轮询机制
- VIM /var/named/westoslinux.com.zone
- cat /var/named/westoslinux.com.zone
- $TTL 1D
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
NS dns.westoslinux.com.
- dns A 127.25.254.120
- www.a A 172.25.254.111
- www.a A 172.25.254.222
测试: dig www.westoslinux.com
测试结果为 172.25.254.111 和 172.25.254.222 交替出现
MX 用于名称的邮件交换器 (向何处发送电子邮件)
- VIM /var/named/westoslinux.com.zone
- $TTL 1D ## 高速缓存一天
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
NS dns.westoslinux.com.
- dns A 127.25.254.120
- www.a A 172.25.254.111
- www.a A 172.25.254.222
- www CHAME www.a.westoslinux.com
- westoslinux.com MX 1 172.25.254.1
- systemctl restart named
- mail root@westoslinux.com
ctrl+d 结束输入
反向解析
- cd /var/named/
- cp -p named.loopback westoslinux.com.ptr
- VIM /etc/name.rfc1912.zones
- 51 zone "254.25.172.in-addr.arpa" IN {
- 52 type master;
- 53 file "westoslinux.com.ptr";
- 54 allow-update {
- none;
- };
- VIM /var/named/westoslinux.com.ptr
- $TTL 1D
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
NS dns.westoslinux.com.
dns A 172.25.254.120
222 PTR www.westoslinux.com.
测试: dig -x 172.25.254.120
dns 集群, 辅助 dns
1. 主 dns 配置
VIM /etc/named.rfc1912.zones
添加
- 25 zone "westoslinux.com" IN {
- 26 type master;
- 27 file "westoslinux.com.zone";
- 28 allow-update {
- none;
- };
- 29 allow-transfer {
- 172.25.254.220;
- }; ## 允许 172.25.254.220 同步本机 A 记录文件
- };
2. 辅助 dns 配置
- VIM /etc/named.conf ## 此文件内容和正向解析配置一致
- 11 listen-on port 53 {
- any;
- };
- 17 allow-query {
- any;
- };
- 32 dnssec-validation no;
- VIM /etc/named.rfc1912.zones
- 25 zone "westoslinux.com" IN {
- 26 type slave;
- 27 masters {
- 172.25.254.120;
- }; ## 设定本机为辅助 dns
- 28 file "slaves/westoslinux.com.zone"; ##A 记录文件同步主机 ip
- 29 allow-update {
- none;
- }; ## 存放 A 记录文件的位置
- };
3. 测试
- VIM /etc/resolv.conf
- nameserver 172.25.254.200
在 slave 主机的 / var/named/slaves 出现 westos.com.zone, 这是因为在从属服务器的 / etc/named.rfc1912.zone 中 file "slaves/westos.com.zone", 书写所致.
##dns 自动同步 ##
主 dns 下: VIM /etc/rfc1912.zones
- allow-transfer {172.25.254.220;};
- also-notify { 172.25.254.220; };
VIM /var/named/westoslinux.com.zone
更改 serial 值, 主 dns 重启后, 辅 dns 会自动同步
注意: serial 值最多为十位, 通常为年月日 + 更改次数
从属服务器, 会根据 serial 值是否变化来判断, 是否要更新 A 记录文件.
辅 dns 更改主 dns 信息
主 dns 下:
- VIM /etc/named.rfc1912.zones
- 28 allow-update {
- 172.25.254.220;
- };
- systemctl restart named
- cp -p westoslinux.com.zone /mnt/
- chmod 770 /var/log/messages
- setsebool -P named_write_master_zones 1
辅 dns 下:
- [root@dns-server2 slaves]# nsupdate
- server 172.25.254.120
- update add hello.westoslinux.com 86400 A 172.25.254.120
- send> quit
测试:
主 dnsxia:
dig hello.westoslinux.com
通过密钥用辅 dns 更改主 dns 信息
- dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
- ##-b: 密码长度
-a: 密码类型
MD5: 对称加密
- cat Kwestos.+157+44565.key
- cp -p /etc/rndc.key /etc/westos.key
VIM /etc/westos.key
- VIM /etc/named.conf
- 43 include "/etc/westos.key";
- VIM /etc/named.rfc1912.zones
- allow-update {
- key westos;
- };
把密码和钥匙发送给辅 dns.
scp Kwestos.xxxxx.key Kwestos.+157+44565.* root@172.25.254.220:/mnt
测试:
辅 dns:
- [root@dns-server2 slaves]# nsupdate -k Kwestos.+157+44565.private
- server 172.25.254.120
- update add hello.westoslinux.com 86400 A 172.25.254.120
- send> quit
主 dns:
dig hello.westos.com
DNS 的动态解析
服务端:
- VIM /etc/dhcpd/dhcp.conf
- 7 name "westos.com"
- 8 name-servers 172.25.254.120
- 14 ddns-update-style interim;
- subnet 172.25.254.0 netmask 255.255.255.0{
- range172.25.254.231 172.25.254.244;
- optionrouters 172.25.254.120;
- }
- key westos{
- algorithmhmac-md5;
- secert XXXXX;
- };
- zone westos.com. {
- ## 通知 DNS 要更新 dhcp 变的 ip
- primary127.0.0.1; ##DHCP 所在的服务器, 使用回环更快
- key westos;
- }
客户端:
网卡配置文件
- VIM /etc/sysconfig/network-scripts/ifcfg-eth0
- DNS1=172.25.254.120
- BOOTPROTP=dhcp
- VIM /etc/resolv.conf
- nameserver 172.25.254.130
测试:
服务器:
- systemctl restart dhcpd
- systemctl restart named
客户端:
- systemctl restart network
- ifconfig
- dig client.westos.com
client 为主机名
来源: http://www.bubuko.com/infodetail-2856359.html