DDNS+DHCP

From wiki.habital.lv
Jump to navigation Jump to search

Настройка DHCP: Файл "/etc/dhcpd.conf" 

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# DDNS Key
include "/etc/rndc.key";

server-identifier server.your.subdomain;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# # have to hack syslog.conf to complete the redirection).
log-facility local7;

use-host-decl-names on;

default-lease-time 2400;
max-lease-time 7200;

# Dynamischer Update DNS, statische Adressen auch im DNS updaten
#
ddns-ttl 3600;
update-static-leases true;
ddns-update-style interim;
ddns-updates on;

# Don't forward DHCP requests from this
# NIC interface to any other NIC
# interfaces
option ip-forwarding off;

# Don't allow clients to update DNS, make the server do it
# based on the hostname passed by the DHCP client:
deny client-updates;

option wpad code 252 = text;

option domain-name "your.subdomain";
option ntp-servers 10.0.0.1;
option smtp-server 10.0.0.1;
option wpad "http://wpad.your.subdomain/proxy.pac";
ddns-domainname "your.subdomain.";
ddns-rev-domainname "in-addr.arpa.";

subnet 10.0.0.0 netmask 255.0.0.0 {
       option broadcast-address 10.255.255.255;
       option subnet-mask 255.0.0.0;
       option routers 10.0.0.1;
       option domain-name-servers 10.0.0.1;
       host host1 {
               hardware ethernet 00:16:36:91:AA:62;
               fixed-address 10.0.0.3;
               ddns-hostname host1;
       }
       host host2 {
               hardware ethernet 00:0C:29:EA:89:32;
               fixed-address 10.0.0.4;
               ddns-hostname host2;
       }
}

subnet 192.168.2.0 netmask 255.255.255.0 {
       option broadcast-address 192.168.2.255;
       option subnet-mask 255.255.255.0;
       option routers 192.168.2.1;
       option domain-name-servers 192.168.2.1;
       host wifi-host1 {
               hardware ethernet 00:18:fe:25:8b:a0;
               fixed-address 192.168.2.3;
               ddns-hostname wifi-host2;
       }
}

#
# DDNS Zones
zone your.subdomain { primary 127.0.0.1; key "DHCP_UPDATER"; }
zone 10.in-addr.arpa { primary 127.0.0.1; key "DHCP_UPDATER"; }
zone 2.168.192.in-addr.arpa { primary 127.0.0.1; key "DHCP_UPDATER"; }

Настройка DNS: Файл "/etc/named.conf" 

acl "home" {
       10.0.0.0/8;
       127.0.0.1;
};
acl "internet" {
       IP.AD.DRE.SS;
};
acl "vmware" {
       172.16.83.0/24;
};
acl "wifi" {
       192.168.2.0/24;
};

// Key ( the same as dhcpd.conf )
include "/etc/rndc.key";

options {
       listen-on { 127.0.0.1; 10.0.0.1; "internet"; 192.168.2.1; };
       directory "/var/named";
       /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
       allow-query { "home"; "internet"; "vmware"; "wifi"; };
       allow-transfer { "home"; "internet"; "vmware"; "wifi"; };
       query-source address * port 53;
};

// Allow the communication between dhcp and bind
controls {
       inet 127.0.0.1 port 953
       allow { 127.0.0.1; 10.0.0.1; 192.168.2.1; } keys { "DHCP_UPDATER"; };
};

logging {
       channel update_debug {
               file "named-update.log";
               severity debug 3;
               print-category yes;
               print-severity yes;
               print-time yes;
       };
       channel security_info {
               file "dns-security.log" versions 5 size 20m;
               // every time the log grows over 20 Mbyte, it will
               // backup and rollover. Maximum 5 backups will be kept.
               severity info;
               print-category yes;
               print-severity yes;
               print-time yes;
       };
//        channel "query_log" {
//                // query log go to a separate file
//                file "query.log" versions 10 size 500k;
//                severity debug;
//                print-severity yes;
//                print-time yes;
//        };
       category update { update_debug; };
       category security { security_info; };
//        category queries { query_log; };
};

//
// a caching only nameserver config
//
zone "." IN {
       type hint;
       file "caching-example/named.ca";
};

zone "localhost" IN {
       type master;
       file "caching-example/localhost.zone";
       allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
       type master;
       file "caching-example/named.local";
       allow-update { none; };
};

zone "10.in-addr.arpa" IN {
       type master;
       file "10.rev";
       allow-update { key "DHCP_UPDATER"; };
       notify yes;
};

zone "2.168.192.in-addr.arpa" IN {
       type master;
       file "2.168.192.rev";
       allow-update { key "DHCP_UPDATER"; };
       notify yes;
};

zone "your.subdomain" IN {
       type master;
       file "your.subdomain.zone";
       allow-update { key "DHCP_UPDATER"; };
       notify yes;
};

Файл "/etc/rnd.key": 

key "rndc-key" {
       algorithm hmac-md5;
       secret "RnDcKeY==";
};

key DHCP_UPDATER {
       algorithm HMAC-MD5;
       secret "DhCpUpDaTeKeY==";
};

Файл "/etc/rndc.conf": 

options {
       default-server  localhost;
       default-key     "rndc-key";
};

server localhost {
       key     "rndc-key";
};

include "/etc/rndc.key";

Оба файла "rndc.key" и "rndc.conf" должны иметь ограниченные права на чтение: только для root'а и named'а.

Retrieved from "https://wiki.habital.lv/index.php?title=DDNS%2BDHCP&oldid=9"