动态DNS配置

动态DNS配置 1. 规划域名： hehe.com，主服务器名dns.hehe.com，IP：192.168.1.104，动态IP主机域名：edu.hehe.com 2. 连接实验设备： 3. 配置DHCP服务器，为动态IP主机分配IP地址： 从略 4. 在两个服务器上安装时间服务器NTP #tar –zxvf ntp-4.2.0.tar,gz #cd ntp-4.2.0 #./configure #make #make install #make check #ntpdate –u 129.6.15.28 5. 配置主服务器的DNS服务： 1) 生成数字证书 #dnssec-keygen –a HMAC-MD5 –b 356 –n USER hehe 将数安证书拷贝到/var/named/ 2) 编辑DNS主配置文件，加入粗体部分 #vi /etc/named.conf // generated by named-bootconf.pl // secret must be the same as in /etc/rndc.conf key "key" { algorithm hmac-md5; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; key "hehe" { algorithm hmac-md5; secret "+8gtQoxA+wHTyI6Mx74uK7HmONLr4VMSJcslo/v/mMc="; }; controls { inet 127.0.0.1 allow { any; } keys { "key"; }; }; options { pid-file "/var/run/named/named.pid"; directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; }; zone "hehe.com" { type master; file "hehe.com.dns"; update-policy { grant hehe name edu.hehe.com. A TXT; }; }; 3) 配置DNS解析库文件 #cd /var/named/ #cp named.local hehe.com.dns #vi hehe.com.dns #chown named:named /var/named/ -R $ORIGIN . $TTL 14400 ; 4 hours hehe.com IN SOA dns.hehe.com. luquanfeng.netmed.cn. ( 211060917 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 432000 ; expire (5 days) 38400 ; minimum (10 hours 40 minutes) ) NS dns.hehe.com. $ORIGIN hehe.com. dns IN A 192.168.1.104 4) 重新启动DNS服务 #service named restart 6. 配置客户机的DNS更新文件 #vi dhclient-script #!/bin/bash TTL=3600 SERVER=192.168.1.104 ZONE=hehe.com HOSTNAME=edu.hehe.com. KEYFILE=/var/named/Khehe.+157+05389.private newipadd=`ifconfig |grep Bcast |cut -d: -f2 |cut -d" " -f1` nsupdate -v -k $KEYFILE > /dev/null << EOF server $SERVER zone $ZONE update delete $HOSTNAME A update add $HOSTNAME $TTL A $newipadd send EOF 7. 执行更新 #ntpdate –u 129.6.15.28 #./dnsclient-script