目标:
当客户获取 DHCP IP 地址后, 把当前使用中的主机名向 BIND 服务器自动注册, 实现自动域名解析功能
原理:
bind 用于域名解析, 为避免所有用户都能够用于更新 dns 服务器, 利用密钥进行数据更新验证
dhcpd 在分配 IP 地址同时, 把 DNS 更新密钥同时发送给客户, 客户自动向 BIND 服务器进行注册
dns 服务器端软件安装
[root@station149 /]# yum install -y bind* Installed: bind.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-devel.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-dyndb-ldap.x86_64 0:2.3-5.el6 bind-sdb.x86_64 32:9.8.2-0.17.rc1.el6_4.6 Complete!
创建密钥
[root@station149 /]# rndc-confgen -r /dev/urandom -a wrote key file "/etc/rndc.key" [root@station149 /]# chown named:named /etc/rndc.key [root@station149 /]# chown 644 /etc/rndc.key
当前密钥文件内容
key "rndckey" {
algorithm hmac-md5;
secret "qUGWW02EZVKUNMK/iorkgg==";
};
把密钥内容复制至 bind, dhcp 配置或可选使用 include 进行文件导入方法载入密钥
bind 配置文件定义
vi /var/named/chroot/etc/named.conf
options {
directory "/var/named";
forwarders { 8.8.8.8; };
};
key "rndckey" {
algorithm hmac-md5;
secret "qUGWW02EZVKUNMK/iorkgg==";
};
#下面 定义只能够通过本机 DHCP 进行 DNS 更新
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};
zone "cloud.com." IN {
type master;
file "cloud.com.master.zone";
allow-update { key rndckey; };
};
zone "48.168.192.in-addr.arpa." IN {
type master;
file "48.168.192.in-addr.arpa.master.zone";
allow-update { key rndckey; };
};
正向 zone 配置文件
vi /var/named/chroot/var/named/cloud.com.master.zone
$TTL 86400
@ IN SOA station149.cloud.com. root.station149.cloud.com. (
2014011510
1400
2300
25000
86400 )
@ IN NS station149.cloud.com.
station149 IN A 192.168.48.149
反向 zone 配置文件
vi /var/named/chroot/var/named/48.168.192.in-addr.arpa.master.zone
$TTL 86400
@ IN SOA station149.cloud.com. root.station149.cloud.com. (
2014010810
1400
2300
25000
86400 )
@ IN NS station149.cloud.com.
149 IN PTR station149.cloud.com.
注: 当前只配置正向, 反向配置文件, 其他主机利用 DDNS 方法自动进行注册
启动 bind 并验证
[root@station149 /]# chown named:named /var/named/chroot/var/named/*.zone [root@station149 /]# service named restart 停止 named: [确定] 启动 named: [确定]
dns 客户端配置
[root@station149 ~]# vi /etc/resolv.conf search clound.com nameserver 192.168.48.149
测试
[root@station149 ~]# host station149.cloud.com station149.cloud.com has address 192.168.48.149 [root@station149 ~]# host 192.168.48.149 149.48.168.192.in-addr.arpa domain name pointer station149.cloud.com. [root@station149 ~]# host www.google.com.hk www.google.com.hk is an alias for www-wide.l.google.com. www-wide.l.google.com has address 74.125.128.199 www-wide.l.google.com has IPv6 address 2404:6800:4005:c00::c7
DHCP 服务器配置
软件安装
[root@station149 ~]# yum install -y dhcp Installed: dhcp.x86_64 12:4.1.1-38.P1.el6.centos Complete!
vi /etc/dhcp/dhcpd.conf
key "rndckey" {
algorithm hmac-md5;
secret "qUGWW02EZVKUNMK/iorkgg==";
};
ddns-domainname "cloud.com.";
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa.";
ddns-updates on;
authoritative;
#master server for this domain
# Allow only the DHCP server to update DNS
ignore client-updates;
allow unknown-clients;
host pdc {
hardware ethernet 00:0B:2B:17:2F:00;
fixed-address 192.168.48.2;
}
zone 48.168.192.in-addr.arpa {
primary 127.0.0.1;
key rndckey;
}
zone cloud.com {
primary 127.0.0.1;
key rndckey;
}
subnet 192.168.48.0 netmask 255.255.255.0 {
range 192.168.48.20 192.168.48.126;
default-lease-time 86400;
max-lease-time 172800;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.48.255;
option routers 192.168.48.1;
option domain-name "cloud.com.";
option domain-name-servers 192.168.48.149;
}
启动 dhcpd
service dhcpd start
需要注意的问题:
观察 dhcp 服务器
[root@station149 etc]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1
server-duid "\000\001\000\001\032i\023^\000PV\201\350\247";
lease 192.168.48.60 {
starts 3 2014/01/15 09:38:11;
ends 4 2014/01/16 09:38:11;
cltt 3 2014/01/15 09:38:11;
binding state active;
next binding state free;
hardware ethernet 00:50:56:81:72:9d;
client-hostname "terry";
}
假如无法发现 client-hostname "terry"; 信息
则需要配置客户端, 添加 DHCP_HOSTNAME 配置
参考客户端配置信息
[root@terry sysconfig]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=terry DHCP_HOSTNAME=terry
参考更新 bind 服务器的日志
Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: signer "rndckey" approved Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone ‘cloud.com/IN‘: adding an RR at ‘terry.cloud.com‘ A Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone ‘cloud.com/IN‘: adding an RR at ‘terry.cloud.com‘ TXT Jan 15 17:40:42 station149 named-sdb[5646]: cloud.com.master.zone.jnl: create: permission denied Jan 15 17:40:42 station149 named-sdb[5646]: client 127.0.0.1#46556: updating zone ‘cloud.com/IN‘: error: journal open failed: unexpected error Jan 15 17:40:42 station149 dhcpd: Unable to add forward map from terry.cloud.com. to 192.168.48.60: timed out Jan 15 17:40:42 station149 dhcpd: DHCPREQUEST for 192.168.48.60 from 00:50:56:81:72:9d (terry) via eth0 Jan 15 17:40:42 station149 dhcpd: DHCPACK on 192.168.48.60 to 00:50:56:81:72:9d (terry) via eth0
注意 /var/name/chroot/var/named 目录是否可以被用户 named 读写
假设一切正常, /var/named/chroot/var/named 目录下将会自动产生 jnl 后缀文件
[root@station149 named]# cd /var/named/chroot/var/named/ [root@station149 named]# ls *.jnl 48.168.192.in-addr.arpa.master.zone.jnl cloud.com.master.zone.jnl
最后, 电脑会自动在 DNS 中注册 terry.cloud.com 及对应 IP 地址, 验证:
[root@station149 named]# host terry.cloud.com terry.cloud.com has address 192.168.48.60 [root@station149 named]# host 192.168.48.60 60.48.168.192.in-addr.arpa domain name pointer terry.cloud.com.