DDNS+DHCP

From wiki.habital.lv
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Настройка DHCP: Файл "/etc/dhcpd.conf"

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# DDNS Key
include "/etc/rndc.key";

server-identifier server.your.subdomain;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# # have to hack syslog.conf to complete the redirection).
log-facility local7;

use-host-decl-names on;

default-lease-time 2400;
max-lease-time 7200;

# Dynamischer Update DNS, statische Adressen auch im DNS updaten
#
ddns-ttl 3600;
update-static-leases true;
ddns-update-style interim;
ddns-updates on;

# Don't forward DHCP requests from this
# NIC interface to any other NIC
# interfaces
option ip-forwarding off;

# Don't allow clients to update DNS, make the server do it
# based on the hostname passed by the DHCP client:
deny client-updates;

option wpad code 252 = text;

option domain-name "your.subdomain";
option ntp-servers 10.0.0.1;
option smtp-server 10.0.0.1;
option wpad "http://wpad.your.subdomain/proxy.pac";
ddns-domainname "your.subdomain.";
ddns-rev-domainname "in-addr.arpa.";

subnet 10.0.0.0 netmask 255.0.0.0 {
       option broadcast-address 10.255.255.255;
       option subnet-mask 255.0.0.0;
       option routers 10.0.0.1;
       option domain-name-servers 10.0.0.1;
       host host1 {
               hardware ethernet 00:16:36:91:AA:62;
               fixed-address 10.0.0.3;
               ddns-hostname host1;
       }
       host host2 {
               hardware ethernet 00:0C:29:EA:89:32;
               fixed-address 10.0.0.4;
               ddns-hostname host2;
       }
}

subnet 192.168.2.0 netmask 255.255.255.0 {
       option broadcast-address 192.168.2.255;
       option subnet-mask 255.255.255.0;
       option routers 192.168.2.1;
       option domain-name-servers 192.168.2.1;
       host wifi-host1 {
               hardware ethernet 00:18:fe:25:8b:a0;
               fixed-address 192.168.2.3;
               ddns-hostname wifi-host2;
       }
}

#
# DDNS Zones
zone your.subdomain { primary 127.0.0.1; key "DHCP_UPDATER"; }
zone 10.in-addr.arpa { primary 127.0.0.1; key "DHCP_UPDATER"; }
zone 2.168.192.in-addr.arpa { primary 127.0.0.1; key "DHCP_UPDATER"; }

Настройка DNS: Файл "/etc/named.conf"

acl "home" {
       10.0.0.0/8;
       127.0.0.1;
};
acl "internet" {
       IP.AD.DRE.SS;
};
acl "vmware" {
       172.16.83.0/24;
};
acl "wifi" {
       192.168.2.0/24;
};

// Key ( the same as dhcpd.conf )
include "/etc/rndc.key";

options {
       listen-on { 127.0.0.1; 10.0.0.1; "internet"; 192.168.2.1; };
       directory "/var/named";
       /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
       allow-query { "home"; "internet"; "vmware"; "wifi"; };
       allow-transfer { "home"; "internet"; "vmware"; "wifi"; };
       query-source address * port 53;
};

// Allow the communication between dhcp and bind
controls {
       inet 127.0.0.1 port 953
       allow { 127.0.0.1; 10.0.0.1; 192.168.2.1; } keys { "DHCP_UPDATER"; };
};

logging {
       channel update_debug {
               file "named-update.log";
               severity debug 3;
               print-category yes;
               print-severity yes;
               print-time yes;
       };
       channel security_info {
               file "dns-security.log" versions 5 size 20m;
               // every time the log grows over 20 Mbyte, it will
               // backup and rollover. Maximum 5 backups will be kept.
               severity info;
               print-category yes;
               print-severity yes;
               print-time yes;
       };
//        channel "query_log" {
//                // query log go to a separate file
//                file "query.log" versions 10 size 500k;
//                severity debug;
//                print-severity yes;
//                print-time yes;
//        };
       category update { update_debug; };
       category security { security_info; };
//        category queries { query_log; };
};

//
// a caching only nameserver config
//
zone "." IN {
       type hint;
       file "caching-example/named.ca";
};

zone "localhost" IN {
       type master;
       file "caching-example/localhost.zone";
       allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
       type master;
       file "caching-example/named.local";
       allow-update { none; };
};

zone "10.in-addr.arpa" IN {
       type master;
       file "10.rev";
       allow-update { key "DHCP_UPDATER"; };
       notify yes;
};

zone "2.168.192.in-addr.arpa" IN {
       type master;
       file "2.168.192.rev";
       allow-update { key "DHCP_UPDATER"; };
       notify yes;
};

zone "your.subdomain" IN {
       type master;
       file "your.subdomain.zone";
       allow-update { key "DHCP_UPDATER"; };
       notify yes;
};

Файл "/etc/rnd.key":

key "rndc-key" {
       algorithm hmac-md5;
       secret "RnDcKeY==";
};

key DHCP_UPDATER {
       algorithm HMAC-MD5;
       secret "DhCpUpDaTeKeY==";
};

Файл "/etc/rndc.conf":

options {
       default-server  localhost;
       default-key     "rndc-key";
};

server localhost {
       key     "rndc-key";
};

include "/etc/rndc.key";

Оба файла "rndc.key" и "rndc.conf" должны иметь ограниченные права на чтение: только для root'а и named'а.