DNS 主从配置
时间:2010-08-16 来源:chibiaowu
DNS主从配置
一、主从原理
主辅DNS服务器数据同步的过程,首先master DNS服务器每 次修改完成并重启服务后,将传送notify给所有的slave DNS服务器。slave DNS服务器将查询master服务器的SOA记录,master DNS服务器收到请求后将SOA记录发送给Slave DNS服务器,Slave DNS服务器收到后同时对比查询结果中的serial值,如果serial值不大于本机的话将结束数据同步过程;但是如果serial值大于本机的 话,slave DNS将发送zone transfer请求要求(AXFR/IXFR)。Master响应zone transfer请求并传送结果,直到整个slave更新完成。
如图:
如图:
二、主服务器(192.168.200.143)
[root@rs_200_143 etc]# more named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "7eBY6yefaA5xVWc1uUcoKA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/bind/etc";
dump-file "/usr/local/bind/var/cache_dump.db";
statistics-file "/usr/local/bind/var/named_stats.txt";
pid-file "/usr/local/bind/var/run/named.pid";
};
#logging {
# channel noti {
# file "noti";
# severity dynamic;
#};
#category notify {
# noti;
#};
#};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "qqvm.com" IN {
type master;
file "qqvm.zone";
notify yes;
also-notify{ 192.168.200.142;};
allow-transfer { 192.168.200.142; };
};
[root@rs_200_143 etc]# more qqvm.zone
$TTL 990
@ IN SOA qqvm.com. root.qqvm.com. (
2010072903 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
@ IN NS qqvm.com.
@ IN A 192.168.200.143
@ IN MX 5 qqvm.com.
www IN A 192.168.200.141
blog IN A 192.168.200.141
test IN A 192.168.200.141
test1 IN A 192.168.200.141
三、客户端(192.168.200.142)
[root@rs_200_142 etc]# more named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "7eBY6yefaA5xVWc1uUcoKA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/bind/etc";
dump-file "/usr/local/bind/var/cache_dump.db";
statistics-file "/usr/local/bind/var/named_stats.txt";
pid-file "/usr/local/bind/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "qqvm.com" IN {
type slave;
file "qqvm.zone";
#allow-notify { 192.168.200.143; };
masters { 192.168.200.143; };
};
上述配置后,分别启动主从的DNS服务器后,从服务器会在slaves/下生成test.salve区域文件,这样主从服务器即建好了。
四、注意问题
1、权限问题导致无法同步
zone qqvm.com/IN: loading master file qqvm.com: permission denied
2、SOA 里 serial这个版本号,服务器端要大于客户端。所以修改记录后一定记得更改版本号
因为Slave DNS服务器是在对比查询结果中的serial值,如果serial值不大于本机的话将结束数据同步过程
五、故障
1、主DNS服务器修改记录或添加区域辅助DNS同步不过去
原因:主辅DNS的工作原理,每次主DNS修改完成后重启服务会传送notify值,但是这里却没有传送。
解决:
域文件中声明。
服务器端 notify yes;
also-notify{ 192.168.200.143; };
[root@rs_200_143 etc]# more named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "7eBY6yefaA5xVWc1uUcoKA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/bind/etc";
dump-file "/usr/local/bind/var/cache_dump.db";
statistics-file "/usr/local/bind/var/named_stats.txt";
pid-file "/usr/local/bind/var/run/named.pid";
};
#logging {
# channel noti {
# file "noti";
# severity dynamic;
#};
#category notify {
# noti;
#};
#};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "qqvm.com" IN {
type master;
file "qqvm.zone";
notify yes;
also-notify{ 192.168.200.142;};
allow-transfer { 192.168.200.142; };
};
[root@rs_200_143 etc]# more qqvm.zone
$TTL 990
@ IN SOA qqvm.com. root.qqvm.com. (
2010072903 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
@ IN NS qqvm.com.
@ IN A 192.168.200.143
@ IN MX 5 qqvm.com.
www IN A 192.168.200.141
blog IN A 192.168.200.141
test IN A 192.168.200.141
test1 IN A 192.168.200.141
三、客户端(192.168.200.142)
[root@rs_200_142 etc]# more named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "7eBY6yefaA5xVWc1uUcoKA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/bind/etc";
dump-file "/usr/local/bind/var/cache_dump.db";
statistics-file "/usr/local/bind/var/named_stats.txt";
pid-file "/usr/local/bind/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "qqvm.com" IN {
type slave;
file "qqvm.zone";
#allow-notify { 192.168.200.143; };
masters { 192.168.200.143; };
};
上述配置后,分别启动主从的DNS服务器后,从服务器会在slaves/下生成test.salve区域文件,这样主从服务器即建好了。
四、注意问题
1、权限问题导致无法同步
zone qqvm.com/IN: loading master file qqvm.com: permission denied
2、SOA 里 serial这个版本号,服务器端要大于客户端。所以修改记录后一定记得更改版本号
因为Slave DNS服务器是在对比查询结果中的serial值,如果serial值不大于本机的话将结束数据同步过程
五、故障
1、主DNS服务器修改记录或添加区域辅助DNS同步不过去
原因:主辅DNS的工作原理,每次主DNS修改完成后重启服务会传送notify值,但是这里却没有传送。
解决:
域文件中声明。
服务器端 notify yes;
also-notify{ 192.168.200.143; };
相关阅读 更多 +
