DNS主从服务器搭建

参考文档

https://cloud.tencent.com/developer/article/1363063

https://cloud.tencent.com/developer/article/1363064

一、安装

root@prod-dns-01 etc# yum -y install bind root@prod-dns-01 etc# rpm -qa |grep bind bind-9.9.4-61.el7.x86_64 rpcbind-0.2.0-42.el7.x86_64 bind-libs-9.9.4-61.el7.x86_64 bind-utils-9.9.4-61.el7.x86_64 bind-license-9.9.4-61.el7.noarch bind-libs-lite-9.9.4-61.el7.x86_64 注意hosts文件 root@prod-dns-01 etc# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.20.3.36 prod-dns-01 prod-dns-01.test.com prod-dns-01.test.net prod-dns-01.test.bo 172.20.3.37 prod-dns-02 prod-dns-02.test.com prod-dns-02.test.net prod-dns-02.test.bo

二、修改主配置

1、named.conf

root@prod-dns-01 etc# cat named.conf options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

2、named.rfc1912.zones

root@prod-dns-01 etc# cat /etc/named.rfc1912.zones zone "test.net" IN { type master; file "test.net.zone"; allow-transfer {127.0.0.1;172.20.3.36;172.20.3.37;}; }; zone "test.com" IN { type master; file "test.com.zone"; allow-transfer {127.0.0.1;172.20.3.36;172.20.3.37;}; }; zone "test.bo" IN { type master; file "test.bo.zone"; allow-transfer {127.0.0.1;172.20.3.36;172.20.3.37;}; };

3、注意权限

root@prod-dns-01 named# ls -lh total 28K drwxrwx--- 2 named named 23 Jun 8 13:45 data drwxrwx--- 2 named named 31 Jun 8 13:56 dynamic -rw-r----- 1 root named 2.3K May 22 2017 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback -rw-r----- 1 root named 848 Jun 8 14:04 test.bo.zone -rw-r----- 1 root named 850 Jun 8 14:04 test.com.zone -rw-r----- 1 root named 850 Jun 8 14:04 test.net.zone

4、检测配置 $TTL为定义的宏，表示下面资源记录ttl的值都为300秒 @符号可代表区域文件/etc/named.conf里面定义的区域名称，即："test.net."。

每个区域的资源记录第一条必须是SOA，SOA后面接DNS服务器的域名和电子邮箱地址，此处电子邮箱地址里的@因为有特殊用途，所以此处要用点号代替。SOA后面小括号里的各值所代表的意义如下所示： IN SOA prod-dns-01.test.net admin.test.net (

1806081510 ;标识序列号，十进制数字，不能超过10位，通常使用日期，年月日时分，代表18年6月8号15点10分修改记录 10M;新时间，即每隔多久到主服务器检查一次，此处为10分钟 5M ;重试时间，应该小于刷新时间，此处为5分钟 1D ;过期时间，此处为1天 2D ;主服务器挂后，从服务器至多工作的时间，此处为2天)

root@prod-dns-01 named# named-checkzone "test.net.zone" /var/named/test.net.zone zone test.net.zone/IN: loaded serial 1806081010 OK

5、添加新A记录

root@prod-dns-01 named# vim test.com.zone root@prod-dns-01 named# vim test.bo.zone root@prod-dns-01 named# vim test.net.zone root@prod-dns-01 etc# cat /var/named/test.net.zone $TTL 300 ; @ IN SOA prod-dns-01.test.net admin.test.net ( 1806081550 ; Serial 10M ; Refresh 5M ; Retry 1D ; Expire 2D ; TTL ) ; IN NS dns1 IN NS dns2 dns1 IN A 172.20.3.36 dns2 IN A 172.20.3.37 ; ; prod-hadoop-master-01 IN A 172.20.3.4 prod-hadoop-master-02 IN A 172.20.3.5 prod-hadoop-data-01 IN A 172.20.3.6 prod-hadoop-data-02 IN A 172.20.3.7 prod-hadoop-data-03 IN A 172.20.3.8 prod-hadoop-data-04 IN A 172.20.3.9 prod-hadoop-data-05 IN A 172.20.3.10 prod-hadoop-data-06 IN A 172.20.3.11 prod-hadoop-data-07 IN A 172.20.3.12 prod-hadoop-data-08 IN A 172.20.3.13

6、配置生效

root@prod-dns-01 named# rndc reload server reload successful

三、测试

root@prod-hadoop-master-01 ~# dig -t A prod-hadoop-data-01.test.com @172.20.3.36 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A prod-hadoop-data-01.test.com @172.20.3.36 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39022 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;prod-hadoop-data-01.test.com. IN A ;; ANSWER SECTION: prod-hadoop-data-01.test.com. 300 IN A 172.20.3.6 ;; AUTHORITY SECTION: test.com. 300 IN NS dns2.test.com. test.com. 300 IN NS dns1.test.com. ;; ADDITIONAL SECTION: dns1.test.com. 300 IN A 172.20.3.36 dns2.test.com. 300 IN A 172.20.3.37 ;; Query time: 1 msec ;; SERVER: 172.20.3.36#53(172.20.3.36) ;; WHEN: Fri Jun 8 14:05:36 2018 ;; MSG SIZE rcvd: 133

四、主从同步

1、dns 从主配置

root@prod-dns-02 etc# cat /etc/named.conf root@prod-dns-02 etc# cat /etc/named.rfc1912.zones zone "test.net" IN { type slave; masters { 172.20.3.36; }; file "slaves/test.net.zone"; allow-transfer { none; }; }; zone "test.com" IN { type slave; masters { 172.20.3.36; }; file "slaves/test.com.zone"; allow-transfer { none; }; }; zone "test.bo" IN { type slave; masters { 172.20.3.36; }; file "slaves/test.bo.zone"; allow-transfer { none; }; };

2、启动dns从配置会同步主的zone文件

root@prod-dns-02 etc# ls -ls /var/named/slaves/ root@prod-dns-02 etc# systemctl start named.service root@prod-dns-02 etc# systemctl status named.service root@prod-dns-02 etc# ls /var/named/slaves/ test.bo.zone test.com.zone test.net.zone

3、测试dns从的解析

root@prod-hadoop-master-01 ~# dig -t A prod-hadoop-data-01.test.com @172.20.3.37 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A prod-hadoop-data-01.test.com @172.20.3.37 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6112 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;prod-hadoop-data-01.test.com. IN A ;; ANSWER SECTION: prod-hadoop-data-01.test.com. 300 IN A 172.20.3.6 ;; AUTHORITY SECTION: test.com. 300 IN NS dns1.test.com. test.com. 300 IN NS dns2.test.com. ;; ADDITIONAL SECTION: dns1.test.com. 300 IN A 172.20.3.36 dns2.test.com. 300 IN A 172.20.3.37 ;; Query time: 3 msec ;; SERVER: 172.20.3.37#53(172.20.3.37) ;; WHEN: Fri Jun 8 14:35:03 2018 ;; MSG SIZE rcvd: 133

五、服务开机启动

root@prod-dns-01 etc# systemctl enable named Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. root@prod-dns-02 etc# systemctl enable named Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

六、压力测试

root@prod-dns-01 ~# wget https://www.isc.org/downloads/file/bind-9-9-12/?version=tar-gz root@prod-dns-01 ~# tar zxvf index.html\?version\=tar-gz root@prod-dns-01 queryperf# cd bind-9.9.12/contrib/queryperf/ root@prod-dns-01 queryperf# ./configure root@prod-dns-01 queryperf# make 使用300万书记，qps每秒达到1万以上 root@prod-dns-01 queryperf# ./queryperf -d testname.txt -s 172.20.3.37 DNS Query Performance Testing Tool Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $ Status Processing input data Status Sending queries (beginning with 172.20.3.37) Status Testing complete Statistics: Parse input file: once Ended due to: reaching end of file Queries sent: 3034641 queries Queries completed: 3034641 queries Queries lost: 0 queries Queries delayed(?): 0 queries RTT max: 0.028393 sec RTT min: 0.000110 sec RTT average: 0.001711 sec RTT std deviation: 0.001989 sec RTT out of range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Started at: Fri Jun 8 15:28:33 2018 Finished at: Fri Jun 8 15:33:10 2018 Ran for: 276.930575 seconds Queries per second: 10958.129127 qps