主机部署:
yum安装DNS服务和依赖

[admin@haifly-bj-dns1 ~]$ sudo yum install bind-chroot
启动named-chroot服务

[admin@haifly-bj-dns1 ~]$ sudo systemctl start named
[admin@haifly-bj-dns1 ~]$ sudo systemctl enable named

修改/etc/named.conf配置
[admin@haifly-bj-dns1 ~]$ sudo cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
allow-recursion { 0.0.0.0/0; };

forward first;
forwarders {
180.76.76.76;
114.114.114.114;
};

dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "feiersmart.local" IN {
type master;
file "feiersmart.local.zone";
allow-transfer { 192.168.1.219; };
allow-query { any; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

备机部署:
修改/etc/named.conf
[admin@haifly-bj-dns2 ~]$ sudo cat /etc/named.conf
[sudo] password for admin:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
allow-recursion { 0.0.0.0/0; };

forward first;
forwarders {
119.29.29.29;
114.114.114.114;
};

dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "feiersmart.local" IN {
type slave;
file "slaves/feiersmart.local.zone";
masters { 192.168.5.244; };
allow-query { any; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

配置修改:
每次修改 DNS 配置之后,只需要修改主机的配置,一定要修改时间戳,否则会导致配置备机配置不生效。

配置修改完成后,重启服务
[admin@haifly-bj-dns1 ~]$ sudo systemctl restart named

监控脚本
#!/usr/bin/python
#coding=utf-8

import dns.resolver
import sys

def query_domain(nameserverIP,domainName):

resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = [nameserverIP]

try:
answer = resolver.query(domainName, 'A')
if len(answer) >= 1:
return(True)
else:
return(False)
except:
return(False)

def main():

nameserverIPs = ['192.168.1.5','192.168.1.6']

domainNames = ['www.baidu.com',\
'api.weixin.qq.com','graph.qq.com','proxy-ling.jd.com','api.ximalaya.com',\
'vboxmongodb1.linglongtech.com','logs.linglongtech.com',\
'vboxdb.linglongtech.local','vboxmem.linglongtech.local','vboxdns1.linglongtech.local','vboxdns2.
linglongtech.local']

for x in nameserverIPs:
for y in domainNames:

#print(x,y)
#print(query_domain(x,y))

if query_domain(x,y):
continue
else:
print(1)
sys.exit(0)

print(0)

if __name__ == '__main__':
main()

部署主从dns的更多相关文章

  1. 架构师成长之路6.4 DNS服务器搭建(部署主从DNS)

    点击返回架构师成长之路 架构师成长之路6.3 DNS服务器搭建(部署主从DNS)  部署主DNS : 点击 部署从DNS : 如下步骤 1.与主DNS一样,安装bind yum -y install ...

  2. 使用bind实现主从DNS服务器数据同步

    一.bind简介 Linux中通常使用bind来实现DNS服务器的架设,bind软件由isc(www.isc.org)维护.在yum仓库中可以找到软件,配置好yum源,直接使用命令yum instal ...

  3. 基于Bind实现的DNS正反向解析及主从DNS的配置

    一.什么是DNS? 1.1 简单的理解,Domain Name System,是互联网一项核心的服务,他作为一个桥梁可以将域名和IP地址相互因素的一个分布式数据库,能够使人更加方便的访问互联网,而不用 ...

  4. 使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建

    参考网址:http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/ DNS(Domain Name S ...

  5. Centos7搭建主从DNS服务器

    1.准备 例:两台192.168.11.10(主),192.168.11.11(从),域名www.test1.com # 主从DNS服务器均需要安装bind.bind-chroot.bind-util ...

  6. centos7 主从dns配置 bind服务

    一,配置前请先关闭防火墙selinux 防火墙关闭方法,参见上一篇文章. setenforce 0    #临时关闭 修改/etc/selinux/config 文件  将SELINUX=enforc ...

  7. Redis 部署主从哨兵 C#使用,实现自动获取redis缓存 实例1

    源码示例下载链接: https://pan.baidu.com/s/1eTA63T4 密码: un96 实现目标:windows 下安装 一台master服务 一台salve redis服务器 并且哨 ...

  8. 主从DNS服务器的搭建

    一.DNS主从的理解 主从服务器,在一开始的理解中,以为是主的dns服务器挂掉后,(dns服务自动转向辅助dns服务器),客户端还能继续解析.事实貌似不是这样的.当我把主dns停掉的时候,客户端只设一 ...

  9. 企业运维 | MySQL关系型数据库在Docker与Kubernetes容器环境中快速搭建部署主从实践

    [点击 关注「 WeiyiGeek」公众号 ] 设为「️ 星标」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 本章目录 目录 ...

随机推荐

  1. 【Offer】[57-1] 【和为S的两个数字】

    题目描述 思路分析 测试用例 Java代码 代码链接 题目描述 输入一个递增排序的数组和一个数字s,在数组中查找两个数,使得它们的和正好是s.如果有多对数字的和等于s,则输出任意一对即可. 牛客网刷题 ...

  2. Java网络编程 -- Netty入门

    Netty简介 Netty是一个高性能,高可扩展性的异步事件驱动的网络应用程序框架,它极大的简化了TCP和UDP客户端和服务器端网络开发.它是一个NIO框架,对Java NIO进行了良好的封装.作为一 ...

  3. C#基础——事件初步

    事件是C#语言的重要成员之一,初学者往往不能很好的去理解和运用事件,特别是自定义事件.在这里将以较简单的方式呈现事件最基本的用法. 1.事件的定义 给事件下定义是一个较困难的事,因为它体现的是对象与对 ...

  4. SQL,如果碰到Json,你会怎么做?

    1.Json串如下: DECLARE @JsonInfo NVARCHAR() SET @JsonInfo=N' { "CalcPayInput":{ ", " ...

  5. Springboot源码分析之TypeFilter魔力

    摘要: 在平常的开发中,不知道大家有没有想过这样一个问题,为什么我们自定义注解的时候要使用spring的原生注解(这里指的是类似@Component,@Service........),要么就是 随便 ...

  6. springboot中动态修改log4j2日志级别

    springboot中动态修改log4j2日志级别 在spring boot中使用log4j2日志时,项目运行中,想要修改日志级别. 1.pom.xml依赖: <dependency> & ...

  7. Appium+python自动化(三十七)- 士兵突击许三多 - 多个appium服务启动,多个设备启动,多进程并发启动设备-并发测试 - 下(超详解)

    简介 接着上一篇继续看一下如何并发测试以及并发测试的过程中,可能遇到的问题,在这里宏哥把宏哥遇到的和小伙伴或者童鞋们,一起分享一下. Appium端口检测 问题思考 经过前面学习,我们已经能够使用py ...

  8. TabHost创建的2种方式

    一.如果是自定义TabHost步骤如下 1.必须给tabHost跟标签设置一个android:id="@android:id/tabhost"> 2.必须创建TabWidge ...

  9. 【第十四篇】easyui datagrid导出excel

    <a class="btn btn-app" onclick="exportExcel()"><i class="fa fa-edi ...

  10. git之rebase、merge和cherry pick的区别(面试常问)

    git flow图例镇楼 merge 这个简单,初学者常用.比如主分支是Dev,最新版本是01.然后小明基于此,搞了个feature 分支A,业务:打酱油.然后在上面多次提交,完成功能迭代开发,如A1 ...