目标:
当客户获取 DHCP IP 地址后, 把当前使用中的主机名向 BIND 服务器自动注册, 实现自动域名解析功能
原理:
bind 用于域名解析, 为避免所有用户都能够用于更新 dns 服务器, 利用密钥进行数据更新验证
dhcpd 在分配 IP 地址同时, 把 DNS 更新密钥同时发送给客户, 客户自动向 BIND 服务器进行注册
dns 服务器端软件安装
[root@station149 /]# yum install -y bind* Installed: bind.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-devel.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-dyndb-ldap.x86_64 0:2.3-5.el6 bind-sdb.x86_64 32:9.8.2-0.17.rc1.el6_4.6 Complete!
创建密钥
[root@station149 /]# rndc-confgen -r /dev/urandom -a wrote key file "/etc/rndc.key" [root@station149 /]# chown named:named /etc/rndc.key [root@station149 /]# chown 644 /etc/rndc.key
当前密钥文件内容
key "rndckey" { algorithm hmac-md5; secret "qUGWW02EZVKUNMK/iorkgg=="; };
把密钥内容复制至 bind, dhcp 配置或可选使用 include 进行文件导入方法载入密钥
bind 配置文件定义
vi /var/named/chroot/etc/named.conf
options { directory "/var/named"; forwarders { 8.8.8.8; }; }; key "rndckey" { algorithm hmac-md5; secret "qUGWW02EZVKUNMK/iorkgg=="; }; #下面 定义只能够通过本机 DHCP 进行 DNS 更新 controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; }; }; zone "cloud.com." IN { type master; file "cloud.com.master.zone"; allow-update { key rndckey; }; }; zone "48.168.192.in-addr.arpa." IN { type master; file "48.168.192.in-addr.arpa.master.zone"; allow-update { key rndckey; }; };
正向 zone 配置文件
vi /var/named/chroot/var/named/cloud.com.master.zone
$TTL 86400 @ IN SOA station149.cloud.com. root.station149.cloud.com. ( 2014011510 1400 2300 25000 86400 ) @ IN NS station149.cloud.com. station149 IN A 192.168.48.149
反向 zone 配置文件
vi /var/named/chroot/var/named/48.168.192.in-addr.arpa.master.zone $TTL 86400 @ IN SOA station149.cloud.com. root.station149.cloud.com. ( 2014010810 1400 2300 25000 86400 ) @ IN NS station149.cloud.com. 149 IN PTR station149.cloud.com.
注: 当前只配置正向, 反向配置文件, 其他主机利用 DDNS 方法自动进行注册
启动 bind 并验证
[root@station149 /]# chown named:named /var/named/chroot/var/named/*.zone [root@station149 /]# service named restart 停止 named: [确定] 启动 named: [确定]
dns 客户端配置
[root@station149 ~]# vi /etc/resolv.conf search clound.com nameserver 192.168.48.149
测试
[root@station149 ~]# host station149.cloud.com station149.cloud.com has address 192.168.48.149 [root@station149 ~]# host 192.168.48.149 149.48.168.192.in-addr.arpa domain name pointer station149.cloud.com. [root@station149 ~]# host www.google.com.hk www.google.com.hk is an alias for www-wide.l.google.com. www-wide.l.google.com has address 74.125.128.199 www-wide.l.google.com has IPv6 address 2404:6800:4005:c00::c7
DHCP 服务器配置
软件安装
[root@station149 ~]# yum install -y dhcp Installed: dhcp.x86_64 12:4.1.1-38.P1.el6.centos Complete!
vi /etc/dhcp/dhcpd.conf
key "rndckey" { algorithm hmac-md5; secret "qUGWW02EZVKUNMK/iorkgg=="; }; ddns-domainname "cloud.com."; ddns-update-style interim; ddns-rev-domainname "in-addr.arpa."; ddns-updates on; authoritative; #master server for this domain # Allow only the DHCP server to update DNS ignore client-updates; allow unknown-clients; host pdc { hardware ethernet 00:0B:2B:17:2F:00; fixed-address 192.168.48.2; } zone 48.168.192.in-addr.arpa { primary 127.0.0.1; key rndckey; } zone cloud.com { primary 127.0.0.1; key rndckey; } subnet 192.168.48.0 netmask 255.255.255.0 { range 192.168.48.20 192.168.48.126; default-lease-time 86400; max-lease-time 172800; option subnet-mask 255.255.255.0; option broadcast-address 192.168.48.255; option routers 192.168.48.1; option domain-name "cloud.com."; option domain-name-servers 192.168.48.149; }
启动 dhcpd
service dhcpd start
需要注意的问题:
观察 dhcp 服务器
[root@station149 etc]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page. # This lease file was written by isc-dhcp-4.1.1-P1 server-duid "\000\001\000\001\032i\023^\000PV\201\350\247"; lease 192.168.48.60 { starts 3 2014/01/15 09:38:11; ends 4 2014/01/16 09:38:11; cltt 3 2014/01/15 09:38:11; binding state active; next binding state free; hardware ethernet 00:50:56:81:72:9d; client-hostname "terry"; }
假如无法发现 client-hostname "terry"; 信息
则需要配置客户端, 添加 DHCP_HOSTNAME 配置
参考客户端配置信息
[root@terry sysconfig]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=terry DHCP_HOSTNAME=terry
参考更新 bind 服务器的日志
Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: signer "rndckey" approved Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone ‘cloud.com/IN‘: adding an RR at ‘terry.cloud.com‘ A Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone ‘cloud.com/IN‘: adding an RR at ‘terry.cloud.com‘ TXT Jan 15 17:40:42 station149 named-sdb[5646]: cloud.com.master.zone.jnl: create: permission denied Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone ‘cloud.com/IN‘: error: journal open failed: unexpected error Jan 15 17:40:42 station149 dhcpd: Unable to add forward map from terry.cloud.com. to 192.168.48.60: timed out Jan 15 17:40:42 station149 dhcpd: DHCPREQUEST for 192.168.48.60 from 00:50:56:81:72:9d (terry) via eth0 Jan 15 17:40:42 station149 dhcpd: DHCPACK on 192.168.48.60 to 00:50:56:81:72:9d (terry) via eth0
注意 /var/name/chroot/var/named 目录是否可以被用户 named 读写
假设一切正常, /var/named/chroot/var/named 目录下将会自动产生 jnl 后缀文件
[root@station149 named]# cd /var/named/chroot/var/named/ [root@station149 named]# ls *.jnl 48.168.192.in-addr.arpa.master.zone.jnl cloud.com.master.zone.jnl
最后, 电脑会自动在 DNS 中注册 terry.cloud.com 及对应 IP 地址, 验证:
[root@station149 named]# host terry.cloud.com terry.cloud.com has address 192.168.48.60 [root@station149 named]# host 192.168.48.60 60.48.168.192.in-addr.arpa domain name pointer terry.cloud.com.