Bind view的master与slave部署与测试
2024-06-07 11:13:09
上次写过一篇关于“centos 6.2安装bind 9.8.2 master、slave与自动修改后更新”,地址为http://dl528888.blog.51cto.com/2382721/1249311,这次就介绍一下bind view的功能、如何部署、与测试结果。本文参考了http://dreamfire.blog.51cto.com/418026/1133159的一些内容,是先说明一下。
一、view介绍
View功能很容易理解,就是将不同IP地址段发来的查询响应到不同的DNS解析。例如需要对三个不同IP地址段进行配置,就需要明确这些IP地址段,这样View功能才会有效。对于初学者,简单了解它的语法非常必要。如果要有一个更清楚的认识,则可以到BIND官方网站查阅文档。
也可以理解为这样:现在为了解决南北互联问题,主要使用cdn技术,cdn技术也可以说是一个bind view。但ip的acl是cdn的一个核心,这个我们自己没办法找到。
二、配置
安装的话,可以参考之前的文章,本文就不描述了;
Master端的named.conf文件
[root@master named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
allow-transfer { 192.168.56.105;};
#also-notify { 192.168.56.105;};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
acl Telecomacl {
192.168.56.104;
};
acl Unicomacl {
192.168.56.105;
};
acl Othersacl {
any;
};
view "Telecom" {
match-clients { "Telecomacl"; 192.168.56.109; !192.168.56.107; !192.168.56.108;};
zone "test.com" IN {
type master;
notify yes;
also-notify { 192.168.56.105;};
allow-transfer { 192.168.56.109; };
file "Telecom.test.com";
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "Unicom" {
match-clients { "Unicomacl"; 192.168.56.107; !192.168.56.109; !192.168.56.108; };
zone "test.com" IN {
type master;
notify yes;
also-notify { 192.168.56.105;};
allow-transfer { 192.168.56.107; };
file "Unicom.test.com";
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "Others" {
match-clients { "Othersacl"; 192.168.56.108; !192.168.56.109; !192.168.56.107; };
zone "test.com" IN {
type master;
notify yes;
also-notify { 192.168.56.105;};
allow-transfer { 192.168.56.108; };
file "Others.test.com";
};
zone "." IN {
type hint;
file "named.ca";
};
};
Slave的named.conf配置
[root@slave named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
# bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
acl Telecomacl {
192.168.56.104;
};
acl Unicomacl {
192.168.56.105;
};
acl Othersacl {
any;
};
view "Telecom" {
match-clients { "Telecomacl"; 192.168.56.109; !192.168.56.107; !192.168.56.108; };
transfer-source 192.168.56.109;
zone "test.com" IN {
type slave;
masters { 192.168.56.104; };
file "Telecom.test.com";
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "Unicom" {
match-clients { "Unicomacl"; 192.168.56.107; !192.168.56.109; !192.168.56.108; };
transfer-source 192.168.56.107;
zone "test.com" IN {
type slave;
masters { 192.168.56.104; };
file "Unicom.test.com";
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "Others" {
match-clients { "Othersacl"; 192.168.56.108; !192.168.56.109; !192.168.56.107; };
transfer-source 192.168.56.108;
zone "test.com" IN {
type slave;
masters { 192.168.56.104; };
file "Others.test.com";
};
zone "." IN {
type hint;
file "named.ca";
};
};
Zone的配置(master与slave里都是一样的)
Telecom.test.com的
[root@master named]# cat Telecom.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. ( 2013071098 ; serial 60 ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. A 192.168.56.104 server A 192.168.56.101 client1 A 192.168.56.103 ubuntu A 192.168.56.102 ns1 A 192.168.56.104 ns2 A 192.168.56.105 test2 A 192.168.8.1 test1 A 192.168.8.12 test3 A 192.168.8.3 www A 1.1.1.1 Telecom.test.com的 [root@master named]# cat Unicom.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. ( 2013071098 ; serial 60 ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. A 192.168.56.104 server A 192.168.56.101 client1 A 192.168.56.103 ubuntu A 192.168.56.102 ns1 A 192.168.56.104 ns2 A 192.168.56.105 test2 A 192.168.8.1 test1 A 192.168.8.12 test3 A 192.168.8.3 www A 2.2.2.2 Others.test.com的 [root@master named]# cat Others.test.com $TTL 1D @ IN SOA ns1.test.com. root.localhost. ( 2013071098 ; serial 60 ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.test.com. NS ns2.test.com. A 192.168.56.104 server A 192.168.56.101 client1 A 192.168.56.103 ubuntu A 192.168.56.102 ns1 A 192.168.56.104 ns2 A 192.168.56.105 test2 A 192.168.8.1 test1 A 192.168.8.12 test3 A 192.168.8.3 www A 3.3.3.3
还需要记住,上面的named.conf与zone都配置好后,需要把master与slave的ip都加入到/etc/resolv.conf里,格式类似为
[root@master named]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script nameserver 192.168.56.104 nameserver 192.168.56.105
如果不添加,主机就无法通过master与slave主机来查看dns信息。
目前我这个是把acl与view都集中在一个named.conf配置文件里,一般如果你不是频繁的修改acl内容或者view内容,可以直接使用我这样的配置,这样同步是话,可以直接通过slave来复制主的zone到slave里,不需要你自己进行管理(我是使用slave端多网卡,通过transfer-source来指定复制源的方面来进行slave复制master的zone,一般如果不使用这样的方法,你有多个view的话,slave负责master的zone就会出现复制后的zone是多个,但多个zone的配置是完全一样的,所以要不就采用slave多网卡,要不就使用下面的rsync)。如果你频繁修改的话,可以把acl放到另外的一个文件里,然后在named.conf里include,但这样的话,这个acl文件还有zone的文件,在master与slave复制的时候,就需要你自己来弄了,你可以使用rsync+inotify或者rsync+Crontab来进行复制。
三、下面是测试
我上面的named.conf配置里,来自192.168.56.104的主机访问www.test.com的ip为1.1.1.1,而192.168.56.105的主机访问www.test.com的ip为2.2.2.2,最后其他主机访问此域名的话,ip为3.3.3.3.
1、在192.168.56.104里查看www.test.com
[root@master named]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:59:BB:1F inet addr:192.168.56.104 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe59:bb1f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1593 errors:0 dropped:0 overruns:0 frame:0 TX packets:1177 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:137736 (134.5 KiB) TX bytes:157084 (153.4 KiB) [root@master named]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46214 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Mon Jul 15 10:07:52 2013 ;; MSG SIZE rcvd: 114
2、在192.168.56.105里查看www.test.com
[root@slave ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:92:7F:34 inet addr:192.168.56.105 Bcast:192.168.56.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1330 errors:0 dropped:0 overruns:0 frame:0 TX packets:1518 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:125612 (122.6 KiB) TX bytes:163198 (159.3 KiB) [root@slave ~]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40968 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 2.2.2.2 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Mon Jul 15 02:09:43 2013 ;; MSG SIZE rcvd: 114
3、在192.168.56.101里查看www.test.com
root@server:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:66:7a:7a inet addr:192.168.56.101 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe66:7a7a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:752 errors:0 dropped:0 overruns:0 frame:0 TX packets:1064 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:66541 (66.5 KB) TX bytes:100256 (100.2 KB) root@server:~# dig www.test.com ; <<>> DiG 9.8.1-P1 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43605 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 3.3.3.3 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 3 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Mon Jul 15 10:11:20 2013 ;; MSG SIZE rcvd: 114
可以从上面的结果里看到,从不同的ip里访问www.test.com域名得到的结果完全是我named.conf里要求的。
下面测试当master的named当掉的时候的结果
[root@master named]# /etc/init.d/named stop Stopping named: . [ OK ] 1、 在192.168.56.104里查看www.test.com [root@master named]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:59:BB:1F inet addr:192.168.56.104 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe59:bb1f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1833 errors:0 dropped:0 overruns:0 frame:0 TX packets:1342 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:155319 (151.6 KiB) TX bytes:171750 (167.7 KiB) [root@master named]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26442 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.105#53(192.168.56.105) ;; WHEN: Mon Jul 15 10:18:15 2013 ;; MSG SIZE rcvd: 114
2、在192.168.56.105里查看www.test.com
[root@slave ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:92:7F:34 inet addr:192.168.56.105 Bcast:192.168.56.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1507 errors:0 dropped:0 overruns:0 frame:0 TX packets:1633 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:139266 (136.0 KiB) TX bytes:175684 (171.5 KiB) [root@slave ~]# dig www.test.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9825 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 2.2.2.2 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns1.test.com. test.com. 86400 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 4 msec ;; SERVER: 192.168.56.105#53(192.168.56.105) ;; WHEN: Mon Jul 15 02:18:49 2013 ;; MSG SIZE rcvd: 114
3、在192.168.56.101里查看www.test.com
root@server:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:66:7a:7a inet addr:192.168.56.101 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe66:7a7a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:860 errors:0 dropped:0 overruns:0 frame:0 TX packets:1228 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:75440 (75.4 KB) TX bytes:114113 (114.1 KB) root@server:~# dig www.test.com ; <<>> DiG 9.8.1-P1 <<>> www.test.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56763 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 86400 IN A 3.3.3.3 ;; AUTHORITY SECTION: test.com. 86400 IN NS ns2.test.com. test.com. 86400 IN NS ns1.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 86400 IN A 192.168.56.104 ns2.test.com. 86400 IN A 192.168.56.105 ;; Query time: 1 msec ;; SERVER: 192.168.56.105#53(192.168.56.105) ;; WHEN: Mon Jul 15 10:19:16 2013 ;; MSG SIZE rcvd: 114
可以看到即使master上的named服务停掉了,其他主机也可以从slave里获取www.test.com信息。
下面是我对named.conf里是否指定使用notify yes做了一个测试
1、没有指定使用notify yes
2、指定使用notifyyes
具体的测试情况,可以参考我附件里的word文档
根据上面的测试结果,我认为如果你的acl文件里(不在named.conf里),对修改后更新的速度还有要求(比如要求1分钟内slave就需要能修改更新),最好还是在slave里使用rsync+sersync或者rsync+inotify来进行同步acl的文件,还有zone的配置。
如果对修改更新速度没有太多的要求,可以指定使用notify yes。
具体的选择看自己的需求了。
具体的测试过程我就不写了,在附件里的word文档里有。
Bind view的master与slave部署与测试相关推荐
- RocketMQ多Master多Slave模式部署
每个 Master 配置一个 Slave,有多对Master-Slave,HA采用同步双写方式,主备都写成功,向应用返回成功. 优点:数据与服务都无单点,Master宕机情况下,消息无延迟,服务可用性 ...
- MySQL双主io线程起不来_解决master and slave have equal MySQL server UUIDs导致Slave_IO_thread起不来问题...
今天在部署mysql主从复制时遇到个小问题 在配置完所有步骤后,想在主库插入数据测试从库又没复制 结果发现从库没有反应. 这时查了一下从库的状态,如下: root@localhost:mysql.so ...
- K8S——单master节点和基于单master节点的双master节点二进制部署(本机实验,防止卡顿,所以多master就不做3台了)
K8S--单master节点和基于单master节点的双master节点二进制部署 一.准备 二.ETCD集群 1.master节点 2.node节点 三.Flannel网络部署 四.测试容器间互通 ...
- Redis master和slave是如何实现数据同步的
2019独角兽企业重金招聘Python工程师标准>>> Redis的主从同步机制可以确保redis的master和slave之间的数据同步.按照同步内容的多少可以分为全同步和部分同步 ...
- The slave I/O thread stops because master and slave have equal MySQL server UUIDs;
最近在部署MySQL主从复制架构的时候,碰到了"Last_IO_Error: Fatal error: The slave I/O thread stops because master a ...
- The slave I/O thread stops because master and slave have equal MySQL server UUID
The slave I/O thread stops because master and slave have equal MySQL server UUIDs The slave I/O thre ...
- Hadoop,master和slave简单的分布式搭建
搭建过程中配置免密钥登录为了以后方便使用 [提醒]安装Hadoop中会遇到新建文件夹,配置路径等问题,这个不能生搬硬套,要使用自己配置的路径,灵活使用. Hadoop的部署配置文件在http://bl ...
- jenkins开启web代理通过tcp端口方式使master与slave建立连接
jenkins开启web代理通过tcp端口方式使master与slave建立连接 文章目录 jenkins开启web代理通过tcp端口方式使master与slave建立连接 1.jenkins web ...
- jenkins使用Git为源码管理(windows master linux slave)
作为一个不太经常总结的人,工作以来碰到过太多问题!往往解决之后没有有效记录,导致再次碰到需要重新查资料解决.现在改变下习惯,努力搞的了技术. 公司最近提倡开源(以前啥都机密,即使开源也没改变多少),代 ...
最新文章
- 推箱子2-向右推!_保持冷静,砍箱子-me脚
- 服务器统一计算系统,思科为微软扩展统一计算系统UCS服务器
- python基础教程:排列与组合
- JavaWeb项目中如何扩展一个Request对象——包装器HttpServletRequestWrapper
- 树莓派命令连接wifi_树莓派连接无线网wifi配置方法
- ubuntu18.10运行95版仙剑
- mysql的考试范围_数据库考试范围整理
- Java基础17:Java IO流总结
- 从入门到头秃,2018年机器学习图书TOP10
- python chmod 批量 os_Python3 os.lchmod() 方法
- slice()和splice()、split(),number()、parseInt()和parseFloat()
- NeatUpload 同时选择并上传多个文件
- 【夏虫语冰】visio2013安装出错,您输入的产品密钥无法在此计算机上使用,错误25004
- H.264媒体流AnnexB和AVCC格式分析 及 FFmpeg解析mp4的H.264码流方法
- C# 实现Windows Media Encoder音视频捕捉
- Java解惑之长整型
- 4-adjacent
- walking与Matlab入门教程-连接到walking机器人
- 为什么宇宙年龄138亿年(哈勃常数的倒数),大小竟有930亿光年?
- 微信小程序解码emoji表情