西部开源学习笔记BOOK3《unit 2.DNS服务器集群》

###############################

###### unit2.DNS服务器集群 ######

###############################

##########实验环境##########

主DNS server:172.25.254.219(Master)

[[email protected] ~]# vim /etc/resolv.conf

3 nameserver 172.25.254.219

备DNS server:172.25.254.119(Slave)

[[email protected] ~]# vim /etc/resolv.conf

3 nameserver 172.25.254.119

测试客户机器:(219主机询Master,119主机询问Slave,Slave去同步Master)

172.25.254.219

172.25.254.119

注意:主DNS配置请参照《高速缓存DNS》,此处不做描述

主DNS的/var/named/tbr.com.zone文件信息为:

1 $TTL 1D

2 @       IN SOA  dns.tbr.com. root.tbr.com. (

3                                          0      ; serial

4                                         1D      ; refresh

5                                         1H      ; retry

6                                         1W      ; expire

7                                         3H )    ; minimum

8                 NS      dns.tbr.com.

9 dns             A       172.25.254.219

10 www             A       172.25.254.19

#########Slave DNS server基础配置#########

Slave端:

[[email protected] ~]# yum install bind -y

[[email protected] ~]# vim /etc/named.conf

11         listen-on port 53 { any; };

17         allow-query    { any; };

32         dnssec-validation no;

[[email protected] ~]# vim /etc/named.rfc1912.zones##仿照19-23行的模板添加下面的内容

25 zone "tbr.com" IN {

26         type slave;

27         masters { 172.25.254.219; };

28         file "slaves/tbr.com.zone";

29         allow-update { none; };

30 };

[[email protected] ~]# cd /var/named/

[[email protected] named]# ls

data     named.ca     named.localhost  slaves

dynamic  named.empty  named.loopback

[[email protected] named]# cd slaves/

[[email protected] slaves]# ls##该目录下刚开始没有任何文件

[[email protected] slaves]# firewall-cmd --list-all

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

[[email protected] slaves]# firewall-cmd --permanent --add-service=dns

success

[[email protected] slaves]# firewall-cmd --reload

success

[[email protected] slaves]# firewall-cmd --list-all

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client dns ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

Master端:

[[email protected] ~]# vim /etc/named.rfc1912.zones

25 zone "tbr.com" IN {

26         type master;

27         file "tbr.com.zone";

28         allow-update { none; };

29         allow-transfer { 172.25.254.219; };##允许该ip的主机与自己同步

测试:

172.25.254.119主机:

[[email protected] named]# dig www.tbr.com

;; ANSWER SECTION:

www.tbr.com.86400INA172.25.254.19

##########Slave DNS server自动同步主DNS数据###########

在Master端:

[[email protected] ~]# vim /etc/named.rfc1912.zones

25 zone "tbr.com" IN {

26         type master;

27         file "tbr.com.zone";

28         allow-update { none; };

29         allow-transfer { 172.25.254.219; };

30         also-notify { 172.25.254.219; };##总是向该ip的主机通告更新后的dns解析文件

31 };

[[email protected] ~]# vim /var/named/tbr.com.zone##需要修改serial值

##当修改serial值之后才会认为文件不同,从而重新更新同步

3                                 2016112601      ; serial

10 www             A       172.25.254.18

##修改serial值的同时修改dns解析的内容(之前为www.tbr.com——172.25.254.19)

[[email protected] ~]# systemctl restart named

在Slave端:

保证防火墙允许dns服务或者关闭防火墙

测试:

172.25.254.219主机:

[[email protected] ~]# dig www.tbr.com

;; ANSWER SECTION:

www.tbr.com.86400INA172.25.254.18

172.25.254.119主机:

[[email protected] named]# dig www.tbr.com

;; ANSWER SECTION:

www.tbr.com.86400INA172.25.254.18

#############远程修改DNS配置###############

注意:先将上一个实验中的部分配置删除,否则会影响该实验:

在Master端:

[[email protected] ~]# vim /etc/named.rfc1912.zones

25 zone "tbr.com" IN {

26         type master;

27         file "tbr.com.zone";

28         allow-update { none; };

=======删除以下两行内容=======

29         allow-transfer { 172.25.254.219; };

30         also-notify { 172.25.254.219; };

===========================

##并将28行改为如下:

28         allow-update { 172.25.254.119; };##允许该ip远程修改DNS配置

[[email protected] named]# setenforce 0##修改selinux模式为警告模式

[[email protected] named]# getenforce

Permissive

[[email protected] ~]# cp -p /var/named/tbr.com.zone /mnt/##注意要加-p

##做该实验之前,先将tbr.com.zone文件备份,方便之后还原

[[email protected] ~]# chmod 770 /var/named/

[[email protected] ~]# ll -d /var/named/

drwxrwx---. 5 root named 4096 11月 25 23:59 /var/named/

测试:

172.25.254.119主机:

[[email protected] named]# nsupdate

> server 172.25.254.219

> update delete www.tbr.com##删除A记录

> send

172.25.254.219主机:

[[email protected] named]# dig www.tbr.com

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4624

[[email protected] named]# ls

data      named.empty      slaves        tbr.com.zone.inter

dynamic   named.localhost  tbr.comNaNr   tbr.com.zone.jnl

named.ca  named.loopback   tbr.com.zone

[[email protected] named]# rm -fr tbr.com.zone.jnl

[[email protected] named]# rm -fr tbr.com.zone

[[email protected] named]# cp -p /mnt/tbr.com.zone .##将之前备份的文件拷贝回来,注意:要加-p

[[email protected] named]# ls

data      named.empty      slaves        tbr.com.zone.inter

dynamic   named.localhost  tbr.comNaNr

named.ca  named.loopback   tbr.com.zone

[[email protected] var]# dig www.tbr.com

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60307

##此时并不能查到dns信息,A记录消失

172.25.254.119主机:

[[email protected] named]# nsupdate

> server 172.25.254.219

> update add www.tbr.com 86400 A 172.25.254.19##添加A记录

> send

172.25.254.219主机:

[[email protected] named]# dig www.tbr.com

;; ANSWER SECTION:

www.tbr.com.86400INA172.25.254.19

##再次查看,成功恢复

###########远程修改添加密码认证#############

Master端:

[[email protected] named]# dnssec-keygen --help##查看dnssec-keygen的帮助

[[email protected] named]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST tbr

Ktbr.+157+00014

##此时可能会卡住,因为加密字符不够导致的,可以在该主机上移动鼠标或操作来增加无序加密字符

##-a 加密方式; -b 加密长度; -n 加密类别(HOST|USER)

[[email protected] named]# ls

data                     named.empty      tbr.com.zone

dynamic                  named.localhost  tbr.com.zone.inter

Ktbr.+157+00014.key      named.loopback   tbr.com.zone.jnl

Ktbr.+157+00014.private  slaves

named.ca                 tbr.comNaNr

##生成了这两个文件:Ktbr.+157+00014.keyKtbr.+157+00014.private

[[email protected] named]# cat Ktbr.+157+00014.key

tbr. IN KEY 512 3 157 +dqtFZtEFN+NGp/2rRHJOQ==

[[email protected] named]# cat Ktbr.+157+00014.private

Private-key-format: v1.3

Algorithm: 157 (HMAC_MD5)

Key: +dqtFZtEFN+NGp/2rRHJOQ==

Bits: AAA=

Created: 20161126061602

Publish: 20161126061602

Activate: 20161126061602

[[email protected] named]# cp -p /etc/rndc.key /etc/tbr.key

[[email protected] named]# vim /etc/tbr.key

1 key "tbr" {##此处将key名称改为自己设置的(eg.tbr)

2         algorithm hmac-md5;

3         secret "+dqtFZtEFN+NGp/2rRHJOQ==";##此处将加密字符改为上面生成的key字符

4 };

##将加密字符文件与DNS相关联:(如下)

[[email protected] named]# vim /etc/named.conf

44 include "/etc/tbr.key";

[[email protected] named]# vim /etc/named.rfc1912.zones

28         allow-update { key tbr; };

##最后将key文件发送给远程修改的客户机

[[email protected] named]# scp Ktbr.+157+00014.* [email protected]:/mnt/

测试:

172.25.254.119主机:

[[email protected] named]# cd /mnt##需要进入到有key文件的目录下操作

[[email protected] mnt]# ls

Ktbr.+157+00014.key     Ktbr.+157+00014.private

[[email protected] mnt]# nsupdate -k Ktbr.+157+00014.private ##-k表示用密码认证

> server 172.25.254.219

> update delete www.tbr.com

> send

>

#############Dynamic DNS 动态DNS###############

注意:

做该实验之前,先将上一个实验的部分配置还原:

Master端:

[[email protected] named]# rm -fr tbr.com.zone.jnl

[[email protected] named]# rm -fr tbr.com.zone

[[email protected] named]# cp -p /mnt/tbr.com.zone .##将之前备份的文件拷贝回来,注意:要加-p

[[email protected] named]# systemctl restart named##重启服务后生效

Master端:

[[email protected] ~]# yum install dhcpd -y

[[email protected] named]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y

[[email protected]erver named]# vim /etc/dhcp/dhcpd.conf

7 option domain-name "tbr.com";

8 option domain-name-servers 172.25.254.219;

14 ddns-update-style none;##将该条配置启用

||

14 ddns-update-style interim;##并将参数修改为interim

=============删除以下两行===============

27 subnet 10.152.187.0 netmask 255.255.255.0 {

28 }

======================================

30 subnet 172.25.254.0 netmask 255.255.255.0 {

31   range 172.25.254.240 172.25.254.244;

32   option routers 172.25.254.219;

33 }

34

35 key tbr {##修改key名称为tbr

36          algorithm hmac-md5;##默认使用hmac-md5加密

37          secret +dqtFZtEFN+NGp/2rRHJOQ==;##将密码修改为之前的key值

38        };

39

40 zone tbr.com. {##修改zone的名称为tbr.com.

41          primary 127.0.0.1;##默认使用环回口进行通信

42          key tbr;##使用的key为tbr

43        }

========================================

##上述补充的内容可以通过下面的方式查询:

[[email protected] ~]# man 5 dhcpd.conf

/dns##搜索关键字dns

========================================

[[email protected] named]# systemctl start dhcpd##启动服务

测试:

172.25.254.119主机:

修改为DHCP获取地址:(不做详细描述)

[[email protected] Desktop]# hostname

station.domain19.example.com

[[email protected] Desktop]#

hostnamectl set-hostname music.tbr.com

[[email protected] Desktop]#reoot

[[email protected] ~]# systemctl restart network

[[email protected] ~]# ifconfig

inet 172.25.254.241  netmask 255.255.255.0  broadcast 172.25.254.255

[[email protected] ~]# dig music.tbr.com

;; ANSWER SECTION:

music.tbr.com.300INA172.25.254.241

去修改Master端的/etc/dhcp/dhcpd.conf中的ip范围为172.25.254.242 172.25.254.244,再

[[email protected] ~]# systemctl restart network

[[email protected] ~]# ifconfig

inet 172.25.254.241  netmask 255.255.255.0  broadcast 172.25.254.255

[[email protected] ~]# dig music.tbr.com

;; ANSWER SECTION:

music.tbr.com.300INA172.25.254.242

时间: 2024-12-29 07:05:18

西部开源学习笔记BOOK3《unit 2.DNS服务器集群》的相关文章

西部开源学习笔记BOOK3《unit 3.MYSQL》

##################################### ############ unit3.MYSQL ############ ##################################### ##########安装软件########### yum install mariadb -y ###########创建|删除用户############# 1.创建本地用户 MariaDB [(none)]> CREATE USER [email protected

西部开源学习笔记BOOK3《unit 4.SMTP》

################################ ########## unit4.SMTP ########## ################################ ###########1.实验环境搭建############ desktop:172.25.254.119 hostname:maillinux.linux.com dns-server:172.25.254.219 server:172.25.254.219 hostname:mailwestos

西部开源学习笔记《unit 1》

#####################虚拟机控制##################### [[email protected] ~]$ rht-vmctl start desktop        ###打开desktop虚拟机 [[email protected] ~]$ rht-vmctl veiw desktop         ###显示desktop虚拟机 [[email protected] ~]$ rht-vmctl poweroff desktop     ###关闭des

西部开源学习笔记BOOK3《DNS本地高速缓存服务器》

################################# ####### 配置高速缓存DNS ######## ################################# ################ ### DNS总揽 ### ################ ##权威名称服务器 -存储并提供某个区域整个DNS域或DNS域的一部分的实际数据.权威名称服务器的类型包括 *Master包含原始区域数据.有时称作"主要"名称服务器 *Slaver备份服务器通过区域传送

西部开源学习笔记BOOK2《vsftp服务》

###unit.9 vsftpd服务### 1.什么是ftp 2.安装ftp yum install vsftpd -y systemctl start vsftpd firewall-cmd --permanent --add-server=ftp firewall-cmd --reload firewall-cmd --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client ftp

西部开源学习笔记BOOK2《自动安装系统》

############################# #####  unit1自动安装系统 ##### ############################# ################################### #### Network Install(HTTP,FTP,NFS) #### ################################### #######1.kickstart脚本###### kickstart脚本是自动应答系统在安装过程中一切

西部开源学习笔记BOOK2《ldap网络帐号》

############################## ##### unit8.ldap网络帐号 ###### ############################## ####1.ldap是什么#### ldap目录服务认证,和windows活动目录类似,就是记录数据的一种方式 ####2.ldap客户端所需软件#### [[email protected] ~]# yum install sssd krb5-workstation -y ####3.如何开启ldap用户认证####

西部开源学习笔记BOOK2-《unit 4》

############################## ##### unit4.管理系统存储 ##### ############################## #########1.分区划分########## [[email protected] ~]# fdisk /dev/vdb Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write

西部开源学习笔记BOOK2-《unit 6》

############################# #### unit6.shell脚本命令 #### ############################# ###########1.diff########### diff         file  file1            ##比较两个文件的不同 -c                          ##显示周围的行 -u                          ##按照统一格式输出生成补丁 -r