DDNS在生产环境中的应用
1、DDNS(DynamicDomain Name Server)动态域名服务介绍
1.1 介绍:
DDNS是将用户的动态IP地址映射到一个固定的域名解析服务上,用户每次连接网络的时候,客户端程序就会通过信息传递把该主机的动态IP地址传送给位于服务商主机上的服务器程序,服务器程序负责提供DNS服务并实现动态域名解析。
1.2 实验环境说明:
系统:Centos 6.5
DDNS:DHCP + DNS(Bind9), DHCP和DNS服务器为同一台(IP:10.0.0.103)
域名: ilo-zhangdh.com
网络环境:某个IDC,多服务器(均有IPMI管理接口)连接到同一个核心交换机上,然后系统初始安装采用cobbler,基于PXE方式,然后这些服务器连接到DHCP服务器,会传回sn(DELL服务器编号)号(如:idrac-HYQ653X),DHCP会随机给该机器分配一个ip,然后DNS会更新本地的DNS记录。最后实现的是通过访问ILOCNG135T035.ILO-ZHANGDH.COM即可访问到对应的服务器。
2、 DDNS安装配置
2.1 安装DNS和DHCP
# yum -y install bind dhcp
2.2 生成DNS密钥,配置安全的DNS服务
# dnssec-keygen-a HMAC-MD5 -b 128 -n USER ilo #以root身份运行,生成密钥
dnssec-keygen:用来生成更新密钥。
-aHMAC-MD5:采用HMAC-MD5加密算法。
-b 128:生成的密钥长度为128位。
-n USERilo:密钥的用户名为ilo。
这时当前目录下会生成Kilo.+xxx+xxxxx.key及.private两个文件
# cat Kilo.+xxx+xxxxx.key 会看到HqX9xaJ75tgQ1S8hHz9L7Q==,下面会用。
2.3 配置DNS的ilo-zhangdh.com域的正反向区域数据文件
# vim /etc/named.conf #正向区域数据文件
key ilo {
algorithm hmac-md5;
secret HqX9xaJ75tgQ1S8hHz9L7Q==;
};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
#forwarders { 8.8.8.8; };
allow-transfer { none; };
#listen-on port 53 { 127.0.0.1; 10.1.1.103; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run"size 30M;
severity debug 3;
print-time yes;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ilo-zhangdh.com" {
type master;
file "ilo-zhangdh.com.dns";
allow-update { any; };
};
zone "202.1.in-addr.arpa" IN {
type master;
file "202.1.in-addr.ilo-zhangdh.com.rev";
allow-update { any; };
};
zone "201.1.in-addr.arpa" IN {
type master;
file "201.1.in-addr.ilo-zhangdh.com.rev";
allow-update { any; };
};
# vim /var/named/ilo-zhangdh.com.dns
$ORIGIN .
$TTL 86400 ; 1 day
ilo-zhangdh.com IN SOA ilo-zhangdh.com. root.ilo-zhangdh.com. (
2014123597 ;serial
120 ; refresh (2 minutes)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS dns.ilo-zhangdh.com.
A 10.1.1.103
$ORIGIN ilo-zhangdh.com.
dns A 10.1.1.103
# vim/var/named/201.10.in-addr.ilo-zhangdh.com.rev
$ORIGIN .
$TTL 86400 ; 1 day
201.10.in-addr.arpa IN SOA ilo-zhangdh.com. root.ilo-zhangdh.com. (
2014114021 ;serial
120 ; refresh (2 minutes)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS ilo-zhangdh.com.
$ORIGIN 201.1.in-addr.arpa.
103 PTR dns.ilo-zhangdh.com.
# vim/var/named/202.10.in-addr.ilo-zhangdh.com.rev
$ORIGIN .
$TTL 86400 ; 1 day
202.10.in-addr.arpa IN SOA ilo-zhangdh.com. root.ilo-zhangdh.com. (
2014118989 ;serial
120 ; refresh (2 minutes)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS ilo-zhangdh.com.
$ORIGIN 202.1.in-addr.arpa.
103 PTR dns.ilo-zhangdh.com.
……
注:1. 反向区域数据文件的其他文件和以上配置一样,稍加修改即可。
2. 如果配置成功后,会在/var/named/下生成.jnl文件
如:ilo-zhangdh.com.dns.jnl、201.1.in-addr.ilo-zhangdh.com.rev.jnl
# chown -R named.named /var/named
2.4 配置DHCP的dhcpd.conf
# vim /etc/dhcp/dhcpd.conf
key ilo {
algorithm hmac-md5;
secret HqX9xaJ75tgQ1S8hHz9L7Q==;
}
ddns-domainname"ilo-zhangdh.com";
ddns-update-style interim;
ddns-updates on;
update-conflict-detection false;
#allow client-updates;
allow unknown-clients;
authoritative;
ignore client-updates;
zone ilo-zhangdh.com. { #ilo-zhangdh.com. 最后的“.”必须有
primary 10.1.1.103;
key ilo;
} #最后不能有”;”
zone 201.10.in-addr.arpa. {
primary 10.1.1.103;
key ilo;
}
zone 202.10.in-addr.arpa. {
primary 10.1.1.103;
key ilo;
}
subnet 10.0.0.0 netmask 255.255.0.0{ #表示未分配
}
subnet 10.201.0.0 netmask 255.255.0.0 {
option routers 10.201.255.254;
option subnet-mask 255.255.0.0;
option time-offset -18000; # Eastern Standard Time
option ntp-servers 10.0.0.60;
range dynamic-bootp 1.201.0.1 1.201.254.255;
#option broadcast-address 10.201.0.255;
default-lease-time 69120000;
max-lease-time 86400000;
option domain-name "ilo-zhangdh.com";
option domain-name-servers 10.1.1.103;
}
subnet 10.202.0.0 netmask 255.255.0.0 {
option routers 10.202.255.254;
option subnet-mask 255.255.0.0;
option domain-name "ilo-zhangdh.com";
option domain-name-servers 10.1.1.103;
option time-offset -18000; # Eastern Standard Time
option ntp-servers 10.0.0.60;
range dynamic-bootp 10.202.0.1 10.202.254.255;
default-lease-time 14400;
max-lease-time 86400;
}
# vim /etc/resolved.conf
nameserver 127.0.0.1
3、验证
# tail -f /var/log/messages
-- > 表示10.0.0.0/16网段没有被分配,在上面的配置中可查
Dec 7 03:20:43 10_0_0_103 dhcpd: DHCPDISCOVER from 78:2b:cb:2c:83:44 viaem1: network 10.0.0.0/16: no free leases
-- > 表示成功分配
Dec 7 03:20:48 10_0_0_103 named[7769]: client 10.10.110.240#53: updatingzone 'ilo-zhangdh.com/IN': adding an RR at 'ILOCNG135T040.ILO
-JIAYUAN.COM' A
Dec 7 03:20:58 10_0_0_103 named[7769]: client 10.10.110.240#53: updatingzone '110.10.10.in-addr.arpa/IN': adding an RR at '240.110.10
.10.IN-ADDR.ARPA' PTR
-- > 查看是否分配成功,然后访问ilocng135t040.ilo-zhangdh.com即可访问管理端口
# ping ILOCNG135T040.ILO-ZHANGDH.COM
PING ILOCNG135T040.ILO-ZHANGDH.COM(10.10.110.240) 56(84) bytes of data.
64 bytes from ILOCNG135T040.ILO-ZHANGDH.COM(10.10.110.240): icmp_seq=1 ttl=250 time=2.17 ms
64 bytes from ILOCNG135T040.ILO-ZHANGDH.COM(10.10.110.240): icmp_seq=2 ttl=250 time=0.871 ms
64 bytes from ILOCNG135T040.ILO-ZHANGDH.COM(10.10.110.240): icmp_seq=3 ttl=250 time=0.930 ms
64 bytes from ILOCNG135T040.ILO-ZHANGDH.COM(10.10.110.240): icmp_seq=4 ttl=250 time=0.886 ms