OS: Red Hat Enterprise Linux Server release 5.6 (Tikanga)
domain: asia.corp.platform.com
DHCP IP: 172.17.100.253/24
DNS/DDNS: 172.17.100.253/24
1, DNS
[root@rhel5u332-1 etc]# rpm -qa |grep -E "bind-9|chroot"
bind-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
[root@rhel5u332-1 etc]# pwd
/var/named/chroot/etc
[root@rhel5u332-1 etc]# ls
localtime rndc.key
默认安装没有caching-nameserver-9.3.4-10.P1.el5.x86_64.rpm,安装
[root@rhel5u332-1 ~]# rpm -ihv caching-nameserver-9.3.4-10.P1.el5.x86_64.rpm
warning: caching-nameserver-9.3.4-10.P1.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:caching-nameserver ########################################### [100%]
[root@rhel5u332-1 ~]# ls /var/named/
chroot localdomain.zone named.broadcast named.ip6.local named.zero
data localhost.zone named.ca named.local slaves
创建一个link, 当然可以不创建,为了习惯
[root@rhel5u332-1 ~]# ln -s /var/named/chroot/etc/named.caching-nameserver.conf /etc/named.conf
修改/etc/name.conf如下:
[root@rhel5u332-1 ~]# cat /etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
添加自己的域记录
[root@rhel5u332-1 ~]# vi /etc/named.rfc1912.zones
添加:
zone "asia.corp.platform.com" IN {
type master;
file "asia.corp.platform.com.zone";
allow-update { none; };
};
添加asia.corp.platform.com记录文件
[root@rhel5u332-1 named]# pwd
/var/named/chroot/var/named
[root@rhel5u332-1 named]# cp -p localhost.zone asia.corp.platform.com.zone
编辑asia.corp.platform.com.zone如下:
$ORIGIN .
$TTL 86400 ; 1 day
asia.corp.platform.com IN SOA asia.corp.platform.com. root.asia.corp.platform.com. (
43 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.asia.corp.platform.com.
ns1 IN A 172.17.100.253
test1 IN A 172.17.100.252
重起DNS
[root@rhel5u332-1 named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@rhel5u332-1 named]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 172.17.100.253
[root@rhel5u332-1 named]# nslookup test1.asia.corp.platform.com
Server: 172.17.100.253
Address: 172.17.100.253#53
Name: test1.asia.corp.platform.com
Address: 172.17.100.252
DNS 可以正常工作
==========================================================================================
2, DHCP 部分
安装dhcp server
[root@rhel5u332-1 ~]# rpm -ihv dhcp-3.0.5-18.el5.x86_64.rpm
warning: dhcp-3.0.5-18.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:dhcp ########################################### [100%]
[root@rhel5u332-1 ~]# cat /etc/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#[root@rhel5u332-1 ~]# cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
cp: overwrite `/etc/dhcpd.conf'? y
修改dhcp的配置文件
[root@rhel5u332-1 ~]# cat /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 172.17.100.0 netmask 255.255.255.0 {
# --- default gateway
option routers 172.17.100.2;
option subnet-mask 255.255.255.0;
option nis-domain "eng-cn.platform.com";
option domain-name "asia.corp.platform.com";
option domain-name-servers 172.17.100.253;
option time-offset -18000; # Eastern Standard Time
option ntp-servers 172.17.192.23;
range dynamic-bootp 172.17.100.10 172.17.100.249;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}
[root@rhel5u332-1 ~]# service dhcpd restart
Shutting down dhcpd: [ OK ]
Starting dhcpd: [ OK ]
通过客户端测试,可正常工作
[root@rhel5u332-1 dhcpd]# cat /var/lib/dhcpd/dhcpd.leases |grep -v ^#
lease 172.17.100.249 {
starts 5 2011/10/28 10:57:00;
ends 5 2011/10/28 16:57:00;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:29:a1:10;
}
lease 172.17.100.248 {
starts 5 2011/10/28 10:57:23;
ends 5 2011/10/28 16:57:23;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:f7:56:3c;
uid "\001\000\014)\367V<";
client-hostname "sgzhang-xp8";
}
=======================================================================================
3, DDNS
创建密钥:
到/var/named/chroot/etc/目录
[root@rhel5u332-1 dhcpd]# cd /var/named/chroot/etc/
[root@rhel5u332-1 etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
生成密钥:
[root@rhel5u332-1 etc]# dnssec-keygen -a HMAC-MD5 -b 128 -n USER ddns
Kddns.+157+18806
[root@rhel5u332-1 etc]# ls
Kddns.+157+18806.key localtime named.rfc1912.zones
Kddns.+157+18806.private named.caching-nameserver.conf rndc.key
[root@rhel5u332-1 etc]# cat Kddns.+157+18806.key
ddns. IN KEY 0 3 157 ugw9qY236NE/FYfowtZNxQ==
-a HMAC-MD5:采用HMAC-MD5加密算法。
-b 128:生成的密钥长度为128位。
-n USER bobddns:密钥的用户名为ddns。
密钥生成后,会在当前目录下自动生成两个密钥文件Kddns.+157+xxx.key和Kddns.+157+xxx.private。
查看两个密钥文件的内容:
cat Kddns.+157+17843.key
cat Kddns.+157+17843.private
两个密钥文件中的128位密钥是一致的。需记住这一串密钥字符串,后面将会用到。
每次用dnssec-keygen生成更新密钥是不一样的。
② 添加密钥信息到DNS主配置文件中(DNS server)
[root@rhel5u332-1 etc]# cat rndc.key >> /etc/named.rfc1912.zones
rndc.key是系统自带的key,导进去是为了方便使用它的格式
[root@rhel5u332-1 etc]# vi /etc/named.rfc1912.zones, 添加如下内容:
key "ddns" {
algorithm hmac-md5;
secret "ugw9qY236NE/FYfowtZNxQ==";
};
algorithm:指明生成密钥的算法。
secret:指明密钥串。
将将asia.corp.platform.com区域中的allow-update { none; }中的“none”改成“key ddns”;
zone "asia.corp.platform.com" IN {
type master;
file "asia.corp.platform.com.zone";
allow-update { key ddns; };
};
添加密钥信息到DHCP主配置文件中(DHCP server),添加两段代码。
key ddns {
algorithm hmac-md5;
secret ugw9qY236NE/FYfowtZNxQ==;
}
zone asia.corp.platform.com. {
primary 172.17.100.253;
key ddns;
}
这时在 /var/named/chroot/var/named 应该自动生成 asia.corp.platform.com.zone.jnl, 但由于权限可能导致该文件无法自动生成,所以要修改权限。
[root@rhel5u332-1 chroot]# chmod -R 777 /var/named/chroot/var/
[root@rhel5u332-1 named]# ls /var/named/chroot/var/named/
asia.corp.platform.com.zone localdomain.zone named.ca named.zero
asia.corp.platform.com.zone.jnl localhost.zone named.ip6.local slaves
data named.broadcast named.local
[root@rhel5u332-1 named]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search asia.corp.platform.com
nameserver 172.17.100.253
[root@rhel5u332-1 named]# nslookup sgzhang-xp8
Server: 172.17.100.253
Address: 172.17.100.253#53
Name: sgzhang-xp8.asia.corp.platform.com
Address: 172.17.100.248
查看主配置文件
[root@rhel5u332-1 named]# cat asia.corp.platform.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
asia.corp.platform.com IN SOA asia.corp.platform.com. root.asia.corp.platform.com. (
43 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.asia.corp.platform.com.
$ORIGIN asia.corp.platform.com.
ns1 A 172.17.100.253
$TTL 10800 ; 3 hours
sgzhang-xp8 A 172.17.100.248
TXT "315f1919006e6c5f4edee1255f8dc62969"
$TTL 86400 ; 1 day
test1 A 172.17.100.252
