####輔助dns####
###dns集群####
（1）輔助dns
設(shè)定slave
選定一臺(tái)機(jī)子作輔助dns機(jī)
在輔助機(jī)上的操作
1. yum install bind -y
2.vim /etc/named.conf
?listen-on port 53 { any; };
?allow-query???? { any; };
?dnssec-validation no;
3.vim /etc/named.rfc1912.zones
zone "westos.com" IN {
??????? type slave;
??????? masters {172.25.254.109; };
??????? file "slaves/westos.com.zone";
??????? allow-update { none; };
};
4.vim /etc/resolv.conf
namesever 172.25.254.209
5.systemctl restart named
6.systemctl stop firewalld
主dns設(shè)置
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
??????? type master;
??????? file "westos.com.zone";
??????? allow-update {none; };
??????? allow-transfer {172.25.254.209; };??? ##允許209同步數(shù)據(jù)
};
$TTL 1D
@?????? IN SOA? dns.westos.com. root.westos.com. (
??????????????????????????????????????? 0?????? ; serial
??????????????????????????????????????? 1D????? ; refresh
??????????????????????????????????????? 1H????? ; retry
??????????????????????????????????????? 1W????? ; expire
??????????????????????????????????????? 3H )??? ; minimum
??????? NS????? dns.westos.com.
dns???? A?????? 172.25.254.109
www???? A?????? 172.25.254.140
www???? A?????? 172.25.254.240
systemctl restart named?????????? ##重啟服務(wù)
進(jìn)行以上操作后將在輔助dns機(jī)的slaves/有 westos.com.zone文件
可以在輔助dns機(jī)中 dig www.westos.com
[root@slave-dns slaves]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29609
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.???IN?A

;; ANSWER SECTION:
www.westos.com.??86400?IN?A?172.25.254.240
www.westos.com.??86400?IN?A?172.25.254.140

;; AUTHORITY SECTION:
westos.com.??86400?IN?NS?dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.??86400?IN?A?172.25.254.109

;; Query time: 0 msec
;; SERVER: 172.25.254.109#53(172.25.254.109)
;; WHEN: Wed Nov 30 08:19:21 EST 2016
;; MSG SIZE? rcvd: 109
（2）輔助dns自動(dòng)獲取主dns數(shù)據(jù)
主dns設(shè)置
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
??????? type master;
??????? file "westos.com.zone";
??????? allow-update { 172.25.254.209; };
??????? allow-transfer {172.25.254.209; };
??????? also-notify {172.25.254.209; };??? ##主dns發(fā)生變化時(shí)，將同步到輔助dns
};
?vim /var/named/westos.com.zone
$TTL 1D
@?????? IN SOA? dns.westos.com. root.westos.com. (
??????????????????????????????? 2016112901????? ; serial
??????????????????????????????????????? 1D????? ; refresh
??????????????????????????????????????? 1H????? ; retry
??????????????????????????????????????? 1W????? ; expire
??????????????????????????????????????? 3H )??? ; minimum
??????? NS????? dns.westos.com.
dns???? A?????? 172.25.254.109
www???? A?????? 172.25.254.140
www???? A?????? 172.25.254.152
systemctl restart named
(以上的操作是改變www.westos.com的ip地址，并且要輔助dns機(jī)與之同步，常規(guī)操作則必須刪除輔助機(jī)中slave/westos.com.zone文件，而每次進(jìn)行這樣的操作過于麻煩，而上面的操作則是選擇在主dns機(jī)中修改/var/named/westos.com.zone文件中的serial值（上限10位數(shù)）以達(dá)到在以后的操作中自動(dòng)同步主dns)
在輔助dns上測試
[root@dns-slave slaves]# dig www.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18144
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.???IN?A

;; ANSWER SECTION:
www.westos.com.??86400?IN?A?172.25.254.152
www.westos.com.??86400?IN?A?172.25.254.140

;; AUTHORITY SECTION:
westos.com.??86400?IN?NS?dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.??86400?IN?A?172.25.254.109

;; Query time: 0 msec
;; SERVER: 172.25.254.109#53(172.25.254.109)
;; WHEN: Wed Nov 30 09:29:09 EST 2016
;; MSG SIZE? rcvd: 109
（3）遠(yuǎn)程主機(jī)對(duì)dns的A記錄修改
主dns設(shè)置
cp -p /var/named/westos.com.zone /mnt????? ##備份到/mnt以便于恢復(fù)
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
??????? type master;
??????? file "westos.com.zone";
??????? allow-update { 172.25.254.209; };?? ##允許209 更新
??????? allow-transfer {172.25.254.209; };
??????? also-notify {172.25.254.209; };
};
chmod 770 /var/named/????????????????????? ##對(duì)/var/named組執(zhí)行權(quán)限
systemctl restart named??????????????????? ##重啟服務(wù)
輔助dns設(shè)置
[1]刪除www.westos.com
[root@dns-slave slaves]# nsupdate
> server 172.25.254.109
> update delete www.westos.com
> send
> quit
測試結(jié)果
[root@dns-slave slaves]# dig www.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32405
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.???IN?A

;; AUTHORITY SECTION:
westos.com.??10800?IN?SOA?dns.westos.com. root.westos.com. 2016112902 86400 3600 604800 10800

;; Query time: 1 msec
;; SERVER: 172.25.254.109#53(172.25.254.109)
;; WHEN: Wed Nov 30 10:17:23 EST 2016
;; MSG SIZE? rcvd: 88
[2]添加www.westos.com
[root@dns-slave slaves]# nsupdate
> server 172.25.254.109
> update add www.westos.com 86400 A 172.25.254.160
> send
> quit
測試結(jié)果
[root@dns-slave slaves]# dig www.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38963
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.???IN?A

;; ANSWER SECTION:
www.westos.com.??86400?IN?A?172.25.254.160

;; AUTHORITY SECTION:
westos.com.??86400?IN?NS?dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.??86400?IN?A?172.25.254.109

;; Query time: 0 msec
;; SERVER: 172.25.254.109#53(172.25.254.109)
;; WHEN: Wed Nov 30 10:19:31 EST 2016
;; MSG SIZE? rcvd: 93
恢復(fù)
主dns設(shè)置
[root@dns-server named]# rm -fr westos.com.zone.jnl westos.com.zone
[root@dns-server named]# cp /mnt/westos.com.zone /var/named/
(4)主機(jī)更新上鎖
一般機(jī)子對(duì)主dns不可以修改A記錄但對(duì)于有key的機(jī)子開放
[root@dns-server named]# cp -p /etc/rndc.key /etc/westos.key
[root@dns-server named]# cd /mnt
[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+24617?? ##生成鑰匙 -a是加密方式 -b是密碼大小 -n是加密用戶

[root@dns-server mnt]# scp /mnt/Kwestos.+157+24617.* root@172.25.254.209:/mnt
root@172.25.254.209's password:
Kwestos.+157+24617.key?????????????????????? 100%?? 50???? 0.1KB/s?? 00:00???
Kwestos.+157+24617.private?????????????????? 100%? 165???? 0.2KB/s?? 00:00???

[root@dns-server mnt]# vim /etc/westos.key
key "westos" {
??????? algorithm hmac-md5;
??????? secret "Uk7EUpv4XDXQ5DEKhYnERA==";
};

[root@dns-server mnt]# vim /etc/named.conf
include "/etc/westos.key";
[root@dns-server mnt]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
??????? type master;
??????? file "westos.com.zone";
??????? allow-update { key westos; };?? ##允許key westos 更新
};:
[root@dns-server mnt]# systemctl restart named
輔助dns操作
[root@dns-slave mnt]# nsupdate -k Kwestos.+157+24617.private
> server 172.25.254.109
> update add hello.westos.com 86400 A 172.25.254.160
> send
> quit
測試：
[root@dns-slave mnt]# dig hello.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18884
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com.??IN?A

;; ANSWER SECTION:
hello.westos.com.?86400?IN?A?172.25.254.160

;; AUTHORITY SECTION:
westos.com.??86400?IN?NS?dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.??86400?IN?A?172.25.254.109

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 02 01:07:48 EST 2016
;; MSG SIZE? rcvd: 95

（5）ddns
ddns=dhcp+dns
動(dòng)態(tài)dns需要dhcp與dns的協(xié)同工作
這里dns所需要的bind6以上的版本，以及dhcp需要3.0以上版本。在操作以前要把原來的westos.com.zone恢復(fù)，以免影響后續(xù)操作。
主dns設(shè)置
yum install dhcp -y
systemctl start dhcpd
systemctl stop firewalld
?setenforce 0
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? yes
vim /etc/dhcp/dhcp.conf
option domain-name "westos.com";
##刪除27，28行
ddns-update-style interim;
subnet 172.25.254.109 netmask 255.255.255.0 {
? range 172.25.254.110 172.25.254.120;
? option routers 172.25.254.109;
}
key westos {
??????? algorithm hmac-md5;
?????? secret Uk7EUpv4XDXQ5DEKhYnERA==;
};
zone westos.com. {
primary 127.0.0.1;
key westos
}
systemctl restart dhcpd
systemctl restart named
輔助dns上的設(shè)置
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
systemctl restart network
配置完成后可以在機(jī)子上進(jìn)行測試。

轉(zhuǎn)載于:https://blog.51cto.com/12183531/1880553

與50位技術(shù)專家面對(duì)面20年技術(shù)見證，附贈(zèng)技術(shù)全景圖

總結(jié)

以上是生活随笔為你收集整理的DNS设定（二）的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。