目標:
當客戶擷取 DHCP IP 位址後, 把當前使用中的主機名稱向 BIND 伺服器自動註冊, 實現自動網域名稱解析功能
原理:
bind 用於網域名稱解析, 為避免所有使用者都能夠用於更新 dns 伺服器, 利用密鑰進行資料更新驗證
dhcpd 在分配 IP 位址同時, 把 DNS 更新密鑰同時發送給客戶, 客戶自動向 BIND 伺服器進行註冊
dns 伺服器端軟體安裝
[root@station149 /]# yum install -y bind*Installed: bind.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-devel.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-dyndb-ldap.x86_64 0:2.3-5.el6 bind-sdb.x86_64 32:9.8.2-0.17.rc1.el6_4.6Complete!
建立密鑰
[root@station149 /]# rndc-confgen -r /dev/urandom -awrote key file "/etc/rndc.key"[root@station149 /]# chown named:named /etc/rndc.key[root@station149 /]# chown 644 /etc/rndc.key
當前密鑰檔案內容
key "rndckey" { algorithm hmac-md5; secret "qUGWW02EZVKUNMK/iorkgg==";};
把金鑰產製原料複製至 bind, dhcp 配置或可選使用 include 進行檔案匯入方法載入密鑰
bind 設定檔定義
vi /var/named/chroot/etc/named.conf
options { directory "/var/named"; forwarders { 8.8.8.8; };};key "rndckey" { algorithm hmac-md5; secret "qUGWW02EZVKUNMK/iorkgg==";};#下面 定義只能夠通過本機 DHCP 進行 DNS 更新controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };};zone "cloud.com." IN { type master; file "cloud.com.master.zone"; allow-update { key rndckey; };};zone "48.168.192.in-addr.arpa." IN { type master; file "48.168.192.in-addr.arpa.master.zone"; allow-update { key rndckey; };};
正向 zone 設定檔
vi /var/named/chroot/var/named/cloud.com.master.zone
$TTL 86400@ IN SOA station149.cloud.com. root.station149.cloud.com. ( 2014011510 1400 2300 25000 86400 )@ IN NS station149.cloud.com.station149 IN A 192.168.48.149
反向 zone 設定檔
vi /var/named/chroot/var/named/48.168.192.in-addr.arpa.master.zone$TTL 86400@ IN SOA station149.cloud.com. root.station149.cloud.com. ( 2014010810 1400 2300 25000 86400 )@ IN NS station149.cloud.com.149 IN PTR station149.cloud.com.
注: 當前只配置正向, 反向設定檔, 其他主機利用 DDNS 方法自動進行註冊
啟動 bind 並驗證
[root@station149 /]# chown named:named /var/named/chroot/var/named/*.zone[root@station149 /]# service named restart停止 named: [確定]啟動 named: [確定]
dns 用戶端配置
[root@station149 ~]# vi /etc/resolv.confsearch clound.comnameserver 192.168.48.149
測試
[root@station149 ~]# host station149.cloud.comstation149.cloud.com has address 192.168.48.149[root@station149 ~]# host 192.168.48.149149.48.168.192.in-addr.arpa domain name pointer station149.cloud.com.[root@station149 ~]# host www.google.com.hkwww.google.com.hk is an alias for www-wide.l.google.com.www-wide.l.google.com has address 74.125.128.199www-wide.l.google.com has IPv6 address 2404:6800:4005:c00::c7
DHCP 伺服器配置
軟體安裝
[root@station149 ~]# yum install -y dhcpInstalled: dhcp.x86_64 12:4.1.1-38.P1.el6.centosComplete!
vi /etc/dhcp/dhcpd.conf
key "rndckey" { algorithm hmac-md5; secret "qUGWW02EZVKUNMK/iorkgg==";};ddns-domainname "cloud.com.";ddns-update-style interim;ddns-rev-domainname "in-addr.arpa.";ddns-updates on;authoritative;#master server for this domain# Allow only the DHCP server to update DNSignore client-updates;allow unknown-clients;host pdc { hardware ethernet 00:0B:2B:17:2F:00; fixed-address 192.168.48.2;}zone 48.168.192.in-addr.arpa { primary 127.0.0.1; key rndckey;}zone cloud.com { primary 127.0.0.1; key rndckey;}subnet 192.168.48.0 netmask 255.255.255.0 { range 192.168.48.20 192.168.48.126; default-lease-time 86400; max-lease-time 172800; option subnet-mask 255.255.255.0; option broadcast-address 192.168.48.255; option routers 192.168.48.1; option domain-name "cloud.com."; option domain-name-servers 192.168.48.149;}
啟動 dhcpd
service dhcpd start
需要注意的問題:
觀察 dhcp 伺服器
[root@station149 etc]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.# This lease file was written by isc-dhcp-4.1.1-P1server-duid "\000\001\000\001\032i\023^\000PV\201\350\247";lease 192.168.48.60 { starts 3 2014/01/15 09:38:11; ends 4 2014/01/16 09:38:11; cltt 3 2014/01/15 09:38:11; binding state active; next binding state free; hardware ethernet 00:50:56:81:72:9d; client-hostname "terry";}
假如無法發現 client-hostname "terry"; 資訊
則需要配置用戶端, 添加 DHCP_HOSTNAME 配置
參考用戶端配置資訊
[root@terry sysconfig]# cat /etc/sysconfig/networkNETWORKING=yesHOSTNAME=terryDHCP_HOSTNAME=terry
參考更新 bind 伺服器的日誌
Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: signer "rndckey" approvedJan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone 'cloud.com/IN': adding an RR at 'terry.cloud.com' AJan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone 'cloud.com/IN': adding an RR at 'terry.cloud.com' TXTJan 15 17:40:42 station149 named-sdb[5646]: cloud.com.master.zone.jnl: create: permission deniedJan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone 'cloud.com/IN': error: journal open failed: unexpected errorJan 15 17:40:42 station149 dhcpd: Unable to add forward map from terry.cloud.com. to 192.168.48.60: timed outJan 15 17:40:42 station149 dhcpd: DHCPREQUEST for 192.168.48.60 from 00:50:56:81:72:9d (terry) via eth0Jan 15 17:40:42 station149 dhcpd: DHCPACK on 192.168.48.60 to 00:50:56:81:72:9d (terry) via eth0
注意 /var/name/chroot/var/named 目錄是否可以被使用者 named 讀寫
假設一切正常, /var/named/chroot/var/named 目錄下將會自動產生 jnl 尾碼檔案
[root@station149 named]# cd /var/named/chroot/var/named/[root@station149 named]# ls *.jnl48.168.192.in-addr.arpa.master.zone.jnl cloud.com.master.zone.jnl
最後, 電腦會自動在 DNS 中註冊 terry.cloud.com 及對應 IP 位址, 驗證:
[root@station149 named]# host terry.cloud.comterry.cloud.com has address 192.168.48.60[root@station149 named]# host 192.168.48.6060.48.168.192.in-addr.arpa domain name pointer terry.cloud.com.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
