07-linux DNS in detail (iv)

"DNS details in 06-linux (iii)"

Nine, configure the master-slave DNS server to implement domain name resolution fault tolerance

1. Experimental environment
Zhangyujia.com (192.168.80.100) is the primary zone, and COM (192.168.80.200) is the secondary zone.

2, modify the zhangyujia.com (192.168.80.100) of the regional configuration file--

vi /etc/named.rfc1912.zones

[Named.rfc1912.zones]

zone "zhangyujia.com" IN {       type master;        file "named.zhangyujia.com";       allow-update { none; };        notify yes; #添加此条目（我这个区域如果有变化是否通知辅助区域：是）         allow-transfer { 192.168.80.200; }; #允许那些DNS把区域文件拷贝走        also-notify { 192.168.80.200; }; #如果有变化了通知那些DNS服务器};

3, save and exit, restart the service.

4, configure the secondary DNS server COM (192.168.80.200), create the zone--

vi /etc/named.rfc1912.zones

[Named.rfc1912.zones]

zone "zhangyujia.com" IN {        type slave; #辅助区域        file "named.zhangyujia.com";        masters { 192.168.80.100; }; #主DNS服务器，可以写多个};

5, Save and exit, restart the service.

6. Verification:

A. Viewing zone transfers (No duplicates)--

tail -n 20 /var/log/messages

If you see

transfer of ‘zhangyujia.com/IN‘ from 192.168.80.100#53: Transfer completed: 1 messages, 10 records, 285 bytes, 0.001 secs (285000 bytes/sec)

The copy succeeds if it is similar.

B. Test DNS for fault tolerance--
Configure two DNS on the Windows system, Ping, the two DNS network card arbitrarily unplug one, if the discovery address can also resolve to, prove that the DNS fault tolerance success.

C. Modify Zhangyujia.com (192.168.80.100) to test if the secondary server is modified to implement fault tolerance and notify COM (192.168.80.200)--

vi /var/named/named.zhangyujia.com

[Named.zhangyujia.com]

$TTL 1D@ IN  SOA webserver.zhangyujia.com. zhangyj_public.163.com. (        12  ;serial #修改        1D  ;refresh        1H  ;retry        1W  ;expire        3H  ;minimum); IN NS webserver.zhangyujia.com. IN NS ftpLinux.zhangyujia.com. #增加(com) IN MX 10 mailftpLinux     IN A  192.168.80.200 #增加(com)webserver    IN A  192.168.80.100www          IN A  10.7.1.53ftp          IN A  10.7.1.18mail         IN A  10.7.1.5smtp         IN CNAME mailwww          IN TXT "This is a web"oa           IN A 11.11.11.11 #增加web          IN A 22.22.22.22 #增加

Save and exit, restart the named service, and use the following command to view the log in COM (192.168.80.200)--

tail -n 20 /var/log/messages

If you find

Jan 21 20:16:28 com named[2690]: zone zhangyujia.com/IN: transferred serial 12

Indicates that DNS has been notified of secondary DNS.

D. You can also disconnect the Zhangyujia.com network card and Ping web.zhangyujia.com, if the IP address is 22.22.22.22, then this experiment is successful.

E. Connect the zhangyujia.com NIC to the Windows system using Nslookup for testing--

> set type=soa> zhangyujia.com

After the carriage return, you can see that there are two DNS responsible for domain name resolution.

Server:  UnKnownAddress:  192.168.80.100zhangyujia.com        primary name server = webserver.zhangyujia.com        responsible mail addr = zhangyj_public.163.com        serial  = 12        refresh = 86400 (1 day)        retry   = 3600 (1 hour)        expire  = 604800 (7 days)        default TTL = 10800 (3 hours)zhangyujia.com  nameserver = webserver.zhangyujia.comzhangyujia.com  nameserver = ftpLinux.zhangyujia.comwebserver.zhangyujia.com        internet address = 192.168.80.100ftpLinux.zhangyujia.com internet address = 192.168.80.200

Ten, configure intelligent Domain name resolution (only LINUXDNS server)

0. Application Scenario
A. A website will be deployed in the room of the three major operators, which carrier the user uses to surf the internet, and he will automatically resolve the server to the corresponding carrier's IP according to your network environment.

B. An enterprise has a website, the IP of the external network is 1.1.1.1, the IP that is accessed in the intranet is 2.2.2.2. If I am in the company this site is resolved to the IP is 2.2.2.2, if I am outside the company this site is resolved to the IP is 1.1.1.1.

1. Experimental environment
A.www.zhangyujia.com This website his IP address in the telecom is 11.11.11.11, the IP address of the Unicom is 22.22.22.22.
B. The IP used by telecom customers is: 192.168.80.0/25, the IP used by Unicom customers is: 192.168.80.128/25.

PS: It is recommended to initialize a clean environment when doing experiments. (Recommended after DNS restart is configured.)

2. Delete the master profile root zone definition, because implementing smart Domain name resolution requires that all zones be added to the view--

vi /etc/named.conf

[named.conf]

#删除此部分（注意“listen-on port 53”、“allow-query”、“dnssec-enable”、“dnssec-validation”是否为最佳值）。zone "." IN {        type hint;        file "named.ca";};

3. Delete the zone definition profile "named.rfc1912.zones" and recreate it.

rm /etc/named.rfc1912.zonesvi /etc/named.rfc1912.zones

4, insert content.
[Named.rfc1912.zones]

view "dianxin" { #电信        match-clients { 192.168.80.0/25; }; #定义电信的客户端网段zone "." IN {        type hint;        file "named.ca"; #根区域定义};zone "zhangyujia.com" IN {        type master;        file "named.zhangyujia.com.dianxin"; #电信区域文件名        allow-update { none; };};};view "liantong" { #联通        match-clients { 192.168.80.128/25; }; #定义联通的客户端网段zone "." IN {        type hint;        file "named.ca"; #根区域定义};zone "zhangyujia.com" IN {        type master;        file "named.zhangyujia.com.liantong"; #联通区域文件名        allow-update { none; };};};

5, create the carrier's zone file (can be copied before the add) and save.

vi /var/named/named.zhangyujia.com.dianxin

[Named.zhangyujia.com.dianxin]

$TTL 1Dzhangyujia.com. IN  SOA webserver.zhangyujia.com. [email protected] (        0   ;serial        1D  ;refresh        1H  ;retry        1W  ;expire        3H  ;minimum);zhangyujia.com. IN NS webserver.zhangyujia.com.zhangyujia.com. IN MX 10 mailwebserver    IN A  192.168.80.100www          IN A  11.11.11.11 #添加或修改

6. Create a regional file for the Unicom operator (which can be added before copying) and save.

vi /var/named/named.zhangyujia.com.liantong

[Named.zhangyujia.com.liantong]

$TTL 1Dzhangyujia.com. IN  SOA webserver.zhangyujia.com. [email protected] (        0   ;serial        1D  ;refresh        1H  ;retry        1W  ;expire        3H  ;minimum);zhangyujia.com. IN NS webserver.zhangyujia.com.zhangyujia.com. IN MX 10 mailwebserver    IN A  192.168.80.100www          IN A  22.22.22.22 #添加或修改

7. Restart the DNS service.

8, verification: According to the above "1, the experimental environment" in the Windows client correctly configured IP in ping www.zhangyujia.com can produce different results.

Xi. using DNS to support mirrored Web sites for access load balancing

1, change the configuration file--

vi /var/named/named.zhangyujia.com.liantong

2, add records (the same domain name can write a www can also), save and restart the service.
[Named.zhangyujia.com.liantong]

www          IN A  33.33.33.33www          IN A  44.44.44.44

3. Verification:
In the Windows client input nslookup--

> www.zhangyujia.comServer:  UnKnownAddress:  192.168.80.100Name:    www.zhangyujia.comAddresses:  44.44.44.44, 22.22.22.22, 33.33.33.33> www.zhangyujia.comServer:  UnKnownAddress:  192.168.80.100Name:    www.zhangyujia.comAddresses:  22.22.22.22, 33.33.33.33, 44.44.44.44> www.zhangyujia.comServer:  UnKnownAddress:  192.168.80.100Name:    www.zhangyujia.comAddresses:  33.33.33.33, 44.44.44.44, 22.22.22.22

Multiple inputs several times, if the "Addresses" attribute is found to be different each time, the experiment succeeds.

PS: If you do not want each visit to the site in order to load balance, you can set up--

vi /etc/named.conf

[named.conf]

#在options中添加 rrset-order { order random; };

Ps:rrset-order supports three parameters: fixed, random, cyclic.
Fix will pin multiple A records in the same order as the configuration file
Random will give the
The cyclic will circulate to give

12. Direct Domain name and pan domain name

1. Concept

A. Direct domain name: Achieve direct use of the domain name (http://zhangyujia.com/) to access the site;

B. Generic domain name: When you want to create many domain names (a.zhangyujia.com,b.zhangyujia.com,...), and they all resolve to the same server, a generic domain name *. Zhangyujia.com done all the work, very convenient (application scenarios such as blogs);

2, configure the direct domain name.

vi /var/named/named.zhangyujia.com.liantong #我是接上一项来做的实验，当然也可以还原到一个干净的系统#像这样直接添加一条对应的地址，保存并重启服务zhangyujia.com. IN A 192.168.80.22

3, verify: In the client ping zhangyujia.com, if the IP address is the same as the record added, the configuration is successful.

4, configure the universal domain name. (Lower priority)

vi /var/named/named.zhangyujia.com.liantong #我是接上一项来做的实验，当然也可以还原到一个干净的系统#像这样直接添加一条对应的地址，保存并重启服务*            IN A  55.55.55.55

5, verify: Ping Mail on the client (can write anything). zhangyujia.com, if the IP address is the same as the record added, the configuration succeeds.
(completed)

Welcome attention
Sina Weibo: https://weibo.com/yougazhang0506
Public platform: Zhang Yujia

My site: http://www.zhangyujia.cn
51CTO Blog: http://blog.51cto.com/11099293
CSDN Blog: http://blog.csdn.net/u013260195

07-linux DNS in detail (iv)