欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

dns第二部分 集群

程序员文章站 2024-03-16 10:32:10
...

(1)辅助dns
设定slave
选定一台机子作辅助dns机
在辅助机上的操作

1. yum install bind -y
2.vim /etc/named.conf
 listen-on port 53 { any; };
 allow-query     { any; };
 dnssec-validation no;
3.vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type slave;
        masters {172.25.254.117; };
        file "slaves/westos.com.zone";
        allow-update { none; };
};
4.vim /etc/resolv.conf
namesever 172.25.254.117
5.systemctl restart named
6.systemctl stop firewalld

主dns设置

vim  /etc/named.rfc1912.zones
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update {none; };
        allow-transfer {172.25.254.209; };    ##允许209同步数据
};
$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.109
www     A       172.25.254.140
www     A       172.25.254.240
systemctl restart named           ##重启服务

进行以上操作后将在辅助dns机的slaves/有 westos.com.zone文件
可以在辅助dns机中 dig www.westos.com
dns第二部分 集群
(2)辅助dns自动获取主dns数据
主dns设置

vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { 172.25.254.209; };
        allow-transfer {172.25.254.209; };
        also-notify {172.25.254.209; };    ##主dns发生变化时,将同步到辅助dns
};
 vim /var/named/westos.com.zone 
$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (
                                2016112901      ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.109
www     A       172.25.254.140
www     A       172.25.254.152
systemctl restart named

(以上的操作是改变www.westos.com的ip地址,并且要辅助dns机与之同步,常规操作则必须删除辅助机中slave/westos.com.zone文件,而每次进行这样的操作过于麻烦,而上面的操作则是选择在主dns机中修改/var/named/westos.com.zone文件中的serial值(上限10位数)以达到在以后的操作中自动同步主dns)
在辅助dns上测试
[aaa@qq.com slaves]# dig www.westos.com

(3)远程主机对dns的A记录修改
主dns设置

cp -p /var/named/westos.com.zone /mnt      ##备份到/mnt以便于恢复
vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { 172.25.254.209; };   ##允许209 更新
        allow-transfer {172.25.254.209; };
        also-notify {172.25.254.209; };
};
chmod 770 /var/named/                      ##对/var/named组执行权限
systemctl restart named                    ##重启服务

辅助dns设置

[1]删除www.westos.com
[aaa@qq.com slaves]# nsupdate
> server 172.25.254.109
> update delete www.westos.com
> send
> quit

测试结果
[aaa@qq.com slaves]# dig www.westos.com

[2]添加www.westos.com
[aaa@qq.com slaves]# nsupdate
> server 172.25.254.109
> update add www.westos.com 86400 A 172.25.254.160
> send
> quit

测试结果
[aaa@qq.com slaves]# dig www.westos.com

恢复
主dns设置
[aaa@qq.com named]# rm -fr westos.com.zone.jnl westos.com.zone
[aaa@qq.com named]# cp /mnt/westos.com.zone /var/named/
(4)主机更新上锁

一般机子对主dns不可以修改A记录但对于有key的机子开放
[root@dns-server named]# cp -p /etc/rndc.key /etc/westos.key
[root@dns-server named]# cd /mnt
[root@dns-server mnt]# dnssec-****** -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+28134                      ##生成钥匙 -a是加密方式 -b是密码大小 -n是加密用户
[root@dns-server mnt]# scp /mnt/Kwestos.+157+28134.private 172.25.254.209:/mnt
root@172.25.254.209's password: 
Kwestos.+157+28134.private                                                   100%  165     0.2KB/s   00:00    
[aaa@qq.com mnt]# scp /mnt/Kwestos.+157+28134.key 172.25.254.209:/mnt
aaa@qq.com's password: 
Kwestos.+157+28134.key                                                       100%   50     0.1KB/s   00:00   

[root@dns-server mnt]# vim /etc/westos.key 
key "westos" {
        algorithm hmac-md5;
        secret "Lz3B1zirL3Otb1gIk6917g==";
};

[root@dns-server mnt]# vim /etc/named.conf 
include "/etc/westos.key";
[root@dns-server mnt]# vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { key westos; };   ##允许key westos 更新
};:
[root@dns-server mnt]# systemctl restart named

辅助dns操作

[aaa@qq.com mnt]# nsupdate -k /mnt/Kwestos.+157+28134.private
> server 172.25.254.109        
> update delete www.westos.com
> send
> quit

可以在主dns上测试
(5)ddns
ddns=dhcp+dns
动态dns需要dhcp与dns的协同工作
这里dns所需要的bind6以上的版本,以及dhcp需要3.0以上版本。在操作以前要把原来的westos.com.zone恢复,以免影响后续操作。

主dns设置 
yum install dhcp -y
systemctl start dhcpd
systemctl stop firewalld
setenforce 0
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcp.conf
vim /etc/dhcp/dhcp.conf 
      7 option domain-name "westos.com";
      8 option domain-name-servers 172.25.254.117;
     13 # Use this to enble / disable dynamic dns updates globally.
     14 ddns-update-style interim;
      ##删除27,28行
     subnet 172.25.254.0 netmask 255.255.255.0 {
      range 172.25.254.110 172.25.254.120;
      option routers 172.25.254.117;
    }
    key westos {
        algorithm hmac-md5;
        secret Lz3B1zirL3Otb1gIk6917g==;
    };
    zone westos.com. {
    primary 127.25.254.117;
    key westos
    }
systemctl restart dhcpd
systemctl restart named
辅助dns上的设置
hostnamectl set-hostname hello.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
systemctl restart network

测试:systemctl restart network获取ip地址
dig hello.westos.com

相关标签: DNS linux

上一篇: 【Java】对象与类

下一篇: Spring Cloud微服务项目实战--Eureka服务搭建

推荐阅读