bind主从

本教程提供Kubernetes(K8s)多种部署方式的教学视频链接,涵盖minikube、kubeadm等工具,并深入讲解K8s资源如Pod、Service、Deployment等配置与使用。同时,分享了双机环境下DNS服务器的详细配置步骤。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

发布一个k8s部署视频:https://edu.youkuaiyun.com/course/detail/26967

课程内容:各种k8s部署方式。包括minikube部署,kubeadm部署,kubeasz部署,rancher部署,k3s部署。包括开发测试环境部署k8s,和生产环境部署k8s。

腾讯课堂连接地址https://ke.qq.com/course/478827?taid=4373109931462251&tuin=ba64518

第二个视频发布  https://edu.youkuaiyun.com/course/detail/27109

腾讯课堂连接地址https://ke.qq.com/course/484107?tuin=ba64518

介绍主要的k8s资源的使用配置和命令。包括configmap,pod,service,replicaset,namespace,deployment,daemonset,ingress,pv,pvc,sc,role,rolebinding,clusterrole,clusterrolebinding,secret,serviceaccount,statefulset,job,cronjob,podDisruptionbudget,podSecurityPolicy,networkPolicy,resourceQuota,limitrange,endpoint,event,conponentstatus,node,apiservice,controllerRevision等。

第三个视频发布:https://edu.youkuaiyun.com/course/detail/27574

详细介绍helm命令,学习helm chart语法,编写helm chart。深入分析各项目源码,学习编写helm插件
————————————————

两台机子:

192.168.198.145  主服务器

192.168.198.146 从服务器

主服务器配置:

[root@node1 named]# cat /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 {any;};
        //listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@node1 named]# cat /etc/named.rfc1912.zones 
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

zone "magedu.com" IN{
        type master;
        file "magedu.com.zone";
};
[root@node1 named]# cat /var/named/magedu.com.zone 
$TTL 3600
$ORIGIN magedu.com.
@       IN      SOA     ns1.magedu.com. dnsadmin.magedu.com. (
                2017010801
                1H
                10M
                3D
                1D )
        IN      NS      ns1
        IN      NS      ns2
        IN      MX  10  mx1
ns1     IN      A       192.168.198.145
ns2     IN      A       192.168.198.146
www     IN      A       192.168.198.145
web     IN      CNAME   www
mx1     IN      A       192.168.198.145

从服务器配置:


[root@node2 ~]# cat /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { any; };
        //listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@node2 ~]# cat /etc/named.rfc1912.zones 
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

zone "magedu.com" IN {
        type slave;
        file "slaves/magedu.com.zone";
        masters {192.168.198.145;};
};

测试

[root@node2 ~]# dig -t A www.magedu.com @192.168.198.146

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.magedu.com @192.168.198.146
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28719
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com.                        IN      A

;; ANSWER SECTION:
www.magedu.com.         3600    IN      A       192.168.198.145

;; AUTHORITY SECTION:
magedu.com.             3600    IN      NS      ns1.magedu.com.
magedu.com.             3600    IN      NS      ns2.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         3600    IN      A       192.168.198.145
ns2.magedu.com.         3600    IN      A       192.168.198.146

;; Query time: 1 msec
;; SERVER: 192.168.198.146#53(192.168.198.146)
;; WHEN: Wed Jul 18 15:13:52 CST 2018
;; MSG SIZE  rcvd: 127

 

在 CentOS 系统上,我们可以使用 BIND9 实现 DNS 服务器的主从配置。主服务器将承担管理 DNS 区域的主要任务,从服务器将从主服务器获取 DNS 区域的副本。这样可以提高 DNS 服务器的可靠性和可用性。 下面是在 CentOS 系统上实现 BIND9 主从配置的骤: 1. 安装 BIND9 软件包 在主服务器和从服务器上都需要安装 BIND9 软件包。可以使用以下命令在 CentOS 系统上安装 BIND9: ``` sudo yum install bind bind-utils ``` 2. 配置主服务器 在主服务器上,需要配置 BIND9 以管理 DNS 区域。可以编辑 /etc/named.conf 文件并添加以下内容: ``` zone "example.com" IN { type master; file "example.com.zone"; allow-transfer { 192.168.1.2; }; // 允许从服务器的 IP 地址 }; ``` 这里的 "example.com" 是你要管理的 DNS 区域。你可以将其替换为自己的域名。"example.com.zone" 是 DNS 区域的文件名,你可以将其替换为你自己的文件名。 然后,你需要创建一个 DNS 区域文件(例如 /var/named/example.com.zone),并添加相应的 DNS 记录。例如: ``` $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2019010101 ; serial 3600 ; refresh 1800 ; retry 604800 ; expire 86400 ; minimum ) @ IN NS ns1.example.com. @ IN NS ns2.example.com. ns1 IN A 192.168.1.1 ns2 IN A 192.168.1.2 www IN A 192.168.1.3 ``` 这里的 "ns1.example.com" 和 "ns2.example.com" 是主服务器和从服务器的域名。你需要将其替换为你自己的域名。"192.168.1.1" 和 "192.168.1.2" 是主服务器和从服务器的 IP 地址。你需要将其替换为实际的 IP 地址。 3. 配置从服务器 在从服务器上,需要配置 BIND9 以从主服务器获取 DNS 区域的副本。可以编辑 /etc/named.conf 文件并添加以下内容: ``` zone "example.com" IN { type slave; file "example.com.zone"; masters { 192.168.1.1; }; // 主服务器的 IP 地址 }; ``` 这里的 "example.com" 是你要获取的 DNS 区域。你可以将其替换为自己的域名。"example.com.zone" 是 DNS 区域的文件名,你可以将其替换为你自己的文件名。 然后,你需要启动 BIND9 服务并测试配置是否正确。你可以使用以下命令启动 BIND9 服务并检查日志: ``` sudo systemctl start named sudo systemctl status named sudo tail -f /var/log/messages ``` 如果配置正确,则你应该能够在从服务器上看到从主服务器获取 DNS 区域的副本。 总之,以上是在 CentOS 系统上实现 BIND9 主从配置的骤。需要注意的是,在配置 BIND9 主从时,需要确保主服务器和从服务器之间可以相互通信,并且需要在防火墙中打开相应的端口。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

hxpjava1

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值