예제] Linux Master/Slave View설정

Posted 2008. 10. 24. 04:44


출처 카페 > DNS전문가 | 호야
원문 http://cafe.naver.com/dnspro/3659

 

 

안녕하세요. 

제가 만든 서버 무료점검사이트인 www.serverchk.com 사이트를 다른IDC에 서버이중화 해놓았습니다.

(퇴근하고만 시간이 되서, 어제 퇴근하고 새벽 3시까지 작업했네요 ㅎㅎ)

 

기능이 좋아서라기보다는 다른사이트에서 홍보를 많이 해주셔서, 하루에 1000명이상 접속을 하네요 ^^

(단지, 웹서버가 2대로 분리했더니 카운터 1000에서 500,500으로 표시되네요 ㅎㅎ)

어제 네임서버와 웹서버이중화 했습니다.  참고로 네임서버 설정은 올립니다.

 

1. ns1설정

 

[root@localhost ~]# cd /etc
[root@localhost etc]# more named.conf
acl "localarea" {
        211.35.64.72;
};


options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        pid-file "/var/run/named.pid";
        version " No touch !!! No !!";

         allow-transfer { 211.35.64.72; };
};

logging {
        channel debug_log {
                file "/var/log/named/debug.log" versions 3 size 10m;
                severity        debug;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };
       
        channel audit_log {
                file "/var/log/named/audit.log" versions 3 size 10m;
                severity        debug;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };

        channel query_log {
                file "/var/log/named/query.log" versions 3 size 10m;
                severity        debug;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };


        category default { debug_log; };
        category general { debug_log; };
        category security { audit_log; debug_log; };
        category config { debug_log; };
        category resolver { audit_log; };
        category xfer-in { audit_log; };
        category xfer-out { audit_log; };
        category notify { audit_log; };
        category client { audit_log; };
        category network { audit_log; };
        category update { audit_log; };
        category queries { query_log; };
        category lame-servers { audit_log; };
};

//
// a caching only nameserver config
//

# Use with the following in named.conf, adjusting the allow list as needed:
 key "rndc-key" {
       algorithm hmac-md5;
       secret "s60KMc/Rb6gRrN+wQppvZA==";
 };
 
 controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndc-key"; };
 };
# End of named.conf


view "local" {
       match-clients           {  localarea; };
        recursion yes;

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "serverchk.com" IN {
        type master;
        file "serverchk.com.zone";
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

};

view "external" {
       match-clients           { any; };
        recursion yes;

zone "serverchk.com" IN {
        type master;
        file "serverchk.com.zone";
        allow-update { none; };
};


zone "yahooms.com" IN {
        type master;
        file "yahooms.com.zone";
        allow-update { none; };
};

zone "yahooms.co.kr" IN {
        type master;
        file "yahooms.co.kr.zone";
        allow-update { none; };
};

zone "msyahoo.co.kr" IN {
        type master;
        file "msyahoo.co.kr.zone";
        allow-update { none; };
};

zone "foxylady.co.kr" IN {
        type master;
        file "foxylady.co.kr.zone";
        allow-update { none; };
};

zone "yejin.pe.kr" IN {
        type master;
        file "yejin.pe.kr.zone";
        allow-update { none; };
};


include "/etc/synchole.conf";
};

[root@localhost etc]#         
[root@localhost etc]# cd /var/named/
[root@localhost named]# more serverchk.com.zone
$TTL    10
@               IN SOA  ns1.serverchk.com. root (
                                        2007072007      ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           ns1.serverchk.com.
                IN NS           ns2.serverchk.com.
                IN MX   0       mail.serverchk.com.

                        IN A            210.116.123.25
                        IN A            211.35.64.72
ns1.serverchk.com.      IN A            210.116.123.25
ns2.serverchk.com.      IN A            211.35.64.72

mail                    IN A            210.116.123.25
www                     IN A            210.116.123.25
                        IN A            211.35.64.72
serverchk.com.          IN      TXT     "v=spf1 ip4:210.116.123.25 ~all"
[root@localhost named]#

 

 

2. ns2설정 - Slave이니 Zone File은 Master에서 가져온갑니다.

 

[root@proxy01 root]# cd /etc
[root@proxy01 etc]# more named.conf
acl "localarea" {
        127.0.0.1;
        210.116.123.25;
        211.35.64.72;
};


options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        pid-file "/var/run/named.pid";
        version " No touch !!! No !!";
         allow-transfer {  211.35.64.72; };
};

logging {
        channel debug_log {
                file "/var/log/named/debug.log" versions 3 size 10m;
                severity        debug;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };
       
        channel audit_log {
                file "/var/log/named/audit.log" versions 3 size 10m;
                severity        debug;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };

        channel query_log {
                file "/var/log/named/query.log" versions 3 size 10m;
                severity        debug;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };


        category default { debug_log; };
        category general { debug_log; };
        category security { audit_log; debug_log; };
        category config { debug_log; };
        category resolver { audit_log; };
        category xfer-in { audit_log; };
        category xfer-out { audit_log; };
        category notify { audit_log; };
        category client { audit_log; };
        category network { audit_log; };
        category update { audit_log; };
        category queries { query_log; };
        category lame-servers { audit_log; };
};

//
// a caching only nameserver config
//


view "local" {
       match-clients           {  localarea; };
        recursion yes;

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "serverchk.com" IN {
        type slave;
        file "serverchk.com.zone";
        masters { 210.116.123.25; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" I
N {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

};

view "external" {
       match-clients           { any; };
        recursion yes;

zone "serverchk.com" IN {
        type slave;
        file "serverchk.com.zone";
        masters { 210.116.123.25; };
};


zone "yahooms.com" IN {
        type slave;
        file "yahooms.com.zone";
        masters { 210.116.123.25; };
};

zone "yahooms.co.kr" IN {
        type slave;
        file "yahooms.co.kr.zone";
        masters { 210.116.123.25; };
        allow-update { none; };
};

zone "msyahoo.co.kr" IN {
        type slave;
        file "msyahoo.co.kr.zone";
        masters { 210.116.123.25; };
        allow-update { none; };
};

zone "foxylady.co.kr" IN {
        type slave;
        file "foxylady.co.kr.zone";
        masters { 210.116.123.25; };
        allow-update { none; };
};

zone "yejin.pe.kr" IN {
        type slave;
        file "yejin.pe.kr.zone";
        masters { 210.116.123.25; };
        allow-update { none; };
};


//include "/etc/synchole.conf";
};
[root@proxy01 etc]#         
[root@proxy01 etc]# cd /var/named/
[root@proxy01 named]# more serverchk.com.zone
$ORIGIN .
$TTL 10 ; 10 seconds
serverchk.com           IN SOA  ns1.serverchk.com. root.serverchk.com. (
                                2007072007 ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      ns1.serverchk.com.
                        NS      ns2.serverchk.com.
                        A       210.116.123.25
                        A       211.35.64.72
                        MX      0 mail.serverchk.com.
                        TXT     "v=spf1 ip4:210.116.123.25 ~all"
$ORIGIN serverchk.com.
mail                    A       210.116.123.25
ns1                     A       210.116.123.25
ns2                     A       211.35.64.72
www                     A       210.116.123.25
                        A       211.35.64.72
[root@proxy01 named]#

 

 

 

 

3. 확인

 

[root@proxy01 root]# dig @127.0.0.1 www.serverchk.com

; <<>> DiG 9.3.2 <<>> @127.0.0.1 www.serverchk.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63702
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.serverchk.com.             IN      A

;; ANSWER SECTION:
www.serverchk.com.      10      IN      A       210.116.123.25
www.serverchk.com.      10      IN      A       211.35.64.72

;; AUTHORITY SECTION:
serverchk.com.          10      IN      NS      ns2.serverchk.com.
serverchk.com.          10      IN      NS      ns1.serverchk.com.

;; ADDITIONAL SECTION:
ns1.serverchk.com.      10      IN      A       210.116.123.25
ns2.serverchk.com.      10      IN      A       211.35.64.72

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Dec 15 09:50:03 2007
;; MSG SIZE  rcvd: 135

 

- 이상 끝 -

'OS 운영체제 및 보안 > Linux' 카테고리의 다른 글

Vi 편집기 사용법  (0) 2008.10.24
crontab 간단 정리  (0) 2008.10.24
Named 최신버전으로 업그레이드  (0) 2008.10.24
DNS 기본 보안 설정  (0) 2008.10.24
Linux 시스템 cpu,메모리 점검  (0) 2008.10.24
Linux에서 JDK 설치  (0) 2008.10.24
RPM 사용법  (0) 2008.10.24
FTP 계정 사용자의 상위 디렉토리로의 이동 제한  (0) 2008.10.24
APM 모음팁  (0) 2008.10.24
하드 디스크 추가하기..  (0) 2008.10.24