主机部署:
yum安装DNS服务和依赖

[admin@haifly-bj-dns1 ~]$ sudo yum install bind-chroot
启动named-chroot服务

[admin@haifly-bj-dns1 ~]$ sudo systemctl start named
[admin@haifly-bj-dns1 ~]$ sudo systemctl enable named

修改/etc/named.conf配置
[admin@haifly-bj-dns1 ~]$ sudo cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
allow-recursion { 0.0.0.0/0; };

forward first;
forwarders {
180.76.76.76;
114.114.114.114;
};

dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "feiersmart.local" IN {
type master;
file "feiersmart.local.zone";
allow-transfer { 192.168.1.219; };
allow-query { any; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

备机部署:
修改/etc/named.conf
[admin@haifly-bj-dns2 ~]$ sudo cat /etc/named.conf
[sudo] password for admin:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
allow-recursion { 0.0.0.0/0; };

forward first;
forwarders {
119.29.29.29;
114.114.114.114;
};

dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "feiersmart.local" IN {
type slave;
file "slaves/feiersmart.local.zone";
masters { 192.168.5.244; };
allow-query { any; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

配置修改:
每次修改 DNS 配置之后,只需要修改主机的配置,一定要修改时间戳,否则会导致配置备机配置不生效。

配置修改完成后,重启服务
[admin@haifly-bj-dns1 ~]$ sudo systemctl restart named

监控脚本
#!/usr/bin/python
#coding=utf-8

import dns.resolver
import sys

def query_domain(nameserverIP,domainName):

resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = [nameserverIP]

try:
answer = resolver.query(domainName, 'A')
if len(answer) >= 1:
return(True)
else:
return(False)
except:
return(False)

def main():

nameserverIPs = ['192.168.1.5','192.168.1.6']

domainNames = ['www.baidu.com',\
'api.weixin.qq.com','graph.qq.com','proxy-ling.jd.com','api.ximalaya.com',\
'vboxmongodb1.linglongtech.com','logs.linglongtech.com',\
'vboxdb.linglongtech.local','vboxmem.linglongtech.local','vboxdns1.linglongtech.local','vboxdns2.
linglongtech.local']

for x in nameserverIPs:
for y in domainNames:

#print(x,y)
#print(query_domain(x,y))

if query_domain(x,y):
continue
else:
print(1)
sys.exit(0)

print(0)

if __name__ == '__main__':
main()

部署主从dns的更多相关文章

  1. 架构师成长之路6.4 DNS服务器搭建(部署主从DNS)

    点击返回架构师成长之路 架构师成长之路6.3 DNS服务器搭建(部署主从DNS)  部署主DNS : 点击 部署从DNS : 如下步骤 1.与主DNS一样,安装bind yum -y install ...

  2. 使用bind实现主从DNS服务器数据同步

    一.bind简介 Linux中通常使用bind来实现DNS服务器的架设,bind软件由isc(www.isc.org)维护.在yum仓库中可以找到软件,配置好yum源,直接使用命令yum instal ...

  3. 基于Bind实现的DNS正反向解析及主从DNS的配置

    一.什么是DNS? 1.1 简单的理解,Domain Name System,是互联网一项核心的服务,他作为一个桥梁可以将域名和IP地址相互因素的一个分布式数据库,能够使人更加方便的访问互联网,而不用 ...

  4. 使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建

    参考网址:http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/ DNS(Domain Name S ...

  5. Centos7搭建主从DNS服务器

    1.准备 例:两台192.168.11.10(主),192.168.11.11(从),域名www.test1.com # 主从DNS服务器均需要安装bind.bind-chroot.bind-util ...

  6. centos7 主从dns配置 bind服务

    一,配置前请先关闭防火墙selinux 防火墙关闭方法,参见上一篇文章. setenforce 0    #临时关闭 修改/etc/selinux/config 文件  将SELINUX=enforc ...

  7. Redis 部署主从哨兵 C#使用,实现自动获取redis缓存 实例1

    源码示例下载链接: https://pan.baidu.com/s/1eTA63T4 密码: un96 实现目标:windows 下安装 一台master服务 一台salve redis服务器 并且哨 ...

  8. 主从DNS服务器的搭建

    一.DNS主从的理解 主从服务器,在一开始的理解中,以为是主的dns服务器挂掉后,(dns服务自动转向辅助dns服务器),客户端还能继续解析.事实貌似不是这样的.当我把主dns停掉的时候,客户端只设一 ...

  9. 企业运维 | MySQL关系型数据库在Docker与Kubernetes容器环境中快速搭建部署主从实践

    [点击 关注「 WeiyiGeek」公众号 ] 设为「️ 星标」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 本章目录 目录 ...

随机推荐

  1. Docker搭建disconf环境,三部曲之一:极速搭建disconf

    Docker下的disconf实战全文链接 <Docker搭建disconf环境,三部曲之一:极速搭建disconf>: <Docker搭建disconf环境,三部曲之二:本地快速构 ...

  2. 关于git使用的几点理解

    1.git为分布式的版本控制系统,有远程仓库和本地仓库,远程仓库和本地仓库之间建立关联关系后,可将本地仓库的更新push(相当于是内容同步)到远程仓库进行保存,远程仓库的作用相当于一个最终代码备份的地 ...

  3. Django之FBV和CBV的用法

    FBV FBV,即 func base views,函数视图,在视图里使用函数处理请求. 以用户注册代码为例, 使用两个函数完成注册 初级注册代码 def register(request): &qu ...

  4. 实验吧CTF练习题---WEB---FALSE解析

    实验吧web之FALSE 地址:http://www.shiyanbar.com/ctf/1787 flag值:CTF{t3st_th3_Sha1}   解题步骤: 1.点开题目链接,观察题意 2.题 ...

  5. FreeSql (十四)批量更新数据

    FreeSql支持丰富的更新数据方法,支持单条或批量更新,在特定的数据库执行还可以返回更新后的记录值. var connstr = "Data Source=127.0.0.1;Port=3 ...

  6. 调用webservice获取电话号码归属地信息

    首先什么是webservice ? 从广义上面讲,任何一个服务器所提供的"数据","内容","方法"等等都可以理解为webservice. ...

  7. mapper 传多个参数

    Mybatis的Mapper接口的参数,一般是一个对象,但如果不是对象,并且有多个参数的时候呢?我们第一个的想法是把参数封装成一个java.util.Map类型,然后在方法的注释上面写上map的key ...

  8. javaweb应用程序概述

    1.HTTP(超文本传输协议),它是一种主流的B/S架构中应用的通信协议.具有以下特点: 1.1.无状态:服务不会记录客户端每次提交的请求,服务器一旦响应客户端之后,就会结束本次的通信过程,客户端下一 ...

  9. java8 新特性精心整理(全)

    前言 越来越多的项目已经使用 Java 8 了,毫无疑问,Java 8 是Java自Java 5(发布于2004年)之后的最重要的版本.这个版本包含语言.编译器.库.工具和 JVM 等方面的十多个新特 ...

  10. linux切换jdk

    一.安装openjdk yum search openjdk yum install java-1.8.0-openjdk-devel-debug.x86_64 二.查询java版本 alternat ...