Hướng dẫn cài đặt Secondary DNS Server trên CentOS 6.8
Như ở phần 1 chúng ta đã cài đặt và cấu hình dịch vụ DNS Server. Ở bài này chúng ta sẽ tiến hành xây dựng thêm Secondary DNS server để dự phòng khi server dns 1 gặp sự cố.
Xem phần 1: Hướng dẫn cài đặt DNS Server trong CentOS 6.8
Cài đặt Secondary(Slave) DNS Server
[root@ns2 ~]# yum install bind* -y
1. Cấu hình Slave DNS Server
Mở file cấu hình “/etc/named.conf” và thêm 1 số dòng sau:
[root@ns2 ~]# vi /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.2.101; }; ### IP CUA DNS 2### listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.2.0/24; }; ### DAI MANG ### recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone"conglinh.com" IN { type slave; file "slaves/conglinh.fwd"; masters { 192.168.2.100; }; }; zone"2.168.192.in-addr.arpa" IN { type slave; file "slaves/conglinh.rev"; masters { 192.168.2.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
Ở trên tôi đã chỉnh sửa và thêm 1 số dòng sau:
listen-on port 53 { 127.0.0.1; 192.168.2.101; }; ### IP CUA DNS 2###
allow-query { localhost; 192.168.2.0/24; }; ### DAI MANG ###
Và 2 zone
zone"conglinh.com" IN { type slave; file "slaves/conglinh.fwd"; masters { 192.168.2.100; }; }; zone"2.168.192.in-addr.arpa" IN { type slave; file "slaves/conglinh.rev"; masters { 192.168.2.100; }; };
2. Bật dịch vụ DNS Server
[root@ns2 ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [root@secondarydns ~]# chkconfig named on
Dùng lệnh ls /var/named/slaves/ để kiểm tra xem forward và reverse zones xem đã được đồng bộ chưa.
[root@ns2 ~]# ls /var/named/slaves/ conglinh.fwd conglinh.rev
Mở file conglinh.fwd và conglinh.rev để kiểm tra xem các bản ghi đã đồng bộ chưa
[root@ns2 ~]# cat /var/named/slaves/conglinh.fwd $ORIGIN . $TTL 86400; 1 day conglinh.comIN SOAns1.conglinh.com. root.conglinh.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns1.conglinh.com. NS ns2.conglinh.com. A192.168.2.100 A192.168.2.101 A192.168.2.150 $ORIGIN conglinh.com. win7-01A192.168.2.102 ns1A192.168.2.100 ns2A192.168.2.101
[root@ns2 ~]# cat /var/named/slaves/conglinh.rev $ORIGIN . $TTL 86400; 1 day 2.168.192.in-addr.arpaIN SOAns2.conglinh.com. root.conglinh.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns1.conglinh.com. NS ns2.conglinh.com. PTRconglinh.com. $ORIGIN 2.168.192.in-addr.arpa. 100PTRns1.conglinh.com. 101PTRns2.conglinh.com. 102PTRwin7-01.conglinh.com. clientA192.168.1.102 ns1A192.168.2.100 ns2A192.168.2.101
3. Thêm DNS Server vào hệ thống
[root@ns2 ~]# vi /etc/resolv.conf # Generated by NetworkManager search conglinh.com nameserver 192.168.2.100 nameserver 192.168.2.101 nameserver 8.8.8.8
4. Kiểm tra DNS Server
[root@ns2 ~]# dig ns1.conglinh.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> ns1.conglinh.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;ns1.conglinh.com.INA ;; ANSWER SECTION: ns1.conglinh.com. 86400INA192.168.2.100 ;; AUTHORITY SECTION: conglinh.com.86400INNSns1.conglinh.com. conglinh.com.86400INNSns2.conglinh.com. ;; ADDITIONAL SECTION: ns2.conglinh.com. 86400 INA192.168.2.101 ;; Query time: 15 msec ;; SERVER: 192.168.2.100#53(192.168.2.100) ;; WHEN: Thu Mar 7 13:27:57 2016 ;; MSG SIZE rcvd: 114
[root@ns2 ~]# dig ns2.conglinh.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> ns2.conglinh.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;ns2.conglinh.com.INA ;; ANSWER SECTION: ns2.conglinh.com. 86400 INA192.168.2.101 ;; AUTHORITY SECTION: conglinh.com.86400INNSns1.conglinh.com. conglinh.com.86400INNSns2.conglinh.com. ;; ADDITIONAL SECTION: ns1.conglinh.com. 86400INA192.168.2.100 ;; Query time: 4 msec ;; SERVER: 192.168.2.100#53(192.168.2.100) ;; WHEN: Thu Mar 7 13:31:53 2016 ;; MSG SIZE rcvd: 114