IT技术互动交流平台

centos下配置主从DNS服务器以及DHCP下的DDNS

作者:IT民工  发布日期:2013-06-07 19:28:10

环境:
       主DNS服务器     192.168.1.110  hostname=dns.costa.org
       DHCP服务器       192.168.1.110

       从DNS服务器     192.168.1.120  hostname=dns1.costa.org
       client linux       DHCP获得    hostname=redhat.costa.org  

一:安装主DNS服务器以及DHCP服务器

安装DNS和DHCP服务器

rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm

rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm

rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm

yum -y install dhcp

二:配置动态dns   (ddns)及加密验证DNS

cd /var/named/chroot

dnssec-keygen -a HMAC-MD5 -b 128 -n USER costyleddns  \\-a  加密方式    -b  加密的位数   -n  user

dnssec-keygen -a HMAC-MD5 -b 128 -n USER rndc-key

查看ddns key密码和rndc-key密码

cat /var/named/chroot/Kcostyleddns.+157+61304.key

cat /var/named/chroot/Krndc-key.+157+20386.key

三:配置DHCP服务器

编辑/etc/dhcp.conf

 

 

 

ddns-update-style interim;    \\更新ddns方式

ignore client-updates;           \\不允许客户端更新DNS

max-lease-time 604800;      \\最大释放时间   单位S

default-lease-time 86400;     \\默认释放时间  单位S

key costyleddns {                  \\更新DNS的key                            语法为    key   user {

algorithm HMAC-MD5;                                                         \\                          algorithm   HMAC-MD5;

secret qVdXEom1piP3PlBFc2gArA==;                                \\                           secret        ;

};                                                                                           \\};

zone costa.org. {                                        要更新的zone

primary 192.168.1.110;

key costyleddns;

}

zone 1.168.192.in-addr.arpa. {

primary 192.168.1.110;

key costyleddns;

}

subnet 192.168.1.0 netmask 255.255.255.0 {

      range 192.168.1.125 192.168.1.150;

# --- default gateway

      option routers 192.168.1.1;

      option subnet-mask 255.255.255.0;

      option broadcast-address 192.168.1.255;

# --- option nis-domain "domain.org";

      option domain-name "costa.org";

      option domain-name-servers 192.168.1.110,192.168.1.120;

}

四.   开启DHCP服务以及设置其开机启动

service dhcpd start | stop | restart

chkconfig dhcpd on | off            on  开机自动启动dhcpd服务

五 配置主DNS

1.编辑全局配置文件
    vi   /etc/named.conf

 

 

 

options {

       listen-on port 53 { any; };                     \\修改地方1

       listen-on-v6 port 53 { ::1; };

       directory       "/var/named";

       dump-file       "/var/named/data/cache_dump.db";

       statistics-file "/var/named/data/named_stats.txt";

       memstatistics-file "/var/named/data/named_mem_stats.txt";

 


       // Those options should be used carefully because they disable port

       // randomization

        query-source    port 53;

        query-source-v6 port 53;

       allow-transfer { 192.168.1.110; };         \\设定主dns服务器的ip允许辅dns服务器转送

       allow-query     { any; };                          \\修改地方2

#       allow-query-cache { localhost; };

#       forwarders {8.8.8.8; };

#       forward first;

};

 


key costyletransfer {                                       \\设定允许转送rndc key

       algorithm       hmac-md5;

       secret          HYPqYO8y7cheP4nAjBbxDg==;

};

 


server 192.168.1.110 {                           \\设定主服务器转送的key

       keys {costyletransfer; };

};

 


key costyleddns {                                        \\设定DDNS的key

       algorithm       hmac-md5;

       secret          qVdXEom1piP3PlBFc2gArA==;

};

 

 

 

logging {

       channel default_debug {

               file "data/named.run";

               severity dynamic;

       };

};

view lan_resolver {

       match-clients      { 192.168.1.0/24; };   

       match-destinations { any; };

       recursion yes;

       include "/etc/named_lan.zones";

};

#view wan_resolver {

#        match-clients      { any; };

#        match-destinations { any; };

#        recursion yes;

#        include "/etc/named_wan.zones";

#};

"/var/named/chroot/etc/named.conf" 65L, 1664C

 


2.配置  主配置文件


zone "." IN {

       type hint;

       file "named.ca";

};

 


zone "costa.org" IN {

       type master;                                              ***

       file "costa.org.lan.zero";                              ***

       allow-update { key costyleddns; };            ***

       allow-transfer { key costyletransfer; };        ***

};

 


zone "1.168.192.in-addr.arpa" IN {

       type master;                                              ***

       file "1.168.192.local";                                ***

       allow-update { key costyleddns; };            ***

       allow-transfer { key costyletransfer; };       ***

};

3.配置区域配置文件:

cd       /var/named/chroot/var/named/costa.org.lan.zero                    \\对应主配置文件的路径

vi      costa.org.lan.zero


$ORIGIN .

$TTL 86400      ; 1 day

costa.org               IN SOA  dns.costa.com. root.costa.org. (

                               43         ; serial

                               10800      ; refresh (3 hours)

                               900        ; retry (15 minutes)

                               604800     ; expire (1 week)

                               86400      ; minimum (1 day)

                               )

                       NS      dns.costa.org.

                       MX      10 dns.costa.org.

$ORIGIN costa.org.

dns                     A       192.168.1.110

dns1                    A       192.168.1.120

mail                    CNAME   dns

$TTL 43200      ; 12 hours

redhat                  A       192.168.1.150                                  \\动态更新的DDNS

                       TXT     "0075cad590578303201026362886ab527d"

$TTL 86400      ; 1 day

www                     CNAME   dns

~

六:启动DNS服务设置DNS服务自启动,并给予/var/named/chroot/var/named/

1.设置dns服务启动以及开机启动

service named start  | stop   | restart

chkconfig    named    on  | off

2.关闭iptables  和  selinux 服务

service  iptables stop

vi /etc/selinux/config     设置  selinux为disable状态   并重启机器

3.设置群组权限并允许区域写入

chown -R named.named   /var/named/chroot/var/named/

chmod -R 640    /var/named/chroot/var/named

vi    /etc/sysconfig/named

ENABLE_ZONE_WRITE=yes
 

七:安装及配置从DNS服务器
 

rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm

rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm

rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm

关闭防火墙和selinux

配置/var/named/chroot/etc/named.conf

 


options {

       listen-on port 53 { any; };                     \\

       listen-on-v6 port 53 { ::1; };

       directory       "/var/named";

       dump-file       "/var/named/data/cache_dump.db";

       statistics-file "/var/named/data/named_stats.txt";

       memstatistics-file "/var/named/data/named_mem_stats.txt";

//

       // Those options should be used carefully because they disable port

       // randomization

       // query-source    port 53;

       // query-source-v6 port 53;

 


       allow-query     { any; };                           \\

       allow-query-cache { any; };                     \\

};

 

 

 

logging {

       channel default_debug {

               file "data/named.run";

               severity dynamic;

       };

};

\\

key costyletransfer{

       algorithm       hmac-md5;

       secret  HYPqYO8y7cheP4nAjBbxDg==;

};

\\

server 192.168.1.110{

       keys {costyletransfer;};

};

 


view costa_lan_resolver {

       match-clients      { 192.168.1.0/24; };         \\

       match-destinations { any; };

       recursion yes;

       include "/etc/costa_lan.zones";

};

 


编辑主配置文件/var/named/chroot/etc/costa_lan.zones

 


zone "." IN {

       type hint;

       file "named.ca";

};

 


zone "costa.org" IN {

       type slave;                             \\设定为从DNS服务器

       masters {192.168.1.110; };   \\设定主DNS服务器的IP

       file "slaves/costa.org.zero";       \\设定正向解析文件路径

};

 


zone "1.168.192.in-addr.arpa" IN {

       type slave;                              \\设定为从DNS服务器

       masters {192.168.1.110; };   \\设定主DNS服务器的IP

       file "slaves/1.168.192.local";   \\设定反向解析文件路径

};

 


4.启动dns服务及开机自启动

#  service  named start

#  chkconfig  named on

 


八:测试

在客户机上添加dhclient.conf文件

end fqdn.fqdn "test";       //test为本机的hostname

send fqdn.encoded on;

send fqdn.server-update off;

重启即可生效

nslookup   192.168.1.110           查找静态IP地址

nslookup   redhat               DHCP动态分配ip地址

九:DDNS成功后会自动在/var/named/chroot/var/named/下建立  

jul的文件

十:常见错误

1./etc/named.conf       file  not found
在/etc下缺少这个文件
解决方法
设定软连接
ln  -s   /var/named/chroot/etc/named.conf    /etc/named.conf


2.permission   denied错误
此类错误多为权限不足造成的
A:   /var/named/chroot/var/named/    设定归属为named.named      权限为  640
B:   /var/naemd/chroot/etc/               设定归属为named.named      权限为   640


chown -R named.named   /var/named/chroot/var/named/
chmod  -R 640   /var/named/chroot/var/named/
3.语法错误  缺少标点符号
此类错误比较好判断
通过  #    named -gc  /var/named/chroot/etc/named.conf 可以发现哪里的问题  或折 # named-checkconf命令,没有任何提示时表明正常

Tag标签: centos   DNS服务器   DHCP   DDNS  
  • 专题推荐

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规