Dynamic Update of DNS and DHCP in CentOS 7

Dynamic Update of DNS and DHCP in CentOS 7

Windows domain has a function, dhcp sends the new ip address data to the DNS server, so that you can easily remotely know a person's computer name.

Of course, similar functions can be well implemented in linux. Man 5 dhcpd. conf is described in detail.

Yesterday, the O & M department helped organize offline salons, and Mr. Yan Haiyang, the O & M director of PAI cloud, shared the phrase "it's hard to buy money ". Yes, I have found a lot of blogs on the Internet to implement the dynamic update function. I have encountered various problems and don't know what the principle is. I knew I had to take a closer look at man and solve the problem early. I also understood the implementation principles. Therefore, in this age of information explosion, the Internet is often overwhelmed by a large amount of information, instead of making people smarter. Technology, you still need to calm down and study.

The basic configurations of dhcp and dns are complete and will not be described here. If you are interested, take a closer look at man 5 dhcpd. conf and take a look at the marked red part in the configuration below. I believe this will be done.

In addition, Let's share a dns chroot process. First install bind, call named, and then install bind-chroot.

Run/usr/libexec/setup-named-chroot.sh/var/named/chroot on

Disable named and enable named-chroot.

Systemctl disabled named; systemctl stop named

Systemctl enable named-chroot; systemctl start named-chroot

[Root @ pxe ~] # Cat/etc/dhcp/dhcpd. conf
Ddns-update-style interim;
Ddns-updates on;
Do-forward-updates on;
Allow client-updates;
Allow bootp;
Allow booting;
# Allow client-updates;

Option space Cisco_LWAPP_AP;
Option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;
Option space pxelinux;
Option pxelinux. magic code 208 = string;
Option pxelinux. configfile code 209 = text;
Option pxelinux. pathprefixcode 210 = text;
Option pxelinux. reboottime code 211 = unsigned integer 32;
Option architecture-type code 93 = unsigned integer 16;

Subnet 192.168.1.0 netmask 255.255.255.0 {
Authoritative;
Option routers 192.168.1.1;
Option subnet-mask limit 255.0;
Option broadcast-address 192.168.1.255;
Option domain-name "it. lab ";
Option domain-name-servers 192.168.1.200;
Range dynamic-bootp 192.168.1.100 192.168.1.199;
Key SEC_DDNS {
Algorithm hmac-md5;
Secret 7ObhTIhKeDFMR2SbbS5s8A =;
};
Ddns-domainname "it. lab ";
Zone it. lab .{
Primary 192.168.1.200;
Key SEC_DDNS;
}
Zone 1.168.192.in-addr. arpa .{
Primary 192.168.1.200;
Key SEC_DDNS;
}
Default-lease-time 600;
Max-lease-time 7200;

Class "pxeclients "{
Match if substring (option vendor-class-identifier, 0, 9) = "PXEClient ";
Next-server 192.168.1.200;

If option architecture-type = 00:07 {
Filename "uefi/syslinux. efi ";}
Else {
Filename "bios/pxelinux.0 ";}

# Filename "pxelinux.0 ";}
}

}

[Root @ pxe ~] # Cat/etc/named. conf
//
// Named. conf
//
// Provided by Red Hat bind package to configure the isc bind named (8) DNS
// Server as a caching only nameserver (as a localhost DNS resolver only ).
//
// See/usr/share/doc/bind */sample/for example named configuration files.
//

Options {
Listen-on port 53 {127.0.0.1; 192.168.1.200 ;};
Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named ";
Dump-file "/var/named/data/cache_dump.db ";
Statistics-file "/var/named/data/named_stats.txt ";
Memstatistics-file "/var/named/data/named_mem_stats.txt ";
Allow-query {any ;};

/*
-If you are building an authoritative dns server, do NOT enable recursion.
-If you are building a RECURSIVE (caching) DNS server, you need to enable
Recursion.
-If your recursive DNS server has a public IP address, you MUST enable access
Control to limit queries to your legitimate users. Failing to do so will
Cause your server to become part of large scale DNS amplification
Attacks. Implementing BCP38 within your network wowould greatly
Reduce such attack surface
*/
Recursion no;

Dnssec-enable yes;
Dnssec-validation yes;
Dnssec-lookaside auto;

/* Path to isc dlv key */
Bindkeys-file "/etc/named. iscdlv. key ";

Managed-keys-directory "/var/named/dynamic ";

Pid-file "/run/named. pid ";
Session-keyfile "/run/named/session. key ";
};

Logging {
Channel default_debug {
File "data/named. run ";
Severity dynamic;
};
};

Zone "." IN {
Type hint;
File "named. ca ";
};

Include "/etc/named. rfc1912.zones ";
Include "/etc/named. root. key ";

Key SEC_DDNS {
Algorithm hmac-md5;
Secret 7ObhTIhKeDFMR2SbbS5s8A =;
};
Zone "it. lab" IN {
Type master;
File "it. lab. forward ";
Allow-update {key SEC_DDNS ;};
};

Zone "1.168.192.in-addr. arpa" IN {
Type master;
File "1.168.192.reverse ";
Allow-update {key SEC_DDNS ;};
};