DNS2

訪問(wèn)主機(jī)用戶過(guò)多，開(kāi)啟分機(jī)減輕負(fù)擔(dān)
主機(jī)
zone "taxing.com" IN {
        type master;
        file "taxing.com.zone";
        allow-update { none; };
        allow-transfer {172.25.254.224;};
從機(jī)
zone "taxing.com" IN {
        type slave;
        masters {172.25.254.124;};
        file "slaves/taxing.com.zone";
        allow-update { none; };
時(shí)時(shí)同步
主機(jī)
vim /var/namedtaxing.com.zone
$TTL 1D
@       IN SOA  dns.taxing.com. root.taxing.com. (
                                        201611261       ; serial        #最大為十位  文件在更新時(shí)查看比較的值，不同則更新 （rm -rf /var/name/slaves/taxing.com.zone; systemctl restart named）
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns
dns     A       172.25.254.124
www     A       172.25.254.138
~                 
每次修改ip的時(shí)候都要修改serial值

vim /etc/name.rfc1912.zones
zone "taxing.com" IN {
        type master;
        file "taxing.com.zone";
        allow-update { none; };
        allow-transfer {172.25.254.224;};
        also-notify {172.25.254.224;};     ##修改完通知從機(jī)
};
遠(yuǎn)程控制修改
客戶端
setenforce 0
[root@localhost slaves]# nsupdate
> server 172.25.254.124
> update delete www.taxing.com
> update add www.taxing.com 86400 A 172.25.254.138   #86400s 緩存時(shí)間
> send
> quit
主機(jī)
setenforc 0
vim /etc/named.rfc1912.zones
zone "taxing.com" IN {
        type master;
        file "taxing.com.zone";
        allow-update { 172.25.254.224; };
};
chmod 770 /var/name/
reboot后會(huì)同步更新后的內(nèi)容，先備份cp -p taxing.com.zone /mnt 重起后再刪除taxing.com.zone.jnl 和已經(jīng)同步了的taxing.com.zone 把備份了的taxing.com.zone 復(fù)制回來(lái) cp -p /mnt/taxing.com.zone .
密鑰匙認(rèn)證
主機(jī)
 dnssec-keygen -a HMAC-MD5 -b 128 -n HOST taxing
cat Ktaxing.+157+22634.key
cat Ktaxing.+157+22634.private
cp -p /etc/rndc.key /etc/taxing.key
vim /etc/taxing.key
key "taxing" {
        algorithm hmac-md5;
        secret "YtJ6Y7kyfL5moClanMIS6Q==";
};

vim /etc/named.rfc1912.zones
zone "taxing.com" IN {
        type master;
        file "taxing.com.zone";
        allow-update { key taxing; };
};

systemctl restart named
scp Ktaxing.+157+22634.* root@172.25.254.224:/mnt/

客戶機(jī)
[root@localhost mnt]# nsupdate -k Ktaxing.+157+22634.private
> server 172.25.254.124
> update delete www.taxing.com
> send
> quit

花生殼動(dòng)態(tài)dhcp DNS獲取
主機(jī)
vim /etc/dhcp/dhcpd.conf
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
subnet 172.25.254.0 netmask 255.255.255.0 {
  range 172.25.254.224 172.25.254.242;
  option routers 172.25.254.124;
}
key taxing {
        algorithm hmac-md5;
        secret YtJ6Y7kyfL5moClanMIS6Q==;
        };
zone taxing.com.{
        primary 127.0.0.1;
    key taxing;
    }
vim /var/name/taxing.com.zone
                                                            41,1-8        90%
客戶端
打開(kāi)動(dòng)態(tài)獲取dhcp

hostnamectl set-hostname timo.taxing.com

dig timo.taxing.com

gnome-screenshot -a    #截圖