Eugene: Created page with "Настройка DHCP: Файл "'''''/etc/dhcpd.conf'''''" # dhcpd.conf # # Configuration file for ISC dhcpd (see 'man dhcpd.conf') # # DDNS Key include "/etc/rndc...."

2013-08-20T10:04:29Z

Created page with "Настройка DHCP: Файл "'''''/etc/dhcpd.conf'''''" # dhcpd.conf # # Configuration file for ISC dhcpd (see 'man dhcpd.conf') # # DDNS Key include "/etc/rndc...."

New page

Настройка DHCP:
Файл "'''''/etc/dhcpd.conf'''''"
# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# DDNS Key
include "/etc/rndc.key";

server-identifier server.your.subdomain;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# # have to hack syslog.conf to complete the redirection).
log-facility local7;

use-host-decl-names on;

default-lease-time 2400;
max-lease-time 7200;

# Dynamischer Update DNS, statische Adressen auch im DNS updaten
#
ddns-ttl 3600;
update-static-leases true;
ddns-update-style interim;
ddns-updates on;

# Don't forward DHCP requests from this
# NIC interface to any other NIC
# interfaces
option ip-forwarding off;

# Don't allow clients to update DNS, make the server do it
# based on the hostname passed by the DHCP client:
deny client-updates;

option wpad code 252 = text;

option domain-name "your.subdomain";
option ntp-servers 10.0.0.1;
option smtp-server 10.0.0.1;
option wpad "http://wpad.your.subdomain/proxy.pac";
ddns-domainname "your.subdomain.";
ddns-rev-domainname "in-addr.arpa.";

subnet 10.0.0.0 netmask 255.0.0.0 {
option broadcast-address 10.255.255.255;
option subnet-mask 255.0.0.0;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
host host1 {
hardware ethernet 00:16:36:91:AA:62;
fixed-address 10.0.0.3;
ddns-hostname host1;
}
host host2 {
hardware ethernet 00:0C:29:EA:89:32;
fixed-address 10.0.0.4;
ddns-hostname host2;
}
}

subnet 192.168.2.0 netmask 255.255.255.0 {
option broadcast-address 192.168.2.255;
option subnet-mask 255.255.255.0;
option routers 192.168.2.1;
option domain-name-servers 192.168.2.1;
host wifi-host1 {
hardware ethernet 00:18:fe:25:8b:a0;
fixed-address 192.168.2.3;
ddns-hostname wifi-host2;
}
}

#
# DDNS Zones
zone your.subdomain { primary 127.0.0.1; key "DHCP_UPDATER"; }
zone 10.in-addr.arpa { primary 127.0.0.1; key "DHCP_UPDATER"; }
zone 2.168.192.in-addr.arpa { primary 127.0.0.1; key "DHCP_UPDATER"; }

Настройка DNS:
Файл "'''''/etc/named.conf'''''"
acl "home" {
10.0.0.0/8;
127.0.0.1;
};
acl "internet" {
IP.AD.DRE.SS;
};
acl "vmware" {
172.16.83.0/24;
};
acl "wifi" {
192.168.2.0/24;
};

// Key ( the same as dhcpd.conf )
include "/etc/rndc.key";

options {
listen-on { 127.0.0.1; 10.0.0.1; "internet"; 192.168.2.1; };
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
allow-query { "home"; "internet"; "vmware"; "wifi"; };
allow-transfer { "home"; "internet"; "vmware"; "wifi"; };
query-source address * port 53;
};

// Allow the communication between dhcp and bind
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; 10.0.0.1; 192.168.2.1; } keys { "DHCP_UPDATER"; };
};

logging {
channel update_debug {
file "named-update.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "dns-security.log" versions 5 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
// channel "query_log" {
// // query log go to a separate file
// file "query.log" versions 10 size 500k;
// severity debug;
// print-severity yes;
// print-time yes;
// };
category update { update_debug; };
category security { security_info; };
// category queries { query_log; };
};

//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "caching-example/named.ca";
};

zone "localhost" IN {
type master;
file "caching-example/localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "caching-example/named.local";
allow-update { none; };
};

zone "10.in-addr.arpa" IN {
type master;
file "10.rev";
allow-update { key "DHCP_UPDATER"; };
notify yes;
};

zone "2.168.192.in-addr.arpa" IN {
type master;
file "2.168.192.rev";
allow-update { key "DHCP_UPDATER"; };
notify yes;
};

zone "your.subdomain" IN {
type master;
file "your.subdomain.zone";
allow-update { key "DHCP_UPDATER"; };
notify yes;
};

Файл "'''''/etc/rnd.key'''''":
key "rndc-key" {
algorithm hmac-md5;
secret "RnDcKeY==";
};

key DHCP_UPDATER {
algorithm HMAC-MD5;
secret "DhCpUpDaTeKeY==";
};

Файл "'''/etc/rndc.conf'''":
options {
default-server localhost;
default-key "rndc-key";
};

server localhost {
key "rndc-key";
};

include "/etc/rndc.key";

Оба файла "rndc.key" и "rndc.conf" должны иметь ограниченные права на чтение: только для root'а и named'а.

DDNS+DHCP - Revision history

Eugene: Created page with "Настройка DHCP: Файл "'''''/etc/dhcpd.conf'''''" # dhcpd.conf # # Configuration file for ISC dhcpd (see 'man dhcpd.conf') # # DDNS Key include "/etc/rndc...."