Ddns (dhcp + dns) Configuration tutorial

Please let me know if there is something wrong or unclear in this article. thank you! DDNS configuration instances (DHCP + DNSDDNS) are a basic task in network management. However, as the network grows, it will be very troublesome to frequently modify data files in the DNS region. Therefore, dynamic DNS came into being.

Please let me know if there is something wrong or unclear in this article. thank you!

DDNSConfigure instance (DHCP + DNS = DDNS)

In network management, maintaining a DNS server is a basic task. However, as the network grows, it will be very troublesome to frequently modify data files in the DNS region. Therefore, dynamic DNS came into being.

Dynamic DNS (DDNS) requires DNS and DHCP to work together. DDNS can also be implemented in Linux. However, DNS requires Bind8 or later versions, and DHCP requires Version 3.0 or later.

This article uses RedHat9 to implement DDNS, Bind version is bind-9.2.1-16, DHCP version is dhcp-3.0pl1-23. DNS and DHCP use a server.

Note that you can use Cent OS 5.1 to implement DDNS.

1. DDNSTest topology

650) this. width = 650; "alt =" DDNS test topology "src =" http://upload.server110.com/image/20131110/0FAIO8-0.jpg "/>

2. Install DNS and DHCP packages

Mount the system disk, go to the RPM package directory, and useRpmCivhTo install the bind package and dhcp package. Among them, the caching-nameserver package is used to install regional files such as name. ca and name. local. if this package is not installed, you need to manually or from somewhere else to down these files.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAM4E-1.gif "qa =" "/>

3. Configure DNS service

① Edit the DNS master configuration file named. conf, which is in the/etc/directory by default.

Vi/etc/named. conf

Options {

Directory "/var/named ";

};

Zone "." IN {

Type hint;

File "named. ca ";

};

Zone "localhost" IN {

Type master;

File "localhost. zone ";

Allow-update {none ;};

};

Zone "0.0.127.in-addr. arpa" IN {

Type master;

File "named. local ";

Allow-update {none ;};

};

Zone "bob.com" IN {

Type master;

File "bob.com. dns ";

Allow-update {none ;};

};

Zone "1.168.192.in-addr. arpa" IN {

Type master;

File "bob.com. rev ";

Allow-update {none ;};

};

Include "/etc/rndc. key";

② Create a regional data file

Because the caching-nameserver package is installed, data files in three regions, such as named. ca, named. local, and localhost. zone, are available. Create a forward and reverse region data file for the bob.com domain.

Vi/var/named/bob.com. dns

$ TTL 86400

$ ORIGIN bob.com.

@ In soa bob.com. root.bob.com .(

20081103; serial

120; refresh

14400; retry

3600000; expiry

86400); minimum

In ns bob.com.

Dns in a 192.168.1.20.

Www in a 192.168.1.250

Vi/var/named/bob.com. rev

$ TTL 86400

@ In soa bob.com. root.bob.com .(

20081103; Serial

120; Refresh

14400; Retry

3600000; Expire

86400); Minimum

In ns bob.com.

251 in ptr dns.bob.com.

Chown named. named/var/named/bob.com .*

③ Test the DNS service

UseService named startCommand to start the DNS service.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAL3a-2.gif "start =" "/>

Open UDP and TCP ports 53 in the firewall.

Then useServiceIptablesRestartCommand to restart the firewall.

Windows PC testing:

On Windows PC, point DNS to 192.168.1.20.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAG520-3.gif "ip =" "/>

Use on Windows PCNslookupCommand to resolve the domain name in the DNS server.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAME0-4.gif "nslookup =" "/>

Linux PC testing:

On a Linux PC, point DNS to 192.168.1.20.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAJc1-5.gif "/>

Use on a Linux PCHostCommands andNslookupCommand to resolve the domain name in the DNS server.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAIF8-6.gif "nslookup =" "host =" "/>

4. Configure DHCP service

① Edit the main configuration file dhcpd. conf of the DHCP service, which is in the/etc/directory by default.

Vi/etc/dhcpd. conf

Ddns-update-style interim;

Ignore client-updates;

Default-lease-time 604800;

Max-lease-time 864000;

Option domain-name "bob.com ";

Option domain-name-servers 192.168.1.133;

Option time-offset-18000;

Subnet 192.168.1.0 netmask 255.255.255.0 {

Range192.168.1.100 192.168.1.200;

Optionbroadcast-address 192.168.1.255;

Option routers192.168.1.1;

}

② Test DHCP + DNS services

UseService dhcpd startCommand to start the DHCP service.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAH5D-7.gif "start =" "/>

Windows PC testing:

Set dynamic IP and DNS on Windows PC.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAM353-8.gif "windowspc =" "ip =" "/>

Use on Windows PCNslookupCommand to resolve the domain name in the DNS server.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAM455-9.gif "nslookup =" "/>

Linux PC testing:

Use dynamic IP and DNS on Linux PC.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAKU6-10.gif "dhcp =" "eth0 =" "/>

UseService network restartCommand to restart the NIC.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAK156-11.gif "network =" "restart =" "/>

UseIfconfigCommand to view the IP address obtained by Linux PC.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAJE4-12.gif "ip =" "pc =" "/>

UseCat/etc/resolv. confView the DNS address obtained by Linux PC.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAL407-13.gif "resolv =" "/>

Use on a Linux PCHostCommands andNslookupCommand to resolve the domain name in the DNS server.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAM3V-14.gif "nslookup =" "host =" "/>

5. Configure secure DDNS

① Create a key

Run the following command on the DDNS server as root:

UseDnssecCkeygen Ca HMAC-MD5 Cb 128 Cn USERbobddnsCommand to generate the key.

Dnssec-keygen:Used to generate an update key.

-A HMAC-MD5:HMAC-MD5 encryption algorithm is used.

-B 128:The generated key is 128 bits in length.

-N USER bobddns:The user name of the CMK is bobddns.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAL394-15.gif "/>

After the key is generated, two key files Kbobddns. + 157 + xxx. key and Kbobddns. + 157 + xxx. private are automatically generated in the current directory.

650) this. width = 650; "alt =" ls two key files "src =" http://upload.server110.com/image/20131110/0FAJ639-16.gif "/>

View the content of the two key files:

Cat Kbobddns. + 157 + 50923.key

Cat Kbobddns. + 157 + 50923. private

650) this. width = 650; "alt =" cat key file "src =" http://upload.server110.com/image/20131110/0FAH163-17.gif "/>

The 128-bit keys in the two key files are consistent. Remember this key string, which will be used later.

② Add key information to the DNS master configuration file

Vi/etc/named. conf

Add:

Key bobddns {

Algorithm HMAC-MD5;

Secret J + mC6Q29xiOtNEBySR4O1g ==;

};

Algorithm: indicates the algorithm used to generate the key.

Secret: specifies the key string.

Change "none" in "allow-update {none;}" in the bob.com region to"Keybobddns";

Change "none" in allow-update {none;} in the 1.168.192.in-addr. arpa region to"Key bobddns".

Changing "none" to "key bobddns" means that users using "keybobddns" as the key can dynamically update the "bob.com" region.

650) this. width = 650; "alt =" Edit named. conf "src =" http://upload.server110.com/image/20131110/0FAH443-18.gif "/>

③ Add key information to the DHCP master configuration file

Vi/etc/dhcpd. conf

Add:

Key bobddns {

Algorithm HMAC-MD5;

Secret J + mC6Q29xiOtNEBySR4O1g ==;

}

Zone bob.com .{

Primary 192.168.1.251;

Key bobddns;

}

Zone 1.168.192.in-addr. arpa .{

Primary 192.168.1.251;

Key bobddns;

}

650) this. width = 650; "alt =" Edit dhcpd. conf "src =" http://upload.server110.com/image/20131110/0FAG644-19.gif "/>

Note: there must be no less "." after the domain name, and there is no ";" after each "}". These two points are different from those of named. please note.

④ Restart DHCP and DNS services

Service dhcpd restart

Service named restart

650) this. width = 650; "alt =" restart DHCP and DNS service "src =" http://upload.server110.com/image/20131110/0FAJ422-20.gif "/>

⑤ Test DDNS

Windows PC testing:

UseHostnameCommand to view the host name.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAKS5-21.gif "hostname =" "/>

UseIpconfig/releaseAndIpconfig/renewCommand to obtain the IP address from the DHCP server again.

UseNslookupCommand Test. UseLsbob.comCommand to find that PC1 has been added to the bob.com domain. Then usePc1.bob.comYou can resolve your own IP address.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAI1I-22.gif "nslookup =" "ddns =" "/>

Linux PC testing:

Run the hostname command to view the host name.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAM447-23.gif "hostname =" "/>

Create a DHCP client file in the/etc directory on a Linux PC named dhclient. conf.

Vi/etc/dhclient. conf

Join:

Send fqdn. fqdn "Linux ";

Send fqdn. encoded on;

Send fqdn. server-update off;

650) this. width = 650; "alt =" dhclient. conf "src =" http://upload.server110.com/image/20131110/0FAKF8-24.gif "/>

UseDhclientCommand to start the DHCP client immediately.

UseNslookupCommand Test. You can use linux.bob.com to resolve your own IP address, and use pc1.bob.com to resolve the IP address of WindowsPC.

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAH153-25.gif "nslookup =" "ddns =" "/>

DDNS server test:

After the DHCP and DNS services are restarted, if they are normal, two. JnlBinary format region file. These two files are the runtime files of the currently working region files. all dynamically updated records are first reflected in these two files, it takes about 15 minutes to add the updated content to the region data file. In this example, the region data files are "bob.com. dns" and "bob.com. rev ".

650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAH303-26.gif "/>

View the updated region data file. the system changes the format of the handwritten region data file to its own format.

650) this. width = 650; "alt =" bob.com. dns "src =" http://upload.server110.com/image/20131110/0FAJ410-27.gif "ddns =" "/>

Note: the format of the file in the above area has changed significantly compared with that before the update, indicating that the file has been updated. Host records of Windows PC and LinuxPC have been automatically added to the region data file. It should also be noted that, in the dynamically updated client PC1 and Linux A records, there is an additional TXT record of the same name. TXT type record is BIND-DNS and DHCP specifically used to achieve DDNS auxiliary resource record, its value is a hash character string, the value of the string can also be in the DHCP lease file/Var/lib/dhcp/dhcpd. leases.

650) this. width = 650; "alt =" dhcpd. lease "src =" http://upload.server110.com/image/20131110/0FAM026-28.gif "ddns =" "/>

Note: The experiment DDNS of Cent OS 5.1 is successful.

At the beginning, I used Cent OS5.1 for this experiment, but it was not successful. Both named and dhcpd services can be started normally, but the. jnl file of the data files in the two regions does not exist, so that dynamic updates are not achieved. Because I used to use RedHat 9 to do this experiment, now I will use Red Hat 9 to do this experiment.

Next, I re-use Cent OS5.1 for this DDNS experiment, but the results are the same. I thought it was the ghost chroot, it will be the bind-chroot-9.3.3-10.el5 package unmounted, but the result is still not successful. The problem is not on the chroot, I re-installed the bind-chroot-9.3.3-10.el5.

Later, I compared the owner of the Red Hat 9 and Cent OS 5 regional data files (the Red Hat 9 regional data files are under the/var/named/directory by default; by default, the data file of Cent OS5 is in the/var/named/chroot/var/named/directory .), It is found that the owner and Group of the named directory of Red Hat9 are both named, while the owner of the named directory of Cent OS5 is root and the group is named, in addition, the owner and Group of the region data files under the named directory are the same as those in the named directory. Therefore, I changed the owner and Group of the named directory to named and restarted the named service. After I used the updatedb command to refresh the System database, under the/var/named/chroot/var/named/directory. the jnl file appears. In this case, Windows SPC and Linux PC testing are successful. 650) this. width = 650; "src =" http://upload.server110.com/image/20131110/0FAM257-30.gif "/> really happy, done several times finally done. It turns out that the permission for files and directories is confusing. using psaux, you can see that the administrator of the named service is named.

If you use Cent OS or Red Hat Enterprise Edition for this experiment, you only need to change the owner of the name directory to named in other steps.

Chown-R named. named/var/named/chroot/var/named/

Wish you success!