DNS&BIND——动态更新的DNS主从复制

本文配置的正向解析的主从服务,反向同理,不赘述了....

从服务器应该是一台独立的名称服务器(首先要成为缓存服务器)

主动通知的必要条件(i或ii,满足其一即可)
vim /etc/named.rfc1912.zones
also-notify {slave_ip;};

主服务器的区域解析库文件中,必须有一条NS记录是指向从服务器(主动通知)

master:

从服务器只需要定义区域.而无需提供解析库文件;
解析库文件自动同步至/var/named/slaves目录中

主服务器得允许从服务器作区域传送主从服务器时间应该同步,ntpbind程序版本应该保持一致(否则,slave高于master)

master&slave

缓存服务器的配置

vim /etc/named.conf

11         listen-on port 53 { any; };
17         allow-query     { any; };
33         dnssec-validation no;

master(172.25.254.11)

vim /etc/named.rfc1912.zones

zone "lalala.com" IN {
type master;
file "lalala.com.zone";
allow-update { none; };
also-notify {172.25.254.10;};  #如果文件改变通知salve
};

slave(172.25.254.10)

vim /etc/named.rfc1912.zones

zone "lalala.com" IN {
type slave;
masters {172.25.254.11;};
file "slaves/lalala.com.zone";
};

dig -t axfr lalala.com @172.25.254.11
dig -t axfr 254.25.172.in-addr.arpa @172.25.254.11

检测是否可以全量同步

[root@desktop ~]# dig -t axfr lalala.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t axfr lalala.com
;; global options: +cmd
lalala.com.        86400    IN    SOA    ns1.lalala.com. admin.lalala.com.lalala.com. 20160609 86400 3600 604800 10800
lalala.com.        86400    IN    A    172.25.254.100
lalala.com.        86400    IN    NS    ns1.lalala.com.
lalala.com.        86400    IN    NS    ns2.lalala.com.
lalala.com.        86400    IN    MX    10 mx1.lalala.com.
lalala.com.        86400    IN    MX    20 mx2.lalala.com.
*.lalala.com.        86400    IN    A    172.25.254.100
ftp.lalala.com.        86400    IN    CNAME    www.lalala.com.
mx1.lalala.com.        86400    IN    A    172.25.254.13
mx2.lalala.com.        86400    IN    A    172.25.254.14
ns1.lalala.com.        86400    IN    A   172.25.254.11
ns2.lalala.com.        86400    IN    A    172.25.254.10
www.lalala.com.        86400    IN    A    172.25.254.11
www.lalala.com.        86400    IN    A    172.25.254.12
lalala.com.        86400    IN    SOA    ns1.lalala.com. admin.lalala.com.lalala.com. 20160609 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 172.25.254.11#53(172.25.254.11)
;; WHEN: Sat Jun 10 05:26:06 EDT 2017
;; XFR size: 15 records (messages 1, bytes 345)

分析日志 1.全量传送

master

Jun 10 05:53:45 server named[1859]: client 172.25.254.10#53447 (lalala.com): transfer of 'lalala.com/IN': AXFR started
Jun 10 05:53:45 server named[1859]: client 172.25.254.10#53447 (lalala.com): transfer of 'lalala.com/IN': AXFR ended

slave

Jun 10 05:53:45 desktop systemd: Started Berkeley Internet Name Domain (DNS).
Jun 10 05:53:45 desktop named[3138]: zone lalala.com/IN: Transfer started.
Jun 10 05:53:45 desktop named[3138]: transfer of 'lalala.com/IN' from 172.25.254.11#53: connected using 172.25.254.10#53447
Jun 10 05:53:45 desktop named[3138]: zone lalala.com/IN: transferred serial 2016060903
Jun 10 05:53:45 desktop named[3138]: transfer of 'lalala.com/IN' from 172.25.254.11#53: Transfer completed: 1 messages, 16 records, 363 bytes, 0.001 secs (363000 bytes/sec)
Jun 10 05:53:45 desktop named[3138]: zone lalala.com/IN: sending notifies (serial 2016060903)

2.增量传送

master

Jun 10 06:08:56 server named[1859]: client 172.25.254.10#49088 (lalala.com): transfer of 'lalala.com/IN': AXFR-style IXFR started
Jun 10 06:08:56 server named[1859]: client 172.25.254.10#49088 (lalala.com): transfer of 'lalala.com/IN': AXFR-style IXFR ended

slave

Jun 10 06:08:56 desktop named[3138]: client 172.25.254.11#37149: received notify for zone 'lalala.com'
Jun 10 06:08:56 desktop named[3138]: zone lalala.com/IN: Transfer started.
Jun 10 06:08:56 desktop named[3138]: transfer of 'lalala.com/IN' from 172.25.254.11#53: connected using 172.25.254.10#49088
Jun 10 06:08:56 desktop named[3138]: zone lalala.com/IN: transferred serial 2016060904
Jun 10 06:08:56 desktop named[3138]: transfer of 'lalala.com/IN' from 172.25.254.11#53: Transfer completed: 1 messages, 16 records, 363 bytes, 0.003 secs (121000 bytes/sec)
Jun 10 06:08:56 desktop named[3138]: zone lalala.com/IN: sending notifies (serial 2016060904)