接上篇文章《Centos使用Bind配置智能DNS(1)》,试验环境同上!
DNS服务器 主从配置
MASTER服务器(TRANSFER-SOURCE):
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 |
[root@MASTER /]# mkdir /var/named/zones/{local,cmcc,cucc,ctcc,cecc,others} [root@MASTER /]# chown -R named.named /var/named/zones/{local,cmcc,cucc,ctcc,cecc,others} #移动、联通、电信、教育 [root@MASTER /]# route add -net 172.28.0.0/16 dev eth0 #-net不支持子网划分 [root@MASTER named]# cat *.cfg acl CMCC { 1.1.1.1; }; acl CTCC { 1.1.1.11; }; acl CUCC { 1.1.1.18; }; acl LOCAL { 10.0.0.0/8; }; acl OTHERS { any; }; [root@MASTER named]# cat /usr/local/named/etc/named.conf // named.conf options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; bindkeys-file "/usr/local/named/etc/bind.keys"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel gsquery { file "data/query.log" versions 3 size 20m; severity info; print-time yes; print-category yes; print-severity yes; }; category queries { gsquery; }; }; key "rndc-key" { algorithm hmac-md5; secret "ovH1P5Jg42kGLBWJYifXRQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; include "/var/named/named.rfc1912.zones"; [root@MASTER named]# cat /var/named/named.rfc1912.zones view "LOCAL" { match-clients { 172.28.1.1; LOCAL; }; #可以使用!172.28.1.2; !1.1.1.20; 屏蔽对应IP recursion yes; allow-update { none; }; allow-transfer { 172.28.1.1; }; #对应的LOCAL的IP also-notify { 172.28.1.1; }; #额外主机(slave以外的主机,当slave配置的时候亦可以通知其他主机),可以不配置,不配置可以提高效率 notify yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" { type master; file "zones/local/local.t4x.org.zone"; }; }; view "CTCC" { match-clients { 172.28.1.2; CTCC; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/ctcc/ctcc.t4x.org.zone"; also-notify { 172.28.1.2; }; notify yes; allow-update { none; }; allow-transfer { 172.28.1.2; }; }; }; view "CUCC" { match-clients { 172.28.1.3; CUCC; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/cucc/cucc.t4x.org.zone"; also-notify { 172.28.1.3; }; notify yes; allow-update { none; }; allow-transfer { 172.28.1.3; }; }; }; view "CMCC" { match-clients { 172.28.1.4; CMCC; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/cmcc/cmcc.t4x.org.zone"; also-notify { 172.28.1.4; }; notify yes; allow-update { none; }; allow-transfer { 172.28.1.4; }; }; }; view "OTHERS" { match-clients { 172.28.1.5; OTHERS; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/others/others.t4x.org.zone"; also-notify { 172.28.1.5; }; notify yes; allow-update { none; }; allow-transfer { 172.28.1.5; }; }; }; include "ctcc.cfg"; include "cucc.cfg"; include "cmcc.cfg"; include "local.cfg"; include "others.cfg"; [root@MASTER named]# cat zones/others/others.t4x.org.zone $TTL 60 @ IN SOA ns1.t4x.org. admin.t4x.org. ( 2015050500 ; serial 120 ; refresh 600 ; retry 1W ; expire 3H ) ; minimum IN NS ns1 IN NS ns2 IN A 1.1.1.19 ns1 IN A 1.1.1.19 ns2 IN A 172.28.1.5 www IN A 5.5.5.5 |
MASTER服务器(TSIG KEY):
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
[root@MASTER /]# mkdir /var/named/keys [root@MASTER /]# /usr/local/named/sbin/rndc-confgen -r /dev/urandom -a -c /var/named/keys/cucc.keys -k cucc [root@MASTER /]# /usr/local/named/sbin/rndc-confgen -r /dev/urandom -a -c /var/named/keys/ctcc.keys -k ctcc [root@MASTER /]# /usr/local/named/sbin/rndc-confgen -r /dev/urandom -a -c /var/named/keys/others.keys -k others [root@MASTER /]# chown -R named.named /var/named/keys [root@MASTER named]# cat named.rfc1912.zones view "LOCAL" { match-clients { key local; LOCAL; }; server 1.1.1.20 { keys local; }; recursion yes; allow-update { none; }; allow-transfer { key local; }; also-notify { 1.1.1.20; }; notify yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" { type master; file "zones/local/local.t4x.org.zone"; }; }; view "CTCC" { match-clients { key ctcc; CTCC; }; server 1.1.1.20 { keys ctcc; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/ctcc/ctcc.t4x.org.zone"; also-notify { 1.1.1.20; }; notify yes; allow-update { none; }; allow-transfer { key ctcc; }; }; }; view "CUCC" { match-clients { key cucc; CUCC; }; server 1.1.1.20 { keys cucc; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/cucc/cucc.t4x.org.zone"; also-notify { 1.1.1.20; }; notify yes; allow-update { none; }; allow-transfer { key cucc; }; }; }; view "CMCC" { match-clients { key cmcc; CMCC; }; server 1.1.1.20 { keys cmcc; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/cmcc/cmcc.t4x.org.zone"; also-notify { 1.1.1.20; }; notify yes; allow-update { none; }; allow-transfer { key cmcc; }; }; }; view "OTHERS" { match-clients { key others; OTHERS; }; server 1.1.1.20 { keys others; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone"t4x.org" { type master; file "zones/others/others.t4x.org.zone"; also-notify { 1.1.1.20; }; notify yes; allow-update { none; }; allow-transfer { key others; }; }; }; include "ctcc.cfg"; include "cucc.cfg"; include "cmcc.cfg"; include "local.cfg"; include "others.cfg"; include "keys/cmcc.key"; include "keys/ctcc.key"; include "keys/cucc.key"; include "keys/local.key"; include "keys/others.key"; [root@MASTER named]# cat zones/ctcc/ctcc.t4x.org.zone $TTL 60 @ IN SOA ns1.t4x.org. admin.t4x.org. ( 2015050209 ; serial 120 ; refresh 600 ; retry 1W ; expire 3H ) ; minimum IN NS ns1 IN NS ns2 IN A 1.1.1.19 ns1 IN A 1.1.1.19 ns2 IN A 1.1.1.20 www IN A 209.202.204.209 bbs IN A 208.202.204.202 |
SLAVE服务器(TRANSFER-SOURCE):
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
[root@Slave /]# /sbin/ifconfig eth0:0 172.28.1.1 netmask 255.255.240.0 [root@Slave /]# /sbin/ifconfig eth0:1 172.28.1.2 netmask 255.255.240.0 [root@Slave /]# /sbin/ifconfig eth0:2 172.28.1.3 netmask 255.255.240.0 [root@Slave /]# /sbin/ifconfig eth0:3 172.28.1.4 netmask 255.255.240.0 [root@Slave /]# cp /var/named/named.rfc1912.zones /var/named/named.rfc1912.zones.bk [root@Slave /]# mkdir /var/named/slaves/{local,cmcc,cucc,ctcc,cecc,others} [root@Slave /]# chown -R named.named /var/named/slaves/{local,cmcc,cucc,ctcc,cecc,others} [root@Slave named]# cat /usr/local/named/etc/named.conf options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; bindkeys-file "/usr/local/named/etc/bind.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel gsquery { file "data/query.log" versions 3 size 20m; severity info; print-time yes; print-category yes; print-severity yes; }; category queries { gsquery; }; }; key "rndc-key" { algorithm hmac-md5; secret "IZMC23sEaNM1nkSQ+1qQxA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; include "/var/named/named.rfc1912.zones"; [root@Slave named]# cat /var/named/named.rfc1912.zones view "LOCAL" { match-clients { 172.28.1.1; LOCAL; }; #LOCAL就可以 transfer-source 172.28.1.1; allow-notify { 172.28.1.1; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/local/local.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "CTCC" { match-clients { 172.28.1.2; CTCC; }; transfer-source 172.28.1.2; allow-notify { 172.28.1.2; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/ctcc/ctcc.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "CUCC" { match-clients { 172.28.1.3; CUCC; }; transfer-source 172.28.1.3; allow-notify { 172.28.1.3; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/cucc/cucc.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "CMCC" { match-clients { 172.28.1.4; CMCC; }; transfer-source 172.28.1.4; allow-notify { 172.28.1.4; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/cmcc/cmcc.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "OTHERS" { match-clients { 172.28.1.5; OTHERS; }; transfer-source 172.28.1.5; allow-notify { 172.28.1.5; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/others/others.t4x.org.zone"; masters { 1.1.1.19; }; }; }; include "ctcc.cfg"; include "cucc.cfg"; include "cmcc.cfg"; include "local.cfg"; include "others.cfg"; [root@Slave named]# /usr/local/named/sbin/named-compilezone -f raw -F text -o /tmp/t4x.org.txt t4x.org /var/named/slaves/local/local.t4x.org.zone zone t4x.org/IN: loaded serial 2015050101 dump zone to /tmp/t4x.org.txt...done OK [root@Slave named]# cat /tmp/t4x.org.txt t4x.org. 60 IN SOA ns1.t4x.org. admin.t4x.org. 2015050101 120 600 604800 10800 t4x.org. 60 IN NS ns1.t4x.org. t4x.org. 60 IN NS ns2.t4x.org. t4x.org. 60 IN A 1.1.1.19 ns1.t4x.org. 60 IN A 1.1.1.19 ns2.t4x.org. 60 IN A 172.28.1.1 note.t4x.org. 60 IN A 101.1.1.1 |
SLAVE服务器(TSIG KEY):
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
[root@Slave named]# cat named.rfc1912.zones view "LOCAL" { match-clients { key local; LOCAL; }; server 1.1.1.19 { keys local; }; transfer-source 1.1.1.20; allow-notify { 1.1.1.20; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/local/local.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "CTCC" { match-clients { key ctcc; CTCC; }; server 1.1.1.19 { keys ctcc; }; transfer-source 1.1.1.20; allow-notify { 1.1.1.20; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/ctcc/ctcc.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "CUCC" { match-clients { key cucc; CUCC; }; server 1.1.1.19 { keys cucc; }; transfer-source 1.1.1.20; allow-notify { 1.1.1.20; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/cucc/cucc.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "CMCC" { match-clients { key cmcc; CMCC; }; server 1.1.1.19 { keys cmcc; }; transfer-source 1.1.1.20; allow-notify { 1.1.1.20; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/cmcc/cmcc.t4x.org.zone"; masters { 1.1.1.19; }; }; }; view "OTHERS" { match-clients { key others; OTHERS; }; server 1.1.1.19 { keys others; }; transfer-source 1.1.1.20; allow-notify { 1.1.1.20; }; recursion yes; zone "." IN { type hint; file "named.root"; }; zone "t4x.org" IN { type slave; file "slaves/others/others.t4x.org.zone"; masters { 1.1.1.19; }; }; }; include "ctcc.cfg"; include "cucc.cfg"; include "cmcc.cfg"; include "local.cfg"; include "others.cfg"; include "keys/cmcc.key"; include "keys/ctcc.key"; include "keys/cucc.key"; include "keys/local.key"; include "keys/others.key"; |
Mastr日志:
|
0 1 2 3 4 5 6 7 |
[root@MASTER named]# /usr/local/named/sbin/rndc reload MASTER named[15783]: zone t4x.org/IN/CMCC: loaded serial 2015050401 MASTER named[15783]: zone t4x.org/IN/CMCC: sending notifies (serial 2015050401) MASTER named[15783]: client 1.1.1.19#38731: view OTHERS: received notify for zone 't4x.org' MASTER named[15783]: client 172.28.1.4#46615 (t4x.org): view CMCC: transfer of 't4x.org/IN': AXFR-style IXFR started MASTER named[15783]: client 172.28.1.4#46615 (t4x.org): view CMCC: transfer of 't4x.org/IN': AXFR-style IXFR ended MASTER named[15783]: client 1.1.1.20#32818: view OTHERS: received notify for zone 't4x.org' |
Slave日志:
|
0 1 2 3 4 5 6 7 8 9 10 11 |
Slave named[2464]: zone t4x.org/IN/CUCC: sending notifies (serial 2015050303) Slave named[2464]: client 1.1.1.20#39845: view OTHERS: received notify for zone 't4x.org' Slave named[2464]: zone t4x.org/IN/OTHERS: refused notify from non-master: 1.1.1.20#39845 Slave named[2464]: client 1.1.1.19#47047: view OTHERS: received notify for zone 't4x.org' Slave named[2464]: zone t4x.org/IN/OTHERS: notify from 1.1.1.19#47047: zone is up to date Slave named[2464]: zone t4x.org/IN/CMCC: Transfer started. Slave named[2464]: transfer of 't4x.org/IN/CMCC' from 1.1.1.19#53: connected using 172.28.1.4#46615 Slave named[2464]: zone t4x.org/IN/CMCC: transferred serial 2015050401 Slave named[2464]: transfer of 't4x.org/IN/CMCC' from 1.1.1.19#53: Transfer status: success Slave named[2464]: transfer of 't4x.org/IN/CMCC' from 1.1.1.19#53: Transfer completed: 1 messages, 8 records, 219 bytes, 0.002 secs (109500 bytes/sec) Slave named[2464]: zone t4x.org/IN/CMCC: sending notifies (serial 2015050401) |
Slave服务器dig测试:
|
0 1 2 3 |
queries: info: client 1.1.1.11#49076 (note.t4x.org): view CTCC: query: note.t4x.org IN A + (1.1.1.20) queries: info: client 1.1.1.18#35667 (note.t4x.org): view CUCC: query: note.t4x.org IN A + (1.1.1.20) queries: info: client 1.1.1.1#64052 (note.t4x.org): view CMCC: query: note.t4x.org IN A + (1.1.1.20) queries: info: client 1.1.1.20#40230 (note.t4x.org): view OTHERS: query: note.t4x.org IN A +E (1.1.1.20) |
注意事项:当多个VIEW的使用配置必须选择多IP方式或者采用TGIS方式才可以!SourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-intermediate/
注意事项:notify并不表示已经更新,只是表示通知到slave服务器而已!SourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-intermediate/
|
0 |
NOTIFY does not indicate that the zone data has changed, but rather that the zone data may have changed. The receiver of the NOTIFY message should query the zone SOA directly from the IP(s) defined in the zone's masters statement. |
测试环境下载:http://pan.baidu.com/s/1nuC4csx 密码: dwchSourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-intermediate/
申明:本地测试,未经过生产环境实际测试,可能存在bug、或者其他未知问题请见谅!(若配置中有什么问题不当之处,请指正!)SourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-intermediate/
关联文档:https://note.t4x.org/service/configuration-intelligence-dns-bases/SourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-intermediate/
帮助文档:
1:ftp://ftp.isc.org/isc/bind9/9.9.8/doc/arm/Bv9ARM.pdf
2:http://blog.xuite.net/jyoutw/xtech
3:http://www.zytrax.com/books/dns/ch7/xfer.html#allow-update
4:http://linux.vbird.org/linux_server/0350dns/0350dns.php#DNS_settings
5:http://www.l-penguin.idv.tw/article/dns.htmSourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-intermediate/
SourceByrd's Weblog-https://note.t4x.org/service/configuration-intelligence-dns-intermediate/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
北京市 1F
看着太迷糊。。。。
上海市 B1
@ 收藏夹子 从最开始的文档开始看,那里比较模糊(下次我慢慢修正下)?