How To Install DNS server with Master/Slave's config
1、 下载并安装
Cd /software
Wget http://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
Tar zxvf bind-9.3.2.tar.gz
Cd bin-9.3.2
./configure -prefix=/Data/apps/named \
--enable-threads
Make
Make install
2、 配置
Cd /Data/apps/named
[root@linux named]# mkdir etc
生成rndc控制命令的key文件
[root@linux named]# sbin/rndc-confgen > etc/rndc.conf
从rndc.conf文件中提取named.conf用的key
[root@linux named]# cd etc
自动在/Data/apps/named/etc生成named.conf文件
[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g >
named.conf
3、 建立Zone文件目录
[root@linux etc]# mkdir /Data/named
进入/Data/named目录
[root@linux etc]# cd /var/named
A、 建立localhost.zone
[root@linux named]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d.
adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
B、 建立named.local
[root@linux named]#vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
C、 生成named.root
[root@linux named]#dig > named.root
D、 修改named.conf
Cd /Data/apps/named/etc
配置named.conf文件,在后面加入一下代码
[root@linux etc]# vi named.conf
options {
directory "/Data/named";
pid-file "named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
E、 测试启动bind
/Data/apps/named/sbin/named -c /Data/apps/named/etc/named.conf &
4、 下面已longrujun.com/lrj.com为例进行配置
Server 1:Master
IPADDR=192.168.5.223/224
NETMASK=255.255.255.0
GATEWAY=192.168.5.1
Server 2: Slave
IPADDR=192.168.5.225/226
NETMASK=255.255.255.0
GATEWAY=192.168.5.1
其中
Longrujun.com做view功能及Master/Slave同步,再一定程度上便于解决互联互通问题
lrj.com只涉及Master/Slave同步功能
A、 网络参数配置
由于View+功能同步需要每服务器2个IP,在每个服务器上面多做一个ip
alias
已redhat as4 为例
[root@redhatas4 named]# cd /etc/sysconfig/network-scripts/
[root@redhatas4 network-scripts]# cp ifcfg-eth0 cp ifcfg-eth0:1
[root@redhatas4 network-scripts]# cat ifcfg-eth0:1
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0:1
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.5.224
NETMASK=255.255.255.0
GATEWAY=192.168.5.1
B、 在Master建立config及zone文件
1>、修改named.conf文件
由于View功能需要把所有Zone放到View中,故在named.conf中删除如下文件
[root@redhatas4 network-scripts]# vi /Data/apps/named/etc/named.conf
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
同时在最后加上
include "zone.named.conf";
完整的named.conf如下
[root@redhatas4 etc]# cat named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "7GOJi0L1LwB2WXR38/K3ow==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/Data/named";
pid-file "named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "zone.named.conf";
2>、建立zone.named.conf
[root@redhatas4 etc]# cd /Data/named/
[root@redhatas4 named]# vi zone.named.conf
acl CNCbeijing {
61.48/14;61.135/16;61.148/15;202.96.0/18;202.99.0/18;202.106/16;202.108/16;221.216/13;222.128/14;
};
acl CNChebei {
60.0.0.0/12;61.55.0.0/16;61.159.0.0/18;61.182/16;202.99.128.0/18;218.11/15;221.192/14;
};
acl CNCshandong {
60.208.0.0/12;61.133.0.0/17;61.156.0.0/16;61.162.0.0/16;61.179.0.0/16;202.102.128.0/18;202.110.192.0/18;218.56.0.0/14;221.0.0.0/14;
};
acl CNCzhejiang { 60.12/16;221.12/16;};
acl CNCgansu { 60.13.0/18;221.7.32/19;};
acl CNCchongqing { 221.5.128/17;221.7.64/19;};
acl CNCguangdong { 221.4/15;};
acl CNCguangxi { 221.7.128/17;};
acl CNCguizhou { 221.13.0/18;};
acl CNChainan { 221.11.128/17;};
acl CNCheilongjiang {
61.138.0/18;61.167/16;61.180.128/17;202.97.192/18;218.7/14;221.208/13;};
acl CNChenan {
61.52/14;61.136.64/18;61.158.128/17;61.163/16;61.168/16;202.102.224/19;202.110.64/18;202.111.128/19;218.28/15;221.13.128/14;222.136/13;};
acl CNCjiangsu { 221.6/16;};
acl CNCjilin {
61.138.128/18;61.139.128/18;61.161.0/18;202.98.0/19;202.111.160/19;218.27/16;221.8/15;222.160/14;};
acl CNCliaoning {
60.16/13;61.137.128/17;61.161.128/17;61.176/16;61.189.0/17;202.96.64/19;202.97.160/19;202.107.0/17;202.110.0/18;218.24/15;218.60/15;221.200/14;};
acl CNCneimeng {60.31/16;221.199.128/17;};
acl CNCneimenggu { 61.134.96/19;61.138.64/18;202.99.224/19;};
acl CNCningxia { 221.199.0/18;};
acl CNCqinghai { 221.207.0/18;};
acl CNCshanxi
{221.11.0/17;60.220/14;202.97.128/19;202.99.192/19;218.26/16;221.204/15;};
acl CNCsichuan { 221.10/16;};
acl CNCtianjin {
60.24/13;60.181/16;202.99.64/18;218.67.128/14;221.196/14;};
acl CNCxinjiang { 60.13.128/17;221.7.0/19;};
acl CNCxizang { 221.13.64/19;};
acl CNCyunnan { 221.213/16;221.3.128/17;};
# pls edit acl testip1/2 with ur truely ip
#acl testip {211.157.101.174;211.157.101.175;};
#acl testip2 {211.152.17.58;211.152.17.59;};
acl testip1 {192.168.5.223;192.168.5.224;};
acl testip2 {192.168.5.225;192.168.5.226;};
view "internal" {
match-clients {
!192.168.5.224;!192.168.5.226;CNCbeijing;CNChebei;CNCshandong;CNCtianjin;CNCzhejiang;CNCgansu;CNCchongqing;CNCguangdong;CNCguangxi;CNCguizhou;CNChainan;CNCheilongjiang;CNChenan;CNCjiangsu;CNCjilin;CNCliaoning;CNCneimeng;CNCneimenggu;CNCningxia;CNCqinghai;CNCshanxi;CNCsichuan;CNCxinjiang;CNCxizang;CNCyunnan;testip1;testip2;};
recursion yes;
notify-source 192.168.5.223;
transfer-source 192.168.5.223;
query-source address 192.168.5.223;
include "common.zone.named.conf";
include "longrujun.other.zone.named.conf";
zone "longrujun.com" IN {
type master;
file "longrujun.com.zone.bj";
allow-transfer {192.168.5.225;};
};
};
view "external" {
match-clients { any; };
recursion yes;
notify-source 192.168.5.224;
transfer-source 192.168.5.224;
query-source address 192.168.5.224;
include "common.zone.named.conf";
include "longrujun.other.zone.named.conf";
zone "longrujun.com" IN {
type master;
file "longrujun.com.zone";
allow-transfer {192.168.5.226;};
};
};
3>、建立common.zone.named.conf
[root@redhatas4 named]# cd /Data/named/
[root@redhatas4 named]# vi common.zone.named.conf
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
4>、建立longrujun.other.zone.named.conf
[root@redhatas4 named]# cd /Data/named/
[root@redhatas4 named]# vi longrujun.other.zone.named.conf
zone "dearbook.com.cn" IN {
type master;
file "domain1.com.cn";
allow-update { none; };
};
zone "lrj.com" IN {
type master;
file "lrj.com";
allow-update { none; };
};
5>、建立longrujun.com.zone
[root@redhatas4 named]# cd /Data/named/
[root@redhatas4 named]# vi longrujun.com.zone
$ORIGIN .
$TTL 3600
longrujun.com IN SOA dns.longrujun.com.
admin.longrujun.com. (
2006071602; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
longrujun.com NS dns.longrujun.com
longrujun.com NS dns2.longrujun.com
longrujun.com MX 10 mail.longrujun.com
mail.longrujun.com CNAME mail.longrujun.com
$ORIGIN longrujun.com.
www A 202.99.8.1
dns A 192.168.5.223
dns2 A 192.168.5.225
live A 10.10.10.99
tag A 10.100.10.100
6>、建立longrujun.com.zone.bj
[root@redhatas4 named]# cd /Data/named/
[root@redhatas4 named]# vi longrujun.com.zone.bj
$ORIGIN .
$TTL 3600
longrujun.com IN SOA dns.longrujun.com.
admin.longrujun.com. (
2006071603; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
longrujun.com NS dns.longrujun.com
longrujun.com NS dns2.longrujun.com
A 11.11.11.11
longrujun.com MX 10 mail.longrujun.com
mail.longrujun.com CNAME mail.longrujun.com
$ORIGIN longrujun.com.
www A 10.10.10.10
dns A 192.168.5.223
dns2 A 192.168.5.225
live A 10.10.10.11
tag A 10.10.10.12
7>、建立lrj.com
[root@redhatas4 named]# vi lrj.com
$ORIGIN .
$TTL 3600
lrj.com IN SOA dns.longrujun.com. admin.longrujun.com.
(
2006071602; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
lrj.com NS dns.longrujun.com
lrj.com NS dns2.longrujun.com
A 12.12.12.12
$ORIGIN lrj.com.
www A 12.12.12.12
至此所有配置工作均已完成,检查一下Zone及conf文件
[root@redhatas4 named]# cd /Data/apps/named/sbin/
[root@redhatas4 sbin]# ./named-checkzone longrujun.com
/Data/named/longrujun.com
.zone
zone longrujun.com/IN: loaded serial 2006071602
OK
[root@redhatas4 sbin]# ./named-checkzone longrujun.com
/Data/named/longrujun.com.zone.bj
zone longrujun.com/IN: loaded serial 2006071603
OK
[root@redhatas4 sbin]# ./named-checkzone lrj.com /Data/named/lrj.com
zone lrj.com/IN: loaded serial 2006071602
OK
C、 在Slave上安装及配置相关文件
1>、安装bind
Cd /software
Wget http://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
Tar zxvf bind-9.3.2.tar.gz
Cd bin-9.3.2
./configure -prefix=/Data/apps/named \
--enable-threads
Make
Make install
2>、配置
Cd /Data/apps/named
[root@linux named]# mkdir etc
生成rndc控制命令的key文件
[root@linux named]# sbin/rndc-confgen > etc/rndc.conf
从rndc.conf文件中提取named.conf用的key
[root@linux named]# cd etc
自动在/Data/apps/named/etc生成named.conf文件
[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g >
named.conf
3>、建立Zone文件目录
[root@linux etc]# mkdir /Data/named
进入/Data/named目录
[root@linux etc]# cd /var/named
4>、建立localhost.zone
[root@linux named]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d.
adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
5>、建立named.local
[root@linux named]#vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
6>、生成named.root
[root@linux named]#dig > named.root
7>、修改named.conf
Cd /Data/apps/named/etc
配置named.conf文件,在后面加入一下代码
[root@linux etc]# vi named.conf
options {
directory "/Data/named";
pid-file "named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
8>、测试启动bind
/Data/apps/named/sbin/named -c /Data/apps/named/etc/named.conf &
1>>在Slave建立config及zone文件
A>、修改named.conf文件
由于View功能需要把所有Zone放到View中,故在named.conf中删除如下文件
[root@redhatas4 network-scripts]# vi /Data/apps/named/etc/named.conf
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
同时在最后加上
include "zone.named.conf";
完整的named.conf如下
[root@redhatas4 etc]# cat named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "7GOJi0L1LwB2WXR38/K3ow==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/Data/named";
pid-file "named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "zone.named.conf";
B>、建立zone.named.conf
[root@redhatas4 etc]# cd /Data/named/
[root@redhatas4 named]# vi zone.named.conf
debian:/Data/named# cat zone.named.conf
acl CNCbeijing {
61.48/14;61.135/16;61.148/15;202.96.0/18;202.99.0/18;202.106/16;202.108/16;221.216/13;222.128/14;
};
acl CNChebei {
60.0.0.0/12;61.55.0.0/16;61.159.0.0/18;61.182/16;202.99.128.0/18;218.11/15;221.192/14;
};
acl CNCshandong {
60.208.0.0/12;61.133.0.0/17;61.156.0.0/16;61.162.0.0/16;61.179.0.0/16;202.102.128.0/18;202.110.192.0/18;218.56.0.0/14;221.0.0.0/14;
};
acl CNCzhejiang { 60.12/16;221.12/16;};
acl CNCgansu { 60.13.0/18;221.7.32/19;};
acl CNCchongqing { 221.5.128/17;221.7.64/19;};
acl CNCguangdong { 221.4/15;};
acl CNCguangxi { 221.7.128/17;};
acl CNCguizhou { 221.13.0/18;};
acl CNChainan { 221.11.128/17;};
acl CNCheilongjiang {
61.138.0/18;61.167/16;61.180.128/17;202.97.192/18;218.7/14;221.208/13;};
acl CNChenan {
61.52/14;61.136.64/18;61.158.128/17;61.163/16;61.168/16;202.102.224/19;202.110.64/18;202.111.128/19;218.28/15;221.13.128/14;222.136/13;};
acl CNCjiangsu { 221.6/16;};
acl CNCjilin {
61.138.128/18;61.139.128/18;61.161.0/18;202.98.0/19;202.111.160/19;218.27/16;221.8/15;222.160/14;};
acl CNCliaoning {
60.16/13;61.137.128/17;61.161.128/17;61.176/16;61.189.0/17;202.96.64/19;202.97.160/19;202.107.0/17;202.110.0/18;218.24/15;218.60/15;221.200/14;};
acl CNCneimeng {60.31/16;221.199.128/17;};
acl CNCneimenggu { 61.134.96/19;61.138.64/18;202.99.224/19;};
acl CNCningxia { 221.199.0/18;};
acl CNCqinghai { 221.207.0/18;};
acl CNCshanxi
{221.11.0/17;60.220/14;202.97.128/19;202.99.192/19;218.26/16;221.204/15;};
acl CNCsichuan { 221.10/16;};
acl CNCtianjin {
60.24/13;60.181/16;202.99.64/18;218.67.128/14;221.196/14;};
acl CNCxinjiang { 60.13.128/17;221.7.0/19;};
acl CNCxizang { 221.13.64/19;};
acl CNCyunnan { 221.213/16;221.3.128/17;};
# pls edit acl testip1/2 with ur truely ip
#acl testip {211.157.101.174;211.157.101.175;};
#acl testip2 {211.152.17.58;211.152.17.59;};
acl testip1 {192.168.5.223;192.168.5.224;};
acl testip2 {192.168.5.225;192.168.5.226;};
view "internal" {
match-clients {
!192.168.5.224;!192.168.5.226;CNCbeijing;CNChebei;CNCshandong;CNCtianjin;CNCzhejiang;CNCgansu;CNCchongqing;CNCguangdong;CNCguangxi;CNCguizhou;CNChainan;CNCheilongjiang;CNChenan;CNCjiangsu;CNCjilin;CNCliaoning;CNCneimeng;CNCneimenggu;CNCningxia;CNCqinghai;CNCshanxi;CNCsichuan;CNCxinjiang;CNCxizang;CNCyunnan;testip1;testip2;};
recursion yes;
notify-source 192.168.5.225;
transfer-source 192.168.5.225;
query-source address 192.168.5.225;
include "common.zone.named.conf";
include "longrujun.other.zone.named.conf";
zone "longrujun.com" IN {
type slave;
file "longrujun.com.zone.bj";
masters { 192.168.5.223; };
transfer-source 192.168.5.225;
};
};
view "external" {
match-clients { any; };
recursion yes;
notify-source 192.168.5.226;
transfer-source 192.168.5.226;
query-source address 192.168.5.226;
include "common.zone.named.conf";
include "longrujun.other.zone.named.conf";
zone "longrujun.com" IN {
type slave;
file "longrujun.com.zone";
masters { 192.168.5.224; };
transfer-source 192.168.5.226;
};
};
C>、建立common.zone.named.conf
debian:/Data/named# vi common.zone.named.conf
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
D>、建立longrujun.other.zone.named.conf
debian:/Data/named# vi longrujun.other.zone.named.conf
zone "lrj.com" IN {
type slave;
file "Slave/lrj.com";
masters { 192.168.5.223; };
};
E>、建立longrujun.com.zone
debian:/Data/named# vi longrujun.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
longrujun.com IN SOA dns.longrujun.com. admin.longrujun.com.
(
2006071602 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS dns.longrujun.com.
NS dns2.longrujun.com.
MX 10 mail.longrujun.com.
$ORIGIN longrujun.com.
dns A 192.168.5.223
dns2 A 192.168.5.225
live A 10.10.10.99
mail CNAME mail
tag A 10.100.10.100
www A 202.99.8.1
F>、建立longrujun.com.zone.bj
debian:/Data/named# vi longrujun.com.zone.bj
$ORIGIN .
$TTL 3600
longrujun.com IN SOA dns.longrujun.com.
admin.longrujun.com. (
2006071603; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
longrujun.com NS dns.longrujun.com
longrujun.com NS dns2.longrujun.com
A 11.11.11.11
longrujun.com MX 10 mail.longrujun.com
mail.longrujun.com CNAME mail.longrujun.com
$ORIGIN longrujun.com.
www A 10.10.10.10
dns A 192.168.5.223
dns2 A 192.168.5.225
live A 10.10.10.11
tag A 10.10.10.12
7>、建立lrj.com
debian:/Data/named# cat lrj.com
$ORIGIN .
$TTL 3600
lrj.com IN SOA dns.longrujun.com. admin.longrujun.com.
(
2006071602; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
lrj.com NS dns.longrujun.com
lrj.com NS dns2.longrujun.com
A 12.12.12.12
$ORIGIN lrj.com.
www A 12.12.12.12
至此所有配置工作均已完成,检查一下Zone及conf文件
Published 2006年8月19日 16:32 by admin
没有评论:
发表评论