dns Part II cluster

(1) Auxiliary dns
Set slave
Select a machine as auxiliary dns machine
Operation on auxiliary machine

1. yum install bind -y
2.vim /etc/named.conf
 listen-on port 53 { any; };
 allow-query     { any; };
 dnssec-validation no;
3.vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type slave;
        masters {172.25.254.117; };
        file "slaves/westos.com.zone";
        allow-update { none; };
};
4.vim /etc/resolv.conf
namesever 172.25.254.117
5.systemctl restart named
6.systemctl stop firewalld

Main dns settings

vim  /etc/named.rfc1912.zones
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update {none; };
        allow-transfer {172.25.254.209; };    ##Allow 209 to synchronize data
};
$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.109
www     A       172.25.254.140
www     A       172.25.254.240
systemctl restart named           ##Restart service

After the above operations, there will be a westos.com.zone file in slave / of the secondary dns machine
You can dig www.westos.com in the auxiliary dns machine

(2) Automatic acquisition of primary dns data by auxiliary dns
Main dns settings

vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { 172.25.254.209; };
        allow-transfer {172.25.254.209; };
        also-notify {172.25.254.209; };    ##When the primary dns changes, it synchronizes to the secondary dns
};
 vim /var/named/westos.com.zone 
$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (
                                2016112901      ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.109
www     A       172.25.254.140
www     A       172.25.254.152
systemctl restart named

(the above operation is to change the ip address of www.westos.com, and to assist the dns machine to synchronize with it, the normal operation must delete the slave/westos.com.zone file in the auxiliary machine, and each time such operation is too cumbersome, and the above operation is to choose to modify the serial value (upper limit of 10 digits) in the / var/named/westos.com.zone file in the main dns machine to achieve the later operation Automatic synchronization of primary dns)
Test on auxiliary dns
[root@dns-slave slaves]# dig www.westos.com

(3) Modification of dns A record by remote host
Main dns settings

cp -p /var/named/westos.com.zone /mnt      ##Backup to / mnt for recovery
vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { 172.25.254.209; };   ##Allow 209 updates
        allow-transfer {172.25.254.209; };
        also-notify {172.25.254.209; };
};
chmod 770 /var/named/                      ##Execute permissions on / var/named group
systemctl restart named                    ##Restart service

Secondary dns settings

[1]delete www.westos.com
[root@dns-slave slaves]# nsupdate
> server 172.25.254.109
> update delete www.westos.com
> send
> quit

test result
[root@dns-slave slaves]# dig www.westos.com

[2]Add to www.westos.com
[root@dns-slave slaves]# nsupdate
> server 172.25.254.109
> update add www.westos.com 86400 A 172.25.254.160
> send
> quit

test result
[root@dns-slave slaves]# dig www.westos.com

recovery
Main dns settings
[root@dns-server named]# rm -fr westos.com.zone.jnl westos.com.zone
[root@dns-server named]# cp /mnt/westos.com.zone /var/named/
(4) Host update lock

General machine to master dns Cannot be modifiedARecorded but for key The machine is open
[root@dns-server named]# cp -p /etc/rndc.key /etc/westos.key
[root@dns-server named]# cd /mnt
[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+28134                      ##Generate key - a is encryption method - b is password size - n is encrypted user
[root@dns-server mnt]# scp /mnt/Kwestos.+157+28134.private 172.25.254.209:/mnt
root@172.25.254.209's password: 
Kwestos.+157+28134.private                                                   100%  165     0.2KB/s   00:00    
[root@dns-server mnt]# scp /mnt/Kwestos.+157+28134.key 172.25.254.209:/mnt
root@172.25.254.209's password: 
Kwestos.+157+28134.key                                                       100%   50     0.1KB/s   00:00   

[root@dns-server mnt]# vim /etc/westos.key 
key "westos" {
        algorithm hmac-md5;
        secret "Lz3B1zirL3Otb1gIk6917g==";
};

[root@dns-server mnt]# vim /etc/named.conf 
include "/etc/westos.key";
[root@dns-server mnt]# vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { key westos; };   ##Allow key westos to update
};:
[root@dns-server mnt]# systemctl restart named

Auxiliary dns operation

[root@dns-slave mnt]# nsupdate -k /mnt/Kwestos.+157+28134.private
> server 172.25.254.109        
> update delete www.westos.com
> send
> quit

Can be tested on the primary dns
(5)ddns
ddns=dhcp+dns
Dynamic dns needs the cooperation of dhcp and dns
Here, the version of bind 6 and above required by dns and the version of dhcp 3.0 and above are required. Before operation, restore the original westos.com.zone to avoid affecting subsequent operation.

main dns Set up 
yum install dhcp -y
systemctl start dhcpd
systemctl stop firewalld
setenforce 0
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcp.conf
vim /etc/dhcp/dhcp.conf 
      7 option domain-name "westos.com";
      8 option domain-name-servers 172.25.254.117;
     13 # Use this to enble / disable dynamic dns updates globally.
     14 ddns-update-style interim;
      ##Delete lines 27 and 28
     subnet 172.25.254.0 netmask 255.255.255.0 {
      range 172.25.254.110 172.25.254.120;
      option routers 172.25.254.117;
    }
    key westos {
        algorithm hmac-md5;
        secret Lz3B1zirL3Otb1gIk6917g==;
    };
    zone westos.com. {
    primary 127.25.254.117;
    key westos
    }
systemctl restart dhcpd
systemctl restart named
//Settings on secondary dns
hostnamectl set-hostname hello.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
systemctl restart network

Test: systemctl restart network obtains ip address
dig hello.westos.com

Keywords: DNS vim network yum

Added by shadysaiyan on Sat, 11 Apr 2020 18:04:48 +0300