什么是ddns:
DDNS是将用户的动态IP地址映射到一个固定的域名解析服务上,用户每次连接网络的时候客户端程序就会通过信息传递把该主机的动态IP地址传送给位于服务商主机上的服务器程序,服务器程序负责提供DNS服务并实现动态域名解析。
2.实验环境:
CentOS 6.7;
DNS、DHCP 部署在同一台服务器上;
Server 端:
3.dhcp的安装与配置:
3.1 绑定服务器静态IP
[root@DNS ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=192.168.10.100 PREFIX=24
3.2 yum 安装dhcp
[root@DNS ~]#yum install -y dhcp
3.2.生成一个key 在dns和dhcp都会用到,用来更新dns库
[root@DNS ~]#dnssec-keygen -a HMAC-MD5 -b 128 -n USER ddnsuser //以ddnsuser生成一个md5加密的128位密码,生成两个文件。 [root@DNS ~]# ls anaconda-ks.cfg install.log.syslog Kddnsuser.+157+56925.private install.log Kddnsuser.+157+56925.key [root@DNS ~]# cat Kddnsuser.+157+56925.key ddnsuser. IN KEY 0 3 157 oxRjfO3rB1b0pzY1WNpbNg== //后半段为密文,需要用到
3.3 dhcp的配置如下:
[root@DNS ~]#grep -v "^#" /etc/dhcp/dhcpd.conf
ddns-update-style interim;
#ddns-updates on;
log-facility local7;
key ddnsuser {
algorithm hmac-md5;
secret oxRjfO3rB1b0pzY1WNpbNg==; //指定ddnsuser的key
}
zone ddns.com. {
primary 192.168.10.100;
key ddnsuser; //允许dhcp更新dns记录
}
zone 10.168.192.in-addr.arpa. {
primary 192.168.10.100;
key ddnsuser;
}
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.30 192.168.10.31;
option routers 192.168.10.1;
option domain-name "ddns.com";
option domain-name-servers 192.168.10.100;
default-lease-time 600;
max-lease-time 7200;
}3.4 启动dhcp
[root@DNS ~]# service dhcpd start
4.安装并配置bind(DNS):
4.1 yum 安装bind
[root@DNS ~]# yum install -y bind bind-chroot bind-libs bind-utils
4.2 dns的配置如下:
[root@DNS named]# cat /etc/named.conf
zone "." IN {
type hint;
file "named.ca";
};
key ddnsuser {
algorithm hmac-md5;
secret oxRjfO3rB1b0pzY1WNpbNg==; //指定ddnsuser的key
};
zone "ddns.com" IN {
type master;
file "/var/named/ddns.zone";
allow-update {key ddnsuser;}; //允许通过验证的key升级dns库
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "/var/named/ddns.zone.db";
allow-update {key ddnsuser;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";4.3 配置正反向解析文件:
[root@DNS ~]# cp -p /var/named/named.loopback /var/named/ddns.zone [root@DNS ~]# cp -p /var/named/named.loopback /var/named/ddns.zone.db
4.3.1 正向解析文件:
[root@DNS ~]# vim /var/named/ddns.zone
$ORIGIN . $TTL 86400 ; 1 day ddns.com IN SOA dns.ddns.com. rname.invalid. ( 3 ; serial 86400 ; refresh 3600 ; retry 604800 ; expire 10800 ; minimum ) NS dns.ddns.com. $ORIGIN ddns.com. dns A 192.168.10.100 www A 192.168.10.15
4.3.2 反向解析文件:
[root@DNS ~]# vim /var/named/ddns.zone.db $ORIGIN . $TTL 86400 ; 1 day 10.168.192.in-addr.arpa IN SOA dns.ddns.com.10.168.192.in-addr.arpa. rname.invalid. ( 2 ; serial 86400 ; refresh 3600 ; retry 604800 ; expire 10800 ; minimum ) NS dns.ddns.com. $ORIG IN 10.168.192.in-addr.arpa. 15 PTR www.ddns.com 19 PTR dns.ddns.com
4.4 权限设置:
[root@DNS ~]# chmod g+w /var/named/ //为了让dhcp可写 [root@DNS ~]# chown -R named.named /var/named/chroot/var/named/ //在centos6中,上述的目录默认是root.named ,导致最后的.jnl文件不能生成,注意修改权限。
4.5 启动dns服务:
[root@DNS ~]# service named start
Client 端(Linux PC):
在/etc/dhcp目录下新建dhclient.conf文件
[root@ntp ~]# vim /etc/dhcp/dhclient.conf send fqdn.fqdn "ntp"; //ntp是客户端的hostname send fqdn.encoded on; send fqdn.server-update off;
测试:
1. 将网卡设置成dhcp获取ip:
BOOTPROTO=dhcp [root@ntp ~]# dhclient -r [root@ntp ~]# dhclient eth0
2.进行正反向的dns解析:
正解:
[root@ntp ~]# nslookup ntp.ddns.com Server: 192.168.100.100 Address: 192.168.100.100#53 Name: ntp.ddns.com Address: 192.168.100.30
反解:
[root@ntp ~]# host 192.168.100.30 30.100.168.192.in-addr.arpa domain name pointer ntp.ddns.com.
可以看到,named中并没有定义这个域名,但是被解析到了。
另外,在/var/named/chroot/var/named/下将出现jnl的二进制文件,记录这我们解析的操作。
[root@DNS ~]# ll /var/named/chroot/var/named/
总用量 52
************ -rw-r--r-- 1 named named 432 1月 18 15:28 ddns.zone -rw-r--r-- 1 named named 421 1月 18 15:27 ddns.zone.db -rw-r--r-- 1 named named 1683 1月 18 15:15 ddns.zone.db.jnl -rw-r--r-- 1 named named 1682 1月 18 15:15 ddns.zone.jnl ************
3.监控Server端的ddns.zone
$ORIGIN . $TTL 86400 ; 1 day ddns.com IN SOA dns.ddns.com. rname.invalid. ( 4 ; serial 86400 ; 3600 ; 604800 ; 10800 ; ) NS dns.ddns.com. $ORIGIN ddns.com. dns A 192.168.10.100 $TTL 300 ; 5 minutes ntp A 192.168.10.30 TXT "001c92d13d95f00b8d62503da8db6bfa35" $TTL 86400 ; 1 day www A 192.168.10.15 ~
4.监控ddns.zone.db
$ORIGIN . $TTL 86400 ; 1 day 10.168.192.in-addr.arpa IN SOA dns.ddns.com.10.168.192.in-addr.arpa. rname.invalid. ( 3 ; serial 86400 ; 3600 ; 604800 ; 10800 ; ) NS dns.ddns.com. $ORIGIN 10.168.192.in-addr.arpa. 15 PTR www.ddns.com 19 PTR dns.ddns.com $TTL 300 ; 5 minutes 30 PTR ntp.ddns.com.
可以看到,系统自动写入刚才解析的语句,只是换成了bind自己的语法。
附:
值得注意的是,只能在此dhcp中获取的ip才会被解析到;
另外,上述过程有延时,大约10min;
要是开启图形化的话,一定要把NetworkManger关掉,它会影响服务解析。
