DDNS
公司环境在使用DDNS,自己先熟悉了一下,然后在虚拟机环境做了个DDNS,平台是RHEL6.2
实验环境:
主DNS:node1.example.com192.168.0.1
辅DNS:node2.example.com192.168.0.2
客户端(linux):node4.example.com192.168.0.4
主DNS配置:
[root@node1 ~]# yum install bind bind-utils bind-chroot -y
[root@node1 ~]# service named start
Starting named: [ OK ]
[root@node1 ~]# chkconfig named on
创建传输TSIG密钥
[root@node1 ~]# cd /var/named/chroot/etc/
[root@node1 etc]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST node1-node2 #RHEL6上面很长时间才出来….
Knode1-node2.+157+15727
[root@node1 etc]# ls #会生成两个密钥
Knode1-node2.+157+15727.key named named.rfc1912.zones
Knode1-node2.+157+15727.private named.conf named.root.key
localtime named.iscdlv.key pki
[root@node1 etc]# cat Knode1-node2.+157+15727.private #截取key创建TSIG密钥
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: G2IpMQpm5ixK1J0864kvEQ==
Bits: AAA=
Created: 20140401030819
Publish: 20140401030819
Activate: 20140401030819
创建传输密钥
[root@node1 etc]# vim transfer.key
key "node1-node2" {
algorithm hmac-md5;
secret "G2IpMQpm5ixK1J0864kvEQ==";
};
[root@node1 etc]# chown root.named transfer.key #要让其有644权限
配置主DNS
[root@node1 etc]# vim named.conf
include "/etc/transfer.key"; #使用本地创建的key文件的位置
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
allow-query-cache { any; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
};
logging { #定义一个queries类型的日志
channel testname {
file "data/named.query";
severity info;
};
category queries { testname; };
};
zone "." IN {
type hint;
file "named.ca";
};
view dns1 {
match-clients { !192.168.0.0/24; };
match-destinations { any; };
recursion yes;
allow-transfer { key node1-node2; };
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type master;
file "node.exter.zone";
allow-update { 192.168.0.1; key node1-node2; };
};
view dns2 {
match-clients { 192.168.0.0/24;};
match-destinations { any; };
recursion yes;
allow-transfer { any; };
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type master;
file "node.zone";
allow-update { 192.168.0.1; key node1-node2; };
};
zone "0.168.192.in-addr.arpa" { #dns反解
type master;
file "192.168.0.zone";
allow-update { 192.168.0.1; key node1-node2; };
};
};
[root@node1 etc]# cd ../var/named/
[root@node1 named]# cp -p named.localhost node.exter.zone
[root@node1 named]# cp -p named.localhost node.zone
[root@node1 named]# vim node.zone
$TTL 1D
@ IN SOA node1.example.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS node1.example.com.
node1 IN A 192.168.0.1
node2 IN A 192.168.0.2
node3 IN A 192.168.0.3
node4 IN A 192.168.0.4
wwww IN A 192.168.0.100
[root@node1 named]# vim node.exter.zone
$TTL 1D
@ IN SOA node1.example.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS node1.example.com.
node1 IN A 192.168.1.1
node2 IN A 192.168.1.2
node3 IN A 192.168.1.3
node4 IN A 192.168.1.4
[root@node1 named]# cp -p named.localhost 192.168.0.zone
$TTL 1D
@ IN SOA node1.example.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS node1.example.com.
1 IN PTR node1.example.com.
2 IN PTR node2.example.com.
3 IN PTR node3.example.com.
4 IN PTR node4.example.com.
使named对named目录有写权限,因为named要写zone.jnl文件
[root@node1 ~]# cd /var/named/chroot/var/
[root@node1 var]# chmod 770 named/
[root@node1 var]# ll
total 16
drwxrwx---. 2 named named 4096 Nov 17 2011 log
drwxrwx---. 6 root named 4096 Apr 3 09:12 named
drwxr-x---. 3 root named 4096 Feb 21 23:01 run
drwxrwx---. 2 named named 4096 Nov 17 2011 tmp
然后重启named服务
[root@node1 ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
辅助DNS配置
[root@node2 ~]# yum install bind bind-chroot -y
[root@node2 ~]# service named start
Starting named: [ OK ]
[root@node2 ~]# cd /var/named/chroot/etc/
[root@node2 etc]# ls
localtime named.conf named.rfc1912.zones pki
named named.iscdlv.key named.root.key
[root@node2 etc]# vim named.conf
include "/etc/transfer.key"; #使用本地创建的key文件的位置
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
allow-query-cache { any; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
};
logging { #定义一个queries类型的日志
channel testname {
file "data/named.query";
severity info;
};
category queries { testname; };
};
view dns1 {
match-clients { key node1-node2;!192.168.0.0/24;any;};
match-destinations { any; };
recursion yes;
server 192.168.0.1 {keys{ node1-node2; };};
allow-transfer { key node1-node2;};
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type slave;
file "slaves/node.exter.zone";
masters { 192.168.0.1; };
};
};
view dns2 {
match-clients { 192.168.0.0/24; };
match-destinations { any;};
recursion yes;
allow-transfer { any;};
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type slave;
file "slaves/node.zone";
masters { 192.168.0.1; };
};
zone "0.168.192.in-addr.arpa" {
type slave;
file"slaves/192.168.0.zone";
masters { 192.168.0.1; };
};
};
[root@node2 ~]# scp 192.168.0.1:/var/named/chroot/etc/transfer.key /var/named/chroot/etc/
[email protected]'s password:
transfer.key 100% 82 0.1KB/s 00:00
[root@node2 ~]# cd /var/named/chroot/etc/
[root@node2 etc]# chgrp named transfer.key
[root@node2 etc]# ll
total 16
-rw-r--r--. 1 root root 405 Feb 22 06:24 localtime
drwxr-x---. 2 root named 4096 Nov 17 2011 named
drwxr-xr-x. 3 root root 4096 Apr 1 15:41 pki
-rw-r--r--. 1 root named 82 Apr 1 16:29 transfer.key
[root@node2 ~]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@node2 ~]# cd /var/named/chroot/var/named/slaves/
[root@node2 slaves]# ls
192.168.0.zone node.exter.zone node.zone
客户端测试DNS是否成功
[root@node4 ~]# vim /etc/resolv.conf #修改DNS,使其指向到我们的主dns服务器 # Generated by NetworkManager domain example.com search example.com nameserver 192.168.0.1 [root@node4 ~]# nslookup > server Default server: 192.168.0.1 Address: 192.168.0.1#53 > node1 Server: 192.168.0.1 Address: 192.168.0.1#53 Name: node1.example.com Address: 192.168.0.1 > 192.168.0.1 Server: 192.168.0.1 Address: 192.168.0.1#53 1.0.168.192.in-addr.arpa name = node1.0.168.192.in-addr.arpa. > 192.168.0.2 Server: 192.168.0.1 Address: 192.168.0.1#53 2.0.168.192.in-addr.arpa name = node2.example.com.DHCP部分测试
DHCP服务器配置(为了安全,我们进行注册的时候使用的是KEY进行验证)
[root@node1 etc]# yum install dhcpd
[root@node1 etc]# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
cp: overwrite `/etc/dhcp/dhcpd.conf'? Y
把dns的key移动到dhcp目录
[root@node1 ~]# cp /var/named/chroot/etc/transfer.key /etc/dhcp/
[root@node1 ~]# vim /etc/dhcp/dhcpd.conf
ddns-updates on;
ddns-update-style interim;
ignore client-updates;
include "/etc/dhcp/transfer.key";
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name "example.com";
option domain-name-servers 192.168.0.1;
option time-offset -18000;
range dynamic-bootp 192.168.0.2 192.168.0.20;
default-lease-time 21600;
max-lease-time 43200;
#对该地址池设置正解以及反解主机, 并且使用key进行认证
zone example.com {
primary 192.168.0.1;
key node1-node2;
}
zone 0.168.192.in-addr.arpa {
primary 192.168.0.1;
key node1-node2;
}
option server.ddns-hostname = concat( "node",binary-to-ascii(10,8,"",substring(reverse(1,leased-address),0,1)));
option server.ddns-domainname = config-option domain-name;
option host-name = concat(config-option server.ddns-hostname,".",config-option server.ddns-domainname);
}
然后客户端测试DDNS是不是可以实现动态注册
然后设置网卡为dhcp,重启网络
然后我们就可以看到dhcp分配的地址池
[root@node1 ~]# vim/var/lib/dhcpd/dhcpd.leases
server-duid"\000\001\000\001\032\317\367(\000\014)1\225\376";
lease 192.168.0.5 {
starts 4 2014/04/03 10:40:59;
ends 4 2014/04/03 16:40:59;
cltt 4 2014/04/03 10:40:59;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:aa:59:22;
set ddns-rev-name ="5.0.168.192.in-addr.arpa.";
set ddns-txt ="002be6b246debe4ffbb37936ebf8ef312d";
set ddns-fwd-name = "node5.example.com";
然后使用dns进行查询:就会发现正解和反解都可以查询到
