一、DNS主從簡介
DNS的Slave端從Master端獲取zone的文件信息到本地,slave獲取之後即可爲該區域的解析提供服務,可作爲良好的DNS區域文件備份方式,但是slave端中同步的zone文件不可修改。
二、DNS區域文件同步的架構圖:
三、DNS的主從同步根據傳送的方式分爲:
1.axfr:完全傳送
2.ixfr:增量傳送
四、Master端配置:
主配置文件的修改:/etc/named.conf
options {
directory "/var/named/";
notify yes; ##開啓全局推送機制
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "jeffery.org" IN {
type master;
file "jeffery.org.zone";
allow-transfer{ 192.168.220.101; }; ##該區域允許192.168.220.101來同步,也可以options中定義則表示所有區域都允許被同步
};定義區域文件:/var/named/jeffery.org.zone
$TTL 1D @ IN SOA ns1.jeffery.org. admin.jeffery.com. ( 301 ; serial ##版本號 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.jeffery.org. IN NS ns2.jeffery.org. ##slave的NS記錄,至關重要 ns1 IN A 192.168.220.100 ns2 IN A 192.168.220.101 ##slave的A記錄,至關重要 jeffery.com IN MX 10 mail.jeffery.com. mail IN A 9.9.9.9 www IN A 8.8.8.8 ftp IN A 2.2.2.2
slave端的配置:
主配置文件:/etc/named.conf
options {
directory "/var/named/";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "jeffery.org" IN {
type slave; ##設置爲slave類型
file "slaves/jeffery.org.zone"; ##同步文件保存位置
masters { 192.168.220.100; }; ##master位置
};結果測試:
五、增量更新修改,測試
Master端區域文件配置:/var/named/jeffery.org.zone
$TTL 1D @ IN SOA ns1.jeffery.org. admin.jeffery.com. ( 1 ; serial ##版本號增加 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.jeffery.org. IN NS ns2.jeffery.org. ns1 IN A 192.168.220.100 ns2 IN A 192.168.220.101 jeffery.com IN MX 10 mail.jeffery.com. mail IN A 9.9.9.9 www IN A 10.10.10.10 ##www服務器ip更改 ftp IN A 2.2.2.2
如果需要快速看到結果則需要重讀配置文件(/etc/named.conf)
Slave端收到的區域文件:/var/named/slaves/jeffery.org.zone
表明測試成功,增量更新完畢!