您的位置:首页 > 其它

DNS主从自动同步

2016-03-19 18:25 316 查看
http://blog.sina.com.cn/s/blog_474edf960100vstt.html
自动同步使用到rndc这个命令
需要配置key
rndc-confgen -a -k rndckey
cat
/etc/rndc.key
key "rndckey" {
algorithm hmac-md5;
secret
"3WLdA3MK8gLdpg2QSvixEQ==";
};

将这个key复制到named.conf中
cat
/etc/named.conf
key "rndckey" {
algorithm hmac-md5;
secret
"3WLdA3MK8gLdpg2QSvixEQ=="; //使用rndc的本地key,从/etc/rndc.key中复制
};

controls
{
inet 127.0.0.1 port
953 //本地管理端口
allow { 127.0.0.1; } keys
{"rndckey"; }; //允许管理的key名
};

options
{
directory "/var/named";
};
zone
"." IN {
type
hint;
file
"named.ca";
};
zone "localhost" IN
{
type
master;
file
"localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN
{
type master
;
file
"named.local";
};
zone "a.com" IN
{
type
master;
file
"a.com.zone";
allow-transfer {
192.168.1.248;192.168.1.164; }; //允许同步的从机IP或者key
notify
yes; //允许查看
also-notify {
192.168.1.248;192.168.1.164; }; //允许查看的从机IP或者key
};

执行命令
[root@bogon named]# rndc status
number
of zones:
3
debug
level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress:
0
query logging is OFF
recursive clients: 0/1000
tcp clients:
0/100
server is up and
running

===================================从机===============================================
cat
/etc/named.conf
key "rndckey" {
algorithm hmac-md5;
secret
"lC06g8EXoKiUB8XEdcoJ4Q=="; //跟主机一样生成自己的key,非主机
};

controls
{
inet 127.0.0.1 port
953
allow { 127.0.0.1; } keys
{"rndckey"; };
};

options
{
directory "/var/named";
};

zone "." IN
{
type
hint;
file
"named.ca";
};
zone "localhost" IN
{
type
master;
file
"localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN
{
type master
;
file
"named.local";
};
zone "a.com" IN
{
type
slave;
file
"slaves/a.com.zone";
masters {
192.168.1.248;
}; //同步主机的IP
};

================================实验===========================================
在主机上进行操作
修改a.com.zone
添加一条A记录,然后修改serial值,只有当主机的值比从机大时,才会同步。
然后保存
执行rndc
reload
看日志
tail /var/log/message
Nov 2 17:20:18 bogon
named[26969]: zone a.com/IN: loaded serial 20111104 //加载最新的serial日期
Nov 2 17:20:18 bogon named[26969]: zone a.com/IN:
sending notifies (serial 20111104)
Nov 2 17:20:18 bogon named[26969]:
client 192.168.1.248#50765: received notify for zone 'a.com'
Nov 2
17:20:18 bogon named[26969]: client 192.168.1.164#33437: transfer of 'a.com/IN':
AXFR-style IXFR started //从机164开始同步
Nov 2 17:20:18 bogon
named[26969]: client 192.168.1.164#33437: transfer of 'a.com/IN': AXFR-style
IXFR ended //从机164同步完成
Nov 2 17:20:19 bogon named[26969]:
client 192.168.1.164#30060: received notify for zone 'a.com' //从机检查a.com域

再看从机上的日志,从检查到同步的过程
Nov 2 17:19:21 bogon
named[8956]: client 192.168.1.248#38637: received notify for zone
'a.com'
Nov 2 17:19:21 bogon named[8956]: zone a.com/IN: Transfer
started.
Nov 2 17:19:21 bogon named[8956]: transfer of 'a.com/IN' from
192.168.1.248#53: connected using 192.168.1.164#33437
Nov 2 17:19:21
bogon named[8956]: zone a.com/IN: transferred serial 20111104
Nov 2
17:19:21 bogon named[8956]: transfer of 'a.com/IN' from 192.168.1.248#53: end of
transfer
Nov 2 17:19:21 bogon named[8956]: zone a.com/IN: sending
notifies (serial 20111104)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航