Linux运维部署DNS主从同步

DNS主从介绍

作为重要的互联网基础设施服务,保证DNS域名解析服务的正常运转至关重要,只有这样才能提供稳定、快速且不间断的域名查询服务。在DNS域名解析服务中,从服务器可以从主服务器上获取指定的区域数据文件,从而起到备份解析记录与负载均衡的作用,因此通过部署从服务器可以减轻主服务器的负载压力,还可以提升用户的查询效率。

安装环境

主机名操作系统IP
主服务器CentOS 710.1.1.250
从服务器CentOS 710.1.1.254

修改配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
options {
listen-on port 53 { 10.1.1.250; };
directory "/var/named/chroot/etc/";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
empty-zones-enable no;
forwarders {114.114.114.114;8.8.8.8; };


recursion yes;
dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};


logging {
channel default_debug {
file "/var/named/data/named.run";
severity dynamic;
};
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
1
2
3
4
5
6
7
zone "boysec.cn" IN {
type master;
file "boysec.cn.zone";
also-notify { 10.1.1.254; };
allow-transfer { 10.1.1.254; };
allow-update { 10.1.1.254; };
};
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
options {
listen-on port 53 { 10.1.1.254; };
directory "/var/named/chroot/etc/";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders {202.106.196.115;8.8.8.8; };
recursion yes;
masterfile-format text;

dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
1
2
3
4
5
zone "boysec.cn" IN {
type slave;
masters { 10.1.1.250; };
file "slave/boysec.cn.zone";
};

检查配置并重启主DNS

1
2
3
4
# mkdir /var/named/chroot/etc/slave
# chown -R named.named /var/named/
# named-checkconf
# systemctl restart named

检查同步过来的区域数据库文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@dns-slave ~]# cat /var/named/chroot/etc/slave/boysec.cn.zone 
$ORIGIN .
$TTL 600 ; 10 minutes
boysec.cn IN SOA ns1.boysec.cn. dnsadmin.boysec.cn. (
2018121602 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.boysec.cn.
$ORIGIN boysec.cn.
$TTL 60 ; 1 minute
admin A 10.1.1.254
bbs A 1.2.3.4
www A 10.1.1.250
ns1 A 10.4.7.11

检查解析是否正确

使用主DNS查询A记录

1
2
3
4
[root@dns-slave slave]# dig -t A @10.1.1.250 www.boysec.cn +short 
10.1.1.250
[root@dns-slave slave]# dig -t A @10.1.1.250 down.boysec.cn +short
1.22.22.3

使用备DNS查询A记录

1
2
3
4
[root@dns-slave slave]# dig -t A @10.1.1.254 www.boysec.cn +short
10.1.1.250
[root@dns-slave slave]# dig -t A @10.1.1.254 down.boysec.cn +short
1.22.22.3