예제] Linux Master/Slave View설정
안녕하세요.
제가 만든 서버 무료점검사이트인 www.serverchk.com 사이트를 다른IDC에 서버이중화 해놓았습니다.
(퇴근하고만 시간이 되서, 어제 퇴근하고 새벽 3시까지 작업했네요 ㅎㅎ)
기능이 좋아서라기보다는 다른사이트에서 홍보를 많이 해주셔서, 하루에 1000명이상 접속을 하네요 ^^
(단지, 웹서버가 2대로 분리했더니 카운터 1000에서 500,500으로 표시되네요 ㅎㅎ)
어제 네임서버와 웹서버이중화 했습니다. 참고로 네임서버 설정은 올립니다.
1. ns1설정
[root@localhost ~]# cd /etc
[root@localhost etc]# more named.conf
acl "localarea" {
211.35.64.72;
};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
pid-file "/var/run/named.pid";
version " No touch !!! No !!";
allow-transfer { 211.35.64.72; };
};
logging {
channel debug_log {
file "/var/log/named/debug.log" versions 3 size 10m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel audit_log {
file "/var/log/named/audit.log" versions 3 size 10m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "/var/log/named/query.log" versions 3 size 10m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { debug_log; };
category general { debug_log; };
category security { audit_log; debug_log; };
category config { debug_log; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { query_log; };
category lame-servers { audit_log; };
};
//
// a caching only nameserver config
//
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "s60KMc/Rb6gRrN+wQppvZA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
view "local" {
match-clients { localarea; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "serverchk.com" IN {
type master;
file "serverchk.com.zone";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
};
view "external" {
match-clients { any; };
recursion yes;
zone "serverchk.com" IN {
type master;
file "serverchk.com.zone";
allow-update { none; };
};
zone "yahooms.com" IN {
type master;
file "yahooms.com.zone";
allow-update { none; };
};
zone "yahooms.co.kr" IN {
type master;
file "yahooms.co.kr.zone";
allow-update { none; };
};
zone "msyahoo.co.kr" IN {
type master;
file "msyahoo.co.kr.zone";
allow-update { none; };
};
zone "foxylady.co.kr" IN {
type master;
file "foxylady.co.kr.zone";
allow-update { none; };
};
zone "yejin.pe.kr" IN {
type master;
file "yejin.pe.kr.zone";
allow-update { none; };
};
include "/etc/synchole.conf";
};
[root@localhost etc]#
[root@localhost etc]# cd /var/named/
[root@localhost named]# more serverchk.com.zone
$TTL 10
@ IN SOA ns1.serverchk.com. root (
2007072007 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.serverchk.com.
IN NS ns2.serverchk.com.
IN MX 0 mail.serverchk.com.
IN A 210.116.123.25
IN A 211.35.64.72
ns1.serverchk.com. IN A 210.116.123.25
ns2.serverchk.com. IN A 211.35.64.72
mail IN A 210.116.123.25
www IN A 210.116.123.25
IN A 211.35.64.72
serverchk.com. IN TXT "v=spf1 ip4:210.116.123.25 ~all"
[root@localhost named]#
2. ns2설정 - Slave이니 Zone File은 Master에서 가져온갑니다.
[root@proxy01 root]# cd /etc
[root@proxy01 etc]# more named.conf
acl "localarea" {
127.0.0.1;
210.116.123.25;
211.35.64.72;
};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
pid-file "/var/run/named.pid";
version " No touch !!! No !!";
allow-transfer { 211.35.64.72; };
};
logging {
channel debug_log {
file "/var/log/named/debug.log" versions 3 size 10m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel audit_log {
file "/var/log/named/audit.log" versions 3 size 10m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "/var/log/named/query.log" versions 3 size 10m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { debug_log; };
category general { debug_log; };
category security { audit_log; debug_log; };
category config { debug_log; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { query_log; };
category lame-servers { audit_log; };
};
//
// a caching only nameserver config
//
view "local" {
match-clients { localarea; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "serverchk.com" IN {
type slave;
file "serverchk.com.zone";
masters { 210.116.123.25; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" I
N {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
};
view "external" {
match-clients { any; };
recursion yes;
zone "serverchk.com" IN {
type slave;
file "serverchk.com.zone";
masters { 210.116.123.25; };
};
zone "yahooms.com" IN {
type slave;
file "yahooms.com.zone";
masters { 210.116.123.25; };
};
zone "yahooms.co.kr" IN {
type slave;
file "yahooms.co.kr.zone";
masters { 210.116.123.25; };
allow-update { none; };
};
zone "msyahoo.co.kr" IN {
type slave;
file "msyahoo.co.kr.zone";
masters { 210.116.123.25; };
allow-update { none; };
};
zone "foxylady.co.kr" IN {
type slave;
file "foxylady.co.kr.zone";
masters { 210.116.123.25; };
allow-update { none; };
};
zone "yejin.pe.kr" IN {
type slave;
file "yejin.pe.kr.zone";
masters { 210.116.123.25; };
allow-update { none; };
};
//include "/etc/synchole.conf";
};
[root@proxy01 etc]#
[root@proxy01 etc]# cd /var/named/
[root@proxy01 named]# more serverchk.com.zone
$ORIGIN .
$TTL 10 ; 10 seconds
serverchk.com IN SOA ns1.serverchk.com. root.serverchk.com. (
2007072007 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.serverchk.com.
NS ns2.serverchk.com.
A 210.116.123.25
A 211.35.64.72
MX 0 mail.serverchk.com.
TXT "v=spf1 ip4:210.116.123.25 ~all"
$ORIGIN serverchk.com.
mail A 210.116.123.25
ns1 A 210.116.123.25
ns2 A 211.35.64.72
www A 210.116.123.25
A 211.35.64.72
[root@proxy01 named]#
3. 확인
[root@proxy01 root]# dig @127.0.0.1 www.serverchk.com
; <<>> DiG 9.3.2 <<>> @127.0.0.1 www.serverchk.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63702
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.serverchk.com. IN A
;; ANSWER SECTION:
www.serverchk.com. 10 IN A 210.116.123.25
www.serverchk.com. 10 IN A 211.35.64.72
;; AUTHORITY SECTION:
serverchk.com. 10 IN NS ns2.serverchk.com.
serverchk.com. 10 IN NS ns1.serverchk.com.
;; ADDITIONAL SECTION:
ns1.serverchk.com. 10 IN A 210.116.123.25
ns2.serverchk.com. 10 IN A 211.35.64.72
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Dec 15 09:50:03 2007
;; MSG SIZE rcvd: 135
- 이상 끝 -