Linux下搭建主从DNS服务器并实现智能解析(2)

测试反解(Linux方法)

[Allen@master ~]$ dig -x 123.59.246.200 | grep -A1 "ANSWER SECTION" ;; ANSWER SECTION: 200.246.59.123.in-addr.arpa. 21599 IN PTR mail.ehousechina.com. [Allen@master ~]$ dig -x 111.204.53.64 | grep -A1 "ANSWER SECTION" ;; ANSWER SECTION: 64.53.204.111.in-addr.arpa. 37 IN PTR mail.ybjt.net. 6. 权威答案与非权威答案

权威答案:直接负责这个域的NS服务器返回的答案;

非权威答案:服务器不负责这个域,只是因为之前解析过,所以缓存中有,返回缓存中的答案;将这种答案叫做非权威答案是因为,上级DNS可能随时会更新,而所查询的DNS服务器本地缓存不一定及时更新了,所以这时客户端得到的答案可能是无效的;

7. 主/从DNS服务器

主DNS服务器:维护所负责解析的域的数据库的服务器;读写操作均可进行;主服务器的数据会不断发生改变;

从DNS服务器:从主DNS服务器那里或其它的从DNS服务器那里“复制”一份解析库;但只能进行读操作不能修改;从服务器的数据库要随时同步主服务器的数据;

8. 主/从之间的同步方式

在主DNS服务器上定义数据库的序号,当要改变数据库时,手动将序号增加,从DNS服务器每隔一段时间去同步时,根据这个序号判断是否更新自己的数据库(如果主DNS服务器的序号大,就要更新数据);
配置文件中要需要定义一下几个计时器:

刷新时间间隔refresh:表示从服务器多长时间去同步一次;

重试时间间隔retry:表示同步不到时等待多长时间以后再尝试同步,重试时间要短于刷新时间;

过期时长expire:表示从服务器始终联系不到主服务器时,多久之后放弃从主服务器同步数据;停止提供服务;

negative answer ttl: 否定答案的缓存时长;

假如在刷新时间为5分钟,从服务器刚刷新完数据库,过1分钟后,主服务器就更新了数据库,那么在后面的4分钟之内,从服务器与主服务器的数据库是不同步的,如果在这段时间主服务器挂了,从服务器将没办法得到数据,也没办法向客户端提供最新数据服务,所以用刷新时间解决数据库更新同步是不完美的;

9. 主实时的通知从更新数据

主服务器数据库有变化,会立即通知从服务器更新数据库;这样数据库同步就有了两种叫法:一种站在从服务器角度是拉取,一种是站在主服务器角度描述推送;

10. 区域传送

当主服务器数据库量很大,有上万个域名解析,从服务器来来取数据库时,主服务器数据库只更新了一条信息,从服务器则不用把整个数据库同步一遍,而只需同步变化的数据即可;当从服务器是新数据库时才同步整个数据库;这个同步的过程也叫区域传送,有两种方式,一种是全量传送axfr,一种是增量传送ixfr;

11. 创建主/从DNS,实现智能解析实验 11.1. 基础信息说明

二级域名:linuxidc.com、linuxmi.com

linuxidc.com主DNS服务器:10.207.51.40:master.linuxidc.com

linuxidc.com从DNS服务器:10.207.51.30; 10.207.51.31:slave.linuxidc.com

linuxmi.com主DNS服务器:10.207.51.32:master.linuxmi.com

web服务器:10.207.51.41:>

web服务器:10.207.51.42:>

client1:10.207.51.61

client2:10.207.51.81

实现效果:当client1访问时解析到10.207.51.41;当client2访问是解析到10.207.51.42;

11.2. 配置主DNS服务器 [root@master ~]# yum install -y bind 11.2.1. 修改主配置文件 [root@master ~]# vim /etc/named.conf ##区域配置保持默认即可 options { listen-on port 53 { 10.207.51.40; }; allow-query { any; }; forward first; forwarders { 10.207.51.32; }; recursion yes; allow-recursion { 10.0.0.0/8;172.16.0.0/15;192.168.0.0/16; }; dnssec-enable no; dnssec-validation no; forward first; forwarders { 8.8.8.8; }; //zone "." IN { // type hint; // file "named.ca"; //}; [root@master ~]# vim /etc/named.rfc1912.zones acl client1 { 10.207.51.61;10.207.51.30; }; acl client2 { 10.207.51.81;10.207.51.31; }; view "client1" { match-clients { "client1"; }; zone "." IN { type hint; file "named.ca"; }; zone "linuxidc.com" IN { type master; file "linuxidc.com.zone.c1"; allow-transfer { 10.207.51.30; }; allow-update { none; }; }; zone "51.207.10.in-addr.arpa" IN { type master; file "10.207.51.zone.c1"; allow-transfer { 10.207.51.30; }; allow-update { none; }; }; zone "linuxmi.com" IN { type forward; forward only; forwarders { 10.207.51.32; }; }; }; view "client2" { match-clients { "client2"; }; zone "." IN { type hint; file "named.ca"; }; zone "linuxidc.com" IN { type master; file "linuxidc.com.zone.c2"; allow-transfer { 10.207.51.31; }; allow-update { none; }; }; zone "51.207.10.in-addr.arpa" IN { type master; file "10.207.51.zone.c2"; allow-transfer { 10.207.51.31; }; allow-update { none; }; }; zone "linuxmi.com" IN { type forward; forward only; forwarders { 10.207.51.32; }; }; }; 11.2.2. 创建zonefile [root@master ~]# vim /var/named/linuxidc.com.zone.c1 $TTL 3600 $ORIGIN linuxidc.com. @ IN SOA master.linuxidc.com. admin.linuxidc.com. ( 2018111601 1H 30M 5H 1H ) IN NS master IN NS slave master IN A 10.207.51.40 slave IN A 10.207.51.31 www IN CNAME [root@master ~]# vim /var/named/linuxidc.com.zone.c2 $TTL 3600 $ORIGIN linuxidc.com. @ IN SOA master.linuxidc.com. admin.linuxidc.com. ( 2018111601 1H 30M 5H 1H ) IN NS master IN NS slave master IN A 10.207.51.40 slave IN A 10.207.51.31 www IN CNAME [root@master ~]# vim /var/named/10.207.51.zone.c1 $TTL 3600 $ORIGIN 51.207.10.in-addr.arpa. @ IN SOA master.linuxidc.com. admin.linuxidc.com. ( 2018111601 1H 30M 5H 1H ) IN NS master.linuxidc.com. IN NS slave.linuxidc.com. 40 IN PTR master.linuxidc.com. 31 IN PTR slave.linuxidc.com. 41 IN PTR [root@master ~]# vim /var/named/10.207.51.zone.c2 $TTL 3600 $ORIGIN 51.207.10.in-addr.arpa. @ IN SOA master.linuxidc.com. admin.linuxidc.com. ( 2018111601 1H 30M 5H 1H ) IN NS master.linuxidc.com. IN NS slave.linuxidc.com. 40 IN PTR master.linuxidc.com. 31 IN PTR slave.linuxidc.com. 42 IN PTR 11.2.3. 修改权限 [root@master ~]# cd /var/named/ [root@master named]# chown :named linuxidc.com.zone.c1 linuxidc.com.zone.c2 10.207.51.zone.c1 10.207.51.zone.c2 [root@master named]# chmod 640 linuxidc.com.zone.c1 linuxidc.com.zone.c2 10.207.51.zone.c1 10.207.51.zone.c2 11.2.4. 启动服务 [root@master named]# systemctl start named [root@master named]# ss -antu | grep "\<53" udp UNCONN 0 0 10.207.51.40:53 *:* tcp LISTEN 0 10 10.207.51.40:53 *:* 11.3. 配置备DNS服务器 [root@slave ~]# yum install -y bind 10.3.1. 修改主配置文件 [root@slave ~]# vim /etc/named.conf ##区域配置保持默认即可 options { listen-on port 53 { 10.207.51.31; }; allow-query { any; }; forward first; forwarders { 10.207.51.32; }; recursion yes; allow-recursion { 10.0.0.0/8;172.16.0.0/8;192.168.0.0/8; }; dnssec-enable no; dnssec-validation no; forward first; forwarders { 8.8.8.8; }; //zone "." IN { // type hint; // file "named.ca"; //}; [root@slave ~]# vim /etc/named.rfc1912.zones acl client1 { 10.207.51.61; }; acl client2 { 10.207.51.81; }; view "client1" { match-clients { "client1"; }; zone "linuxidc.com" IN { type slave; file "slaves/linuxidc.com.zone.c1"; masters { 10.207.51.40; }; transfer-source 10.207.51.31; }; zone "51.207.10.in-addr.arpa" IN { type slave; file "slaves/10.207.51.zone.c1"; masters { 10.207.51.40; }; transfer-source 10.207.51.31; }; zone "linuxmi.com" IN { type forward; forward only; forwarders { 10.207.51.32; }; }; }; view "client2" { match-clients { "client2"; }; zone "." IN { type hint; file "named.ca"; }; zone "linuxidc.com" IN { type slave; file "slaves/linuxidc.com.zone.c2"; masters { 10.207.51.40; }; transfer-source 10.207.51.31; }; zone "51.207.10.in-addr.arpa" IN { type slave; file "slaves/10.207.51.zone.c2"; masters { 10.207.51.40; }; transfer-source 10.207.51.31; }; zone "linuxmi.com" IN { type forward; forward only; forwarders { 10.207.51.32; }; }; }; 11.3.2. 修改权限 [root@slave ~]# cd /var/named/ [root@slave named]# chown named:named slaves [root@slave named]# chmod 770 slaves 11.3.3. 启动服务 [root@slave ~]# systemctl start named [root@slaves ~]# ss -antu | grep "\<53" udp UNCONN 0 0 10.207.51.31:53 *:* tcp LISTEN 0 10 10.207.51.30:53 *:* 11.4. 测试效果 [root@client ~]# dig -b 10.207.51.61 @10.207.51.40 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -b 10.207.51.61 @10.207.51.40 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18485 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 3600 IN CNAME 3600 IN A 10.207.51.41 ##测试主DNS,客户端10.207.51.61解析,IP地址为10.207.51.41,解析成功; ;; AUTHORITY SECTION: linuxmi.com. 3600 IN NS master.linuxmi.com. ;; ADDITIONAL SECTION: master.linuxmi.com. 3600 IN A 10.207.51.32 ;; Query time: 5 msec ;; SERVER: 10.207.51.40#53(10.207.51.40) ;; WHEN: Fri Nov 16 18:28:07 CST 2018 ;; MSG SIZE rcvd: 122 [root@client ~]# dig -b 10.207.51.81 @10.207.51.40 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -b 10.207.51.81 @10.207.51.40 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21173 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 3600 IN CNAME 3600 IN A 10.207.51.42 ##测试主DNS,客户端10.207.51.81解析,IP地址为10.207.51.42,解析成功; ;; AUTHORITY SECTION: linuxmi.com. 3600 IN NS master.linuxmi.com. ;; ADDITIONAL SECTION: master.linuxmi.com. 3600 IN A 10.207.51.32 ;; Query time: 5 msec ;; SERVER: 10.207.51.40#53(10.207.51.40) ;; WHEN: Fri Nov 16 18:28:32 CST 2018 ;; MSG SIZE rcvd: 122 [root@client ~]# dig -b 10.207.51.61 @10.207.51.31 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -b 10.207.51.61 @10.207.51.31 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36254 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 3600 IN CNAME 3600 IN A 10.207.51.41 ##测试从DNS,客户端10.207.51.61解析,IP地址为10.207.51.41,解析成功; ;; AUTHORITY SECTION: linuxmi.com. 3600 IN NS master.linuxmi.com. ;; ADDITIONAL SECTION: master.linuxmi.com. 3600 IN A 10.207.51.32 ;; Query time: 1 msec ;; SERVER: 10.207.51.31#53(10.207.51.31) ;; WHEN: Sun Nov 18 20:40:35 CST 2018 ;; MSG SIZE rcvd: 122 [root@client ~]# dig -b 10.207.51.81 @10.207.51.31 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -b 10.207.51.81 @10.207.51.31 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4116 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 3600 IN CNAME 2921 IN A 10.207.51.42 ##测试从DNS,客户端10.207.51.81解析,IP地址为10.207.51.42,解析成功; ;; AUTHORITY SECTION: linuxmi.com. 2921 IN NS master.linuxmi.com. ;; ADDITIONAL SECTION: master.linuxmi.com. 2921 IN A 10.207.51.32 ;; Query time: 0 msec ;; SERVER: 10.207.51.31#53(10.207.51.31) ;; WHEN: Sun Nov 18 20:40:50 CST 2018 ;; MSG SIZE rcvd: 122

Linux公社的RSS地址https://www.linuxidc.com/rssFeed.aspx

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/a1025bbc96438de24a9a0bcb83c3a604.html