linux下的动态DNS

named+dhcpd之DDNS
 
一、概述
1.       操作系统为RHEL4，所使用软件包均为系统自带。
2.       域名：aptech.com，主机名称：ns，主机IP地址:192.168.1.200
3.       所需软件包：
dhcp-3.0.1-12_EL.i386.rpm
bind-9.2.4-2.i386.rpm
 
二、准备工作
＃修改机器名
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns.aptech.com
[root@localhost ~]# vi /etc/hosts
127.0.0.1               localhost.localdomain localhost
192.168.1.200             ns.aptech.com ns
 
＃修改网卡IP配置
[root@localhost ~]#vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.1.200
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
 
＃修改DNS
[root@localhost ~]# vi /etc/host.conf
order bind,hosts
[root@localhost ~]# vi /etc/resolv.conf
search aptech.com
nameserver 192.168.1.200
 
[root@localhost ~]#reboot
 
三、配置DHCP
使用rpm包安装之后，生成有一个样本/usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample，利用这个文件。
确认存在/var/lib/dhcp/dhcpd.leases这个文件，这是记录用户租约的文件。
 
[root@ns /]# cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.conf
 
[root@ns ~]# vi etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers                  192.168.1.1;
        option subnet-mask              255.255.255.0;
        option domain-name              "aptech.com";
        option domain-name-servers      192.168.1.200;
        option time-offset              -18000; # Eastern Standard Time
        range dynamic-bootp 192.168.1.100 192.168.1.200;
        default-lease-time 21600;
        max-lease-time 43200;
}
 
[root@ns ~]# chkconfig --level 3 dhcpd on
[root@ns ~]# service dhcpd start或dhcpd
 
四、配置DNS
 [root@ns ~]# vi /etc/named.conf
＃增加以下数行
zone "aptech.com" IN {
        type master;
        file "aptech.com.zone";
        allow-update { none; };
};
 
zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.1.arpa";
        allow-update { none; };
};
 
[root@ns ~]# cd /var/named/
[root@ns named]# touch aptech.com.zone
[root@ns named]# touch 192.168.1.arpa
[root@ns named]# chown named:named aptech.com.zone
[root@ns named]# chown named:named 192.168.1.arpa
[root@ns named]# chown named:named /var/named
 
 
[root@ns named]# vi aptech.com.zone
＃正向解析。参照localdomain.zone。注意完整主机名后面跟一个“.”
$TTL    86400
@               IN SOA  ns.aptech.com.     root.aptech.com. (
                           2007100800      ; serial (d. adams)
                           3H              ; refresh
                           15M             ; retry
                           1W              ; expiry
                           1D )            ; minimum
 
                IN NS           ns.aptech.com.
                IN MX   10      mail
                IN A            192.168.1.200
ns              IN A            192.168.1.200
mail            CNAME           ns
 
[root@ns named]# vi 192.168.1.arpa
＃反向解析。参照named.local。注意完整主机名后面跟一个“.”
$TTL    86400
@       IN      SOA     1.168.192.in-addr.arpa.  root.aptech.com.  (
                                      2007100800 ; Serial
                                      3h         ; Refresh
                                      15m        ; Retry
                                      1w         ; Expire
                                      1d    )    ; Minimum
              IN      NS      ns.aptech.com.
 
200           IN      PTR     ns.aptech.com.
 
＃启动服务
[root@ns named]# service named start
Starting named: [  OK  ]
 
＃测试
[root@ns named]# nslookup
> ns
Server:         192.168.1.200
Address:        192.168.1.200#53
 
Name:   ns.aptech.com
Address: 192.168.1.200
> mail
Server:         127.0.0.1
Address:        127.0.0.1#53
 
mail.aptech.com    canonical name = ns.aptech.com.
Name:   ns.aptech.com
Address: 192.168.1.200
> 192.168.1.200
Server:         192.168.1.200
Address:        192.168.1.200#53
 
200.1.168.192.in-addr.arpa        name = ns.aptech.com.
> exit
[root@ns named]#
 
＃至此，基本的DNS和DHCP已经可以工作，连接到网络的客户机也可以自动获取IP地址等信息。但是使用nslookup还是无法解析客户端的IP地址或主机名，需要配置DDNS解决。
 
＃关于rndc
＃默认情况下，安装bind包的时候，在/etc下已经生成了rndc.conf和rndc.key文件，＃如果没有，可用以下命令生成 rndc-confgen >/etc/rndc.conf
＃rndc是控制DNS服务器的软件，
 
五、配置DDNS
＃DDNS的配置，需要在named和dhcp的配置文件中声名一个相同的key
＃通过命令dnssec-keygen生成两个文件，其中包含key。
[root@ns ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n USER dhcp_updater
Kdhcp_updater.+157+19856
[root@ns ~]# cat Kdhcp_updater.+157+19856.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: AEmzoO5VvkZGgDqco1L+og==
 
＃根据以上Key值，修改named.conf和dhcpd.conf文件
A:
[root@ns ~]# vi /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
};
 
 
zone "aptech.com" {
type master;
file "aptech.com.zone";
allow-update { key "dhcp_updater";};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.arpa";
allow-update { key "dhcp_updater";};
};
key dhcp_updater {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret AEmzoO5VvkZGgDqco1L+og==;
};
include "/etc/rndc.key";
 
B:
[root@ns ~]# vi /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
 
key dhcp_updater {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret AEmzoO5VvkZGgDqco1L+og==;
}
zone aptech.com. {
primary 192.168.1.200;
key "dhcp_updater";
}
 
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.200;
key "dhcp_updater";
}
subnet 192.168.1.0 netmask 255.255.255.0 {
 
option routers         192.168.1.1;
option subnet-mask     255.255.255.0;
 
option domain-name     "aptech.com";
option domain-name-servers 192.168.1.200;
 
option time-offset     -18000;    # Eastern Standard Time
 
range dynamic-bootp 192.168.1.128 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
}