- 2010-810日
什么是辅助DNS
辅助DNS服务器是一种容错设计,考虑的是一旦DNS主服务器出现故障或因负载太重无法及时响应客户机请求,辅助服务器将挺身而出为主服务器排忧解难。DNS的原始解析记录在主DNS服务器上进行设置,辅助服务器的区域数据都是从主服务器复制而来,因此辅助服务器的数据都是只读的。
测试环境
服务器系统:Redhat Linux 5 +Bind 9.3.6
主DNS服务器:192.168.0.200
辅助DSN服务器:192.168.0.201
测试正向域:liusuping.com
测试反向域:192.168.0.0
配置步骤
首先配置主DNS服务器,具体步骤参见[Redhat Linux DNS服务软件bind的安装及配置]
建立一个解析域liusuping.com
[root@a named]# cat /etc/named.rfc1912.zones
zone "liusuping.com" IN {
type master;
file "liusuping.com.zone";
allow-update { none; };
};zone "0.168.192.in-addr.arpa" IN {
type master;
file "liusuping.com.rev";
allow-update { none; };
};辅助DNS设置
定义DNS服务器监听地址
[root@b ~]# cat /etc/named.caching-nameserver.conf
options {
listen-on port 53 { 192.168.0.201; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
recursion yes;
include "/etc/named.rfc1912.zones";
};配置辅助解析域
[root@b ~]# cat /etc/named.rfc1912.zones
zone "liusuping.com" IN {
type slave;
file "slaves/liusuping.com.zone";
masters { 192.168.0.200;} ;
};zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/liusuping.com.rev";
masters { 192.168.0.200 ;};
};启动named服务
[root@b ~]# service named restart
停止 named:[确定]
启动 named:[确定]
[root@b ~]#测试辅助DNS
[root@b ~]# nslookup
> server 192.168.0.201
Default server: 192.168.0.201
Address: 192.168.0.201#53
> www.liusuping.com
Server: 192.168.0.201
Address: 192.168.0.201#53Name: www.liusuping.com
Address: 192.168.0.200
> 192.168.0.200
Server: 192.168.0.201
Address: 192.168.0.201#53200.0.168.192.in-addr.arpa name = www.liusuping.com.
200.0.168.192.in-addr.arpa name = dns.liusuping.com.辅助DNS启动后会与主DNS服务器进行区域配置文件的同步,在/var/named/slaves/目录下会自动生成解析数据库
[root@b ~]# ls /var/named/slaves/ -l
总计 8
-rw-r--r-- 1 named named 389 08-10 21:57 liusuping.com.rev
-rw-r--r-- 1 named named 404 08-10 21:57 liusuping.com.zone看下辅助DNS启动的载入过程,在日志中可以看到辅助DNS从主DNS辅助解析数据文件的过程。
Aug 10 21:57:08 b named[6581]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -c /etc/named.caching-nameserver.conf
Aug 10 21:57:08 b named[6581]: adjusted limit on open files from 1024 to 1048576
Aug 10 21:57:08 b named[6581]: found 1 CPU, using 1 worker thread
Aug 10 21:57:08 b named[6581]: using up to 4096 sockets
Aug 10 21:57:08 b named[6581]: loading configuration from '/etc/named.caching-nameserver.conf'
Aug 10 21:57:08 b named[6581]: using default UDP/IPv4 port range: [1024, 65535]
Aug 10 21:57:08 b named[6581]: using default UDP/IPv6 port range: [1024, 65535]
Aug 10 21:57:08 b named[6581]: listening on IPv4 interface eth0, 192.168.0.201#53
Aug 10 21:57:08 b named[6581]: command channel listening on 127.0.0.1#953
Aug 10 21:57:08 b named[6581]: command channel listening on ::1#953
Aug 10 21:57:08 b named[6581]: the working directory is not writable
Aug 10 21:57:08 b named[6581]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Aug 10 21:57:08 b named[6581]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Aug 10 21:57:08 b named[6581]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Aug 10 21:57:08 b named[6581]: zone localdomain/IN/localhost_resolver: loaded serial 42
Aug 10 21:57:08 b named[6581]: zone localhost/IN/localhost_resolver: loaded serial 42
Aug 10 21:57:08 b named[6581]: running
Aug 10 21:57:08 b named[6581]: zone 0.168.192.in-addr.arpa/IN/localhost_resolver: Transfer started.
Aug 10 21:57:08 b named[6581]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.200#53: connected using 192.168.0.201#46038
Aug 10 21:57:08 b named[6581]: zone 0.168.192.in-addr.arpa/IN/localhost_resolver: transferred serial 1997022700
Aug 10 21:57:08 b named[6581]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.200#53: end of transfer
Aug 10 21:57:08 b named[6581]: zone 0.168.192.in-addr.arpa/IN/localhost_resolver: sending notifies (serial 1997022700)
Aug 10 21:57:09 b named[6581]: zone liusuping.com/IN/localhost_resolver: Transfer started.
Aug 10 21:57:09 b named[6581]: transfer of 'liusuping.com/IN' from 192.168.0.200#53: connected using 192.168.0.201#38146
Aug 10 21:57:09 b named[6581]: zone liusuping.com/IN/localhost_resolver: transferred serial 42
Aug 10 21:57:09 b named[6581]: transfer of 'liusuping.com/IN' from 192.168.0.200#53: end of transfer
Aug 10 21:57:09 b named[6581]: zone liusuping.com/IN/localhost_resolver: sending notifies (serial 42)注意:在配置过程可能会出现一些错误,如果你配置和上面的过程一样,可能是你文件或目录的权限没设置对,或者系统防火墙的设置问题,可以参考 [Redhat Linux DNS服务软件两个故障的排错]
转发DNS配置
当DNS服务器在收到DNS客户端的查询请求后,它将在所管辖区域的数据库中寻找是否有该客户端的数据。如果该DNS服务器的区域数据库中没有该客户端的数据(即在DNS服务器所管辖的区域数据库中并没有该DNS客户端所查询的主机名)时,该DNS服务器需转向其他的DNS服务器进行查询。
有了转发器后,当DNS客户端提出查询请求时,DNS服务器将通过转发器从外界DNS服务器中获得数据,并将其提供给DNS客户端。
在bind中可以将服务器设置为转发DNS服务器,可以选择转发全部DNS请求,只需要修改一下“/etc/named.caching-nameserver.conf ”
options {
forward only;
forwarders {192.168.0.231;}; //定义向哪台服务器转发DNS请求。
# listen-on port 53 { 192.168.0.232; };
# listen-on-v6 port 53 { ::1; };
# directory "/var/named";
# dump-file "/var/named/data/cache_dump.db";
# statistics-file "/var/named/data/named_stats.txt";
# memstatistics-file "/var/named/data/named_mem_stats.txt";
# query-source port 53;
# query-source-v6 port 53;
# allow-query { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
# view localhost_resolver {
# match-clients { localhost; };
# match-destinations { localhost; };
# recursion yes;
# include "/etc/named.rfc1912.zones";
#};当然也可以选择只转发部分域的DNS请求,在/etc/named.rfc1912.zones中进行修改,增加一个名为 liusuping.com 的域,将该域的查询转发到192.168.0.231
zone "liusuping.com" {
type forward;
forwarders { 192.168.0.231;};
};
转载请注明:
本文转自:http://www.liusuping.com/ubuntu-linux/Redhat-Linux-BIND-DNS-fuzhu.html
刘苏平的博客
醉生梦死的生活
如果觉得博文还不错,请猛击此处订阅本博客!
或者请与我联系:admin#liusuping.com
或者请与我联系:admin#liusuping.com
- 评论:(0)
- 引用通告
发表评论点击这里获取该日志的TrackBack引用地址