Linux之配置安全的DDNS实例

whx00 2011-11-23

基于linux的社区版本CentOS 5.5

(前提已经配置好本机器的DNS以及DHCP,并且功能都可以实现)

1、创建密匙


[root@www ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n USER wethnicity

[root@www ~]# ls

Kwethnicity.+157+25917.key          

Kwethnicity.+157+25917.private

 

[root@www ~]# cat Kwethnicity.+157+25917.key

wethnicity. IN KEY 0 3 157 ue5+atxpNY0QJQyccGeKJw==

密匙为“ue5+atxpNY0QJQyccGeKJw==”

 

2、dns部分的设置[root@www ~]# vi /var/named/chroot/etc/named.conf

 

options

{

        directory "/var/named"; // the default

        forwarders{202.102.240.65;};

};

key wethnicity {

        algorithm HMAC-MD5.SIG-ALG.REG.INT;

        secret ue5+atxpNY0QJQyccGeKJw==;

};

zone "ethnicity.com" {

        type master;

        file "named.ethnicity";

        allow-update { key wethnicity; };

};

3、DHCP部分的配置


[root@www ~]# vi /etc/dhcpd.conf

ddns-update-style none;

ignore client-updates;

option routers                  192.168.1.1;

option subnet-mask              255.255.255.0;

option domain-name              "ethnicity.com";

option domain-name-servers      192.168.1.192;

option time-offset              -18000; # Eastern Standard Time

default-lease-time 21600;

max-lease-time 43200;

 

shared-network mysuper {

subnet 192.168.1.0 netmask 255.255.255.0 {

 

        option domain-name-servers      192.168.1.192;

        range dynamic-bootp 192.168.1.0 192.168.1.254;

 

        host ns {

                hardware ethernet 00:24:8C:AE:20:5F;

                fixed-address 192.168.1.188;

        }

}

subnet 192.168.2.0 netmask 255.255.255.0 {


 

        option domain-name-servers      192.168.1.192;

        range dynamic-bootp 192.168.2.0 192.168.2.254;

}

key wethnicity {

        algorithm HMAC-MD5.SIG-ALG.REG.INT;

        secret ue5+atxpNY0QJQyccGeKJw==;

}

zone ethnicity.com. {

        primary 192.168.1.192;

        key wethnicity;

}

zone 1.168.192.in-addr.arpa. {

        primary 192.168.1.192;

        key wethnicity;

}

}

4、重启服务


[root@www ~]# /etc/init.d/named restart

[root@www ~]# /etc/init.d/dhcpd restart

5、测试

在windows操作系统自动获取ip和dns即可然后可以在linux主机上看到相关的租赁[root@www ~]# cat /var/lib/dhcpd/dhcpd.leases

相应的ip上看到Windows主机的名称。

相关推荐