CentOS下配置主从DNS服务器以及DHCP下的DDNS
hmslucky 2013-06-08
环境:
安装DNS和DHCP服务器
rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm
yum -y install dhcp
cd /var/named/chroot
dnssec-keygen -a HMAC-MD5 -b 128 -n USER costyleddns \\-a 加密方式 -b 加密的位数 -n user
dnssec-keygen -a HMAC-MD5 -b 128 -n USER rndc-key
查看ddns key密码和rndc-key密码
cat /var/named/chroot/Kcostyleddns.+157+61304.key
cat /var/named/chroot/Krndc-key.+157+20386.key
编辑/etc/dhcp.conf
ddns-update-style interim; \\更新ddns方式
ignore client-updates; \\不允许用户端更新DNS
max-lease-time 604800; \\最大释放时间 单位S
default-lease-time 86400; \\默认释放时间 单位S
key costyleddns { \\更新DNS的key 语法为 key user {
algorithm HMAC-MD5; \\ algorithm HMAC-MD5;
secret qVdXEom1piP3PlBFc2gArA==; \\ secret ;
}; \\};
zone costa.org. { 要更新的zone
primary 192.168.1.110;
key costyleddns;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.110;
key costyleddns;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.125 192.168.1.150;
# --- default gateway
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
# --- option nis-domain "domain.org";
option domain-name "costa.org";
option domain-name-servers 192.168.1.110,192.168.1.120;
}
service dhcpd start | stop | restart
chkconfig dhcpd on | off on 开机自动启动dhcpd服务
vi /etc/named.conf
options {
listen-on port 53 { any; }; \\修改地方1
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
query-source port 53;
query-source-v6 port 53;
allow-transfer { 192.168.1.110; }; \\设定主dns服务器的ip允许辅dns服务器转送
allow-query { any; }; \\修改地方2
# allow-query-cache { localhost; };
# forwarders {8.8.8.8; };
# forward first;
};
key costyletransfer { \\设定允许转送rndc key
algorithm hmac-md5;
secret HYPqYO8y7cheP4nAjBbxDg==;
};
server 192.168.1.110 { \\设定主服务器转送的key
keys {costyletransfer; };
};
key costyleddns { \\设定DDNS的key
algorithm hmac-md5;
secret qVdXEom1piP3PlBFc2gArA==;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view lan_resolver {
match-clients { 192.168.1.0/24; };
match-destinations { any; };
recursion yes;
include "/etc/named_lan.zones";
};
#view wan_resolver {
# match-clients { any; };
# match-destinations { any; };
# recursion yes;
# include "/etc/named_wan.zones";
#};
"/var/named/chroot/etc/named.conf" 65L, 1664C
2.配置 主配置文件
zone "." IN {
type hint;
file "named.ca";
};
zone "costa.org" IN {
type master; ***
file "costa.org.lan.zero"; ***
allow-update { key costyleddns; }; ***
allow-transfer { key costyletransfer; }; ***
};
zone "1.168.192.in-addr.arpa" IN {
type master; ***
file "1.168.192.local"; ***
allow-update { key costyleddns; }; ***
allow-transfer { key costyletransfer; }; ***
};
3.配置区域配置文件:
cd /var/named/chroot/var/named/costa.org.lan.zero \\对应主配置文件的路径
vi costa.org.lan.zero
$ORIGIN .
$TTL 86400 ; 1 day
costa.org IN SOA dns.costa.com. root.costa.org. (
43 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.costa.org.
MX 10 dns.costa.org.
$ORIGIN costa.org.
dns A 192.168.1.110
dns1 A 192.168.1.120
mail CNAME dns
$TTL 43200 ; 12 hours
redhat A 192.168.1.150 \\动态更新的DDNS
TXT "0075cad590578303201026362886ab527d"
$TTL 86400 ; 1 day
www CNAME dns
~
1.设置dns服务启动以及开机启动
service named start | stop | restart
chkconfig named on | off
2.关闭iptables 和 selinux 服务
service iptables stop
vi /etc/selinux/config 设置 selinux为disable状态 并重启机器
3.设置群组权限并允许区域写入
chown -R named.named /var/named/chroot/var/named/
chmod -R 640 /var/named/chroot/var/named
vi /etc/sysconfig/named
ENABLE_ZONE_WRITE=yes
rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm
关闭防火墙和selinux
配置/var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; }; \\
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; \\
allow-query-cache { any; }; \\
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
\\
key costyletransfer{
algorithm hmac-md5;
secret HYPqYO8y7cheP4nAjBbxDg==;
};
\\
server 192.168.1.110{
keys {costyletransfer;};
};
view costa_lan_resolver {
match-clients { 192.168.1.0/24; }; \\
match-destinations { any; };
recursion yes;
include "/etc/costa_lan.zones";
};
编辑主配置文件/var/named/chroot/etc/costa_lan.zones
zone "." IN {
type hint;
file "named.ca";
};
zone "costa.org" IN {
type slave; \\设定为从DNS服务器
masters {192.168.1.110; }; \\设定主DNS服务器的IP
file "slaves/costa.org.zero"; \\设定正向解析文件路径
};
zone "1.168.192.in-addr.arpa" IN {
type slave; \\设定为从DNS服务器
masters {192.168.1.110; }; \\设定主DNS服务器的IP
file "slaves/1.168.192.local"; \\设定反向解析文件路径
};
4.启动dns服务及开机自启动
# service named start
# chkconfig named on
在客户机上添加dhclient.conf文件
end fqdn.fqdn "test"; //test为本机的hostname
send fqdn.encoded on;
send fqdn.server-update off;
重启即可生效
nslookup 192.168.1.110 查找静态IP地址
nslookup redhat DHCP动态分配ip地址
chmod -R 640 /var/named/chroot/var/named/
3.语法错误 缺少标点符号
此类错误比较好判断
通过 # named -gc /var/named/chroot/etc/named.conf 可以发现哪里的问题 或折 # named-checkconf命令,没有任何提示时表明正常
