centos7 实现dhcp动态向dns注册(DDNS)
参考资料
[root@localhost dhcp-4.2.5]#man dhcpd.conf
[root@localhost dhcp-4.2.5]#man dhclient.conf
DNS操作步骤
1. 生成动态注册的密钥
代表生成128位MD5的密钥对,-a参数可选则算法,-b 可选择长度 最后的xiapi是名称,在dns和dhcp中,需要调用这个名称
[root@localhost ~]#dnssec-keygen -a HMAC-MD5 -b 128 -n USER xiapi
[root@localhost ~]#ll K*
-rw-------. 1 root root 47 Nov 19 10:55 Kxiapi.+157+35335.key
-rw-------. 1 root root 165 Nov 19 10:55 Kxiapi.+157+35335.private
[root@localhost ~]#
2. 安装配置
安装bind,也就是dns服务,然后配置主配置文件使其允许别人查询,和监听本机所有端口
[root@localhost dhcp-4.2.5]#yum install bind
[root@localhost dhcp-4.2.5]#vi /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query { any; };
}
3. 配置dns区域
可以看到生成的key,把key复制进secret里即可,记得使用双引号括起来,代表允许使用key来更新
[root@localhost ~]#cat Kxiapi.+157+35335.key
xiapi. IN KEY 0 3 157 oIg9CFP/dDBoHMyCzyzc3Q==
[root@localhost ~]#cat Kxiapi.+157+35335.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: oIg9CFP/dDBoHMyCzyzc3Q==
Bits: AAA=
Created: 20191119025556
Publish: 20191119025556
Activate: 20191119025556
[root@localhost ~]#vi /etc/named.rfc1912.zones
key xiapi {
algorithm hmac-md5;
secret "oIg9CFP/dDBoHMyCzyzc3Q==";
};
zone "youyou.org" {
type master;
file "named.youyou";
allow-update { key xiapi; };
};
zone "19.168.192.in-addr.arpa" {
type master;
file "named.192.168.19";
allow-update { key xiapi; };
};
4. 配置正向区域文件和反向区域文件
因为需要修改dns区域内容所以,需要更改一下所有者,让其拥有写权限
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -a named.loopback named.192.168.19
[root@localhost named]# cp -a named.localhost named.youyou
[root@localhost named]# chown named.named named.192.168.19
[root@localhost named]# chown named.named named.youyou
[root@localhost named]#vi named.youyou
$TTL 86400 ; 1 day
youyou.org IN SOA master.youyou.org. root.youyou.org. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS master.youyou.org.
master A 192.168.19.10
www A 192.168.19.10
[root@localhost named]#vi named.192.168.19
$TTL 86400 ; 1 day
19.168.192.in-addr.arpa IN SOA 10.19.168.192.in-addr.arpa. root.youyou.org. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS master.youyou.org.
10 PTR master.youyou.org.
10 PTR www.youyou.org.
5. 启动dns服务并测试是否正常
启动dns服务
[root@localhost named]#systemctl start named
[root@localhost named]#systemctl enable named
如果无法启动的话,使用named-checkconf,检查配置文件;使用named-checkzone 域名 区域文件 ,来检查这个区域是否正确。
[root@localhost named]#named-checkconf
[root@localhost named]#named-checkzone youyou.org named.youyou
zone youyou.org/IN: loaded serial 1
OK
[root@localhost named]#
测试正向解析,和反向解析是否正常,
[root@localhost named]#dig www.youyou.org @192.168.19.10
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.youyou.org @192.168.19.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38085
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.youyou.org. IN A
;; ANSWER SECTION:
www.youyou.org. 86400 IN A 192.168.19.10
;; AUTHORITY SECTION:
youyou.org. 86400 IN NS master.youyou.org.
;; ADDITIONAL SECTION:
master.youyou.org. 86400 IN A 192.168.19.10
;; Query time: 0 msec
;; SERVER: 192.168.19.10#53(192.168.19.10)
;; WHEN: Tue Nov 19 15:16:22 CST 2019
;; MSG SIZE rcvd: 96
[root@localhost named]#dig -x 192.168.19.10 @192.168.19.10
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -x 192.168.19.10 @192.168.19.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61273
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.19.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.19.168.192.in-addr.arpa. 86400 IN PTR www.youyou.org.
10.19.168.192.in-addr.arpa. 86400 IN PTR master.youyou.org.
;; AUTHORITY SECTION:
19.168.192.in-addr.arpa. 86400 IN NS master.youyou.org.
;; ADDITIONAL SECTION:
master.youyou.org. 86400 IN A 192.168.19.10
;; Query time: 0 msec
;; SERVER: 192.168.19.10#53(192.168.19.10)
;; WHEN: Tue Nov 19 15:16:35 CST 2019
;; MSG SIZE rcvd: 134
DHCP Server操作步骤
1. 安装,并拷贝配置文件
[root@localhost named]#yum install dhcp
[root@localhost named]#cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
2. 修改dhcp配置文件
保留这么多即可,其他的subnet 全部删除,key和zone 需要自己添加上,注意:secret也是上面key的那一串字符
[root@localhost named]#cat /etc/dhcp/dhcpd.conf | grep -v "^#\|^$"
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim;
ignore client-updates;
key xiapi {
algorithm HMAC-MD5;
secret "oIg9CFP/dDBoHMyCzyzc3Q==";
}
zone youyou.org. {
primary 192.168.19.10;
key xiapi;
}
zone 19.168.192.in-addr.arpa. {
primary 192.168.19.10;
key xiapi;
}
log-facility local7;
subnet 192.168.19.0 netmask 255.255.255.0 {
range 192.168.19.100 192.168.19.120;
option routers 192.168.19.2;
option domain-name "youyou.org";
option domain-name-servers 192.168.19.10;
}
[root@localhost named]#
3. 启动服务
[root@localhost named]#systemctl start dhcpd (启动服务)
[root@localhost named]#systemctl enable dhcpd (设置成开机自启动)
DHCP Client操作步骤
- 修改clent的配置文件,因为linux默认获取ip地址是不携带这些信息的。windows可以正常,最后使用dhclient -r 释放当前ip,dhclient获取一个ip地址
[root@localhost named]#vi /etc/dhcp/dhclient.conf
send fqdn.fqdn "xiapi.youyou.org.";
send fqdn.encoded on;
send fqdn.server-update off;
also request fqdn, dhcp6.fqdn;
[root@localhost named]#dhclient -r
[root@localhost named]#dhclient
排错步骤
1. 客户端错误
如果客户端没有加上 also request fqdn 这一行的话,客户端是不识别send的那些信息的。可以在客户端上查看/var/log/messages,筛选的话,使用cat /var/log/messages | grep “dhclient” 查看相关信息
2. key错误
通过/var/log/messages 查看到 named和dhcpd 的报错信息,来看到。
Nov 19 14:35:36 localhost dhcpd: DHCPREQUEST for 192.168.19.129 from 00:0c:29:44:b1:c0 via ens33: unknown lease 192.168.19.129.
Nov 19 14:37:17 localhost dhcpd: DHCPDISCOVER from 00:0c:29:44:b1:c0 via ens33
Nov 19 14:37:18 localhost dhcpd: DHCPOFFER on 192.168.19.100 to 00:0c:29:44:b1:c0 via ens33
Nov 19 14:37:18 localhost dhcpd: DHCPREQUEST for 192.168.19.100 (192.168.19.10) from 00:0c:29:44:b1:c0 via ens33
Nov 19 14:37:18 localhost dhcpd: DHCPACK on 192.168.19.100 to 00:0c:29:44:b1:c0 via ens33
Nov 19 14:37:18 localhost named[5478]: client @0x7efbec0b7690 192.168.19.10#59051: request has invalid signature: TSIG ddns-key: tsig verify failure (BADKEY)
Nov 19 14:37:18 localhost dhcpd: Unable to add forward map from xiapi.youyou.org to 192.168.19.100: tsig indicates error
成功效果
1. dig可以查看
[root@localhost dynamic]#dig xiapi.youyou.org @192.168.19.10
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> xiapi.youyou.org @192.168.19.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xiapi.youyou.org. IN A
;; ANSWER SECTION:
xiapi.youyou.org. 300 IN A 192.168.19.100
;; AUTHORITY SECTION:
youyou.org. 86400 IN NS master.youyou.org.
;; ADDITIONAL SECTION:
master.youyou.org. 86400 IN A 192.168.19.10
;; Query time: 0 msec
;; SERVER: 192.168.19.10#53(192.168.19.10)
;; WHEN: Tue Nov 19 15:50:41 CST 2019
;; MSG SIZE rcvd: 98
[root@localhost dynamic]#
2. 查看dns区域文件
这个其实是默认生成了后缀为.jnl 的文件,能正常解析,如果你重启一下named服务,jnl里的内容就会追缴到原本的named.youyou 文件里。
[root@localhost named]#ll -t
total 32
drwxrwx---. 2 named named 60 Nov 19 15:56 dynamic
-rw-r--r--. 1 named named 422 Nov 19 15:56 named.youyou
-rw-r--r--. 1 named named 428 Nov 19 15:56 named.192.168.19
-rw-r--r--. 1 named named 1355 Nov 19 15:50 named.192.168.19.jnl
-rw-r--r--. 1 named named 1453 Nov 19 15:50 named.youyou.jnl
drwxrwx---. 2 named named 23 Nov 19 11:35 data
drwxrwx---. 2 named named 6 Aug 8 20:16 slaves
-rw-r-----. 1 root named 2253 Apr 5 2018 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
[root@localhost named]#vi named.youyou
$ORIGIN .
$TTL 86400 ; 1 day
youyou.org IN SOA master.youyou.org. youyou. (
4 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS master.youyou.org.
$ORIGIN youyou.org.
master A 192.168.19.10
www A 192.168.19.10
$TTL 300 ; 5 minutes
xiapi A 192.168.19.100
TXT "00b53119b1889a25dc678beccf9f8a9709"
3. 查看/var/log/messages日志
Nov 19 15:47:18 localhost dhcpd: DHCPDISCOVER from 00:0c:29:44:b1:c0 via ens33
Nov 19 15:47:19 localhost dhcpd: DHCPREQUEST for 192.168.19.130 (192.168.19.254) from 00:0c:29:44:b1:c0 via ens33: unknown lease 192.168.19.130.
Nov 19 15:47:19 localhost dhcpd: DHCPOFFER on 192.168.19.100 to 00:0c:29:44:b1:c0 via ens33
Nov 19 15:50:19 localhost dhcpd: DHCPDISCOVER from 00:0c:29:44:b1:c0 via ens33
Nov 19 15:50:20 localhost dhcpd: DHCPOFFER on 192.168.19.100 to 00:0c:29:44:b1:c0 via ens33
Nov 19 15:50:20 localhost dhcpd: DHCPREQUEST for 192.168.19.100 (192.168.19.10) from 00:0c:29:44:b1:c0 via ens33
Nov 19 15:50:20 localhost dhcpd: DHCPACK on 192.168.19.100 to 00:0c:29:44:b1:c0 via ens33
Nov 19 15:50:20 localhost named[7406]: client @0x7efbec0b7690 192.168.19.10#57978/key xiapi: signer "xiapi" approved
Nov 19 15:50:20 localhost named[7406]: client @0x7efbec0b7690 192.168.19.10#57978/key xiapi: updating zone 'youyou.org/IN': adding an RR at 'xiapi.youyou.org' A 192.168.19.100
Nov 19 15:50:20 localhost named[7406]: client @0x7efbec0b7690 192.168.19.10#57978/key xiapi: updating zone 'youyou.org/IN': adding an RR at 'xiapi.youyou.org' TXT "00b53119b1889a25dc678beccf9f8a9709"
Nov 19 15:50:20 localhost dhcpd: Added new forward map from xiapi.youyou.org to 192.168.19.100
Nov 19 15:50:20 localhost named[7406]: client @0x7efbeeeb8ac0 192.168.19.10#34495/key xiapi: signer "xiapi" approved
Nov 19 15:50:20 localhost named[7406]: client @0x7efbeeeb8ac0 192.168.19.10#34495/key xiapi: updating zone '19.168.192.in-addr.arpa/IN': deleting rrset at '100.19.168.192.in-addr.arpa' PTR
Nov 19 15:50:20 localhost named[7406]: client @0x7efbeeeb8ac0 192.168.19.10#34495/key xiapi: updating zone '19.168.192.in-addr.arpa/IN': adding an RR at '100.19.168.192.in-addr.arpa' PTR xiapi.youyou.org.
Nov 19 15:50:20 localhost named[7406]: zone 19.168.192.in-addr.arpa/IN: sending notifies (serial 3)
Nov 19 15:50:20 localhost dhcpd: Added reverse map from 100.19.168.192.in-addr.arpa. to xiapi.youyou.org