linux下的动态DNS
named+dhcpd之DDNS
一、概述
1. 操作系统为RHEL4,所使用软件包均为系统自带。
2. 域名:aptech.com,主机名称:ns,主机IP地址:192.168.1.200
3. 所需软件包:
dhcp-3.0.1-12_EL.i386.rpm
bind-9.2.4-2.i386.rpm
二、准备工作
#修改机器名
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns.aptech.com
[root@localhost ~]# vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.200 ns.aptech.com ns
#修改网卡IP配置
[root@localhost ~]#vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.1.200
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
#修改DNS
[root@localhost ~]# vi /etc/host.conf
order bind,hosts
[root@localhost ~]# vi /etc/resolv.conf
search aptech.com
nameserver 192.168.1.200
[root@localhost ~]#reboot
三、配置DHCP
使用rpm包安装之后,生成有一个样本/usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample,利用这个文件。
确认存在/var/lib/dhcp/dhcpd.leases这个文件,这是记录用户租约的文件。
[root@ns /]# cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.conf
[root@ns ~]# vi etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "aptech.com";
option domain-name-servers 192.168.1.200;
option time-offset -18000; # Eastern Standard Time
range dynamic-bootp 192.168.1.100 192.168.1.200;
default-lease-time 21600;
max-lease-time 43200;
}
[root@ns ~]# chkconfig --level 3 dhcpd on
[root@ns ~]# service dhcpd start或dhcpd
四、配置DNS
[root@ns ~]# vi /etc/named.conf
#增加以下数行
zone "aptech.com" IN {
type master;
file "aptech.com.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.arpa";
allow-update { none; };
};
[root@ns ~]# cd /var/named/
[root@ns named]# touch aptech.com.zone
[root@ns named]# touch 192.168.1.arpa
[root@ns named]# chown named:named aptech.com.zone
[root@ns named]# chown named:named 192.168.1.arpa
[root@ns named]# chown named:named /var/named
[root@ns named]# vi aptech.com.zone
#正向解析。参照localdomain.zone。注意完整主机名后面跟一个“.”
$TTL 86400
@ IN SOA ns.aptech.com. root.aptech.com. (
2007100800 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.aptech.com.
IN MX 10 mail
IN A 192.168.1.200
ns IN A 192.168.1.200
mail CNAME ns
[root@ns named]# vi 192.168.1.arpa
#反向解析。参照named.local。注意完整主机名后面跟一个“.”
$TTL 86400
@ IN SOA 1.168.192.in-addr.arpa. root.aptech.com. (
2007100800 ; Serial
3h ; Refresh
15m ; Retry
1w ; Expire
1d ) ; Minimum
IN NS ns.aptech.com.
200 IN PTR ns.aptech.com.
#启动服务
[root@ns named]# service named start
Starting named: [ OK ]
#测试
[root@ns named]# nslookup
> ns
Server: 192.168.1.200
Address: 192.168.1.200#53
Name: ns.aptech.com
Address: 192.168.1.200
> mail
Server: 127.0.0.1
Address: 127.0.0.1#53
mail.aptech.com canonical name = ns.aptech.com.
Name: ns.aptech.com
Address: 192.168.1.200
> 192.168.1.200
Server: 192.168.1.200
Address: 192.168.1.200#53
200.1.168.192.in-addr.arpa name = ns.aptech.com.
> exit
[root@ns named]#
#至此,基本的DNS和DHCP已经可以工作,连接到网络的客户机也可以自动获取IP地址等信息。但是使用nslookup还是无法解析客户端的IP地址或主机名,需要配置DDNS解决。
#关于rndc
#默认情况下,安装bind包的时候,在/etc下已经生成了rndc.conf和rndc.key文件,#如果没有,可用以下命令生成 rndc-confgen >/etc/rndc.conf
#rndc是控制DNS服务器的软件,
五、配置DDNS
#DDNS的配置,需要在named和dhcp的配置文件中声名一个相同的key
#通过命令dnssec-keygen生成两个文件,其中包含key。
[root@ns ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n USER dhcp_updater
Kdhcp_updater.+157+19856
[root@ns ~]# cat Kdhcp_updater.+157+19856.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: AEmzoO5VvkZGgDqco1L+og==
#根据以上Key值,修改named.conf和dhcpd.conf文件
A:
[root@ns ~]# vi /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
};
zone "aptech.com" {
type master;
file "aptech.com.zone";
allow-update { key "dhcp_updater";};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.arpa";
allow-update { key "dhcp_updater";};
};
key dhcp_updater {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret AEmzoO5VvkZGgDqco1L+og==;
};
include "/etc/rndc.key";
B:
[root@ns ~]# vi /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
key dhcp_updater {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret AEmzoO5VvkZGgDqco1L+og==;
}
zone aptech.com. {
primary 192.168.1.200;
key "dhcp_updater";
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.200;
key "dhcp_updater";
}
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "aptech.com";
option domain-name-servers 192.168.1.200;
option time-offset -18000; # Eastern Standard Time
range dynamic-bootp 192.168.1.128 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
}
一、概述
1. 操作系统为RHEL4,所使用软件包均为系统自带。
2. 域名:aptech.com,主机名称:ns,主机IP地址:192.168.1.200
3. 所需软件包:
dhcp-3.0.1-12_EL.i386.rpm
bind-9.2.4-2.i386.rpm
二、准备工作
#修改机器名
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns.aptech.com
[root@localhost ~]# vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.200 ns.aptech.com ns
#修改网卡IP配置
[root@localhost ~]#vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.1.200
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
#修改DNS
[root@localhost ~]# vi /etc/host.conf
order bind,hosts
[root@localhost ~]# vi /etc/resolv.conf
search aptech.com
nameserver 192.168.1.200
[root@localhost ~]#reboot
三、配置DHCP
使用rpm包安装之后,生成有一个样本/usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample,利用这个文件。
确认存在/var/lib/dhcp/dhcpd.leases这个文件,这是记录用户租约的文件。
[root@ns /]# cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.conf
[root@ns ~]# vi etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "aptech.com";
option domain-name-servers 192.168.1.200;
option time-offset -18000; # Eastern Standard Time
range dynamic-bootp 192.168.1.100 192.168.1.200;
default-lease-time 21600;
max-lease-time 43200;
}
[root@ns ~]# chkconfig --level 3 dhcpd on
[root@ns ~]# service dhcpd start或dhcpd
四、配置DNS
[root@ns ~]# vi /etc/named.conf
#增加以下数行
zone "aptech.com" IN {
type master;
file "aptech.com.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.arpa";
allow-update { none; };
};
[root@ns ~]# cd /var/named/
[root@ns named]# touch aptech.com.zone
[root@ns named]# touch 192.168.1.arpa
[root@ns named]# chown named:named aptech.com.zone
[root@ns named]# chown named:named 192.168.1.arpa
[root@ns named]# chown named:named /var/named
[root@ns named]# vi aptech.com.zone
#正向解析。参照localdomain.zone。注意完整主机名后面跟一个“.”
$TTL 86400
@ IN SOA ns.aptech.com. root.aptech.com. (
2007100800 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.aptech.com.
IN MX 10 mail
IN A 192.168.1.200
ns IN A 192.168.1.200
mail CNAME ns
[root@ns named]# vi 192.168.1.arpa
#反向解析。参照named.local。注意完整主机名后面跟一个“.”
$TTL 86400
@ IN SOA 1.168.192.in-addr.arpa. root.aptech.com. (
2007100800 ; Serial
3h ; Refresh
15m ; Retry
1w ; Expire
1d ) ; Minimum
IN NS ns.aptech.com.
200 IN PTR ns.aptech.com.
#启动服务
[root@ns named]# service named start
Starting named: [ OK ]
#测试
[root@ns named]# nslookup
> ns
Server: 192.168.1.200
Address: 192.168.1.200#53
Name: ns.aptech.com
Address: 192.168.1.200
Server: 127.0.0.1
Address: 127.0.0.1#53
mail.aptech.com canonical name = ns.aptech.com.
Name: ns.aptech.com
Address: 192.168.1.200
> 192.168.1.200
Server: 192.168.1.200
Address: 192.168.1.200#53
200.1.168.192.in-addr.arpa name = ns.aptech.com.
> exit
[root@ns named]#
#至此,基本的DNS和DHCP已经可以工作,连接到网络的客户机也可以自动获取IP地址等信息。但是使用nslookup还是无法解析客户端的IP地址或主机名,需要配置DDNS解决。
#关于rndc
#默认情况下,安装bind包的时候,在/etc下已经生成了rndc.conf和rndc.key文件,#如果没有,可用以下命令生成 rndc-confgen >/etc/rndc.conf
#rndc是控制DNS服务器的软件,
五、配置DDNS
#DDNS的配置,需要在named和dhcp的配置文件中声名一个相同的key
#通过命令dnssec-keygen生成两个文件,其中包含key。
[root@ns ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n USER dhcp_updater
Kdhcp_updater.+157+19856
[root@ns ~]# cat Kdhcp_updater.+157+19856.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: AEmzoO5VvkZGgDqco1L+og==
#根据以上Key值,修改named.conf和dhcpd.conf文件
A:
[root@ns ~]# vi /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
};
zone "aptech.com" {
type master;
file "aptech.com.zone";
allow-update { key "dhcp_updater";};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.arpa";
allow-update { key "dhcp_updater";};
};
key dhcp_updater {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret AEmzoO5VvkZGgDqco1L+og==;
};
include "/etc/rndc.key";
B:
[root@ns ~]# vi /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
key dhcp_updater {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret AEmzoO5VvkZGgDqco1L+og==;
}
zone aptech.com. {
primary 192.168.1.200;
key "dhcp_updater";
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.200;
key "dhcp_updater";
}
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "aptech.com";
option domain-name-servers 192.168.1.200;
option time-offset -18000; # Eastern Standard Time
range dynamic-bootp 192.168.1.128 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
}