1. Architecture topology diagram
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/C6/wKioL1Yozm6w-ELcAAF2EYBjyck409.jpg "title=" 11111111.png "alt=" Wkiol1yozm6w-elcaaf2eybjyck409.jpg "/>
2. Environmental description
Server name
|
IP Address |
Primary DNS Server |
192.168.1.107 |
Secondary DNS server |
192.168.1.108 |
Note:Here the Linux version is centos5.8.
3, primary and secondary DNS server BIND installation
[Email protected] ~]# yum-y install bind bind-chroot ypbind bind-utils caching-nameserver
Note: Here the primary DNS server we have deployed before!
4. Configure the secondary DNS server
A. Synchronize the named.conf of the primary DNS server to the secondary DNS server.
[Email protected] ~]# scp/var/named/chroot/etc/* 192.168.1.108:/var/named/chroot/etc/
[email protected] ' s password:
LocalTime 100% 405 0.4kb/s 00:00
named.caching-nameserver.conf 100% 1230 1.2KB/S 00:00
named.conf 100% 1480 1.5kb/s 00:00
Named.rfc1912.zones 100% 1138 1.1kb/s 00:00
Named.rfc1912.zones.bak 100% 955 0.9kb/s 00:00
B. Modifying the configuration file of the primary DNS server to allow the secondary DNS server to synchronize data
[Email protected] ~]# Cat/etc/named.rfc1912.zones Named.rfc1912.zones: // Provided by the Red Hat Caching-nameserver Package // ISC BIND named zone configuration for zones recommended by RFC 1912 Section 4.1:localhost TLDs and address zones // See/usr/share/doc/bind*/sample/for example named configuration files. // Zone "." in { Type hint; File "named.ca"; };
Zone "Localdomain" in { Type master; File "Localdomain.zone"; allow-update {none;}; };
Zone "localhost" in { Type master; File "Localhost.zone"; allow-update {none;}; };
Zone "0.0.127.in-addr.arpa" in { Type master; File "Named.local"; allow-update {none;}; };
Zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in { Type master; File "Named.ip6.local"; allow-update {none;}; };
Zone "255.in-addr.arpa" in { Type master; File "Named.broadcast"; allow-update {none;}; };
Zone "0.in-addr.arpa" in { Type master; File "Named.zero"; allow-update {none;}; };
Zone "pp.org" in { Type master; File "Pp.org.zone"; allow-update {none;}; allow-transfer {192.168.1.108;}; also-notify {192.168.1.108;}; }; Zone "1.168.192.in-addr.arpa" in { Type master; File "Pp.org.local"; allow-update {none;}; allow-transfer {192.168.1.108;}; also-notify {192.168.1.108;}; }; |
C. Modifying the configuration file for a secondary name server
[Email protected] etc]# Cat/var/named/chroot/etc/named.rfc1912.zones Named.rfc1912.zones: // Provided by the Red Hat Caching-nameserver Package // ISC BIND named zone configuration for zones recommended by RFC 1912 Section 4.1:localhost TLDs and address zones // See/usr/share/doc/bind*/sample/for example named configuration files. // Zone "." in { Type hint; File "named.ca"; }; Zone "pp.org" in {
type slave; file "Slaves/pp.org.zone"; Masters {192.168.1.107;}; }; Zone "1.168.192.in-addr.arpa" in { type slave; File "Slaves/pp.org.local"; Masters {192.168.1.107;}; }; |
D. Granting permissions to files
[[email protected] etc] #chown-r root.named/var/named/chroot/etc/
E. Making a soft link to a configuration file
[Email protected] etc]# ln-s/var/named/chroot/etc/named.conf/etc/named.conf
[Email protected] etc]# ln-s/var/named/chroot/etc/named.rfc1912.zones/etc/named.rfc1912.zones
F. Production of named.ca documents
[[email protected] etc]# dig-t NS. >/var/named/chroot/var/named/named.ca
4. Start the service
[[Email protected] etc]# service named start
Starting named: [OK]
5. Check if the secondary DNS server is synchronizing the zone files of the primary DNS server
[Email protected] ~]# cd/var/named/chroot/var/named/slaves/
[[email protected] slaves]# ls
Pp.org.local Pp.org.zone
[email protected] slaves]# cat Pp.org.zone
$ORIGIN.
$TTL 86400; 1 day
pp.org in SOA dns.pp.org. Root.pp.org. (
201; Serial
10800; Refresh (3 hours)
900; Retry (minutes)
604800; Expire (1 week)
86400; Minimum (1 day)
)
NS dns.pp.org.
MX Ten mail.pp.org.
$ORIGIN pp.org.
DNS A 192.168.1.107
www A 192.168.1.201
A 192.168.1.202
A 192.168.1.203
[email protected] slaves]# cat pp.org.local
$ORIGIN.
$TTL 86400; 1 day
1.168.192.in-addr.arpa in SOA dns.pp.org. Root.pp.org. (
1997022700; Serial
28800; Refresh (8 hours)
14400; Retry (4 hours)
3600000; Expire (5 weeks 6 days hours)
86400; Minimum (1 day)
)
NS dns.pp.org.
$ORIGIN 1.168.192.in-addr.arpa.
201 PTR www1.pp.org.
202 PTR www2.pp.org.
203 PTR www3.pp.org.
6. Record the synchronization test
A. The primary DNS server adds an A record
[Email protected] ~]# Cat/var/named/chroot/var/named/pp.org.zone $TTL 86400 @ in SOA dns.pp.org. Root.pp.org. ( 202 ; Serial (d. Adams) 3H; Refresh 15M; Retry 1W; Expiry 1D); Minimum
In NS dns.pp.org. In MX ten mail.pp.org. dns.pp.org. In A 192.168.1.107 www in A 192.168.1.201 www in A 192.168.1.202 www in A 192.168.1.203 Web1 in A 192.168.1.204 |
Use RNDC to reload the primary DNS service (you can also restart the named service, but the DNS server is important in the network, so it is best to use RNDC for management)
[Email protected] ~]# RNDC Reload
Server Reload Successful
B. Verifying the synchronization of a secondary DNS server
[email protected] slaves]# cat Pp.org.zone $ORIGIN. $TTL 86400; 1 day pp.org in SOA dns.pp.org. Root.pp.org. ( 202 ; Serial 10800; Refresh (3 hours) 900; Retry (minutes) 604800; Expire (1 week) 86400; Minimum (1 day) ) NS dns.pp.org. MX Ten mail.pp.org. $ORIGIN pp.org. DNS A 192.168.1.107 Web1 A 192.168.1.204 www A 192.168.1.201 A 192.168.1.202 A 192.168.1.203 |
C. Problems with primary and secondary synchronization
1) Auxiliary DNS out of sync (modify serial value of primary DNS)
2) Allow the specified secondary DNS replication data allow-transfer statement, specify which client can replicate the main zone file, this parameter can also be placed in the options, placed in the options globally valid
3) The primary DNS server restart service immediately synchronizes data with the secondary DNS server ( also-notify {secondary DNSIP address} is added to the zone, or notify Yes is declared in the global options); )
This article from "A Little" blog, declined reprint!
DNS Service Deployment (iii) high availability primary and secondary architecture