(1) Auxiliary dns
Set slave
Select a machine as auxiliary dns machine
Operation on auxiliary machine
1. yum install bind -y
2.vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
3.vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters {172.25.254.117; };
file "slaves/westos.com.zone";
allow-update { none; };
};
4.vim /etc/resolv.conf
namesever 172.25.254.117
5.systemctl restart named
6.systemctl stop firewalldMain dns settings
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update {none; };
allow-transfer {172.25.254.209; }; ##Allow 209 to synchronize data
};
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.109
www A 172.25.254.140
www A 172.25.254.240
systemctl restart named ##Restart serviceAfter the above operations, there will be a westos.com.zone file in slave / of the secondary dns machine
You can dig www.westos.com in the auxiliary dns machine 
(2) Automatic acquisition of primary dns data by auxiliary dns
Main dns settings
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.209; };
allow-transfer {172.25.254.209; };
also-notify {172.25.254.209; }; ##When the primary dns changes, it synchronizes to the secondary dns
};
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
2016112901 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.109
www A 172.25.254.140
www A 172.25.254.152
systemctl restart named(the above operation is to change the ip address of www.westos.com, and to assist the dns machine to synchronize with it, the normal operation must delete the slave/westos.com.zone file in the auxiliary machine, and each time such operation is too cumbersome, and the above operation is to choose to modify the serial value (upper limit of 10 digits) in the / var/named/westos.com.zone file in the main dns machine to achieve the later operation Automatic synchronization of primary dns)
Test on auxiliary dns
[root@dns-slave slaves]# dig www.westos.com
(3) Modification of dns A record by remote host
Main dns settings
cp -p /var/named/westos.com.zone /mnt ##Backup to / mnt for recovery
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.209; }; ##Allow 209 updates
allow-transfer {172.25.254.209; };
also-notify {172.25.254.209; };
};
chmod 770 /var/named/ ##Execute permissions on / var/named group
systemctl restart named ##Restart serviceSecondary dns settings
[1]delete www.westos.com
[root@dns-slave slaves]# nsupdate
> server 172.25.254.109
> update delete www.westos.com
> send
> quittest result
[root@dns-slave slaves]# dig www.westos.com
[2]Add to www.westos.com
[root@dns-slave slaves]# nsupdate
> server 172.25.254.109
> update add www.westos.com 86400 A 172.25.254.160
> send
> quittest result
[root@dns-slave slaves]# dig www.westos.com
recovery
Main dns settings
[root@dns-server named]# rm -fr westos.com.zone.jnl westos.com.zone
[root@dns-server named]# cp /mnt/westos.com.zone /var/named/
(4) Host update lock
General machine to master dns Cannot be modifiedARecorded but for key The machine is open
[root@dns-server named]# cp -p /etc/rndc.key /etc/westos.key
[root@dns-server named]# cd /mnt
[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+28134 ##Generate key - a is encryption method - b is password size - n is encrypted user
[root@dns-server mnt]# scp /mnt/Kwestos.+157+28134.private 172.25.254.209:/mnt
root@172.25.254.209's password:
Kwestos.+157+28134.private 100% 165 0.2KB/s 00:00
[root@dns-server mnt]# scp /mnt/Kwestos.+157+28134.key 172.25.254.209:/mnt
root@172.25.254.209's password:
Kwestos.+157+28134.key 100% 50 0.1KB/s 00:00
[root@dns-server mnt]# vim /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "Lz3B1zirL3Otb1gIk6917g==";
};
[root@dns-server mnt]# vim /etc/named.conf
include "/etc/westos.key";
[root@dns-server mnt]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; }; ##Allow key westos to update
};:
[root@dns-server mnt]# systemctl restart namedAuxiliary dns operation
[root@dns-slave mnt]# nsupdate -k /mnt/Kwestos.+157+28134.private
> server 172.25.254.109
> update delete www.westos.com
> send
> quitCan be tested on the primary dns
(5)ddns
ddns=dhcp+dns
Dynamic dns needs the cooperation of dhcp and dns
Here, the version of bind 6 and above required by dns and the version of dhcp 3.0 and above are required. Before operation, restore the original westos.com.zone to avoid affecting subsequent operation.
main dns Set up
yum install dhcp -y
systemctl start dhcpd
systemctl stop firewalld
setenforce 0
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcp.conf
vim /etc/dhcp/dhcp.conf
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.117;
13 # Use this to enble / disable dynamic dns updates globally.
14 ddns-update-style interim;
##Delete lines 27 and 28
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.110 172.25.254.120;
option routers 172.25.254.117;
}
key westos {
algorithm hmac-md5;
secret Lz3B1zirL3Otb1gIk6917g==;
};
zone westos.com. {
primary 127.25.254.117;
key westos
}
systemctl restart dhcpd
systemctl restart named
//Settings on secondary dns
hostnamectl set-hostname hello.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
systemctl restart networkTest: systemctl restart network obtains ip address
dig hello.westos.com