[原创]bind view master/slave 通过TSIG同步方法
我以前写了一篇《bind view master/slave不能同步的解决方法》,当时是给上海一家公司做的dns服务器,用的是在网口上绑定多个子接口比分配不同的IP来实现view同步的!昨天又开始做一个dns服务器,这次使用的是TSIG同步方法,这样就可以不用多个IP了!
TSIG同步方法是这样的:在服务器上定义多个key,每个view使用一个key,ip为同一个ip,备机上就是用key来区分和同步view!直接贴出我的named.conf完整配置吧!
环境如下:
A机:master 172.16.1.1 5个view 4个zone
B机:slave 172.16.1.2
A机配置:
include “/usr/local/named/etc/area_chengdu.cfg”;//这个是华南的acl
include “/usr/local/named/etc/area_south.cfg”;//这个是电信的acl
include “/usr/local/named/etc/area_edu.cfg”;//这个是教育网的acl
include “/usr/local/named/etc/area_local.cfg”;//这个是本地的acl
include “/usr/local/named/etc/area_dns.cfg”;//这个是dns是真实IP
include “/usr/local/named/etc/area_key.cfg”;//这个是定义的key
///////////////////////////////////////////////////////////////////////
options {
directory “/var/named”;
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
memstatistics-file “data/named_mem_stats.txt”;
also-notify { 172.16.1.2; };
allow-transfer { area_dns; };
notify explicit;
allow-query { any; };
allow-update { none; };
};
logging {
channel warning {
file “/var/log/dns/named.log” versions 3 size 2048k;
severity info;
print-category yes;
print-time yes;
};
channel queries_info {
file “/var/log/dns/queries.log” versions 3 size 200m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category queries {
queries_info;
default_debug;
};
category default { warning; };
};
///////////////////////////////////////////////////////////////////////
view “eduward” {
match-clients { !key shanghai;!key chengdu;!key local;!key southward;!key otherward; area_dns;area_edu; };
server 172.16.1.2 { keys { eduward; }; };
recursion no;//不接受非递归查询
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type master;
file “eduward/192168″;
};
zone “a.com” IN {
type master;
file “eduward/a.com.zone”;
};
zone “b.com” IN {
type master;
file “eduward/b.com.zone”;
};
zone “c.com” IN {
type master;
file “eduward/c.com.zone”;
};
};
///////////////////////////////////////////////////////////////////////
view “chengdu” {
match-clients { !key shanghai;!key local;!key eduward;!key southward;!key otherward; area_dns;area_chengdu; };
server 172.16.1.2 { keys { chengdu; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type master;
file “chengdu/192168″;
};
zone “a.com” IN {
type master;
file “chengdu/a.com.zone”;
};
zone “b.com” IN {
type master;
file “chengdu/b.com.zone”;
};
zone “c.com” IN {
type master;
file “chengdu/c.com.zone”;
};
};
///////////////////////////////////////////////////////////////////////
view “shanghai” {
match-clients { !key local;!key chengdu;!key eduward;!key southward;!key otherward; area_dns;area_shanghai; };
server 172.16.1.2 { keys { shanghai; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type master;
file “shanghai/192168″;
};
zone “a.com” IN {
type master;
file “shanghai/a.com.zone”;
};
zone “b.com” IN {
type master;
file “shanghai/b.com.zone”;
};
zone “c.com” IN {
type master;
file “shanghai/c.com.zone”;
};
};
///////////////////////////////////////////////////////////////////////
view “southward” {
match-clients { !key shanghai;!key chengdu;!key eduward;!key local;!key otherward;area_dns; area_south; };
server 172.16.1.2 { keys { southward; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type master;
file “southward/192168″;
};
zone “a.com” IN {
type master;
file “southward/a.com.zone”;
};
zone “b.com” IN {
type master;
file “southward/b.com.zone”;
};
zone “c.com” IN {
type master;
file “southward/c.com.zone”;
};
};
///////////////////////////////////////////////////////////////////////
view “local” {
match-clients {!key shanghai;!key chengdu;!key eduward;!key southward;!key otherward;area_dns; area_local;};
server 172.16.1.2 { keys { local; }; };
recursion yes;//对于本地用户可以进行递归查询
allow-recursion {area_local;};//允许递归查询范围
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type master;
file “local/192168″;
};
zone “a.com” IN {
type master;
file “local/a.com.zone”;
};
zone “b.com” IN {
type master;
file “local/b.com.zone”;
};
zone “c.com” IN {
type master;
file “local/c.com.zone”;
};
};
///////////////////////////////////////////////////////////////////////
view “otherward” {
match-clients { !key shanghai;!key chengdu;!key eduward;!key southward;!key local;area_dns;any; };
server 172.16.1.214 { keys { otherward; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type master;
file “192168″;
};
zone “a.com” IN {
type master;
file “a.com.zone”;
};
zone “b.com” IN {
type master;
file “b.com.zone”;
};
zone “c.com” IN {
type master;
file “c.com.zone”;
};
};
B机配置:
include “/usr/local/named/etc/area_chengdu.cfg”;
include “/usr/local/named/etc/area_south.cfg”;
include “/usr/local/named/etc/area_edu.cfg”;
include “/usr/local/named/etc/area_local.cfg”;
include “/usr/local/named/etc/area_dns.cfg”;
include “/usr/local/named/etc/area_key.cfg”;
options {
directory “/var/named”;
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
memstatistics-file “data/named_mem_stats.txt”;
allow-query { any; };
};
logging {
channel warning {
file “/var/log/dns/named.log” versions 3 size 2048k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel queries_info {
file “/var/log/dns/queries.log” versions 3 size 200m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category queries {
queries_info;
default_debug;
};
category default { warning; };
};
///////////////////////////////////////////////////////////////////////
view “eduward” {
match-clients { !key shanghai;!key chengdu;!key local;!key southward;!key otherward;area_dns;area_edu; };
server 172.16.1.1 { keys { eduward; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type slave;
file “eduward/192168″;
masters { 172.16.1.1; };
};
zone “a.com” IN {
type slave;
file “eduward/a.com.zone”;
masters { 172.16.1.1; };
};
zone “b.com” IN {
type slave;
file “eduward/b.com.zone”;
masters { 172.16.1.1; };
};
zone “c.com” IN {
type slave;
file “eduward/c.com.zone”;
masters { 172.16.1.1; };
};
};
///////////////////////////////////////////////////////////////////////
view “chengdu” {
match-clients { !key shanghai;!key local;!key eduward;!key southward;!key otherward; area_dns; area_chengdu; };
server 172.16.1.1 { keys { chengdu; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type slave;
file “chengdu/192168″;
masters { 172.16.1.1; };
};
zone “a.com” IN {
type slave;
file “chengdu/a.com.zone”;
masters { 172.16.1.1; };
};
zone “b.com” IN {
type slave;
file “chengdu/b.com.zone”;
masters { 172.16.1.1; };
};
zone “c.com” IN {
type slave;
file “chengdu/c.com.zone”;
masters { 172.16.1.1; };
};
};
///////////////////////////////////////////////////////////////////////
view “shanghai” {
match-clients { !key local;!key chengdu;!key eduward;!key southward;!key otherward; area_dns; area_shanghai; };
server 172.16.1.1 { keys { shanghai; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type slave;
file “shanghai/192168″;
masters { 172.16.1.1; };
};
zone “a.com” IN {
type slave;
file “shanghai/a.com.zone”;
masters { 172.16.1.1; };
};
zone “b.com” IN {
type slave;
file “shanghai/b.com.zone”;
masters { 172.16.1.1; };
};
zone “c.com” IN {
type slave;
file “shanghai/c.com.zone”;
masters { 172.16.1.1; };
};
};
///////////////////////////////////////////////////////////////////////
view “southward” {
match-clients { !key shanghai;!key chengdu;!key eduward;!key local;!key otherward;area_dns; area_south; };
server 172.16.1.1 { keys { southward; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type slave;
file “southward/192168″;
masters { 172.16.1.1; };
};
zone “a.com” IN {
type slave;
file “southward/a.com.zone”;
masters { 172.16.1.1; };
};
zone “b.com” IN {
type slave;
file “southward/b.com.zone”;
masters { 172.16.1.1; };
};
zone “c.com” IN {
type slave;
file “southward/c.com.zone”;
masters { 172.16.1.1; };
};
};
///////////////////////////////////////////////////////////////////////
view “local” {
match-clients { !key shanghai;!key chengdu;!key eduward;!key southward;!key otherward;area_dns;area_local; };
server 172.16.1.1 { keys { local; }; };
allow-recursion {area_local;};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type slave;
file “local/192168″;
masters { 172.16.1.1; };
};
zone “a.com” IN {
type slave;
file “local/a.com.zone”;
masters { 172.16.1.1; };
};
zone “b.com” IN {
type slave;
file “local/b.com.zone”;
masters { 172.16.1.1; };
};
zone “c.com” IN {
type slave;
file “local/c.com.zone”;
masters { 172.16.1.1; };
};
};
///////////////////////////////////////////////////////////////////////
view “otherward” {
match-clients { !key shanghai;!key chengdu;!key eduward;!key southward;!key local;any; };
server 172.16.1.1 { keys { otherward; }; };
recursion no;
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa”{
type master;
file “named.local”;
};
zone “168.192.in-addr.arpa”{
type slave;
file “192168″;
masters { 172.16.1.1; };
};
zone “a.com” IN {
type slave;
file “a.com.zone”;
masters { 172.16.1.1; };
};
zone “b.com” IN {
type slave;
file “b.com.zone”;
masters { 172.16.1.1; };
};
zone “c.com” IN {
type slave;
file “c.com.zone”;
masters { 172.16.1.1; };
};
};
其他的cfg的内容都是网段,这里把area_key.cfg贴出来!key可以用rndc-confgen来生成。
area_key.cfg:
algorithm hmac-md5;
secret “aaaaaaaaaaaaaaaaaaaaaaa”;
};
key “chengdu” {
algorithm hmac-md5;
secret “bbbbbbbbbbbbbbbbbbbbbbb”;
};
key “eduward” {
algorithm hmac-md5;
secret “ccccccccccccccccccccccc”;
};
key “southward” {
algorithm hmac-md5;
secret “ddddddddddddddddddddddd”;
};
key “local” {
algorithm hmac-md5;
secret “eeeeeeeeeeeeeeeeeeeeeeee”;
};
key “otherward” {
algorithm hmac-md5;
secret “ffffffffffffffffffffffffffffffffffffff”;
};
key “rndckey” {
algorithm hmac-md5;
secret “gggggggggggggggggggggggg”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndckey”; };
};
这篇文章目前没有评论