# # # #辅助dns # #
# # #dns集群 # # #
(1) Auxiliary DNS
Set slave
Select a machine for secondary DNS
operation on the auxiliary machine
1. Yum Install Bind-y
2.vim/etc/named.conf
Listen-on Port: (any;};
allow-query {any;};
Dnssec-validation No;
3.vim/etc/named.rfc1912.zones
Zone "Westos.com" in {
Type slave;
Masters {172.25.254.109;};
File "Slaves/westos.com.zone";
allow-update {none;};
};
4.vim/etc/resolv.conf
Namesever 172.25.254.209
5.systemctl Restart named
6.systemctl Stop Firewalld
Primary DNS settings
Vim/etc/named.rfc1912.zones
Zone "Westos.com" in {
Type master;
File "Westos.com.zone";
allow-update {none;};
Allow-transfer {172.25.254.209;}; # #允许209同步数据
};
$TTL 1D
@ in SOA dns.westos.com. Root.westos.com. (
0; Serial
1D; Refresh
1H; Retry
1W; Expire
3H); Minimum
NS dns.westos.com.
DNS A 172.25.254.109
www A 172.25.254.140
www A 172.25.254.240
Systemctl Restart named # #重启服务
After doing this, there will be westos.com.zone files in the slaves/of the secondary DNS machine
Can be dig in a secondary DNS machine www.westos.com
[Email protected] slaves]# dig www.westos.com
; <<>> DiG 9.9.4-redhat-9.9.4-14.el7 <<>> www.westos.com
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:29609
;; FLAGS:QR AA Rd RA; Query:1, Answer:2, Authority:1, Additional:2
;; OPT pseudosection:
; edns:version:0, Flags:; udp:4096
;; QUESTION section:
; www.westos.com. In A
;; ANSWER section:
www.westos.com. 86400 in A 172.25.254.240
www.westos.com. 86400 in A 172.25.254.140
;; Authority section:
westos.com. 86400 in NS dns.westos.com.
;; ADDITIONAL section:
dns.westos.com. 86400 in A 172.25.254.109
;; Query time:0 msec
;; server:172.25.254.109#53 (172.25.254.109)
;; when:wed 08:19:21 EST 2016
;; MSG SIZE rcvd:109
(2) Secondary DNS automatically obtains primary DNS data
Primary DNS settings
Vim/etc/named.rfc1912.zones
Zone "Westos.com" in {
Type master;
File "Westos.com.zone";
allow-update {172.25.254.209;};
Allow-transfer {172.25.254.209;};
also-notify {172.25.254.209;}; # #主dns发生变化时, sync to secondary DNS
};
Vim/var/named/westos.com.zone
$TTL 1D
@ in SOA dns.westos.com. Root.westos.com. (
2016112901; Serial
1D; Refresh
1H; Retry
1W; Expire
3H); Minimum
NS dns.westos.com.
DNS A 172.25.254.109
www A 172.25.254.140
www A 172.25.254.152
Systemctl Restart named
(The above action is to change the IP address of the www.westos.com, and to assist the DNS machine to synchronize with it, the general operation must be removed in the auxiliary machine slave/ Westos.com.zone files, and each time such a operation is too cumbersome, and the above operation is to choose to modify the primary DNS machine/var/named/ Serial value in Westos.com.zone file (upper 10 digits) for automatic synchronization of primary DNS in future operations
Testing on the secondary DNS
[Email protected] slaves]# dig www.westos.com
; <<>> DiG 9.9.4-redhat-9.9.4-14.el7 <<>> www.westos.com
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:18144
;; FLAGS:QR AA Rd RA; Query:1, Answer:2, Authority:1, Additional:2
;; OPT pseudosection:
; edns:version:0, Flags:; udp:4096
;; QUESTION section:
; www.westos.com. In A
;; ANSWER section:
www.westos.com. 86400 in A 172.25.254.152
www.westos.com. 86400 in A 172.25.254.140
;; Authority section:
westos.com. 86400 in NS dns.westos.com.
;; ADDITIONAL section:
dns.westos.com. 86400 in A 172.25.254.109
;; Query time:0 msec
;; server:172.25.254.109#53 (172.25.254.109)
;; when:wed 09:29:09 EST 2016
;; MSG SIZE rcvd:109
(3) A record modification to DNS by remote host
Primary DNS settings
Cp-p/var/named/westos.com.zone/mnt # #备份到/mnt for easy recovery
Vim/etc/named.rfc1912.zones
Zone "Westos.com" in {
Type master;
File "Westos.com.zone";
allow-update {172.25.254.209;}; # #允许209 Update
Allow-transfer {172.25.254.209;};
also-notify {172.25.254.209;};
};
chmod 770/var/named/# #对/var/named Group Execute permissions
Systemctl Restart named # #重启服务
Secondary DNS settings
[1] Delete www.westos.com
[Email protected] slaves]# nsupdate
> Server 172.25.254.109
> Update Delete www.westos.com
> Send
> Quit
Test results
[Email protected] slaves]# dig www.westos.com
; <<>> DiG 9.9.4-redhat-9.9.4-14.el7 <<>> www.westos.com
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:nxdomain, id:32405
;; FLAGS:QR AA Rd RA; Query:1, answer:0, Authority:1, additional:1
;; OPT pseudosection:
; edns:version:0, Flags:; udp:4096
;; QUESTION section:
; www.westos.com. In A
;; Authority section:
westos.com. 10800 in SOA dns.westos.com. root.westos.com. 2016112902 86400 3600 604800 10800
;; Query Time:1 msec
;; server:172.25.254.109#53 (172.25.254.109)
;; when:wed 10:17:23 EST 2016
;; MSG SIZE rcvd:88
[2] Adding www.westos.com
[Email protected] slaves]# nsupdate
> Server 172.25.254.109
> Update add www.westos.com 86400 A 172.25.254.160
> Send
> Quit
Test results
[Email protected] slaves]# dig www.westos.com
; <<>> DiG 9.9.4-redhat-9.9.4-14.el7 <<>> www.westos.com
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:38963
;; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:1, Additional:2
;; OPT pseudosection:
; edns:version:0, Flags:; udp:4096
;; QUESTION section:
; www.westos.com. In A
;; ANSWER section:
www.westos.com. 86400 in A 172.25.254.160
;; Authority section:
westos.com. 86400 in NS dns.westos.com.
;; ADDITIONAL section:
dns.westos.com. 86400 in A 172.25.254.109
;; Query time:0 msec
;; server:172.25.254.109#53 (172.25.254.109)
;; when:wed 10:19:31 EST 2016
;; MSG SIZE rcvd:93
Recovery
Primary DNS settings
[Email protected] named]# rm-fr WESTOS.COM.ZONE.JNL westos.com.zone
[Email protected] named]# cp/mnt/westos.com.zone/var/named/
(4) Host update lock
General machine to master DNS can not modify a record but for the machine with a key open
[Email protected] named]# cp-p/etc/rndc.key/etc/westos.key
[Email protected] named]# cd/mnt
[Email protected] mnt]# dnssec-keygen-a hmac-md5-b 128-n HOST Westos
kwestos.+157+24617 # #生成钥匙-A is the encryption method-B is the password size-n is the encrypted user
[Email protected] mnt]# scp/mnt/kwestos.+157+24617.* [email protected]:/mnt
[email protected] ' s password:
Kwestos.+157+24617.key 100% 0.1kb/s 00:00
Kwestos.+157+24617.private 100% 165 0.2kb/s 00:00
[Email protected] mnt]# Vim/etc/westos.key
Key "Westos" {
Algorithm HMAC-MD5;
Secret "uk7eupv4xdxq5dekhynera==";
};
[[email protected] mnt]# vim/etc/named.conf
include '/etc/westos.key ';
[[email protected] mnt]# vim/etc/named.rfc1912.zones
Zone "westos.com" in {
type Master;
file "Westos.com.zone";
allow-update {key westos;}; # #允许key Westos update
};:
[[email protected] mnt]# systemctl Restart named
Secondary DNS operation
[[email& Nbsp;protected] mnt]# nsupdate-k kwestos.+157+24617.private
> Server 172.25.254.109
> Update add hello.westos.com 86400 A 172.25.254.160
> Send
> Quit
Test:
[[email protected] mnt]# dig Hello.westos.com
; <<>> DiG 9.9.4-redhat-9.9.4-14.el7 <<>> hello.westos.com
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:18884
;; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:1, Additional:2
;; OPT pseudosection:
; edns:version:0, Flags:; udp:4096
;; QUESTION section:
; hello.westos.com. In A
;; ANSWER section:
hello.westos.com. 86400 in A 172.25.254.160
;; Authority section:
westos.com. 86400 in NS dns.westos.com.
;; ADDITIONAL section:
dns.westos.com. 86400 in A 172.25.254.109
;; Query time:0 msec
;; server:127.0.0.1#53 (127.0.0.1)
;; When:fri Dec 01:07:48 EST 2016
;; MSG SIZE rcvd:95
(5) DDNS
Ddns=dhcp+dns
Dynamic DNS requires the co-operation of DHCP and DNS
Here DNS requires more than BIND6 versions, and DHCP requires more than 3.0 versions. Before the operation to restore the original westos.com.zone, so as not to affect the subsequent operation.
Primary DNS settings
Yum Install Dhcp-y
Systemctl start DHCPD
Systemctl Stop Firewalld
Setenforce 0
Cp/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example/etc/dhcp/dhcpd.conf
Cp:overwrite '/etc/dhcp/dhcpd.conf '? Yes
Vim/etc/dhcp/dhcp.conf
Option Domain-name "westos.com";
# #删除27, 28 lines
Ddns-update-style Interim;
Subnet 172.25.254.109 netmask 255.255.255.0 {
Range 172.25.254.110 172.25.254.120;
Option routers 172.25.254.109;
}
Key Westos {
Algorithm HMAC-MD5;
Secret uk7eupv4xdxq5dekhynera==;
};
Zone westos.com. {
Primary 127.0.0.1;
Key Westos
}
Systemctl Restart DHCPD
Systemctl Restart named
Settings on the secondary DNS
Vim/etc/sysconfig/network-scripts/ifcfg-eth0
Device=eth0
Bootproto=dhcp
Onboot=yes
Type=ethernet
Userctl=yes
Peerdns=yes
Ipv6init=no
Persistent_dhclient=1
Systemctl Restart Network
After the configuration is complete, it can be tested on the machine.
DNS Settings (ii)