目标:实现使用DHCP分配client ip的同时向DNS服务器注册一个client域名
1、环境配置
redhat8.6
2、配置DNS服务器
2.1安装软件包
yum install -y bind bind-utils
rpm -ql bind
systemctl restart named
查看53端口是否打开
ss -nutlp
2.2生成动态注册密钥
mkdir /home/dns #创建一个存放密钥的文件夹
cd /home/dns
dnssec-keygen -a HMAC-MD5 -b 128 -n USER admin #admin是用户名称,后面需要用到
2.3配置DNS服务
vim /etc/named.conf
修改以下两个字段
options {
listen-on port 53 { localhost; }; #localhost变量是本机IP地址
......
allow-query { any; }; #any允许所有IP
2.4配置DNS区域
[root@localhost dns]# cat /home/dns/Kadmin.+157+47578.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: /cavyLf1TpoHTC/rIKSqQg== #此处密钥后面要用到
Bits: AAA=
Created: 20240201034227
Publish: 20240201034227
Activate: 20240201034227
配置区域
vim /etc/named.rfc1912.zones
文件加入
key admin {
algorithm hmac-md5;
secret "/cavyLf1TpoHTC/rIKSqQg=="; #密钥
};
zone "bmc.org" { #正向区域
type master;
file "named.bmc";
allow-update { key admin; };
};
zone "1.168.192.in-addr.arpa" { #反向区域
type master;
file "named.192.168.1";
allow-update { key admin; };
};
2.5配置正向区域和反向区域文件
cd /var/named/
cp -a named.loopback named.192.168.1
cp -a named.localhost named.bmc
chown named.named named.192.168.1
chown named.named named.bmc
vim named.bmc
加入以下配置,第二行的bmc.org可以用@代替,不代替有可能会报错
$TTL 86400 ; 1 day
bmc.org IN SOA master.bmc.org. root.bmc.org. (
5 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS master.bmc.org.
master A 192.168.1.100
www A 192.168.1.100
vim named.192.168.1
加入以下配置,第二行的1.168.192.in-addr.arpa可以用@代替,不代替有可能会报错
$TTL 86400 ; 1 day
1.168.192.in-addr.arpa IN SOA 100.1.168.192.in-addr.arpa. root.bmc.org. (
4 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS master.bmc.org.
100 PTR master.bmc.org.
100 PTR www.bmc.org.
2.6启动DNS服务
检查配置文件
named-checkconf
named-checkzone bmc.org named.bmc
启动
systemctl start named
systemctl enable named
2.7 测试正反向解析是否正常
dig www.bmc.org @192.168.1.100
dig -x 192.168.1.100 @192.168.1.100
3、配置DHCP服务
3.1安装软件包并配置DHCP服务
需要配置一个静态IP是192.168.1.100的网口
yum install dhcp-server
vim /etc/dhcp/dhcpd.conf
加入以下配置文件
option domain-name "bmc.org";
option domain-name-servers 192.168.1.100;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim;
ignore client-updates;
key admin {
algorithm HMAC-MD5;
secret "/cavyLf1TpoHTC/rIKSqQg==";
}
zone bmc.org. {
primary 192.168.1.100;
key admin;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.100;
key admin;
}
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.110 192.168.1.120;
option routers 192.168.1.100;
option domain-name "bmc.org";
option domain-name-servers 192.168.1.100;
}
3.2启动DHCP服务
systemctl start dhcpd
4、客户端配置
4.1 配置linux服务器客户端
vim /etc/dhcp/dhclient.conf
加入以下配置文件
send fqdn.fqdn "myserver.bmc.org.";
send fqdn.encoded on;
send fqdn.server-update off;
also request fqdn, dhcp6.fqdn;
4.2 配置主机名并重启获取IP
[root@localhost ~]# hostnamectl set hostname myserver
释放当前IP
dhclient -r
重新获取IP
dhclient
4.3 DNS服务器处查看注册记录
cat /var/log/messages |grep TXT
Feb 2 02:06:01 www named[8603]: client @0x7ff68cbbe2a0 192.168.1.100#37373/key admin: updating zone 'bmc.org/IN': adding an RR at 'myserver.bmc.org' TXT "3115f48c439eea725b85abc466e8f647c1"
可以在linux客户端搭建一个http服务器,使用http://myserver.bmc.org验证能否解析IP,也可以用dig命令检查