共计 9724 个字符,预计需要花费 25 分钟才能阅读完成。
测试环境:
主:192.168.79.130
从:192.168.79.128、
域名:linuxidc.com
一、编译安装
这里采用编译安装,相比 rpm 方式安装效果更能了解其工作机制。
(下载源文件包)
#tar -zxvf bind-9.9.3.tar.gz(解压)
# cd bind-9.9.3(进入解压出来的目录)
# ./configure –prefix=/usr/local/named –enable-threads –with-dlz-mysql
(进行编译,–perfix 选项指定安装目录,–enable-threads 选项用来打开线程支持以提高服务器性 能,–with-dlz-mysql 选项用来启用区域的动态加载,适合大型的 dns 服务器系统,其他编译选项可输入./configure –help 查看)
checking for MySQL DLZ driver… not found
configure: error: MySQL was not found in any of /usr /usr/local /usr/local/mysql /usr/pkg; use –with-dlz-mysql=/path
(系统中没有找到 mysql 开发头文件,CentOS 下 mysql 开发头文件名称是 mysql-devel,可以使用 yum -y install mysql-devel 命令安装)
# ./configure –prefix=/usr/local/named –enable-threads
#make && make install(编译完后进行安装,这个过程比较长,耐心等待下!)
# ls /usr/local/named/(查看安装完后的目录)
bin etc include lib man sbin var 首先生成一个控制 key,用于主从同步数据加密的 key。
#/usr/local/named/sbin/rndc-confgen -a -c linuxidc.key -k linuxidc
并也把生成的 / linuxidc.key 传到主从服务器。
进入 /usr/local/named/etc, 将 rndc.conf 及 named.conf 生成
#/usr/local/named/sbin/rndc-confgen >/usr/local/named/etc/rndc.conf
(使用 rndc-confgen 命令生成 rndc.conf 文件,rndc 主要用来通过网络控制 bind9 服务器,在能够控制一台 bind 服务器前,必须要建立双方的认证机制。)
# cat etc/rndc.conf
# Start of rndc.conf
key”rndc-key”{
algorithm hmac-md5;
secret”uLNAkFRNnTEChIurTi6bow==”;
};
options {
default-key”rndc-key”;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key”rndc-key”{
# algorithm hmac-md5;
# secret”uLNAkFRNnTEChIurTi6bow==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow {127.0.0.1;} keys {”rndc-key”;};
# };
# End of named.conf
# tail -10 rndc.conf |head -9
# key”rndc-key”{
# algorithm hmac-md5;
# secret”uLNAkFRNnTEChIurTi6bow==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow {127.0.0.1;} keys {”rndc-key”;};
# };
把 rndc.conf 中的 key 信息输出到 named.conf 中
#cd etc/
这里强调一下,rndc.conf 与 named.conf 的 key 值必须完全一样,而且并不需要生
成 rndc.key
# tail -10 rndc.conf |head -9 > name.conf(将 rndc.conf 的倒数第 10 行到倒数 2 行的文件重定向到 name.conf)
去除这 9 行前面的 #号
# cat name.conf
key”rndc-key”{
algorithm hmac-md5;
secret”uLNAkFRNnTEChIurTi6bow==”;
};
controls {
inet 127.0.0.1 port 953
allow {127.0.0.1;} keys {”rndc-key”;};
};
二、配置主服务器
修改主 Bind 配置文件,加载 zhir.key
#vim named.conf
#acl”linuxidc_acl”{192.168.1,10;192.168.2.10;}; #用 acl 做访问控制
options {
directory”/usr/local/named/var/named”;
version”0.0.0″;
datasize 40M;
pid-file”/var/run/named.pid”;
listen-on port 53 {any;};
dump-file”/usr/local/bind/var/data/cache_dump.db”;
statistics-file”/usr/local/bind/var/data/bind_stats.txt”;
auth-nxdomain no;
notify yes;
also-notify {192.168.79.128;};
transfer-format many-answers;
interface-interval 0;
allow-query {any;};
};
logging {
channel warning {
file”dns_warnings”versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file”dns_logs”versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {warning;};
category queries {general_dns;};
};
include”/usr/local/named/etc/linuxidc.key”;
# 可以指定“linuxidc”值
#key”linuxidc”{
# algorithm hmac-md5;
# secret”/3+UyJBAAS8WDus4DudqzQ==”;
#};
view”view_linuxidc”{
match-clients {any;};
#match-clients {linuxidc_acl;};
server 192.168.79.128 {keys linuxidc;}; #从库加密认证
zone”.”IN {
type hint;
file”named.ca”;
};
zone”localhost”IN {
type master;
file”localhost.zone”;
};
zone”linuxidc.com”IN {
type master;
file”linuxidc.zone”;
allow-transfer {key linuxidc;}; #加密传输
};
};
key”rndc-key”{
algorithm hmac-md5;
secret”uLNAkFRNnTEChIurTi6bow==”;
};
controls {
inet 127.0.0.1 port 953
allow {127.0.0.1;} keys {”rndc-key”;};
};
创建 /usr/local/named/var/named 文件夹
#mkdir /usr/local/named/var/named
#cd /usr/local/named/var/named
#vim localhost.zone
写入如下内容
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
将跟服务器的信息导入到 /usr/local/named/var/named/named.ca 文件中
#dig -t NS .>/usr/local/named/var/named/named.ca
创建文件 named.local
#vim named.local
$TTL 60
@ IN SOA localhost. root.localhost. (
2013062100 ; Serial
60 ; Refresh
60 ; Retry
60 ; Expire
60 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
创建 linuxidc.zone
#vim linuxidc.zone
$TTL 60
@ IN SOA linuxidc.com. root.linuxidc.com. (
2013062106 ; serial (d. adams)
60 ; refresh
60 ; retry
60 ; expiry
60 ) ; minimum
IN NS dns.swm.com.
IN MX 5 mail
www IN A 192.168.79.130
it IN A 192.168.79.128
blog IN A 192.168.79.129
my IN A 192.168.33.33
m IN A 192.168.33.30
下面就可以启动 bind 来测试是否安装成功了
/usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &
加 -gc 参数,可以显示出启动日志,以便排错
如果运行结果最后一行显示
Running
表明安装并启动成功。
测试 rndc 命令 /usr/local/named/sbin/rndc status
正确的话应该有状态提示
我一般是直接编辑 vim /root/.bashrc 加进一个
alias rndc9=’/usr/local/named/sbin/rndc’
把 named 添加到启动项,随操作系统一起启动。
# cd /etc/rc.d
# vim rc.local
在最后添加以下内容
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf &
#######################################################################
三、配置从服务器
从的 bind 配置基本上一样,只是在试图中设置 slave 状态和主服务器同步信息
#vim named.conf
#acl”linuxidc_acl”{192.168.1,10;192.168.2.10;}; #用 acl 做访问控制
options {
directory”/usr/local/named/var/named”;
version”0.0.0″;
datasize 40M;
pid-file”/var/run/named.pid”;
listen-on port 53 {any;};
dump-file”/usr/local/bind/var/data/cache_dump.db”;
statistics-file”/usr/local/bind/var/data/bind_stats.txt”;
auth-nxdomain no;
transfer-format many-answers;
interface-interval 0;
allow-query {any;};
};
logging {
channel warning {
file”dns_warnings”versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file”dns_logs”versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {warning;};
category queries {general_dns;};
};
#key”linuxidc”{
# algorithm hmac-md5;
# secret”/3+UyJBAAS8WDus4DudqzQ==”;
#};
include”/usr/local/named/etc/linuxidc.key”;
view”view_linuxidc”{
match-clients {any;};
#match-clients {linuxidc_acl;};
server 192.168.79.130 {keys linuxidc;};
zone”.”IN {
type hint;
file”named.ca”;
};
zone”localhost”IN {
type master;
file”localhost.zone”;
};
zone”linuxidc.com”IN {
type slave;
file”linuxidc.zone”;
masters {192.168.79.130;};
};
};
key”rndc-key”{
algorithm hmac-md5;
secret”shYDeMYIp3SjAzcncOGHcw==”;
};
controls {
inet 127.0.0.1 port 953
allow {127.0.0.1;} keys {”rndc-key”;};
};
注意:
如果需要允许外部对此 dns 进行查询,还需要 named.conf 里面 options 添加一条
allow-query {any;};
具体样式是
options {
allow-query {any;};
directory”/usr/local/named/var/named”;
};
查看当前活动的 TCP 端口
# netstat -ntpl | grep named
tcp 0 0 192.168.79.130:53 0.0.0.0:* LISTEN 26610/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 26610/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 26610/named
从库会同步数据到 /usr/local/named/var/named 目录生成 linuxidc.com(打开发现为乱码,估计和加密有关系)
四、主从同步测试
主库更新:
从库状态:
# nslookup(进行解析测试,测试机需要将 dns 改为 192.168.79.130)
> www.linuxidc.com
Server: 192.168.79.130
Address: 192.168.79.130#53
Name: www.linuxidc.com
Address: 192.168.79.130
> m.linuxidc.com
Server: 192.168.79.130
Address: 192.168.79.130#53
Name: m.linuxidc.com
Address: 192.168.33.30
更多 CentOS 相关信息见 CentOS 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=14
测试环境:
主:192.168.79.130
从:192.168.79.128、
域名:linuxidc.com
一、编译安装
这里采用编译安装,相比 rpm 方式安装效果更能了解其工作机制。
(下载源文件包)
#tar -zxvf bind-9.9.3.tar.gz(解压)
# cd bind-9.9.3(进入解压出来的目录)
# ./configure –prefix=/usr/local/named –enable-threads –with-dlz-mysql
(进行编译,–perfix 选项指定安装目录,–enable-threads 选项用来打开线程支持以提高服务器性 能,–with-dlz-mysql 选项用来启用区域的动态加载,适合大型的 dns 服务器系统,其他编译选项可输入./configure –help 查看)
checking for MySQL DLZ driver… not found
configure: error: MySQL was not found in any of /usr /usr/local /usr/local/mysql /usr/pkg; use –with-dlz-mysql=/path
(系统中没有找到 mysql 开发头文件,CentOS 下 mysql 开发头文件名称是 mysql-devel,可以使用 yum -y install mysql-devel 命令安装)
# ./configure –prefix=/usr/local/named –enable-threads
#make && make install(编译完后进行安装,这个过程比较长,耐心等待下!)
# ls /usr/local/named/(查看安装完后的目录)
bin etc include lib man sbin var 首先生成一个控制 key,用于主从同步数据加密的 key。
#/usr/local/named/sbin/rndc-confgen -a -c linuxidc.key -k linuxidc
并也把生成的 / linuxidc.key 传到主从服务器。
进入 /usr/local/named/etc, 将 rndc.conf 及 named.conf 生成
#/usr/local/named/sbin/rndc-confgen >/usr/local/named/etc/rndc.conf
(使用 rndc-confgen 命令生成 rndc.conf 文件,rndc 主要用来通过网络控制 bind9 服务器,在能够控制一台 bind 服务器前,必须要建立双方的认证机制。)
# cat etc/rndc.conf
# Start of rndc.conf
key”rndc-key”{
algorithm hmac-md5;
secret”uLNAkFRNnTEChIurTi6bow==”;
};
options {
default-key”rndc-key”;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key”rndc-key”{
# algorithm hmac-md5;
# secret”uLNAkFRNnTEChIurTi6bow==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow {127.0.0.1;} keys {”rndc-key”;};
# };
# End of named.conf
# tail -10 rndc.conf |head -9
# key”rndc-key”{
# algorithm hmac-md5;
# secret”uLNAkFRNnTEChIurTi6bow==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow {127.0.0.1;} keys {”rndc-key”;};
# };
把 rndc.conf 中的 key 信息输出到 named.conf 中
#cd etc/
这里强调一下,rndc.conf 与 named.conf 的 key 值必须完全一样,而且并不需要生
成 rndc.key
# tail -10 rndc.conf |head -9 > name.conf(将 rndc.conf 的倒数第 10 行到倒数 2 行的文件重定向到 name.conf)
去除这 9 行前面的 #号
# cat name.conf
key”rndc-key”{
algorithm hmac-md5;
secret”uLNAkFRNnTEChIurTi6bow==”;
};
controls {
inet 127.0.0.1 port 953
allow {127.0.0.1;} keys {”rndc-key”;};
};
二、配置主服务器
修改主 Bind 配置文件,加载 zhir.key
#vim named.conf
#acl”linuxidc_acl”{192.168.1,10;192.168.2.10;}; #用 acl 做访问控制
options {
directory”/usr/local/named/var/named”;
version”0.0.0″;
datasize 40M;
pid-file”/var/run/named.pid”;
listen-on port 53 {any;};
dump-file”/usr/local/bind/var/data/cache_dump.db”;
statistics-file”/usr/local/bind/var/data/bind_stats.txt”;
auth-nxdomain no;
notify yes;
also-notify {192.168.79.128;};
transfer-format many-answers;
interface-interval 0;
allow-query {any;};
};
logging {
channel warning {
file”dns_warnings”versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file”dns_logs”versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {warning;};
category queries {general_dns;};
};
include”/usr/local/named/etc/linuxidc.key”;
# 可以指定“linuxidc”值
#key”linuxidc”{
# algorithm hmac-md5;
# secret”/3+UyJBAAS8WDus4DudqzQ==”;
#};
view”view_linuxidc”{
match-clients {any;};
#match-clients {linuxidc_acl;};
server 192.168.79.128 {keys linuxidc;}; #从库加密认证
zone”.”IN {
type hint;
file”named.ca”;
};
zone”localhost”IN {
type master;
file”localhost.zone”;
};
zone”linuxidc.com”IN {
type master;
file”linuxidc.zone”;
allow-transfer {key linuxidc;}; #加密传输
};
};
key”rndc-key”{
algorithm hmac-md5;
secret”uLNAkFRNnTEChIurTi6bow==”;
};
controls {
inet 127.0.0.1 port 953
allow {127.0.0.1;} keys {”rndc-key”;};
};
