ddns=dns+dhcp

desktop：(主dns)
主机名---dns-server.example.com
IP---172.25.254.144
指定yum源
/////////////////////////////////////////////////////////
[[email protected] ~]# yum install bind -y        ##安装bind软件包##
[[email protected] ~]# systemctl start named      ##开启named服务##
[[email protected] ~]# ll /dev/random     ##/dev/random为开启named服务时生成
的加密文件##
crw-rw-rw-. 1 root root 1, 8 Mar 15 07:16 /dev/random
[[email protected] ~]# cat /dev/random
gu
        IP‘

[[email protected] ~]# vim /etc/named.conf        ##named服务的配置文件##
        ......
  9
 10 options {
 11 //      listen-on port 53 { 127.0.0.1; };   ##注释该行，监听所有53端口
##
 12 //      listen-on-v6 port 53 { ::1; };      ##注释该行，监听所有53端口
##
 13         directory       "/var/named";       ##指定解析库位置##
 14         dump-file       "/var/named/data/cache_dump.db";
 15         statistics-file "/var/named/data/named_stats.txt";
 16         memstatistics-file "/var/named/data/named_mem_stats.txt";
 17         allow-query     { any; };   ##允许谁来查询##
 18         forwarders      { 172.25.254.250; };        ##指定上级DNS##
        ......
 29         recursion yes;      ##是否运行递归##
 30
 31         dnssec-enable yes;
 32         dnssec-validation yes;
 33         dnssec-lookaside auto;
 34
 35         /* Path to ISC DLV key */
 36         bindkeys-file "/etc/named.iscdlv.key";
 37
 38         managed-keys-directory "/var/named/dynamic";
 39
 40         pid-file "/run/named/named.pid";
 41         session-keyfile "/run/named/session.key";
 42 };
 43
 44 logging {           ##指定日志文件##
 45         channel default_debug {
 46                 file "data/named.run";
 47                 severity dynamic;
 48         };
 49 };
 50
 51 zone "." IN {       ##指定区域##
 52         type hint;          ##指定服务器类型虚拟DNS##
 53         file "named.ca";            ##指定解析库名字##
 54 };
 55
 56 include "/etc/named.rfc1912.zones";         ##包含配置文件/etc/named.rfc1912.zones##
 57 include "/etc/named.root.key";
        ......

####正向解析####
[[email protected] ~]# vim /etc/named.rfc1912.zones
        ......
 25 zone "westoslinux.com" IN {
 26         type master;
 27         file "westoslinux.com.zone";
 28         allow-update { none; };
 29         allow-transfer { 172.25.254.244; };         ##允许同步本机A记>录文件的主机IP##
 30 };
        ......
[[email protected]ns-server ~]# cd /var/named/
[[email protected] named]# ls
data     named.ca     named.localhost  slaves
dynamic  named.empty  named.loopback
[[email protected] named]# cp -p named.localhost westoslinux.com.zone
[[email protected] named]# vim westoslinux.com.zone
  1 $TTL 1D
  2 @       IN SOA  dns.westoslinux.com. root.westoslinux.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.westoslinux.com.
  9 dns     A       172.25.254.144
 10 www     A       172.25.254.125
[[email protected] named]# systemctl restart named

####反向解析####
[[email protected] ~]# vim /etc/named.rfc1912.zones
        ......
 50 zone "254.25.172.in-addr.arpa" IN {
 51         type master;
 52         file "westoslinux.com.ptr";
 53         allow-update { none; };
 54 };
        ......
[[email protected] named]# vim westoslinux.com.ptr
  1 $TTL 1D
  2 @       IN SOA  dns.westoslinux.com. root.westoslinux.com. (

3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.westoslinux.com.
  9 dns     A       172.25.254.144
 10 222     PTR     www.westoslinux.com.
 11 233     PTR     bbs.westoslinux.com.
[[email protected] named]# systemctl restart named

[[email protected] named]# vim westoslinux.com.zone
  1 $TTL 1D
  2 @       IN SOA  dns.westoslinux.com. root.westoslinux.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8                     NS      dns.westoslinux.com.
  9 dns                 A       172.25.254.144
 10 www                 CNAME   www.a.westoslinux.com.
 11 www.a               A       172.25.254.125
 12 www.a               A       172.25.254.225
 13 westoslinux.com.    MX 1    172.25.254.1.
[[email protected] named]# systemctl restart named

虚拟机server：（辅助dns）
主机名：dns-server2.example.com
IP：172.25.254.244
指定yum源：vim /etc/yum.repos.d/rhel_dvd.repo
安装bind软件包：yum install bind -y
开启named服务：systemctl restart named
修改配置文件/etc/name.conf（与主dns一致）
重启named服务：systemctl restart named

火墙配置：
[[email protected] ~]# firewall-cmd --permanent --add-service=dns
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client dns ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[[email protected] ~]# vim /etc/named.rfc1912.zones
        ......
 25 zone "westoslinux.com" IN {
 26         type slave;         ##设定本机为辅助dns##
 27         masters { 172.25.254.144; };        ##A记录文件同步主机IP##
 28         file "slaves/westoslinux.com.zone";         ##存放A记录文件的>位置##
 29         allow-update { none; };
 30 };
        ......
[[email protected] ~]# systemctl restart named

测试：
vim /etc/resolv.conf
nameserver 172.25.254.244       ##IP为辅助dns的IP##

补充：
/etc/named.rfc1912.zones
......
 25 zone "westoslinux.com" IN {
 26         type master;
 27         file "westoslinux.com.zone";
 28         allow-update { none; };
 29         allow-transfer { 172.25.254.244; };         ##允许同步本机A记>录文件的主机IP##
 30         also-notify { 172.25.254.244;};
 31 };
每次重新启动服务要修改/var/named/westos.com.zone 中的serial值，一般改为日>期

设置主dns
vim /etc/named.rfc1912.zones
cp -p /var/named/westos.com.zone /mnt
chmod 770 /var/named
setsebool -P named_write_master_zones 1

辅助dns:
nsupdate
>server 172.25.254.100
>update add hello.westos.com 86400 A  172.25.254.100
>send
>quit

nsupdate
> server 172.25.254.100
> update delete hello.westos.com
>send
>quit

这样做可以让辅助dns 去更新主dns

###################
######ddns#########
###################

[[email protected] ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+24069
[[email protected] ~]# cat Kwestos.+157+24069.key
westos. IN KEY 512 3 157 z8rQmcqOSYlOEDYNNj3pkA==
[[email protected] ~]# cp /etc/rndc.key /etc/westos.key -p
[[email protected] ~]# vim /etc/westos.key
key "westos" {
        algorithm hmac-md5;
        secret "z8rQmcqOSYlOEDYNNj3pkA==";
};
[[email protected] ~]# vim /etc/named.conf
include "/etc/westos.key";
[[email protected] ~]# vim /etc/named.rfc1912.zones
 25 zone "westoslinux.com" IN {
 26         type master;
 27         file "westoslinux.com.zone";
 28         allow-update { key westos; };
 29         allow-transfer { 172.25.254.244; };
 30         allow-notify {172.25.254.244; };
 30 };
[[email protected] ~]# ls
1                Downloads                   Pictures
anaconda-ks.cfg  Kwestos.+157+24069.key      Public
Desktop          Kwestos.+157+24069.private  Templates
Documents        Music                       Videos

安装dhcp软件包：yum install dhcp -y
开启dhcp服务：systemctl start dhcpd
[[email protected] named]# vim /etc/dhcp/dhcpd.conf

option domain-name "westoslinux.com";
option domain-name-servers 172.25.254.144;

default-lease-time 600;
max-lease-time 7200;

ddns-update-style interim;

log-facility local7;

subnet 172.25.254.0 netmask 255.255.255.0 {
  range 172.25.254.10 172.25.254.60;
  option routers 172.25.254.254;
}
        key westos {
                algorithm hmac-md5;
                secret z8rQmcqOSYlOEDYNNj3pkA==;
        };

zone westoslinux.com. {
                primary 127.0.0.1；
                key westos;
        };