Detailed explanation of Linux DNS Service -- DNS master-slave architecture configuration

Posted by shoppingspree on Thu, 11 Nov 2021 19:17:34 +0100

Today, I will continue to introduce you to the basic knowledge of Linux. The main content of this article is the master-slave configuration of DNS.
To read this article, you need to have a certain DNS foundation. If you are still confused about this, please refer to the following articles:
Detailed explanation of Linux DNS Service -- basic knowledge of DNS
Detailed explanation of Linux DNS Service -- DNS actual configuration
Because in Detailed explanation of Linux DNS Service -- DNS actual configuration The configuration idea of a single DNS server has been mentioned in this article, so it will not be repeated in this article.

1, DNS master-slave architecture

Today, we will use two Linux devices to implement DNS master-slave architecture configuration. The machines are as follows:
DNS master server: 192.168.136.101
DNS slave server: 192.168.136.210
In the DNS master-slave architecture, the DNS slave server synchronizes the zone configuration file from the DNS master server, and can also provide DNS services.

2, DNS master server profile

In order to realize the master-slave configuration of DNS, you need to add allow on the basis of a single DNS configuration file_ Update option. In this example, the DNS master server configuration file is as follows:

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.root.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone "pzz.com" IN {
        type master;
        file "pzz.com.zone";
        allow-update{192.168.136.210;};
};
zone "136.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.136.arpa";
        allow-update{192.168.136.210;};
};

And Detailed explanation of Linux DNS Service -- DNS actual configuration The difference in this article is that the allow update option of each zone contains the IP address of the DNS slave server.
The zone configuration files for forward and reverse parsing are exactly the same as above.

3, DNS slave server profile

On the DNS slave server, first install DNS, and then modify its master configuration file as follows:

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.root.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "pzz.com" IN {
        type slave;
        file "pzz.com.zone";
        masters { 192.168.136.101; };
};
zone "136.168.192.in-addr.arpa" IN {
        type slave;
        file "192.168.136.arpa";
        masters { 192.168.136.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

In the above configuration file, the points to be modified are the listen on port field and allow query field in the option option. The newly added configuration is zone configuration. The zone configured must be consistent with the DNS master server. The type type is slave. The file can be customized. When the DNS master-slave architecture runs successfully, The DNS slave server will automatically synchronize the zone configuration file on the DNS master server. The file is named after the file file in the slave DNS server. The masters option is the IP address of the DNS master server. Note that the IP address and braces must be followed by two quotation marks.

4, DNS master-slave schema configuration verification

After the above configuration is completed, DNS starts the DNS function from the server. The command is as follows:

systemctl start named

Later, we found that in the / var/named directory, two region configuration files are automatically generated, as shown below:

Then, select a machine, point the IP address of its DNS server to our newly configured DNS slave server, and PING some domain name records configured by us. The results are as follows:

To sum up, the DNS slave server is successfully configured. It can automatically synchronize the zone configuration file from the master server and provide DNS services externally.
It's not easy to be original. Please explain the source: https://blog.csdn.net/weixin_ forty million two hundred and twenty-eight thousand and two hundred

Topics: Linux DNS server architecture