Bind view的master与slave部署与测试
生活随笔
收集整理的這篇文章主要介紹了
Bind view的master与slave部署与测试
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
上次寫過一篇關于“centos 6.2安裝bind 9.8.2 master、slave與自動修改后更新”,地址為http://dl528888.blog.51cto.com/2382721/1249311,這次就介紹一下bind view的功能、如何部署、與測試結果。本文參考了http://dreamfire.blog.51cto.com/418026/1133159的一些內容,是先說明一下。
一、view介紹
View功能很容易理解,就是將不同IP地址段發來的查詢響應到不同的DNS解析。例如需要對三個不同IP地址段進行配置,就需要明確這些IP地址段,這樣View功能才會有效。對于初學者,簡單了解它的語法非常必要。如果要有一個更清楚的認識,則可以到BIND官方網站查閱文檔。
也可以理解為這樣:現在為了解決南北互聯問題,主要使用cdn技術,cdn技術也可以說是一個bind view。但ip的acl是cdn的一個核心,這個我們自己沒辦法找到。
二、配置
安裝的話,可以參考之前的文章,本文就不描述了;
Master端的named.conf文件
[root@master named]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; allow-transfer { 192.168.56.105;}; #also-notify { 192.168.56.105;}; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; #zone "." IN { # type hint; # file "named.ca"; #}; acl Telecomacl { 192.168.56.104; }; acl Unicomacl { 192.168.56.105; }; acl Othersacl { any; }; view "Telecom" { match-clients { "Telecomacl"; 192.168.56.109; !192.168.56.107; !192.168.56.108;}; zone "test.com" IN { type master; notify yes; also-notify { 192.168.56.105;}; allow-transfer { 192.168.56.109; }; file "Telecom.test.com"; }; zone "." IN { type hint; file "named.ca"; }; }; view "Unicom" { match-clients { "Unicomacl"; 192.168.56.107; !192.168.56.109; !192.168.56.108; }; zone "test.com" IN { type master; notify yes; also-notify { 192.168.56.105;}; allow-transfer { 192.168.56.107; }; file "Unicom.test.com"; }; zone "." IN { type hint; file "named.ca"; }; }; view "Others" { match-clients { "Othersacl"; 192.168.56.108; !192.168.56.109; !192.168.56.107; }; zone "test.com" IN { type master; notify yes; also-notify { 192.168.56.105;}; allow-transfer { 192.168.56.108; }; file "Others.test.com"; }; zone "." IN { type hint; file "named.ca"; }; };Slave的named.conf配置
[root@slave named]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ # bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; #zone "." IN { # type hint; # file "named.ca"; #}; acl Telecomacl { 192.168.56.104; }; acl Unicomacl { 192.168.56.105; }; acl Othersacl { any; }; view "Telecom" { match-clients { "Telecomacl"; 192.168.56.109; !192.168.56.107; !192.168.56.108; }; transfer-source 192.168.56.109; zone "test.com" IN { type slave; masters { 192.168.56.104; }; file "Telecom.test.com"; }; zone "." IN { type hint; file "named.ca"; }; }; view "Unicom" { match-clients { "Unicomacl"; 192.168.56.107; !192.168.56.109; !192.168.56.108; }; transfer-source 192.168.56.107; zone "test.com" IN { type slave; masters { 192.168.56.104; }; file "Unicom.test.com"; }; zone "." IN { type hint; file "named.ca"; }; }; view "Others" { match-clients { "Othersacl"; 192.168.56.108; !192.168.56.109; !192.168.56.107; }; transfer-source 192.168.56.108; zone "test.com" IN { type slave; masters { 192.168.56.104; }; file "Others.test.com"; }; zone "." IN { type hint; file "named.ca"; }; };Zone的配置(master與slave里都是一樣的)
Telecom.test.com的
[root@master named]# cat Telecom.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. ( 2013071098 ; serial 60 ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. A 192.168.56.104 server A 192.168.56.101 client1 A 192.168.56.103 ubuntu A 192.168.56.102 ns1 A 192.168.56.104 ns2 A 192.168.56.105 test2 A 192.168.8.1 test1 A 192.168.8.12 test3 A 192.168.8.3 www A 1.1.1.1 Telecom.test.com的 [root@master named]# cat Unicom.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. ( 2013071098 ; serial 60 ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. A 192.168.56.104 server A 192.168.56.101 client1 A 192.168.56.103 ubuntu A 192.168.56.102 ns1 A 192.168.56.104 ns2 A 192.168.56.105 test2 A 192.168.8.1 test1 A 192.168.8.12 test3 A 192.168.8.3 www A 2.2.2.2 Others.test.com的 [root@master named]# cat Others.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. ( 2013071098 ; serial 60 ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. A 192.168.56.104 server A 192.168.56.101 client1 A 192.168.56.103 ubuntu A 192.168.56.102 ns1 A 192.168.56.104 ns2 A 192.168.56.105 test2 A 192.168.8.1 test1 A 192.168.8.12 test3 A 192.168.8.3 www A 3.3.3.3還需要記住,上面的named.conf與zone都配置好后,需要把master與slave的ip都加入到/etc/resolv.conf里,格式類似為
[root@master named]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script nameserver 192.168.56.104 nameserver 192.168.56.105如果不添加,主機就無法通過master與slave主機來查看dns信息。
目前我這個是把acl與view都集中在一個named.conf配置文件里,一般如果你不是頻繁的修改acl內容或者view內容,可以直接使用我這樣的配置,這樣同步是話,可以直接通過slave來復制主的zone到slave里,不需要你自己進行管理(我是使用slave端多網卡,通過transfer-source來指定復制源的方面來進行slave復制master的zone,一般如果不使用這樣的方法,你有多個view的話,slave負責master的zone就會出現復制后的zone是多個,但多個zone的配置是完全一樣的,所以要不就采用slave多網卡,要不就使用下面的rsync)。如果你頻繁修改的話,可以把acl放到另外的一個文件里,然后在named.conf里include,但這樣的話,這個acl文件還有zone的文件,在master與slave復制的時候,就需要你自己來弄了,你可以使用rsync+inotify或者rsync+Crontab來進行復制。
三、下面是測試
我上面的named.conf配置里,來自192.168.56.104的主機訪問www.test.com的ip為1.1.1.1,而192.168.56.105的主機訪問www.test.com的ip為2.2.2.2,最后其他主機訪問此域名的話,ip為3.3.3.3.
1、在192.168.56.104里查看www.test.com
[root@master named]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:59:BB:1F inet addr:192.168.56.104 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe59:bb1f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1593 errors:0 dropped:0 overruns:0 frame:0 TX packets:1177 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:137736 (134.5 KiB) TX bytes:157084 (153.4 KiB) [root@master named]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46214 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Mon Jul 15 10:07:52 2013 ;; MSG SIZE rcvd: 1142、在192.168.56.105里查看www.test.com
[root@slave ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:92:7F:34 inet addr:192.168.56.105 Bcast:192.168.56.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1330 errors:0 dropped:0 overruns:0 frame:0 TX packets:1518 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:125612 (122.6 KiB) TX bytes:163198 (159.3 KiB) [root@slave ~]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40968 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 2.2.2.2 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Mon Jul 15 02:09:43 2013 ;; MSG SIZE rcvd: 1143、在192.168.56.101里查看www.test.com
root@server:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:66:7a:7a inet addr:192.168.56.101 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe66:7a7a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:752 errors:0 dropped:0 overruns:0 frame:0 TX packets:1064 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:66541 (66.5 KB) TX bytes:100256 (100.2 KB) root@server:~# dig www.test.com ; <<>> DiG 9.8.1-P1 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43605 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 3.3.3.3 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 3 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Mon Jul 15 10:11:20 2013 ;; MSG SIZE rcvd: 114可以從上面的結果里看到,從不同的ip里訪問www.test.com域名得到的結果完全是我named.conf里要求的。
下面測試當master的named當掉的時候的結果
[root@master named]# /etc/init.d/named stop Stopping named: . [ OK ] 1、 在192.168.56.104里查看www.test.com [root@master named]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:59:BB:1F inet addr:192.168.56.104 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe59:bb1f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1833 errors:0 dropped:0 overruns:0 frame:0 TX packets:1342 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:155319 (151.6 KiB) TX bytes:171750 (167.7 KiB) [root@master named]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26442 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.105#53(192.168.56.105) ;; WHEN: Mon Jul 15 10:18:15 2013 ;; MSG SIZE rcvd: 1142、在192.168.56.105里查看www.test.com
[root@slave ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:92:7F:34 inet addr:192.168.56.105 Bcast:192.168.56.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1507 errors:0 dropped:0 overruns:0 frame:0 TX packets:1633 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:139266 (136.0 KiB) TX bytes:175684 (171.5 KiB) [root@slave ~]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9825 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 2.2.2.2 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 4 msec ;; SERVER: 192.168.56.105#53(192.168.56.105) ;; WHEN: Mon Jul 15 02:18:49 2013 ;; MSG SIZE rcvd: 1143、在192.168.56.101里查看www.test.com
root@server:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:66:7a:7a inet addr:192.168.56.101 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe66:7a7a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:860 errors:0 dropped:0 overruns:0 frame:0 TX packets:1228 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:75440 (75.4 KB) TX bytes:114113 (114.1 KB) root@server:~# dig www.test.com ; <<>> DiG 9.8.1-P1 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56763 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 3.3.3.3 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com. test.com. 86400 IN NS ns1.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.105#53(192.168.56.105) ;; WHEN: Mon Jul 15 10:19:16 2013 ;; MSG SIZE rcvd: 114可以看到即使master上的named服務停掉了,其他主機也可以從slave里獲取www.test.com信息。
下面是我對named.conf里是否指定使用notify yes做了一個測試
1、沒有指定使用notify yes
2、指定使用notifyyes
具體的測試情況,可以參考我附件里的word文檔
根據上面的測試結果,我認為如果你的acl文件里(不在named.conf里),對修改后更新的速度還有要求(比如要求1分鐘內slave就需要能修改更新),最好還是在slave里使用rsync+sersync或者rsync+inotify來進行同步acl的文件,還有zone的配置。
如果對修改更新速度沒有太多的要求,可以指定使用notify yes。
具體的選擇看自己的需求了。
具體的測試過程我就不寫了,在附件里的word文檔里有。
總結
以上是生活随笔為你收集整理的Bind view的master与slave部署与测试的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: [].slice.call
- 下一篇: 什么情况创建索引?什么情况不创建索引?M