辅助DNS

其他 2018-09-16 07:25:17 阅读次数: 0 
在客户端IP:172.25.8.10
 yum install bind.x86_64 -y
 vim /etc/named.conf
 11 listen-on port 53 { any; };
 12 listen-on-v6 port 53 { any; };
 17 allow-query     { any; };
 32 dnssec-validation no;
 或者用//注释掉

 vim /etc/named.rfc1912.zones
 19 zone "localhost" IN {
 20         type master;
 21         file "named.localhost";
 22         allow-update { none; };
 23 };
 24 
 25 zone "westos.com" IN {
 26         type slave;
 27         masters { 172.25.8.11; };
 28         file "slave/westos.com.zone";
 29         allow-update { none; };
 30 };

 vim /etc/resolv.conf
 namesever 172.25.8.10

 systemctl start named
 systemctl stop firewalld.service 
虚拟机IP:172.25.8.11(服务器)
 vim /etc/named.rfc1912.zones
 25 zone "westos.com" IN {
 26           type master;
 27           file "westos.com.zone";
 28           allow-update { none; };
 29           also-notify { 172.25.8.10; };                 ###主dns发生变化时,将同步到辅助dns:172.25.8.10
 30 };

  vim /var/named/dream.com.zone
  1 $TTL 1D
  2 @       IN SOA  dns.westos.com. root.westos.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.westos.com.
  9 dns     A       172.25.8.11
 10 www     CNAME   login.westos.com.
 11 login   A       172.25.8.10

 systemctl restart named

测试:虚拟机IP 172.25.8.11  

vim /var/named/westos.com.zone
$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.8.11
www    CNAME    login.westos.com.
login   A       172.25.8.10
lodin  A        172.25.8.250
systemctl restart named

###测试  dig www.westos.com   我们可以发现只要服务器更改就可以 不用更改客户机
注意 selinux  防火墙状态  同时注意/etc/resolv.conf 文件李加上 nameserver  服务器ip

远程控制dns 
主服务器上的配置  172.25.8.11
cp -p /var/named/westos.com.zone /mnt    ###给加密做个备份,方便下面实验
vim /etc/named.conf
 50 zone "." IN {
 51         type hint;
 52         file "named.ca";
 53 };
 54 
 55 include "/etc/named.rfc1912.zones";
 56 include "/etc/named.root.key";
#####下面的全部注释掉#####
 57 /*view localnet {
 58         match-clients { 172.25.254.125; };
 59         zone "." IN {
 60         type hint;
 61         file "named.ca";
 62         };
 63 include "/etc/named.rfc1912.zones.inter";
 64 };
 65 view internet {
 66         match-clients { any; };
 67         zone "." IN {
 68         type hint;
 69         file "named.ca";
 70         };
 71 include "/etc/named.rfc1912.zones";
 72 };*/

vim /etc/named.rfc1912.zones
 25 zone "westos.com" IN {
 26         type master;
 27         file "westos.com.zone";
 28        allow-update { 172.25.8.10; };
 29         allow-transfer { 172.25.8.10;};
 30         also-notify { 172.25.8.10; };
 31 };
chmod 770 /var/named/       ##对该目录赋予770权限
systemctl restart named

测试:虚拟机IP 172.25.8.10

[root@desktop slaves]# nsupdate 
> server  172.25.8.11
> update add hello.westos.com 86400 A 172.25.8.111 
> send
> quit

虚拟机ip 172.25.8.11 服务器
systemctl restart named
cat /var/named/westos.com.zone


 

DNS恢复
虚拟机IP 172.25.8.11 服务器
 cd /var/named/
 rm -f westos.com.zone.jnl westos.com.zone
 cp -p /mnt/westos.com.zone /var/named/
 cd /mnt
 dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos                     ###-a:md5加密方式,-b:大小512最大,-n:通过host解析   /etc/rndc.key我们从中可以看到未md5加密,慢的话敲键盘
 [root@desktop mnt]# ls
 westos.com.zone  Kwestos.+157+12690.key  Kwestos.+157+12690.private
 [root@desktop mnt]# cat  Kwestos.+157+12690.key
 dream. IN KEY 512 3 157 1avTZv1Lrb3YVOat2tQ+AQ==                   ###1avTZv1Lrb3YVOat2tQ+AQ==为加密字符
 vim /etc/westos.key
  1 key "westos" {
  2         algorithm hmac-md5;
  3         secret "1avTZv1Lrb3YVOat2tQ+AQ==";
  4 };               
 vim /etc/named.conf
 42 include "/etc/westos.key";                                       ###写在任意位置

 vim /etc/named.rfc1912.zones
 25 zone "westos.com" IN {
 26           type master;
 27           file "westos.com.zone";
 28           allow-update { key westos; };
 29           also-notify { 172.25.8.10; };
 30 };

 systemctl restart named
 scp /mnt/Kdream.* [email protected]:/mnt
测试  172.25.8.10
[root@desktop mnt]# nsupdate -k Kwestos.+157+47547.private 
> update add hello.westos.com 86400 A 172.25.8.123
> send
> quit

服务器  172.25.8.11
[root@server mnt]# systemctl restart named
[root@server mnt]# cat /var/named/westos.com.zone



DDNS=DHCP+DNS
DHCP参考博客 https://blog.csdn.net/qq_41636653/article/details/81751060

虚拟机IP 172.25.8.11   服务器
[root@server ~]# rm -fr /var/named/westos.com.zone*
[root@server ~]# cp /mnt/westos.com.zone /var/named/  -p
[root@server ~]# yum install -y dhcp
systemctl start dhcpd
systemctl stop firewalld

[root@desktop mnt]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp /dhcpd.conf
 cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y

 vim /etc/dhcp/dhcpd.conf
  6 # option definitions common to all supported networks...
  7 option domain-name "westos.com";
  8 option domain-name-servers 172.25.8.11;
 13 # Use this to enble / disable dynamic dns updates globally.
 14 ddns-update-style interim;                         ###允许更新
 27 #subnet 10.152.187.0 netmask 255.255.255.0 {
 28 #}
 32 subnet 172.25.8.0 netmask 255.255.255.0 {
 33   range 172.25.8.100 172.25.8.105;
 34   option routers 172.25.8.11;
 35 }
 36 key westos {
 37    algorithm hmac-md5;
 38    secret 1avTZv1Lrb3YVOat2tQ+AQ==;
 39 };
 40 zone westos.com. {
 41    primary 172.25.8.11;
 42    key westos;
 43 }

测试  另外一台虚拟机:把网卡设置为dhcp方式
辅助dns上的设置
hostnamectl set-hostname hello.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
systemctl restart network

测试:systemctl restart network获取ip地址
dig hello.westos.com






















 

猜你喜欢

转载自blog.csdn.net/qq_41636653/article/details/81951651
DNS
今日推荐
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
中国码农的“35岁魔咒”
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
周排行
基本数据类型封装类比较 Java源码解读(一) 8种基本类型对应的封装类型
JS实现无缝滚动上
深入解析HashMap原理(基于JDK1.8)
mysql的连接池
关于.htc
linux下的ubuntu12.04图形界面
【数论】好推不好记的扩展欧几里德
设备树详解
cscope + tags 简单设置
xml学习
每日归档
更多
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022