DNS辅助服务器是一种容错设计,考虑的是一旦DNS主服器出现故障或因负载太重无法及时响应客户机请求,辅助服务器将挺身而出为主服务器排忧解难。辅助服务器的区域数据都是从主服务器复制而来,因此辅助服务器的数据都是只读的,当然,如果有必要,我们可以很轻松地把辅助服务器升级为主服务器
bind9的编译及安装这里就不在重复了,不了解的同学请参考:
菜鸟也玩DNS之配置DNS缓存服务器
主dns服务器:192.168.1.10
辅DNS服务器:192.168.1.20
主DNS做如下配置
named.conf内容如下:
key "rndc-key" {
algorithm hmac-md5;
secret "MUJbEnY6WFnkUg1waSD3lQ=="; 该密钥需要与rndc.conf文件中的密钥对应。
};
algorithm hmac-md5;
secret "MUJbEnY6WFnkUg1waSD3lQ=="; 该密钥需要与rndc.conf文件中的密钥对应。
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#指定资源文件存放路径,和pid文件名称。
options {
directory "/usr/local/named/dns/zone";
pid-file "/usr/local/named/dns/named.pid";
};
options {
directory "/usr/local/named/dns/zone";
pid-file "/usr/local/named/dns/named.pid";
};
#指向跟服务器的资源文件
zone "." IN {
type hint;
file "named.root";
};
zone "." IN {
type hint;
file "named.root";
};
#本地权威DNS记录的资源文件
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
#本地权威反向DNS记录的资源文件
zone "0.0.127.in-addr.arpa" IN {
type master;
file "localhost.rev";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "localhost.rev";
allow-update { none; };
};
#本DNS服务器负责的权威域xiaocui.com的资源文件
zone "xiaocui.com" IN {
type master;
file "xiaocui.com.zone";
allow-update { none; };
};
type master;
file "xiaocui.com.zone";
allow-update { none; };
};
#本DNS服务器负责的权威域xiaocui.com的反向资源文件
zone "1.168.192.in-addr.arpa" IN {
type master;
file "xiaocui.com.rev";
allow-update { none; };
};
type master;
file "xiaocui.com.rev";
allow-update { none; };
};
named.root内容如下:
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jun 8, 2011
; related version of root zone: 2011060800
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jun 8, 2011
; related version of root zone: 2011060800
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File
localhost.zone正向资源文件内容:
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
localhost.rev反向资源文件内容:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
xiaocui.com.zone正向资源文件内容:
$TTL 86400
@ IN SOA xiaocui.com. root.xiaocui.com. (
1053891162 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS xiaocui.com.
IN A 192.168.1.10
www IN A 192.168.1.100
@ IN SOA xiaocui.com. root.xiaocui.com. (
1053891162 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS xiaocui.com.
IN A 192.168.1.10
www IN A 192.168.1.100
xiaocui.com.rev反向资源文件内容:
$TTL 86400
@ IN SOA xiaocui.com. root.xiaocui.com. (
20031001; Serial
7200; Refresh
3600; Retry
43200; Expire
86400 ); Minimum
IN NS xiaocui.com.
10 IN PTR xiaocui.com.
100 IN PTR www.xiaocui.com .
@ IN SOA xiaocui.com. root.xiaocui.com. (
20031001; Serial
7200; Refresh
3600; Retry
43200; Expire
86400 ); Minimum
IN NS xiaocui.com.
10 IN PTR xiaocui.com.
100 IN PTR www.xiaocui.com .
注意下图中的红色地方,这里是为了辅DNS能尽快复制到区域资源文件,所以把刷新时间改低了,正常企业应用的,以实际情况为准。
在辅DNS上做如下操作
named.conf配置文件内容如下:
key "rndc-key" {
algorithm hmac-md5;
secret "E5eTErLJ1gixr2LDpcz6Cg==";
};
algorithm hmac-md5;
secret "E5eTErLJ1gixr2LDpcz6Cg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#指定资源文件存放路径,和pid文件名称。
options {
directory "/usr/local/named/dns/zone";
pid-file "/usr/local/named/dns/named.pid";
};
options {
directory "/usr/local/named/dns/zone";
pid-file "/usr/local/named/dns/named.pid";
};
zone "." IN {
type hint;
file "named.root";
};
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "localhost.rev";
allow-update { none; };
};
type master;
file "localhost.rev";
allow-update { none; };
};
zone "xiaocui.com" IN {
type slave;
file "xiaocui.com.zone";
masters { 192.168.1.10; };
};
type slave;
file "xiaocui.com.zone";
masters { 192.168.1.10; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "xiaocui.com.rev";
masters { 192.168.1.10; };
};
type slave;
file "xiaocui.com.rev";
masters { 192.168.1.10; };
};
named.root文件内容和主DNS上的named.root内容相同
localhost.zone正向资源文件内容和主DNS的localhost.zone内容相同
localhost.rev反向资源文件内容和主DNS的localhost.rev内容相同
配置完毕,分别启动主从服务器,命令如下:
#/usr/local/named/sbin/named -4
如果配置正确的话,过几分钟辅DNS会从指定的主DNS上去下载权威域的资源文件到本地。
正向资源文件名为xiaocui.com.zone.slave
反向资源文件名为xiaocui.com.rev.slave
使用nslookup查询一下
www.xiaocui.com
DNS辅助服务器的搭建就到这里,如果你按照上面操作完之后,依然看不到下载区域文件,请注意你的防火墙是否给拦截了。
本文转自 cyr520 51CTO博客,原文链接:http://blog.51cto.com/cyr520/697348
