Linux之配置安全的DDNS实例
whx00 2011-11-23
基于linux的社区版本CentOS 5.5
(前提已经配置好本机器的DNS以及DHCP,并且功能都可以实现)
1、创建密匙
[root@www ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n USER wethnicity
[root@www ~]# ls
Kwethnicity.+157+25917.key
Kwethnicity.+157+25917.private
[root@www ~]# cat Kwethnicity.+157+25917.key
wethnicity. IN KEY 0 3 157 ue5+atxpNY0QJQyccGeKJw==
密匙为“ue5+atxpNY0QJQyccGeKJw==”
2、dns部分的设置[root@www ~]# vi /var/named/chroot/etc/named.conf
options
{
directory "/var/named"; // the default
forwarders{202.102.240.65;};
};
key wethnicity {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret ue5+atxpNY0QJQyccGeKJw==;
};
zone "ethnicity.com" {
type master;
file "named.ethnicity";
allow-update { key wethnicity; };
};
3、DHCP部分的配置
[root@www ~]# vi /etc/dhcpd.conf
ddns-update-style none;
ignore client-updates;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "ethnicity.com";
option domain-name-servers 192.168.1.192;
option time-offset -18000; # Eastern Standard Time
default-lease-time 21600;
max-lease-time 43200;
shared-network mysuper {
subnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.1.192;
range dynamic-bootp 192.168.1.0 192.168.1.254;
host ns {
hardware ethernet 00:24:8C:AE:20:5F;
fixed-address 192.168.1.188;
}
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.1.192;
range dynamic-bootp 192.168.2.0 192.168.2.254;
}
key wethnicity {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret ue5+atxpNY0QJQyccGeKJw==;
}
zone ethnicity.com. {
primary 192.168.1.192;
key wethnicity;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.192;
key wethnicity;
}
}
4、重启服务
[root@www ~]# /etc/init.d/named restart
[root@www ~]# /etc/init.d/dhcpd restart
5、测试
在windows操作系统自动获取ip和dns即可然后可以在linux主机上看到相关的租赁[root@www ~]# cat /var/lib/dhcpd/dhcpd.leases
相应的ip上看到Windows主机的名称。
