前言
DNS服务器搭建参考上一篇;
DNS主从复制,就是将主DNS服务器的解析库复制传送至从DNS服务器,进而从服务器就可以进行正向、反向解析了。从服务器向主服务器更新查询数据,保证数据一致性,此为区域传送。也可以说,DNS区域传送,就是DNS主从复制的实现方法,DNS主从复制是DNS区域传送的表现形式。 DNS区域传送的两种方式:- zxfr:完全区域传送
- ixfr:增量区域传送
当一个新的DNS服务器添加到区域中并配置为从DNS服务器时,它则会执行完全区域传送,在主DNS服务器上获取完整的资源记录副本;同时为了保证数据同步,主域名服务器有更新时也会及时通知辅助域名服务器从而进行更新(增量区域传送)。
区域传送
主服务器:192.168.2.72
从服务器: 192.168.2.104 两台服务器都提前安装好named服务完全区域传送
1.对主服务器/etc/named.conf配置进行修改,在options配置段内增加:
notify yes;
2.在主服务器上正向、反向文件中增加从服务器的NS记录
正向区域@ NS dns2dns2 A 192.168.2.104
反向区域
IN NS dns2.magedu.com.104 IN PTR dns2.magedu.com.
3.复制主服务器上配置文件至从服务器
#scp 192.168.1.72:/etc/named.rfc1912.zones /etc/#scp 192.168.1.72:/etc/named.conf /etc/
4.修改从服务器上/etc/named.rfc1912.zones
zone "magedu.com" IN { type slave; masters { 192.168.2.72; }; file "magedu.com.zone";};zone "2.168.192.in-addr.arpa" IN { type slave; masters { 192.168.2.72; }; file "2.168.192.zone";}; 5.启动从服务器DNS服务,查看日志,及/var/named/目录下是否已同步成功主服务器区域文件
增量区域传送
1.修改主服务器正向解析文件,增加一条A记录,==将序列号加1==后保存退出
2.reload主DNS服务器,查看日志 主服务器日志:Jan 20 02:12:55 agent named[35582]: zone 2.168.192.in-addr.arpa/IN: sending notifies (serial 2019011301)Jan 20 02:12:55 agent named[35582]: client 192.168.2.104#39669 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR startedJan 20 02:12:55 agent named[35582]: client 192.168.2.104#39669 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR endedJan 20 02:12:56 agent named[35582]: client 192.168.2.104#34346: received notify for zone 'magedu.com'
从服务器日志:
Jan 20 03:02:25 zabbix named[100773]: client 192.168.2.72#60290: received notify for zone 'magedu.com'Jan 20 03:02:25 zabbix named[100773]: zone magedu.com/IN: Transfer started.Jan 20 03:02:25 zabbix named[100773]: transfer of 'magedu.com/IN' from 192.168.2.72#53: connected using 192.168.2.104#39669Jan 20 03:02:25 zabbix named[100773]: zone magedu.com/IN: transferred serial 2019012001Jan 20 03:02:25 zabbix named[100773]: transfer of 'magedu.com/IN' from 192.168.2.72#53: Transfer completed: 1 messages, 10 records, 268 bytes, 0.001 secs (268000 bytes/sec)Jan 20 03:02:25 zabbix named[100773]: zone magedu.com/IN: sending notifies (serial 2019012001)Jan 20 03:02:25 zabbix named[100773]: client 192.168.2.72#4595: received notify for zone '2.168.192.in-addr.arpa'Jan 20 03:02:25 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: notify from 192.168.2.72#4595: zone is up to date
3.在反向解析文件增加一条PTR记录,同样序列号加1
主DNS服务器日志:Jan 20 02:17:44 agent named[35582]: zone 2.168.192.in-addr.arpa/IN: sending notifies (serial 2019012001)Jan 20 02:17:44 agent named[35582]: client 192.168.2.104#57041 (2.168.192.in-addr.arpa): transfer of '2.168.192.in-addr.arpa/IN': AXFR-style IXFR startedJan 20 02:17:44 agent named[35582]: client 192.168.2.104#57041 (2.168.192.in-addr.arpa): transfer of '2.168.192.in-addr.arpa/IN': AXFR-style IXFR ended
从DNS服务器日志:
Jan 20 03:07:38 zabbix named[100773]: client 192.168.2.72#17270: received notify for zone '2.168.192.in-addr.arpa'Jan 20 03:07:38 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: Transfer started.Jan 20 03:07:38 zabbix named[100773]: transfer of '2.168.192.in-addr.arpa/IN' from 192.168.2.72#53: connected using 192.168.2.104#57041Jan 20 03:07:38 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: transferred serial 2019012001Jan 20 03:07:38 zabbix named[100773]: transfer of '2.168.192.in-addr.arpa/IN' from 192.168.2.72#53: Transfer completed: 1 messages, 8 records, 242 bytes, 0.001 secs (242000 bytes/sec)Jan 20 03:07:38 zabbix named[100773]: zone 2.168.192.in-addr.arpa/IN: sending notifies (serial 2019012001)
4.通过dig命令验证
root@node2:~# dig -t A ftp.magedu.com @192.168.2.104; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A ftp.magedu.com @192.168.2.104;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2878;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;ftp.magedu.com. IN A;; ANSWER SECTION:ftp.magedu.com. 600 IN A 192.168.2.1;; AUTHORITY SECTION:magedu.com. 600 IN NS dns2.magedu.com.magedu.com. 600 IN NS dns1.magedu.com.;; ADDITIONAL SECTION:dns1.magedu.com. 600 IN A 192.168.2.72dns2.magedu.com. 600 IN A 192.168.2.104;; Query time: 5 msec;; SERVER: 192.168.2.104#53(192.168.2.104);; WHEN: Sun Jan 20 15:19:47 CST 2019;; MSG SIZE rcvd: 129
测试通过从服务器反向解析
root@node2:~# dig -x 192.168.2.1 @192.168.2.104; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -x 192.168.2.1 @192.168.2.104;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14837;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;1.2.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION:1.2.168.192.in-addr.arpa. 600 IN PTR ftp.magedu.com.;; AUTHORITY SECTION:2.168.192.in-addr.arpa. 600 IN NS dns1.magedu.com.2.168.192.in-addr.arpa. 600 IN NS dns2.magedu.com.;; ADDITIONAL SECTION:dns1.magedu.com. 600 IN A 192.168.2.72dns2.magedu.com. 600 IN A 192.168.2.104;; Query time: 2 msec;; SERVER: 192.168.2.104#53(192.168.2.104);; WHEN: Sun Jan 20 15:24:38 CST 2019;; MSG SIZE rcvd: 151
DNS子域授权
当一个域很大时,而且还有上下层关系,如果所有的记录变更都由某一台服务来管理的话会很不方便。因此DNS也会域和子域,上层DNS可以将子域的管理授权给子域中的NDS服务器来管理记录的变更,这种做法叫子域授权。
子域授权配置
规划如下:
父域为:magedu.com NS地址:ns1.magedu.com 子域为:dev.magedu.com NS地址为:ns1.dev.magedu.com父域服务器配置
只需在区域解析库文件中添加下层DNS服务器的NS与A记录即可
dev.magedu.com. NS dns1.dev.magedu.com.dns1.dev.magedu.com. A 192.168.2.165
子域服务器配置
子域需要有完整的区域相关配置
在/etc/named.rfc1912.zones中加入子域定义zone "dev.magedu.com" IN { type master; file "dev.magedu.com.zone";}; 创建dev.magedu.com.zone区域解析文件
$TTL 600@ IN SOA dns1.dev.magedu.com. admin.dev.magedu.com. ( 2019012002; 2H; 15M; 1W; 1D);@ IN NS dns1dns1 IN A 192.168.2.165www IN A 192.168.2.18
在子域DNS服务器添加指向父域的转发器
//将查询父域的请求转发给父域DNSzone "magedu.com" IN { type forward; forward only; forwarders { 192.168.2.72; };}; 配置完成重启服务。
通过dig命令测试解析结果:通过子域解析 www.dev.magedu.com
root@node2:~# dig -t A www.dev.magedu.com @192.168.2.165; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A www.dev.magedu.com @192.168.2.165;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36922;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.dev.magedu.com. IN A;; ANSWER SECTION:www.dev.magedu.com. 600 IN A 192.168.2.18;; AUTHORITY SECTION:dev.magedu.com. 600 IN NS dns1.dev.magedu.com.;; ADDITIONAL SECTION:dns1.dev.magedu.com. 600 IN A 192.168.2.165;; Query time: 17 msec;; SERVER: 192.168.2.165#53(192.168.2.165);; WHEN: Sun Jan 20 16:09:31 CST
通过父域解析 www.dev.magedu.com
root@node2:~# dig -t A www.dev.magedu.com @192.168.2.72; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A www.dev.magedu.com @192.168.2.72;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61135;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.dev.magedu.com. IN A;; ANSWER SECTION:www.dev.magedu.com. 600 IN A 192.168.2.18;; AUTHORITY SECTION:dev.magedu.com. 600 IN NS dns1.dev.magedu.com.;; Query time: 318 msec;; SERVER: 192.168.2.72#53(192.168.2.72);; WHEN: Sun Jan 20 16:19:13 CST 2019;; MSG SIZE rcvd: 82
通过子域DNS服务器解析父域的A记录
root@node2:~# dig -t A www.magedu.com @192.168.2.165; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> -t A www.magedu.com @192.168.2.165;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47969;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 27;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.magedu.com. IN A;; ANSWER SECTION:www.magedu.com. 301 IN CNAME web.magedu.com.web.magedu.com. 301 IN A 192.168.2.21;; Query time: 2 msec;; SERVER: 192.168.2.165#53(192.168.2.165);; WHEN: Sun Jan 20 16:21:30 CST 2019;; MSG SIZE rcvd: 873