实验环境:RHEL7.0
主DNS server1.example.com 172.25.254.1
辅助DNS server2.example.com 172.25.254.2
实验内容:1.主DNS配置
2.辅助DNS配置
3.辅助DNS动态获取主DNS数据
4.DNS更新
5.有Key才能对主机进行更新
6.DDNS搭建
前提:装bind软件,关火墙,关SELINUNX,开启53端口
1.主DNS配置(IP:172.25.254.158)
1)vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-validation no; (//代表开启着接口)
2)vim /etc/named.rfc1912.zones
zone "willis.com" IN {
type master;
file "willis.com.zone";
allow-update { none; };
allow-transfer { 172.25.254.2; };##允许谁同步
};
3)cp -p /var/named/ /var/named/willis.com.zone#特殊文件,注意权限
4)vim /var/named/willis.com.zone
$TTL 1D
@ IN SOA dns.willis.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.willis.com.
dns A 172.25.254.1
www A 172.25.254.1
5)vim /etc/resolv.conf
nameserver 172.25.254.1
6)systemctl start named
2.辅助DNS
1)vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-validation no;
2)vim /etc/named.rfc1912.zones
zone "willis.com" IN {
type slave;
masters { 172.25.254.1; };
file "slaves/willis.com.zone";
allow-update { none; };
};
3)vim /etc/resolv.conf
nameserver 172.25.254.1
4)systemctl start named
3.辅助DNS动态获取主DNS数据(数据同步)
1)主DNS
1-1)vim /etc/named.rfc1912.zones
zone "willis.com" IN {
type master;
file "w.com.zone";
allow-update { none; };
allow-transfer { 172.25.254.2; };
also-notify { 172.25.254.2; }; ##添加此条,当DNS文件发生改变时,将数据推送给谁
};
1-2)vim /var/named/willis.com.zone
$TTL 1D
@ IN SOA dns.willis.com. root. (
31 ; serial #此值改变,进行数据推送
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.willis.com.
dns A 172.25.254.1
www A 172.25.254.1
1-3)systemctl restart named
2)辅助DNS
2-1)vim /etc/resolv.conf
named 172.25.254.1
[root@server2 slaves]# ls
willis.com.zone
[root@server2 slaves]# rm -rf willis.com.zone
[root@server2 slaves]# ls
[root@server2 slaves]# dig www.willis.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63871
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.willis.com. IN A
;; ANSWER SECTION:
www.willis.com. 86400 IN A 172.25.254.1
;; AUTHORITY SECTION:
willis.com. 86400 IN NS dns.willis.com.
;; ADDITIONAL SECTION:
dns.willis.com. 86400 IN A 172.25.254.1
;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 20:32:55 CST 2016
;; MSG SIZE rcvd: 93
[root@server2 slaves]# ls
willis.com.zone
4.DNS更新(远程主机对DNS A记录修改)
cp -p /var/named/westos.com.zone /mnt ##备份,便于恢复
1)主DNS
1-1)vim /etc/named.rfc1912.zones zone
zone "willis.com" IN {
type master;
file "willis.com.zone";
allow-update { 172.25.254.2; }; ##添加此条,允许那个远程主机DNS更新主机DNS A记录
allow-transfer { 172.25.254.2; };
also-notify { 172.25.254.2; };
};
1-2)chmod g+w /var/named ###此目录必须对named组有执行
1-3)systemctl restart named
2)辅助DNS(远程DNS)进行更新
[root@server2 slaves]# nsupdate
> server 172.25.254.1
> update add hello.willis.com 86400 A 172.25.254.3
> send
3)测试 dig hello.willis.com
[root@server2 slaves]# dig hello.willis.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8312
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.willis.com. IN A
;; ANSWER SECTION:
hello.willis.com. 86400 IN A 172.25.254.3
;; AUTHORITY SECTION:
willis.com. 86400 IN NS dns.willis.com.
;; ADDITIONAL SECTION:
dns.willis.com. 86400 IN A 172.25.254.1
;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 20:47:58 CST 2016
;; MSG SIZE rcvd: 95
4)恢复 rm -rf /var/named/willis.com.zone
rm -rf /var/named/willis.com.zone.jnl
cp -p /mnt/willis.come.zone /var/named/
5.有Key才可对主机进行更新
1)主DNS
1-1)cp -p /etc/rndc.key /etc/willis.key
1-2)cd /mnt
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST willis
[root@server1 mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST willis
Kwillis.+157+54370
[root@server1 mnt]# ls
Kwillis.+157+54370.key Kwillis.+157+54370.private
[root@server1 mnt]# cat Kwillis.+157+54370.key
willis. IN KEY 512 3 157 D3lJsH/gcsyTGmQfDKl/DA==
1-3)vim /etc/willis.key
key "willis" {
algorithm hmac-md5;
secret "D3lJsH/gcsyTGmQfDKl/DA==";
};
1-4)vim /etc/named.conf
在options {};外添加 include "/etc/willis.key";
1-5)vim /etc/named.rfc1912.zones
修改为allow-update { key willis; };
1-6)scp Ksteven.+157+09355.* root@172.25.254.187:/mnt/
1-7)systemctl restart named
2)辅助DNS
[root@server2 slaves]# nsupdate
> server 172.25.254.1
> update add wahaha.willis.com 86400 A 172.25.254.3
> send
update failed: REFUSED ###DNS更新失败
[root@server2 slaves]# nsupdate -k /mnt/Kwillis.+157+54370.private
> server 172.25.254.1
> update add wahaha.willis.com 86400 A 172.25.254.3
> send
###添加密码认证后更新成功
测试)
[root@server2 slaves]# dig wahaha.willis.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> wahaha.willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40086
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wahaha.willis.com. IN A
;; ANSWER SECTION:
wahaha.willis.com. 86400 IN A 172.25.254.3
;; AUTHORITY SECTION:
willis.com. 86400 IN NS dns.willis.com.
;; ADDITIONAL SECTION:
dns.willis.com. 86400 IN A 172.25.254.1
;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 21:12:16 CST 2016
;; MSG SIZE rcvd: 96
6.ddns
DHCP+DNS=DDNS
动态DNS(DDNS)需要DNS和DHCP来协同工作。
Linux下也可以实现DDNS,不过DNS需要Bind8以上的版本,DHCP需要3.0以上的版本。
1)DNS环境恢复
rm -rf /var/named/willis.com.zone
rm -rf /var/named/willis.com.zone.jnl
cp -p /mnt/willis /var/named/
2)dhcp配置
2-1 yum install dhcp -y
2-2 cp -p /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
(3)vim /etc/dhcp/dhcpd.conf ################################################option domain-name "server1.example.com";
option domain-name-servers 172.25.254.1;
default-lease-time 600;
max-lease-time 7200;
# DHCP server to understand the network topology.
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.80 172.25.254.90;
option routers 172.25.254.1;
}
key willis {
algorithm hmac-md5;
secret D3lJsH/gcsyTGmQfDKl/DA==; ####密钥
};
zone yqy.com. {
primary 172.25.254.1;
key willis;
}
(4)systemctl restart named
systemctl restart dhcpd
附注:man dhcpd.conf 查找关键字key
2.辅助服务器
systemctl restart network
ifconfig ###得到一个主服务器server的给的一个IP
hostnamectl set-hostname bbs.willis.com
dig bbs.willis.com ###测试
本文转自willis_sun 51CTO博客,原文链接:http://blog.51cto.com/willis/1847495,如需转载请自行联系原作者
