7.0: BIND DNS: Difference between revisions
No edit summary |
m (7.0: BIND DNS moved to 7.0. BIND DNS) |
(No difference)
|
Revision as of 02:11, 26 January 2007
3.0: Initialization LDAP Database
5.0: Heartbeat HA Configuration
7.0: BIND DNS
We can use BIND – The Berkley Internet Name Domain in a high availability configuration. We can make 2 nodes appear as one, zone files will we stored on a DRBD drive, if node1 fails node2 can take over and automatically start NAMED.
BIND is able to have its /var/named directory relocated to a more appropriate location such as /data/dnszones; this enables us to provide real time replication of the zone files; the standby node2 will have to have its default directory modified to /data/dnszones.
We have 2 servers, and we will refer to the cluster as cluster.differentialdesign.org. It is assumed that these machines are behind a firewall with NAT and port forwarding to the appropriate ports.
When setting up Domain Names through a registrar you would want 2 separate name servers. It is recommended to setup an additional slave DNS server.
An example may be
Name Server:CLUSTER.DIFFERENTIALDESIGN.ORG <- Primary Name Server(s)
Name Server:NS1.DIFFERENTIALDESIGN.ORG
Name Server:NS2.DIFFERENTIALDESIGN.ORG
7.1 Configuration
Step1
We will now create a directory on our DRBD drive /data/dnszones.
[root@node1 ~]# mkdir /data/dnszones
Step2
Change the location of the zone files to our replicated drive
[root@node1 ~]# named ? usage: named [-4|-6] [-c conffile] [-d debuglevel] [-f|-g] [-n number_of_cpus] [-p port] [-s] [-t chrootdir] [-u username] [-m {usage|trace|record}] [-D ] named: extra command line arguments [root@node1 ~]# named -t /data/dnszones/
Step3
Copy the default zone files to our new location and set the permissions.
[root@node1 ~]# rsync -avz /var/named/ /data/dnszones/
[root@node1 ~]# chown –R named.named /data/dnszones/
7.1.1 named.conf
It is important that all machines on the network use cluster.differentialdesign.org or its local IP address address as DNS servers. This way we can assure correct name resolution.
We will now edit the /etc/named.conf
Take note of the below file, you can see highlighted in red our secondary DNS servers, these are the IP addresses of ns1.differentialdesign.org and ns2.differentialdesign.org
The named.conf needs to be the same on both node1 and node2; you could manually copy the file over using SCP, or link it to the /data/dnszones directory using a symbolic link.
[root@node1 ~]# vi /etc/named.conf
// // named.conf for Red Hat caching-nameserver // options { directory "/data/dnszones"; dump-file "/data/dnszones/data/cache_dump.db"; statistics-file "/data/dnszones/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; allow-transfer { 127.0.0.1; // localhost 202.161.90.250; // secondary DNS server for my zone 202.161.90.251; // secondary DNS server for my zone }; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; zone "differentialdesign.org" { type master; file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts"; allow-update { none; }; };
7.1.2 zone file
In our named.conf file we have the following zone defined;
zone "differentialdesign.org" { type master; file "/data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts"; allow-update { none; };
We can see the zone file located in /data/dnszones/
Step1.
Create a sub folder where we will store our zone files.
[root@node1 ~]# mkdir /data/dnszones/differentialdesign.org/
Step2.
Create a new file called named.differentialdesign.org.hosts.
[root@node1 ~]# vi /data/dnszones/differentialdesign.org/named.differentialdesign.org.hosts
You will see below that nodes.differentialdesign.org. IN 192.168.0.4 is an “A record” which points us to the virtual IP address of the cluster. When setting up mapped drives it is best to use the name instead of IP address.
$TTL 8h differentialdesign.org. IN SOA cluster.differentialdesign.org. asender.mail.samba.org. ( 2006211201 10800 3600 3600000 86400 ) differentialdesign.org. IN NS cluster.differentialdesign.org. differentialdesign.org. IN NS ns1.differentialdesign.org. differentialdesign.org. IN NS ns2.differentialdesign.org. differentialdesign.org. IN MX 50 mail.differentialdesign.org. mail.differentialdesign.org. IN A 202.161.90.245 www.differentialdesign.org. IN A 202.161.90.245 cluster.differentialdesign.org. IN A 202.161.90.241 node1.differentialdesign.org. IN A 192.168.0.2 node2.differentialdesign.org. IN A 192.168.0.3 nodes.differentialdesign.org. IN A 192.168.0.4