Home > Others

Three. master-slave DNS and DNS-related configuration

Source: Internet
Author: User
Tags hmac
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

# # # #三-Master DNS DNS Encryption # # # #
1. Configuration of master-slave DNS
1) Configure two DNS servers.
2) where the DNS server is configured as follows:
Vim/etc/named.rfc1912.zones
---------------------------------------
Zone "Westos.com" in {
Slave type;
Masters {172.25.254.100;};
The file "Slaves/westos.com.zone";
allow-update {none;};
30};
---------------------------------------

The primary DNS server is configured as follows:
---------------------------------------
Zone "Westos.com" in {
Type master;
File "Westos.com.zone";
allow-update {none;};
Allow-transfer {172.25.254.200;}; # #允许谁去修改主DNS
also-notify {172.25.254.200;}; # #主动修改主DNS
31};
Test:
Dig www.westos.com

2. Master-Slave DNS modification
Modify the primary DNS server configuration
cd/var/named/
Ls
Vim Westos.com.zone
----------------------------------------------------------
$ORIGIN.
$TTL 86400; 1 day
Westos.com in SOA dns.westos.com. Root.westos.com. (
2016113004; Serial
86400; Refresh (1 day)
3600; Retry (1 hour)
604800; Expire (1 week)
10800; Minimum (3 hours)
)
NS dns.westos.com.
$ORIGIN westos.com.
DNS A 172.25.254.100
www A 172.25.254.110
---------------------------------------------------------------
Under from DNS:
CD slaves/
Ls
RM-FR Westos.com.zone
Systemctl Restart named
Dig www.westos.com
Systemctl Stop Firewalld.server

3. Nsupdate from DNS to the primary DNS
Configure primary DNS as follows:
Vim/etc/named.rfc1912.zones
-----------------------------------------------------------------
Zone "Westos.com" in {
Type master;
File "Westos.com.zone";
allow-update {172.25.254.221;}; # #允许谁去更新主DNS
Allow-transfer {172.25.254.221;};
also-notify {172.25.254.221;};
31};
-----------------------------------------------------------------
Getenforce
Setenforce 0 # #关闭主DNS的selinux
Systemctl Restart named

On the slave server:
Nsupdate
> Server
Could not read server name
> Server 172.25.254.121
> Update Delete www.westos.com
> Send
Update Failed:servfail
> Server 172.25.254.121
> Update Delete www.westos.com
> Send
> Server 172.25.254.121
> Update add www.westos.com 86400 A 172.25.254.110
> Send

If it appears:
> Server 172.25.254.121
> Update Delete www.westos.com
> Send
Update Failed:servfail
Indicates that the primary DNS is not shutting down SELinux

4. Primary DNS Encryption
On primary DNS:
cd/mnt/
Dnssec-keygen-a hmac-md5-b 128-n HOST Westos
Ls
Cat Kwestos.+157+46777.key
-------------------------------------------------
Westos. In KEY 3 157 aukf9imts6tam/cnkxlwmg==
-------------------------------------------------

Cat Kwestos.+157+46777.private
-------------------------------------
private-key-format:v1.3
algorithm:157 (HMAC_MD5)
key:aukf9imts6tam/cnkxlwmg==
Bits:aaa=
created:20161130084047
publish:20161130084047
activate:20161130084047
--------------------------------------

Cp-p/etc/rndc.key/etc/westos.key
Vim/etc/westos.com
---------------------------------------------
Key "Westos" {
Algorithm HMAC-MD5;
Secret "aukf9imts6tam/cnkxlwmg=="; # #密码就是上面生成的密码
};
---------------------------------------------

Vim/etc/named.conf
* include "/etc/westos.key"; # #添加

Vim/etc/named.rfc1912.zones
Zone "Westos.com" in {
Type master;
File "Westos.com.zone";
allow-update {key westos;};
29};

Systemctl Restart named
cd/mnt/
SCP kwestos.+157+46777.* [email protected]:/mnt/# #复制密钥

Under from DNS:
cd/mnt/
Ls
Nsupdate-k kwestos.+157+46777.private
> Server 172.25.254.121
> Update Delete www.westos.com
> Send
> Quit
# #修改 (delete) succeeded

5. Automatic Encryption addressing
Yum Install DHCP
Cp/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example/etc/dhcp/dhcpd.conf
Vim/etc/dhcp/dhcpd.conf
-----------------------------------------------------------
1 # dhcpd.conf
2 #
3 # Sample configuration file for ISC dhcpd
4 #
5
6 # option definitions common to all supported networks ...
7 option Domain-name "westos.com";
8 option Domain-name-servers 172.25.254.100;
9
Ten Default-lease-time 600;
Max-lease-time 7200;
12
enble/disable Dynamic DNS updates globally.
Ddns-update-style none;
15
# IF This DHCP server was the official DHCP server for the local
The network, the authoritative directive should be uncommented.
#authoritative;
19
# Use this to send DHCP log messages to a different log file (you also
Hack syslog.conf to complete the redirection).
Log-facility Local7;
23
# No Service would be given on this subnet, but declaring it helps the
# DHCP Server to understand the network topology.
26
27
Very basic subnet declaration.
29
Subnet 172.25.254.0 netmask 255.255.255.0 {
Range 172.25.254.204 172.25.254.234;
Option routers 172.25.254.100;
33}
Westos Key {
Algorithm HMAC-MD5;
Secret 84f932vu/s198fossedmg==; # #密钥
};
Westos.com zone. {
Primaty 127.0.0.1;
Key Westos;
}
---------------------------------------------------------------

This article from "12100661" blog, declined reprint!

Three. master-slave DNS and DNS-related configuration

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
check dns configuration linux godaddy dns configuration dns configuration file apple server dns configuration cpanel dns configuration test dns configuration wordpress dns configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More