry (1 minute)
- 604800 ; expire (1 week)
- 86400 ; minimum (1 day)
- )
- NS ns1.stamp-shopping.
- $ORIGIN stamp-shopping.com.
- ns1 A 192.168.2.200
- slave A 192.168.2.201
- www A 192.168.2.56
以上就是DNS 從服務器的構建過程,謝謝!