在客户端IP:172.25.8.10
yum install bind.x86_64 -y
vim /etc/named.conf
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { any; };
17 allow-query { any; };
32 dnssec-validation no;
或者用//注释掉
vim /etc/named.rfc1912.zones
19 zone "localhost" IN {
20 type master;
21 file "named.localhost";
22 allow-update { none; };
23 };
24
25 zone "westos.com" IN {
26 type slave;
27 masters { 172.25.8.11; };
28 file "slave/westos.com.zone";
29 allow-update { none; };
30 };
vim /etc/resolv.conf
namesever 172.25.8.10
systemctl start named
systemctl stop firewalld.service
虚拟机IP:172.25.8.11(服务器)
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 also-notify { 172.25.8.10; }; ###主dns发生变化时,将同步到辅助dns:172.25.8.10
30 };
vim /var/named/dream.com.zone
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.8.11
10 www CNAME login.westos.com.
11 login A 172.25.8.10
systemctl restart named
测试:虚拟机IP 172.25.8.11
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.8.11
www CNAME login.westos.com.
login A 172.25.8.10
lodin A 172.25.8.250
systemctl restart named
###测试 dig www.westos.com 我们可以发现只要服务器更改就可以 不用更改客户机
注意 selinux 防火墙状态 同时注意/etc/resolv.conf 文件李加上 nameserver 服务器ip
远程控制dns
主服务器上的配置 172.25.8.11
cp -p /var/named/westos.com.zone /mnt ###给加密做个备份,方便下面实验
vim /etc/named.conf
50 zone "." IN {
51 type hint;
52 file "named.ca";
53 };
54
55 include "/etc/named.rfc1912.zones";
56 include "/etc/named.root.key";
#####下面的全部注释掉#####
57 /*view localnet {
58 match-clients { 172.25.254.125; };
59 zone "." IN {
60 type hint;
61 file "named.ca";
62 };
63 include "/etc/named.rfc1912.zones.inter";
64 };
65 view internet {
66 match-clients { any; };
67 zone "." IN {
68 type hint;
69 file "named.ca";
70 };
71 include "/etc/named.rfc1912.zones";
72 };*/
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { 172.25.8.10; };
29 allow-transfer { 172.25.8.10;};
30 also-notify { 172.25.8.10; };
31 };
chmod 770 /var/named/ ##对该目录赋予770权限
systemctl restart named
测试:虚拟机IP 172.25.8.10
[root@desktop slaves]# nsupdate
> server 172.25.8.11
> update add hello.westos.com 86400 A 172.25.8.111
> send
> quit
虚拟机ip 172.25.8.11 服务器
systemctl restart named
cat /var/named/westos.com.zone
DNS恢复
虚拟机IP 172.25.8.11 服务器
cd /var/named/
rm -f westos.com.zone.jnl westos.com.zone
cp -p /mnt/westos.com.zone /var/named/
cd /mnt
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos ###-a:md5加密方式,-b:大小512最大,-n:通过host解析 /etc/rndc.key我们从中可以看到未md5加密,慢的话敲键盘
[root@desktop mnt]# ls
westos.com.zone Kwestos.+157+12690.key Kwestos.+157+12690.private
[root@desktop mnt]# cat Kwestos.+157+12690.key
dream. IN KEY 512 3 157 1avTZv1Lrb3YVOat2tQ+AQ== ###1avTZv1Lrb3YVOat2tQ+AQ==为加密字符
vim /etc/westos.key
1 key "westos" {
2 algorithm hmac-md5;
3 secret "1avTZv1Lrb3YVOat2tQ+AQ==";
4 };
vim /etc/named.conf
42 include "/etc/westos.key"; ###写在任意位置
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { key westos; };
29 also-notify { 172.25.8.10; };
30 };
systemctl restart named
scp /mnt/Kdream.* root@172.25.254.225:/mnt
测试 172.25.8.10
[root@desktop mnt]# nsupdate -k Kwestos.+157+47547.private
> update add hello.westos.com 86400 A 172.25.8.123
> send
> quit
服务器 172.25.8.11
[root@server mnt]# systemctl restart named
[root@server mnt]# cat /var/named/westos.com.zone
DDNS=DHCP+DNS
DHCP参考博客 https://blog.csdn.net/qq_41636653/article/details/81751060
虚拟机IP 172.25.8.11 服务器
[root@server ~]# rm -fr /var/named/westos.com.zone*
[root@server ~]# cp /mnt/westos.com.zone /var/named/ -p
[root@server ~]# yum install -y dhcp
systemctl start dhcpd
systemctl stop firewalld
[root@desktop mnt]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp /dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
vim /etc/dhcp/dhcpd.conf
6 # option definitions common to all supported networks...
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.8.11;
13 # Use this to enble / disable dynamic dns updates globally.
14 ddns-update-style interim; ###允许更新
27 #subnet 10.152.187.0 netmask 255.255.255.0 {
28 #}
32 subnet 172.25.8.0 netmask 255.255.255.0 {
33 range 172.25.8.100 172.25.8.105;
34 option routers 172.25.8.11;
35 }
36 key westos {
37 algorithm hmac-md5;
38 secret 1avTZv1Lrb3YVOat2tQ+AQ==;
39 };
40 zone westos.com. {
41 primary 172.25.8.11;
42 key westos;
43 }
测试 另外一台虚拟机:把网卡设置为dhcp方式
辅助dns上的设置
hostnamectl set-hostname hello.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
systemctl restart network
测试:systemctl restart network获取ip地址
dig hello.westos.com