Bind DNS服务器配置

Posted by Sunday on 2019-11-01

环境信息

Master DNS: 192.168.1.91
Slave DNS: 192.168.1.43
Slave DNS: 192.168.1.44
LVS MASTER: 192.168.1.46
LVS BACKUP: 192.168.1.92

1
yum install -y bind bind-chroot bind-utils

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
vim /etc/named.conf 

options {
	listen-on port 53 { any; };
  filter-aaaa-on-v4 yes;
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { 192.168.1.0/24; };
	forwarders      { 114.114.114.114;119.29.29.29;223.5.5.5; };
	recursion yes;

	dnssec-enable no;
	dnssec-validation no;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
1
2
1forward first设置优先使用forwarders DNS服务器做域名解析,如果查询不到再使用本地DNS服务器做域名解析。
2forward only设置只使用forwarders DNS服务器做域名解析,如果查询不到则返回DNS客户端查询失败。

正向解析

1
2
3
4
5
6
7
vim /etc/named.rfc1912.zones

zone "star.com" IN {
	type master;
	file "star.com.zone";
	allow-update { none; };
};
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
vim /var/named/star.com.zone 

$TTL 600
$ORIGIN star.com.
@ IN SOA ns1.star.com. admin.star.com. (
                          2019110236      ; serial
                                  2H      ; refresh
                                  10M     ; retry
                                  7D      ; expire
                                  3H )    ; minimum ttl
       IN NS ns1.star.com.
ns1    IN A 192.168.1.91
www    IN A 192.168.1.41
sunday IN A 192.168.1.37

# 这里每次修改解析时,都需要修改serial。保证数值比从服务器的数值要大
1
2
3
4
5
6
7
8
chown named.named /var/named/star.com.zone
chmod 640 /var/name/star.com.zone
named-checkconf -z 
named-checkzone xwx.cn /var/named/star.com.zone

systemctl enable named
systemctl start named
systemctl status named
1
2
3
4
dig www.star.com

vim  /etc/resolv.conf 
nameserver 192.168.1.91
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
dig www.star.com 

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.star.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.star.com.			IN	A

;; ANSWER SECTION:
www.star.com.		600	IN	A	192.168.1.41

;; AUTHORITY SECTION:
star.com.		600	IN	NS	ns1.star.com.

;; ADDITIONAL SECTION:
ns1.star.com.		600	IN	A	192.168.1.91

;; Query time: 0 msec
;; SERVER: 192.168.1.91#53(192.168.1.91)
;; WHEN: Mon Nov 04 15:20:03 CST 2019
;; MSG SIZE  rcvd: 91

反向解析

1
2
3
4
5
6
7
vim /etc/named.rfc1912.zones

zone "1.168.192.in-addr.arpa" IN {
	type master;
	file "192.168.1.zone";
	allow-update { none; };
};
1
2
3
4
5
6
7
8
9
10
11
12
13
vim /var/named/192.168.1.zone

$TTL 600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA  ns1.star.com. admin.star.com. (
                          2019110236      ; serial
                                  2H      ; refresh
                                  10M     ; retry
                                  7D      ; expire
                                  3H )    ; minimum ttl
      NS ns1.star.com.
41 IN PTR www.star.com.
36 IN PTR sunday.star.com.
1
2
3
4
5
chown named.named /var/named/192.168.1.zone
chmod 640 /var/named/192.168.1.zone
named-checkconf -z
systemctl reload named
systemctl status named
1
2
3
4
5
host -T 192.168.1.41
41.1.168.192.in-addr.arpa domain name pointer www.star.com.

dig -x 192.168.1.41 +short
xwx.star.com.

从服务器

43

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
options {
	listen-on port 53 { any; };
  filter-aaaa-on-v4 yes;
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { 192.168.1.0/24; };
	forwarders      { 114.114.114.114;119.29.29.29;223.5.5.5; };
	recursion yes;

	dnssec-enable no;
	dnssec-validation no;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
vim /etc/named.rfc1912.zones

zone "star.com" IN {
	type slave;
	file "slaves/star.com.zone";
	masters { 192.168.1.91; };
	allow-transfer { none; };
};

zone "1.168.192.in-addr.arpa" IN {
	type slave;
	file "slaves/192.168.1.zone";
	masters { 192.168.1.91; };
	allow-transfer { none; };
};
1
2
3
named-checkconf -z
systemctl reload named
systemctl status named

在master添加新记录,注意修改serial

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
vim /var/named/star.com.zone 

$TTL 600
$ORIGIN star.com.
@ IN SOA ns1.star.com. admin.star.com. (
                          2019110237      ; serial  ;修改 +1
                                  2H      ; refresh
                                  10M     ; retry
                                  7D      ; expire
                                  3H )    ; minimum ttl
       IN NS ns1.star.com.
ns1    IN A 192.168.1.91
www    IN A 192.168.1.41
sunday IN A 192.168.1.37
aa     IN A 192.168.1.45 ;添加新记录

1
2
vim /etc/resolv.conf 
nameserver 192.168.1.43
1
2
dig aa.star.com +short
192.168.1.45

复制一份至另一台从服务器

1
2
3
4
5
scp /etc/named.conf root@192.168.1.44:/etc/
scp /etc/named.rfc1912.zones root@192.168.1.44:/etc/
ssh root@192.168.1.44 "chown named.named /etc/named.conf /etc/named.rfc1912.zones"
ssh root@192.168.1.44 "chmod 640 /etc/named.conf /etc/named.rfc1912.zones"
ssh root@192.168.1.44 "systemctl start named --now"

高可用

使用 LVS+Keepalived,默认解析为43,44处理,主dns为备份。

在LVS MASTER 192.168.1.46

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
       root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka46
   vrrp_mcast_group4 224.0.0.111
}

vrrp_instance VI_DNS {
    state MASTER
    interface bond0
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass starsing
    }
    virtual_ipaddress {
        192.168.1.10
    }
}

virtual_server 192.168.1.10 53 {
   delay_loop 6
   lb_algo wrr
   lb_kind DR
   protocol UDP
   sorry_server 192.168.1.91 53
   real_server 192.168.1.43 53 {
       weight 1
       MISC_CHECK {
           misc_path "/bin/dig a www.star.com @192.168.1.43 +time=1 +tries=3 +fail > /dev/null"
           misc_timeout 3
       }
   }
   real_server 192.168.1.44 53 {
       weight 1
       MISC_CHECK {
           misc_path "/bin/dig a www.star.com @192.168.1.44 +time=1 +tries=3 +fail > /dev/null"
           misc_timeout 3
       }
   }
}

LVS SLAVE 192.168.1.92

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
vim /etc/keepalived/keepalived.conf

global_defs {
   #notification_email {
   #    root@localhost
   #}
   #notification_email_from keepalived@localhost
   #smtp_server 127.0.0.1
   #smtp_connect_timeout 30
   router_id ka46
   vrrp_mcast_group4 224.0.0.111
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_DNS {
    state BACKUP
    interface bond0
    virtual_router_id 52
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass starsing
    }
    virtual_ipaddress {
        192.168.1.10
    }
}

virtual_server 192.168.1.10 53 {
   delay_loop 6
   lb_algo wrr
   lb_kind DR
   protocol UDP
   sorry_server 192.168.1.91 53
   real_server 192.168.1.43 53 {
       weight 1
       MISC_CHECK {
           misc_path "/bin/dig a www.star.com @192.168.1.43 +time=1 +tries=3 +fail > /dev/null"
           misc_timeout 3
       }
   }
   real_server 192.168.1.44 53 {
       weight 1
       MISC_CHECK {
           misc_path "/bin/dig a www.star.com @192.168.1.44 +time=1 +tries=3 +fail > /dev/null"
           misc_timeout 3
       }
   }
}

1
2
systemctl start keepalived 
systemctl enable keepalived

192.168.1.92 192.168.1.43 192.168.1.44
运行脚本并添加至启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
cat << EOF > /data/shell/lvs_rs.sh
#!/bin/bash
vip1=192.168.1.10
dev1=lo:1
case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev1 $vip1 netmask 255.255.255.255 broadcast $vip1 up
    echo "VS Server is Ready!"
    ;;
stop)
    ifconfig $dev1 down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "VS Server is Cancel!"
    ;;
*)
    echo "Usage `basename $0` start|stop"
    exit 1
    ;;
esac
EOF

1
2
3
chmod +x /data/shell/lvs_rs.sh 
echo "/data/shell/lvs_rs_sh start" >> /etc/rc.local
/data/shell/lvs_rs.sh start
1
2
vim /etc/resolv.conf 
nameserver 192.168.1.10
1
2
3
4
ping www.star.com

PING www.star.com (192.168.1.41) 56(84) bytes of data.
64 bytes from xwx.star.com (192.168.1.41): icmp_seq=1 ttl=64 time=0.248 ms

禁用 bind ipv6

1
2
3
4
5
6
7
8
9
10
11
12
13
vim /etc/named.conf
options {
  listen-on port 53 { 192.168.1.91; };
  filter-aaaa-on-v4 yes;
  //listen-on-v6 port 53 { ::1; };
  ...
}

vim /etc/sysconfig/named 
ROOTDIR=/var/named/chroot
OPTIONS="-4"

systemctl restart named

参考链接

http://kb.linuxvirtualserver.org/wiki/Building_Scalable_DNS_Cluster_using_LVS

CATALOG
    FEATURED TAGS
    FRIENDS