現在公司有 2100 台以上的主機,而都是用 IP Address 進行管理的。
對我的記憶力是一個大挑戰,我也覺得這不是一個好的管理方式。
最近因為要加上手動從管理介面重啟主機,所以要多記下每一台主機的 IPMI 管理 port 的 IP,
這樣一來,又多了 2100 個 IP 要記,令我很受不了,
於是我打算建立 DNS Server 來管理這 4200 個 IP。
建立 DNS Server 的步驟不難,網路上也有很多資料可以參考。
以下就列出我環境中的設定檔
Master 主機
/etc/named.conf
options {
listen-on port 53 { 10.50.0.2; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
allow-transfer {
10.50.0.4;
};
allow-notify {
10.50.0.4;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "rayvision.com" IN {
type master;
file "data/named.rayvision.com";
notify yes;
also-notify { 10.50.0.4; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
/var/named/data/named.rayvision.com
;
; ns1: /var/named/internal.rayvision.com
; Zone hosts file for internal of rayvision.com
;
$TTL 86400
$ORIGIN rayvision.com.
@ 3H IN SOA dns.rayvision.com. root.rayvision.com. (
3242554630 ; serial (d. adams)
2H ; refresh
15M ; retry
1W ; expiry
12H ) ; default_ttl (minimum)
@ 3H IN NS dns.rayvision.com.
;
; Mail exchanger
;
rayvision.com. IN A 10.50.0.2
rayvision.com. IN A 10.50.0.4
rayvision.com. 0 IN MX 10 dns.rayvision.com.
;
dns IN A 10.50.0.2
dnss IN A 10.50.0.4
A001 IN A 10.50.11.1
A002 IN A 10.50.11.2
Slave 主機
/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 10.50.0.4; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
allow-transfer {
10.50.0.2;
};
allow-notify {
10.50.0.2;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "rayvision.com" IN {
type slave;
file "data/named.rayvision.com";
masters { 10.50.0.2; };
notify yes;
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
/var/named/data/named.rayvision.com
會自動從 Master 上同步過來
最後這邊要說的是,如果要讓 Master 和 Slave 自動同步,除了在 iptables 上開了 UDP 53 port 之外, TCP 53 port 也要開,不然會出現以下錯誤...
Aug 25 20:41:35 monitor2 named[6743]: zone rayvision.com/IN: Transfer started.
Aug 25 20:41:35 monitor2 named[6743]: transfer of 'rayvision.com/IN' from 10.50.0.2#53: failed to connect: host unreachable
Aug 25 20:41:35 monitor2 named[6743]: transfer of 'rayvision.com/IN' from 10.50.0.2#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
Aug 25 20:42:18 monitor2 named[6743]: client 10.50.0.2#54761: received notify for zone 'rayvision.com'
Aug 25 20:42:18 monitor2 named[6743]: master 10.50.0.2#53 (source 0.0.0.0#0) deleted from unreachable cache
Aug 25 20:42:18 monitor2 named[6743]: zone rayvision.com/IN: Transfer started.
Aug 25 20:42:18 monitor2 named[6743]: transfer of 'rayvision.com/IN' from 10.50.0.2#53: failed to connect: host unreachable
Aug 25 20:42:18 monitor2 named[6743]: transfer of 'rayvision.com/IN' from 10.50.0.2#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
留言列表
