Pre zjednodušenie správy a hlavne pre HA storage je potrebné mat nejaké DNS alebo vyplnené host tabulky. Keďze sa jedná z časti o Proof Of Concept som sa rozhodol pre štandardný Bind9. Primárnym name serverom bude NFS01 a sekundárnym NFS02.
Systém ma 2 subdomény
- .storage.mavipet.sk – Doména Storage serverov
- .internal.mavipet.sk – Doména interných serverov
Inštalácia:
apt-get install bind9
Konfigurácia:
NFS01:
root@nfs1:/mnt/test# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//forwarders {
// 0.0.0.0;
//};
auth-nxdomain no; # conform to RFC1035
// oznamime info kamaradovy
also-notify { 172.16.1.12; };
listen-on-v6 { any; };
// cyklicke odpovede pre RoudRobin/HA
rrset-order { order random;};
};
root@nfs1:/mnt/test# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
// include "/etc/bind/zones.rfc1918";
zone "storage.mavipet.sk" IN {
type master;
file "/etc/bind/db.storage.mavipet.sk";
allow-update { none; };
};
zone "internal.mavipet.sk" IN {
type master;
file "/etc/bind/db.internal.mavipet.sk";
allow-update { none; };
};
root@nfs1:/mnt/test# cat /etc/bind/db.storage.mavipet.sk
$TTL 86400
@ IN SOA dns.internal.mavipet.sk. root.dns.internal.mavipet.sk (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS dns.internal.mavipet.sk.
@ IN NS dns-s.internal.mavipet.sk.
;
kvm01 IN A 172.16.0.1
kvm02 IN A 172.16.0.2
kvm03 IN A 172.16.0.3
kvm04 IN A 172.16.0.4
nfs01 IN A 172.16.0.11
nfs02 IN A 172.16.0.12
;
gls1 IN A 172.16.0.11
IN A 172.16.0.12
gls2 IN A 172.16.0.1
IN A 172.16.0.2
IN A 172.16.0.3
IN A 172.16.0.4
root@nfs1:/mnt/test# cat /etc/bind/db.internal.mavipet.sk
$TTL 86400
@ IN SOA dns.internal.mavipet.sk. root.dns.internal.mavipet.sk (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS nfs01
@ IN NS nfs02
;
kvm01 IN A 172.16.1.1
kvm02 IN A 172.16.1.2
kvm03 IN A 172.16.1.3
kvm04 IN A 172.16.1.4
nfs01 IN A 172.16.1.11
nfs02 IN A 172.16.1.12
dns IN CNAME nfs01
dns-s IN CNAME nfs02
NFS02:
root@nfs2:~# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
// include "/etc/bind/zones.rfc1918";
zone "storage.mavipet.sk" IN {
type slave;
file "/etc/bind/slaves/db.storage.mavipet.sk";
masters {
172.16.1.11;
};
allow-transfer { any; };
allow-update { none; };
};
zone "sync.mavipet.sk" IN {
type slave;
file "/etc/bind/slaves/db.sync.mavipet.sk";
masters {
172.16.1.11;
};
allow-transfer { any; };
allow-update { none;};
};
zone "internal.mavipet.sk" IN {
type slave;
file "/etc/bind/slaves/db.internal.mavipet.sk";
masters {
172.16.2.11;
};
allow-transfer { any; };
allow-update { none; };
};
Poznámky:
- na nfs2 treba vytvoriť adresár /etc/bind/slaves vlastnený bind užívatelom a aj skupinou.
- Round robin netreba konfigurovať je to defaultné správanie BIND9
- Ja mám ešte nakonfigurované reverzné záznamy
