| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
# cat /etc/named.conf
zone "example.com" {
type master;
file "/var/named/example.com.zone";
allow-transfer { 172.16.1.23; 120.100.100.23; };
};
notify 指令會自動通知所有這個域的所有在ns記錄上的機器,also-notify指令可以用來通知所有不在ns記錄上的dns伺服器
zone "example.com" {
type master;
file "example.com.zone";
allow-transfer { 172.16.1.23; };
notify yes;
also-notify { 172.16.1.23; };
};
zone "1.16.172.in-addr.arpa" IN {
type master;
file "1.16.172";
allow-transfer { 172.16.1.23 ; };
notify yes;
also-notify { 172.16.1.23 ; };
};
zone "144.132.102.in-addr.arpa" IN {
type master;
file "144.132.102.in-addr.arpa.zone";
allow-transfer { 172.16.1.23 ; };
notify yes;
also-notify { 172.16.1.23 ; };
};
# cat 144.132.102.in-addr.arpa.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
2010010100 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.example.com.
6 IN PTR www.example.com.
15 IN PTR bbs.example.com.
19 IN PTR images.example.com.
$TTL 86400
@ IN SOA example.com. root.example.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.example.com.
IN NS ns2.example.com.
@ IN A 120.100.100.6
@ IN MX 10 mx.corpease.net.
ns1 IN A 120.100.100.20
ns2 IN A 120.100.100.23
www IN A 120.100.100.6
images IN A 120.100.100.6
zone "example.com" {
type slave;
file "/var/named/slaves/example.com.zone";
masters { 172.16.1.20; 120.100.100.20; };
};
zone "144.132.120.in-addr.arpa" IN {
type slave;
file "slaves/144.132.120.in-addr.arpa.zone";
masters { 172.16.1.20; };
};
採用 master / slave 結構的DNS伺服器,一般情況下只需要維護master上的記錄即可
很多人會遇到,檔你在master 增加一個記錄後 slave 沒有更新,刪除slave 上的zone 檔案 restart 才能更新。
這是因為你沒有更改 2010010100 ; Serial 這項。凡是對zone檔案操作後必須更改Serial建議使用日期與時間作為該值。
另外Serial 的新數值必須大於就數值才能更新
啟動主DNS伺服器然後測試解析與反向解析,然後啟動備份DNS,觀察複製情況,再測試正向與反向解析。
dig @120.100.100.20 www.example.com
$ dig @120.100.100.20 -x 120.100.100.6 ; <<>> DiG 9.7.3 <<>> @120.100.100.20 -x 120.100.100.6 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41279 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;6.144.132.120.in-addr.arpa. IN PTR ;; ANSWER SECTION: 6.144.132.120.in-addr.arpa. 86400 IN PTR www.example.com. ;; AUTHORITY SECTION: 144.132.120.in-addr.arpa. 86400 IN NS ns1.example.com. ;; ADDITIONAL SECTION: ns1.example.com. 1800 IN A 120.100.100.20 ;; Query time: 6 msec ;; SERVER: 120.100.100.20#53(120.100.100.20) ;; WHEN: Wed Feb 8 10:37:28 2012 ;; MSG SIZE rcvd: 103 neo@neo-OptiPlex-380:~$ dig @120.100.100.20 -x 120.100.100.19 ; <<>> DiG 9.7.3 <<>> @120.100.100.20 -x 120.100.100.19 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17336 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;19.144.132.120.in-addr.arpa. IN PTR ;; ANSWER SECTION: 19.144.132.120.in-addr.arpa. 86400 IN PTR images.example.com. ;; AUTHORITY SECTION: 144.132.120.in-addr.arpa. 86400 IN NS ns1.example.com. ;; ADDITIONAL SECTION: ns1.example.com. 1800 IN A 120.100.100.20 ;; Query time: 6 msec ;; SERVER: 120.100.100.20#53(120.100.100.20) ;; WHEN: Wed Feb 8 10:37:39 2012 ;; MSG SIZE rcvd: 107