DNS Service Deployment (iii) high availability primary and secondary architecture

Last Update:2015-10-23 Source: Internet

Author: User

Tags rfc nameserver

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

1. Architecture topology diagram

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/C6/wKioL1Yozm6w-ELcAAF2EYBjyck409.jpg "title=" 11111111.png "alt=" Wkiol1yozm6w-elcaaf2eybjyck409.jpg "/>

2. Environmental description

Server name	IP Address
Primary DNS Server	192.168.1.107
Secondary DNS server	192.168.1.108

Note:Here the Linux version is centos5.8.

3, primary and secondary DNS server BIND installation

[Email protected] ~]# yum-y install bind bind-chroot ypbind bind-utils caching-nameserver

Note: Here the primary DNS server we have deployed before!

4. Configure the secondary DNS server

A. Synchronize the named.conf of the primary DNS server to the secondary DNS server.

[Email protected] ~]# scp/var/named/chroot/etc/* 192.168.1.108:/var/named/chroot/etc/

[email protected] ' s password:

LocalTime 100% 405 0.4kb/s 00:00

named.caching-nameserver.conf 100% 1230 1.2KB/S 00:00

named.conf 100% 1480 1.5kb/s 00:00

Named.rfc1912.zones 100% 1138 1.1kb/s 00:00

Named.rfc1912.zones.bak 100% 955 0.9kb/s 00:00

B. Modifying the configuration file of the primary DNS server to allow the secondary DNS server to synchronize data

[Email protected] ~]# Cat/etc/named.rfc1912.zones

Named.rfc1912.zones:

Provided by the Red Hat Caching-nameserver Package

ISC BIND named zone configuration for zones recommended by

RFC 1912 Section 4.1:localhost TLDs and address zones

See/usr/share/doc/bind*/sample/for example named configuration files.

Zone "." in {

Type hint;

File "named.ca";

};

Zone "Localdomain" in {

Type master;

File "Localdomain.zone";

allow-update {none;};

};

Zone "localhost" in {

Type master;

File "Localhost.zone";

allow-update {none;};

};

Zone "0.0.127.in-addr.arpa" in {

Type master;

File "Named.local";

allow-update {none;};

};

Zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in {

Type master;

File "Named.ip6.local";

allow-update {none;};

};

Zone "255.in-addr.arpa" in {

Type master;

File "Named.broadcast";

allow-update {none;};

};

Zone "0.in-addr.arpa" in {

Type master;

File "Named.zero";

allow-update {none;};

};

Zone "pp.org" in {

Type master;

File "Pp.org.zone";

allow-update {none;};

allow-transfer {192.168.1.108;};

also-notify {192.168.1.108;};

};

Zone "1.168.192.in-addr.arpa" in {

Type master;

File "Pp.org.local";

allow-update {none;};

allow-transfer {192.168.1.108;};

also-notify {192.168.1.108;};

};

C. Modifying the configuration file for a secondary name server

[Email protected] etc]# Cat/var/named/chroot/etc/named.rfc1912.zones

Named.rfc1912.zones:

Provided by the Red Hat Caching-nameserver Package

ISC BIND named zone configuration for zones recommended by

RFC 1912 Section 4.1:localhost TLDs and address zones

See/usr/share/doc/bind*/sample/for example named configuration files.

Zone "." in {

Type hint;

File "named.ca";

};

Zone "pp.org" in {

type slave;

file "Slaves/pp.org.zone";

Masters {192.168.1.107;};

};

Zone "1.168.192.in-addr.arpa" in {

type slave;

File "Slaves/pp.org.local";

Masters {192.168.1.107;};

};

D. Granting permissions to files

[[email protected] etc] #chown-r root.named/var/named/chroot/etc/

E. Making a soft link to a configuration file

[Email protected] etc]# ln-s/var/named/chroot/etc/named.conf/etc/named.conf

[Email protected] etc]# ln-s/var/named/chroot/etc/named.rfc1912.zones/etc/named.rfc1912.zones

F. Production of named.ca documents

[[email protected] etc]# dig-t NS. >/var/named/chroot/var/named/named.ca

4. Start the service

[[Email protected] etc]# service named start

Starting named: [OK]

5. Check if the secondary DNS server is synchronizing the zone files of the primary DNS server

[Email protected] ~]# cd/var/named/chroot/var/named/slaves/

[[email protected] slaves]# ls

Pp.org.local Pp.org.zone

[email protected] slaves]# cat Pp.org.zone

$ORIGIN.

$TTL 86400; 1 day

pp.org in SOA dns.pp.org. Root.pp.org. (

201; Serial

10800; Refresh (3 hours)

900; Retry (minutes)

604800; Expire (1 week)

86400; Minimum (1 day)

)

NS dns.pp.org.

MX Ten mail.pp.org.

$ORIGIN pp.org.

DNS A 192.168.1.107

www A 192.168.1.201

A 192.168.1.202

A 192.168.1.203

[email protected] slaves]# cat pp.org.local

$ORIGIN.

$TTL 86400; 1 day

1.168.192.in-addr.arpa in SOA dns.pp.org. Root.pp.org. (

1997022700; Serial

28800; Refresh (8 hours)

14400; Retry (4 hours)

3600000; Expire (5 weeks 6 days hours)

86400; Minimum (1 day)

)

NS dns.pp.org.

$ORIGIN 1.168.192.in-addr.arpa.

201 PTR www1.pp.org.

202 PTR www2.pp.org.

203 PTR www3.pp.org.

6. Record the synchronization test

A. The primary DNS server adds an A record

[Email protected] ~]# Cat/var/named/chroot/var/named/pp.org.zone

$TTL 86400

@ in SOA dns.pp.org. Root.pp.org. (

202 ; Serial (d. Adams)

3H; Refresh

15M; Retry

1W; Expiry

1D); Minimum

In NS dns.pp.org.

In MX ten mail.pp.org.

dns.pp.org. In A 192.168.1.107

www in A 192.168.1.201

www in A 192.168.1.202

www in A 192.168.1.203

Web1 in A 192.168.1.204

Use RNDC to reload the primary DNS service (you can also restart the named service, but the DNS server is important in the network, so it is best to use RNDC for management)

[Email protected] ~]# RNDC Reload

Server Reload Successful

B. Verifying the synchronization of a secondary DNS server

[email protected] slaves]# cat Pp.org.zone

$ORIGIN.

$TTL 86400; 1 day

pp.org in SOA dns.pp.org. Root.pp.org. (

202 ; Serial

10800; Refresh (3 hours)

900; Retry (minutes)

604800; Expire (1 week)

86400; Minimum (1 day)

)

NS dns.pp.org.

MX Ten mail.pp.org.

$ORIGIN pp.org.

DNS A 192.168.1.107

Web1 A 192.168.1.204

www A 192.168.1.201

A 192.168.1.202

A 192.168.1.203

C. Problems with primary and secondary synchronization

1) Auxiliary DNS out of sync (modify serial value of primary DNS)

2) Allow the specified secondary DNS replication data allow-transfer statement, specify which client can replicate the main zone file, this parameter can also be placed in the options, placed in the options globally valid

3) The primary DNS server restart service immediately synchronizes data with the secondary DNS server ( also-notify {secondary DNSIP address} is added to the zone, or notify Yes is declared in the global options); )

This article from "A Little" blog, declined reprint!

DNS Service Deployment (iii) high availability primary and secondary architecture

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More