DNS集群搭建实战

实验环境:RHEL7.0

主DNS   server1.example.com  172.25.254.1

辅助DNS server2.example.com  172.25.254.2

实验内容：1.主DNS配置

2.辅助DNS配置

3.辅助DNS动态获取主DNS数据

4.DNS更新

5.有Key才能对主机进行更新

6.DDNS搭建

前提：装bind软件，关火墙，关SELINUNX,开启53端口

1.主DNS配置(IP:172.25.254.158)  

    1)vim /etc/named.conf  

//    listen-on port 53 { 127.0.0.1; };

//    allow-query     { localhost; };

dnssec-validation no;     （//代表开启着接口）

    2）vim /etc/named.rfc1912.zones  

zone "willis.com" IN {
                type master;
                file "willis.com.zone";
                allow-update { none; };
                allow-transfer { 172.25.254.2; };##允许谁同步
        };

    3）cp -p /var/named/      /var/named/willis.com.zone#特殊文件，注意权限

    4)vim /var/named/willis.com.zone 

$TTL 1D
            @       IN SOA  dns.willis.com. root. (
                                                    0       ; serial
                                                    1D      ; refresh
                                                    1H      ; retry
                                                    1W      ; expire
                                                    3H )    ; minimum
            NS      dns.willis.com.
            dns     A       172.25.254.1
            www     A       172.25.254.1
    5）vim /etc/resolv.conf   

nameserver 172.25.254.1

  6)systemctl start named 

2.辅助DNS

 1）vim /etc/named.conf     

//    listen-on port 53 { 127.0.0.1; };

//    allow-query     { localhost; };

dnssec-validation no;

    2）vim /etc/named.rfc1912.zones  

zone "willis.com" IN {
                type slave;

masters { 172.25.254.1; };

file "slaves/willis.com.zone";
                allow-update { none; };
        };

    3）vim /etc/resolv.conf  

nameserver 172.25.254.1
　　

4)systemctl start named　　

3.辅助DNS动态获取主DNS数据（数据同步）

1）主DNS     

    1-1）vim /etc/named.rfc1912.zones

zone "willis.com" IN {

type master;

file "w.com.zone";

allow-update { none; };

allow-transfer { 172.25.254.2; };

also-notify { 172.25.254.2; }; ##添加此条，当DNS文件发生改变时，将数据推送给谁

};

    1-2）vim /var/named/willis.com.zone  

$TTL 1D

@    IN SOA    dns.willis.com.  root. (

31    ; serial   #此值改变，进行数据推送

1D    ; refresh

1H    ; retry

1W    ; expire

3H )    ; minimum

NS    dns.willis.com.

dns    A    172.25.254.1

www    A       172.25.254.1

    1-3)systemctl restart named   

2)辅助DNS  

2-1）vim /etc/resolv.conf

named 172.25.254.1

[[email protected] slaves]# ls
willis.com.zone
[[email protected] slaves]# rm -rf willis.com.zone
[[email protected] slaves]# ls
[[email protected] slaves]# dig www.willis.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63871
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.willis.com.            IN    A

;; ANSWER SECTION:
www.willis.com.        86400    IN    A    172.25.254.1

;; AUTHORITY SECTION:
willis.com.        86400    IN    NS    dns.willis.com.

;; ADDITIONAL SECTION:
dns.willis.com.        86400    IN    A    172.25.254.1

;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 20:32:55 CST 2016
;; MSG SIZE  rcvd: 93

[[email protected] slaves]# ls
willis.com.zone

4.DNS更新（远程主机对DNS A记录修改）

cp -p /var/named/westos.com.zone  /mnt  ##备份，便于恢复

    1）主DNS     

    1-1）vim /etc/named.rfc1912.zones
zone

zone "willis.com" IN {
                    type master;
                    file "willis.com.zone";
                    allow-update { 172.25.254.2; };  ##添加此条，允许那个远程主机DNS更新主机DNS A记录 
                    allow-transfer { 172.25.254.2; };
                    also-notify { 172.25.254.2; };
            };

    1-2）chmod g+w /var/named    ###此目录必须对named组有执行

   1-3)systemctl restart named  

    2）辅助DNS（远程DNS）进行更新  

[[email protected] slaves]# nsupdate
> server 172.25.254.1
> update add hello.willis.com 86400 A 172.25.254.3
> send

    3)测试  dig hello.willis.com   

[[email protected] slaves]# dig hello.willis.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8312
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.willis.com.        IN    A

;; ANSWER SECTION:
hello.willis.com.    86400    IN    A    172.25.254.3

;; AUTHORITY SECTION:
willis.com.        86400    IN    NS    dns.willis.com.

;; ADDITIONAL SECTION:
dns.willis.com.        86400    IN    A    172.25.254.1

;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 20:47:58 CST 2016
;; MSG SIZE  rcvd: 95

4)恢复  rm -rf  /var/named/willis.com.zone

rm -rf  /var/named/willis.com.zone.jnl

cp -p /mnt/willis.come.zone    /var/named/

5.有Key才可对主机进行更新 

1）主DNS    

   1-1)cp -p /etc/rndc.key  /etc/willis.key   

   1-2)cd /mnt 

        dnssec-keygen -a HMAC-MD5 -b 128 -n HOST willis

[[email protected] mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST willis
    Kwillis.+157+54370
[[email protected] mnt]# ls
    Kwillis.+157+54370.key  Kwillis.+157+54370.private
[[email protected] mnt]# cat Kwillis.+157+54370.key
    willis. IN KEY 512 3 157 D3lJsH/gcsyTGmQfDKl/DA==

1-3)vim /etc/willis.key  

key "willis" {
            algorithm hmac-md5;
            secret "D3lJsH/gcsyTGmQfDKl/DA==";
        };

  1-4)vim /etc/named.conf    

在options {};外添加 include "/etc/willis.key";

  1-5）vim /etc/named.rfc1912.zones

修改为allow-update { key willis; };

  1-6）scp Ksteven.+157+09355.*  [email protected]:/mnt/         

  1-7）systemctl restart named 

2）辅助DNS 

[[email protected] slaves]# nsupdate    
> server 172.25.254.1
> update add wahaha.willis.com 86400 A 172.25.254.3
> send
update failed: REFUSED      ###DNS更新失败

[[email protected] slaves]# nsupdate -k /mnt/Kwillis.+157+54370.private
> server 172.25.254.1
> update add wahaha.willis.com 86400 A 172.25.254.3
> send

###添加密码认证后更新成功

测试）

[[email protected] slaves]# dig wahaha.willis.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> wahaha.willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40086
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wahaha.willis.com.        IN    A

;; ANSWER SECTION:
wahaha.willis.com.    86400    IN    A    172.25.254.3

;; AUTHORITY SECTION:
willis.com.        86400    IN    NS    dns.willis.com.

;; ADDITIONAL SECTION:
dns.willis.com.        86400    IN    A    172.25.254.1

;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 21:12:16 CST 2016
;; MSG SIZE  rcvd: 96

6.ddns

DHCP+DNS=DDNS

动态DNS（DDNS）需要DNS和DHCP来协同工作。

Linux下也可以实现DDNS，不过DNS需要Bind8以上的版本，DHCP需要3.0以上的版本。

1)DNS环境恢复

rm -rf /var/named/willis.com.zone

rm -rf /var/named/willis.com.zone.jnl

cp -p /mnt/willis    /var/named/

2)dhcp配置   

2-1  yum install dhcp -y

2-2  cp -p /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

(3)vim /etc/dhcp/dhcpd.conf
################################################option domain-name "server1.example.com";

option domain-name-servers 172.25.254.1;

default-lease-time 600;

max-lease-time 7200;

# DHCP server to understand the network topology.

subnet 172.25.254.0 netmask 255.255.255.0 {

range 172.25.254.80 172.25.254.90;

option routers 172.25.254.1;

}

key willis {

algorithm hmac-md5;

secret D3lJsH/gcsyTGmQfDKl/DA==; ####密钥

};

zone yqy.com. {

primary 172.25.254.1;

key willis;

}

(4)systemctl restart named 

systemctl restart dhcpd

附注：man dhcpd.conf 查找关键字key

2.辅助服务器

systemctl restart network

ifconfig  ###得到一个主服务器server的给的一个IP

hostnamectl set-hostname bbs.willis.com

dig bbs.willis.com   ###测试