CentOS 6.2安装Bind 9.8.2 master、slave与自动修改后更新(3)

4、在本机指向刚才设置的dns
[root@slave named]# cat /etc/resolv.conf
nameserver 192.168.56.104
nameserver 192.168.56.105

5、使用dig测试
[root@slave named]# dig ns1.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53453
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns1.test.com.          IN  A
;; ANSWER SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns1.test.com.
test.com.      86400  IN  NS  ns2.test.com.
;; ADDITIONAL SECTION:
ns2.test.com.      86400  IN  A  192.168.56.105
;; Query time: 1 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Mon Jul  8 02:28:26 2013
;; MSG SIZE  rcvd: 94
[root@slave named]# dig ns2.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15455
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns2.test.com.          IN  A
;; ANSWER SECTION:
ns2.test.com.      86400  IN  A  192.168.56.105
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns1.test.com.
test.com.      86400  IN  NS  ns2.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
;; Query time: 1 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Mon Jul  8 02:28:32 2013
;; MSG SIZE  rcvd: 94
[root@slave named]# dig server.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37155
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;server.test.com.      IN  A
;; ANSWER SECTION:
server.test.com.    86400  IN  A  192.168.56.101
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns2.test.com.
test.com.      86400  IN  NS  ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
ns2.test.com.      86400  IN  A  192.168.56.105
;; Query time: 1 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Mon Jul  8 02:28:36 2013
;; MSG SIZE  rcvd: 117

现在dns的master与slave与自动更新配置完成。
6、我们在测试一下，如果master端修改了或者添加了配置slave端是否能接收最新的配置
我现在master端的name.test.com的配置
[root@CentOS named]# cat named.test.com
$TTL 1D
@  IN SOA  ns1.test.com.  root.localhost. (
2013070822  ; serial
60  ; refresh
1H  ; retry
1W  ; expire
3H )    ; minimum
NS  ns1.test.com.
NS  ns2.test.com.
A  192.168.56.104
server  A  192.168.56.101
client1 A  192.168.56.103
Ubuntu  A  192.168.56.102
ns1 A  192.168.56.104
ns2 A  192.168.56.105
test2  A  192.168.8.1
test1  A  192.168.8.12
test3  A  192.168.8.3

可以看到添加了test1-3的几个正向解析。
然后在master端重启bind
/etc/init.d/named restart

查看master端日志
我只列出传输日志
Jul  8 12:00:49 master named-sdb[4967]: zone 56.168.192.in-addr.arpa/IN: loaded serial 2013070814
Jul  8 12:00:49 master named-sdb[4967]: zone test.com/IN: loaded serial 2013070822
Jul  8 12:00:49 master named-sdb[4967]: managed-keys-zone ./IN: loaded serial 6
Jul  8 12:00:49 master named-sdb[4967]: running
Jul  8 12:00:49 master named-sdb[4967]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)
Jul  8 12:00:49 master named-sdb[4967]: zone test.com/IN: sending notifies (serial 2013070822)
在查看slave端日志
Jul  8 04:03:36 slave named-sdb[13688]: client 192.168.56.104#48310: received notify for zone 'test.com'
Jul  8 04:03:36 slave named-sdb[13688]: zone test.com/IN: Transfer started.
Jul  8 04:03:36 slave named-sdb[13688]: transfer of 'test.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#37661
Jul  8 04:03:36 slave named-sdb[13688]: zone test.com/IN: transferred serial 2013070822
Jul  8 04:03:36 slave named-sdb[13688]: transfer of 'test.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 13 records, 332 bytes, 0.005 secs (66400 bytes/sec)
Jul  8 04:03:36 slave named-sdb[13688]: zone test.com/IN: sending notifies (serial 2013070822)
Jul  8 04:03:37 slave named-sdb[13688]: client 192.168.56.104#21155: received notify for zone '56.168.192.in-addr.arpa'
Jul  8 04:03:37 slave named-sdb[13688]: zone 56.168.192.in-addr.arpa/IN: notify from 192.168.56.104#21155: zone is up to date

然后在slave里查看name.test.com文件内容
[root@cacti named]# cd /var/named/
[root@cacti named]# cat named.test.com
$ORIGIN .
$TTL 86400  ; 1 day
test.com        IN SOA  ns1.test.com. root.localhost. (
2013070822 ; serial
60        ; refresh (1 minute)
3600      ; retry (1 hour)
604800    ; expire (1 week)
10800      ; minimum (3 hours)
)
NS  ns1.test.com.
NS  ns2.test.com.
A  192.168.56.104
$ORIGIN test.com.
client1        A  192.168.56.103
ns1        A  192.168.56.104
ns2        A  192.168.56.105
server          A  192.168.56.101
test1          A  192.168.8.12
test2          A  192.168.8.1
test3          A  192.168.8.3
ubuntu          A  192.168.56.102

可以看到成功更新了。
7、现在我们把master端的dns服务停掉，看看slave是否能解析
[root@slave named]# dig ns1.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns1.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38700
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns1.test.com.          IN  A
;; ANSWER SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns2.test.com.
test.com.      86400  IN  NS  ns1.test.com.
;; ADDITIONAL SECTION:
ns2.test.com.      86400  IN  A  192.168.56.105
;; Query time: 0 msec
;; SERVER: 192.168.56.105#53(192.168.56.105)
;; WHEN: Mon Jul  8 02:30:22 2013
;; MSG SIZE  rcvd: 94
[root@slave named]# dig ns2.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> ns2.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28400
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns2.test.com.          IN  A
;; ANSWER SECTION:
ns2.test.com.      86400  IN  A  192.168.56.105
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns2.test.com.
test.com.      86400  IN  NS  ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
;; Query time: 1 msec
;; SERVER: 192.168.56.105#53(192.168.56.105)
;; WHEN: Mon Jul  8 02:30:29 2013
;; MSG SIZE  rcvd: 94
[root@slave named]# dig server.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> server.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;server.test.com.      IN  A
;; ANSWER SECTION:
server.test.com.    86400  IN  A  192.168.56.101
;; AUTHORITY SECTION:
test.com.      86400  IN  NS  ns1.test.com.
test.com.      86400  IN  NS  ns2.test.com.
;; ADDITIONAL SECTION:
ns1.test.com.      86400  IN  A  192.168.56.104
ns2.test.com.      86400  IN  A  192.168.56.105
;; Query time: 0 msec
;; SERVER: 192.168.56.105#53(192.168.56.105)
;; WHEN: Mon Jul  8 02:30:34 2013
;; MSG SIZE  rcvd: 117

可以看到master端dbs服务断掉后，域名也可以通过slave端来进行解析。
反之，如果slave端dns服务断掉后，域名也可以通过master端进行解析。
如果测试完成后，可以把bind的服务给添加到开机启动
[root@master named]# chkconfig --list named
named          0:off  1:off  2:off  3:off  4:off  5:off  6:off
[root@master named]# chkconfig --level 345 named on
[root@master named]# chkconfig --list named
named          0:off  1:off  2:off  3:on    4:on    5:on    6:off

同时在生产环境的配置的时候，需要把master与slave的时间弄成一致，比如使用ntp同步时间，而且别再机器上开启ipstables与selinux，否则出现你master发送notify后，slave端无法接收。
而且如果在master端增加新域名的话，需要注意的是
1、在master与slave的/etc/named.rfc1912.zones都添加配置
2、在master与slave都重启bind，如果只是master端重启，而slave端不重启，会出现在master发送配置的时候，slave日志为client 192.168.56.104#11005: received notify for zone 'xxx.com': not authoritative,同时不能接收到更新；
Slave端重启后会成功的同步
Jul  8 04:13:18 cacti named-sdb[14449]: zone 56.168.192.in-addr.arpa/IN: sending notifies (serial 2013070814)
Jul  8 04:13:18 cacti named-sdb[14449]: zone test.com/IN: sending notifies (serial 2013070822)
Jul  8 04:13:18 cacti named-sdb[14449]: zone Hadoop.com/IN: Transfer started.
Jul  8 04:13:18 cacti named-sdb[14449]: transfer of 'hadoop.com/IN' from 192.168.56.104#53: connected using 192.168.56.105#49804
Jul  8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: transferred serial 2013070813
Jul  8 04:13:18 cacti named-sdb[14449]: transfer of 'hadoop.com/IN' from 192.168.56.104#53: Transfer completed: 1 messages, 9 records, 265 bytes, 0.004 secs (66250 bytes/sec)
Jul  8 04:13:18 cacti named-sdb[14449]: zone hadoop.com/IN: sending notifies (serial 2013070813)

可以从日志里看到同步成功。
如果在/var/log/message日志里出现一下内容
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns1.nic.uk/AAAA/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsc.nic.uk/A/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsc.nic.uk/AAAA/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns2.nic.uk/AAAA/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsa.nic.uk/AAAA/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'ns6.nic.uk/AAAA/IN': 2001:500:2f::f#53
Jul  8 13:36:34 master named-sdb[6324]: error (network unreachable) resolving 'nsd.nic.uk/AAAA/IN': 2001:500:2f::f#53
Jul  8 13:36:36 master named-sdb[6324]: error (network unreachable) resolving 'ns3.nic.uk/AAAA/IN': 2001:502:ad09::3#53

原因是try to use IPv6 transport even if the server host does not have IPv6 connectivity
解决方法：可以在直接编译配置文件/etc/sysconfig/named，去除去IPv6的解析，只解析IPv4，OPTIONS="whatever" 改为 OPTIONS="-4"，注意OPTIONS选项的值可以是：whatever、-4、-6中的一