DNS Follow-up (DNS cluster, "Peanut shell", "Remote IP password Change DNS")

DNS Cluster ( multiple servers synchronize one primary DNS information, easing the pressure on the primary DNS )

Configure the secondary DNF server (so that it can synchronize primary DNS, sharing the pressure of the primary DNS :)
Modifying a configuration file/etc/named.rfc1912.zone
Zone "Dd.com" in {
type slave;
Masters {172.25.254.131;}; Sync Who's DNS information
File "slaves/dd.com.zone"; Synchronize the primary DNS information to the/var/named/slaves directory
allow-update {none;};
}

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8A/CA/wKioL1g8Q8qCqQuHAAE0GWzNR-w274.png-wh_500x0-wm_3 -wmp_4-s_4252872765.png "style=" Float:none; "title=" 1.png "alt=" Wkiol1g8q8qcqquhaae0gwznr-w274.png-wh_50 "/>

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/8A/CE/wKiom1g8Q83h6WSvAABUgl7-bwI286.png-wh_500x0-wm_3 -wmp_4-s_3868026994.png "style=" Float:none; "title=" 2.png "alt=" Wkiom1g8q83h6wsvaabugl7-bwi286.png-wh_50 "/>

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8A/CE/wKiom1g8Q-GzP_JXAAGxO0QkwrU964.png-wh_500x0-wm_3 -wmp_4-s_2400274747.png "style=" Float:none; "title=" 3.png "alt=" Wkiom1g8q-gzp_jxaagxo0qkwru964.png-wh_50 "/>

inside the primary DNS server Modify the configuration file/etc/named.rfc1912.zone

Zone "dd.com" in {
   type master;
   file "Dd.com.zone";
   allow-update {none;};
   allow-transfer {172.25.254.231;};//Let who synchronize their own DNS information
}
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/CA/wKioL1g8RAKzDWYgAAFTyscAfKE063.png-wh _500x0-wm_3-wmp_4-s_1444115638.png "title=" 4.png "alt=" wkiol1g8rakzdwygaaftyscafke063.png-wh_50 "/>

Automatic synchronization of primary DNS server modified information
Zone "dd.com" in {
   type master;
   file "Dd.com.zone";
   allow-update {none;};
   allow-transfer {172.25.254.231;};//Let who synchronize their own DNS information
   also-notify {172.25.254.231;}; Notify who "I" changed the value
}

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/8A/CE/wKiom1g8RCOAQ9cnAAFdn2b2BwM386.png-wh_500x0-wm_3 -wmp_4-s_2190352168.png "title=" 5.png "alt=" Wkiom1g8rcoaq9cnaafdn2b2bwm386.png-wh_50 "/>

Modify the serial value (two files only changes will be made if they are found to be different, but the full-text search is a waste of time, so we change the serial value one time in the primary DNS so we only need to compare the serial values in the two files to know if the primary DNS has changed)

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8A/CA/wKioL1g8RGPjka4TAACqHoc4ZTQ802.png-wh_500x0-wm_3 -wmp_4-s_590546843.png "style=" Float:none; "title=" 6.png "alt=" Wkiol1g8rgpjka4taacqhoc4ztq802.png-wh_50 "/>

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8A/CE/wKiom1g8RHPS2bO1AAG264I6Fws371.png-wh_500x0-wm_3 -wmp_4-s_4079769316.png "style=" Float:none; "title=" 7.png "alt=" Wkiom1g8rhps2bo1aag264i6fws371.png-wh_50 "/>

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/8A/CE/wKiom1g8RHShs0XYAAC699DD5yc957.png-wh_500x0-wm_3 -wmp_4-s_1843084315.png "style=" Float:none; "title=" 8.png "alt=" Wkiom1g8rhshs0xyaac699dd5yc957.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/CA/wKioL1g8RHiDZflhAAGyQSsH5bM113.png-wh_500x0-wm_3 -wmp_4-s_2267947668.png "style=" Float:none; "title=" 9.png "alt=" Wkiol1g8rhidzflhaagyqssh5bm113.png-wh_50 "/>

Remote change primary DNS

master DNS (modify/var/ Named permissions chmod 770/var/named  off selinux)

650) this.width=650; "Src=" http://s3.51cto.com/wyfs02/M02/8A/CA/ Wkiol1g8rjvrhnoiaab3suxxpew348.png-wh_500x0-wm_3-wmp_4-s_2960096082.png "title=" 10.png "alt=" Wkiol1g8rjvrhnoiaab3suxxpew348.png-wh_50 "/>
Zone" dd.com "in {
    Type master;
   file "Dd.com.zone";
   allow-update {172.25.254.231;};// who is allowed to change my DNS information
650) this.width=650; "Src=" http://s4.51cto.com/wyfs02/M00/ 8a/ce/wkiom1g8rkbyrwfgaaeycgs4dig872.png-wh_500x0-wm_3-wmp_4-s_295611308.png "title=" 11.png "alt=" Wkiom1g8rkbyrwfgaaeycgs4dig872.png-wh_50 "/>
secondary DNS
(86400s represents caching only one day a:a record file )
Nsupdate
>server 172.25.254.131
>update Delete www.dd.com
>send

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/8A/CA/wKioL1g8RLqza65mAABjIMSYaE4823.png-wh_500x0-wm_3 -wmp_4-s_2930679251.png "style=" Float:none; "title=" 12.png "alt=" Wkiol1g8rlqza65maabjimsyae4823.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/CE/wKiom1g8RLzz-O93AAHuOy1xFmY837.png-wh_500x0-wm_3 -wmp_4-s_1547592374.png "style=" Float:none; "title=" 13.png "alt=" Wkiom1g8rlzz-o93aahuoy1xfmy837.png-wh_50 "/>

Nsupdate
>server 172.25.254.131
>update add www.dd.com86400 A 172.25.254.199
>send

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8A/CA/wKioL1g8RNKiOPrLAACghcOw1fI685.png-wh_500x0-wm_3 -wmp_4-s_4019548779.png "style=" Float:none; "title=" 14.png "alt=" Wkiol1g8rnkioprlaacghcow1fi685.png-wh_50 "/>

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/CE/wKiom1g8RNSRSfukAAG3DIwzYf4657.png-wh_500x0-wm_3 -wmp_4-s_3902541527.png "style=" Float:none; "title=" 15.png "alt=" Wkiom1g8rnsrsfukaag3diwzyf4657.png-wh_50 "/>

recovery: Because after restarting the service , the update file/VAR/NAMED/DD/COM.ZONE.JNL will import the original/var/named/dd.com.zone, so make a backup of the original/var/named/dd.com.zone before making the change (cp-p/var/ NAMED/DD.COM.ZONE/MNT)
Rm-f/var/named/dd/com.zone
rm-f/var/named/dd/com.zone.jnl
Back up the backup file (cp-p)
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/CA/wKioL1g8ROyyrzNmAAIO8_HFEFM723.png-wh_ 500x0-wm_3-wmp_4-s_174160618.png "title=" 16.png "alt=" wkiol1g8royyrznmaaio8_hfefm723.png-wh_50 "/>
encryption only hosts with a key are allowed to change my DNS )

Why use HMAC-MD5 encryption: View/etc/ Rndc.key See what is the default encryption method of the system, with the same can be

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/CA/wKioL1g8RSfgHyAfAAB-FwbETqM866.png-wh_500x0-wm_3 -wmp_4-s_786457602.png "style=" Float:none; "title=" 17.png "alt=" Wkiol1g8rsfghyafaab-fwbetqm866.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/8A/CE/wKiom1g8RTCgUMAMAAE8mwUZZc0426.png-wh_500x0-wm_3 -wmp_4-s_4121179122.png "style=" Float:none; "title=" 18.png "alt=" Wkiom1g8rtcgumamaae8mwuzzc0426.png-wh_50 "/>

Cp-p/etc/rndc.key/etc/westos.key (Copy encryption template modify encrypted file hmac-md5: Symmetric encryption: Public key, same as private key )
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/8A/CE/wKiom1g8RY7xaeblAABwOfNMkbI621.png-wh_500x0-wm_3 -wmp_4-s_3221258310.png "title=" 19.png "alt=" Wkiom1g8ry7xaeblaabwofnmkbi621.png-wh_50 "/>
Vim/etc/named.conf
Include "/etc/westos.key"
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8A/CE/wKiom1g8Rf_Tnh-kAAGAAq4qw54426.png-wh_500x0-wm_3 -wmp_4-s_777075551.png "title=" 20.png "alt=" Wkiom1g8rf_tnh-kaagaaq4qw54426.png-wh_50 "/>
Vim/etc/named.rfc1912.zone
Zone "Dd.com" in {
Type master;
File "Dd.com.zone";
allow-update {Westos key;}; // who is allowed to change my DNS information
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8A/CA/wKioL1g8RhqwXJeNAAFjbFu0sLo710.png-wh_500x0-wm_3 -wmp_4-s_1512867462.png "title=" 21.png "alt=" Wkiol1g8rhqwxjenaafjbfu0slo710.png-wh_50 "/>
to the secondary DNS key
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8A/CE/wKiom1g8RjCR-SNVAAFbgi3XR0A659.png-wh_500x0-wm_3 -wmp_4-s_2198408993.png "title=" 22.png "alt=" Wkiom1g8rjcr-snvaafbgi3xr0a659.png-wh_50 "/>

Test:
Nsupdate-k kwestos.+157+51429.private

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/8A/CA/wKioL1g8RluS7HUwAACKRNvIug8606.png-wh_500x0-wm_3 -wmp_4-s_1599330183.png "style=" Float:none; "title=" 23.png "alt=" Wkiol1g8rlus7huwaackrnviug8606.png-wh_50 "/>

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/CE/wKiom1g8RmTyKMdrAAGlOunzj10466.png-wh_500x0-wm_3 -wmp_4-s_1277928494.png "style=" Float:none; "title=" 24.png "alt=" Wkiom1g8rmtykmdraaglounzj10466.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/CE/wKiom1g8RmWDTxNyAADHVZWM8lw391.png-wh_500x0-wm_3 -wmp_4-s_1678071267.png "style=" Float:none; "title=" 25.png "alt=" Wkiom1g8rmwdtxnyaadhvzwm8lw391.png-wh_50 "/>

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/8A/CA/wKioL1g8RmeiCJdpAAF6ThcEf5E507.png-wh_500x0-wm_3 -wmp_4-s_3795168805.png "style=" Float:none; "title=" 26.png "alt=" Wkiol1g8rmeicjdpaaf6thcef5e507.png-wh_50 "/>

DNS The dynamic binding

Configure the DHCP server ( clients will synchronize the new IP every time the Ip,dns server is changed)

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/8A/CE/wKiom1g8RqfRI9y3AAG_PvgXGEU283.png-wh_500x0-wm_3 -wmp_4-s_3950690448.png "style=" Float:none; "title=" 27.png "alt=" Wkiom1g8rqfri9y3aag_pvgxgeu283.png-wh_50 "/>

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/8A/CA/wKioL1g8RqmS2BVjAAExw3uexKI780.png-wh_500x0-wm_3 -wmp_4-s_2937116077.png "style=" Float:none; "title=" 28.png "alt=" Wkiol1g8rqms2bvjaaexw3uexki780.png-wh_50 "/>

Ddns-update-style Interim
primary 127.0.0.1 ( this should be the IP of the server where the DNS resides but the loopback interface with this machine is fast)

Test: Change the DHCP server dynamic IP range
Ifconfig

Dig lucky.dd.com (native dynamically acquired IP is sometimes different, testing to see if DNS server is updated)
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8A/CE/wKiom1g8Rs7CYqCKAAG1j9luti4318.png-wh_500x0-wm_3 -wmp_4-s_699301584.png "title=" 29.png "alt=" Wkiom1g8rs7cyqckaag1j9luti4318.png-wh_50 "/>
Changing the dynamic IP range

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8A/CA/wKioL1g8RwGzLHMpAAKAuB8lEgI531.png-wh_500x0-wm_3 -wmp_4-s_2383546287.png "title=" 30.png "alt=" wkiol1g8rwgzlhmpaakaub8legi531.png-wh_50 "/>650) this.width=650;" Src= "http://s2.51cto.com/wyfs02/M02/8A/CE/wKiom1g8Ry2Dh2qSAAHDRjqcL_s640.png-wh_500x0-wm_3-wmp_4-s_3392571095. PNG "title=" 31.png "alt=" Wkiom1g8ry2dh2qsaahdrjqcl_s640.png-wh_50 "/>

DNS Follow-up (DNS cluster, "Peanut shell", "Remote IP password Change DNS")