主頁(yè) > 知識(shí)庫(kù) > CentOS 7實(shí)現(xiàn)DNS+DHCP動(dòng)態(tài)更新詳解

CentOS 7實(shí)現(xiàn)DNS+DHCP動(dòng)態(tài)更新詳解
熱門標(biāo)簽:適用的400電話辦理 iphone地圖標(biāo)注我的店鋪 旅游路書地圖標(biāo)注 成都米蘭申請(qǐng) ai智能外呼系統(tǒng)是什么 哪種品牌的400電話申請(qǐng) 百度地圖地圖標(biāo)注客服多少 百度ai電銷機(jī)器人排名 廣東電話機(jī)器人開(kāi)戶

windows域里有一個(gè)功能,dhcp把新分發(fā)的ip數(shù)據(jù)發(fā)給DNS服務(wù)器,這樣只要知道一個(gè)人的電腦名字就可以很方便的遠(yuǎn)程。

linux當(dāng)然也能很好的實(shí)現(xiàn)類似的功能。man 5 dhcpd.conf 有詳細(xì)描述。

昨天運(yùn)維幫組織線下的沙龍,又拍云的運(yùn)維總監(jiān)邵海楊先生分享了一句“千金難買早知道”。是啊,就在實(shí)現(xiàn)動(dòng)態(tài)更新的功能上,在網(wǎng)上找了不少博客,照著做又遇到各種問(wèn)題,最后不不知道到底什么原理實(shí)現(xiàn)的。早知道認(rèn)真看一下man,問(wèn)題早解決了,對(duì)實(shí)現(xiàn)的原理也理解得深些。所以,在這個(gè)信息爆炸的時(shí)代,很多時(shí)候真的互聯(lián)網(wǎng)沒(méi)有讓人更聰明,反而大量的信息經(jīng)常把人淹沒(méi)了。技術(shù),還是需要靜下心來(lái)去鉆研的。

dhcp和dns的基本配置資料比較完善,此處不再贅述。有心的朋友認(rèn)真看一下man 5 dhcpd.conf,瞧一眼下面配置中標(biāo)紅的部分,相信就能搞定了。

另外分享一個(gè)dns chroot的流程,先安裝 bind,調(diào)通named,然后再安裝bind-chroot

執(zhí)行/usr/libexec/setup-named-chroot.sh /var/named/chroot on

停用named,啟用named-chroot即可

systemctl disabled named ; systemctl stop named

systemctl enable named-chroot;systemctl start named-chroot

[root@pxe ~]# cat /etc/dhcp/dhcpd.conf   

        ddns-update-style interim;     

        ddns-updates on;      

        do-forward-updates on;      

        allow client-updates;      

        allow bootp;    

        allow booting;    

        #allow client-updates;

     option space Cisco_LWAPP_AP;   

     option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;    

     option space pxelinux;    

    option pxelinux.magic code 208 = string;    

    option pxelinux.configfile code 209 = text;    

    option pxelinux.pathprefix code 210 = text;    

   option pxelinux.reboottime code 211 = unsigned integer 32;    

   option architecture-type code 93 = unsigned integer 16;

      subnet 192.168.1.0 netmask 255.255.255.0 {   

     authoritative;    

     option routers 192.168.1.1;    

     option subnet-mask 255.255.255.0;    

     option broadcast-address 192.168.1.255;    

     option domain-name "it.lab";    

     option domain-name-servers 192.168.1.200;    

     range dynamic-bootp 192.168.1.100 192.168.1.199;    

        key SEC_DDNS {     

        algorithm hmac-md5;      

        secret 7ObhTIhKeDFMR2SbbS5s8A==;      

        };      

        ddns-domainname "it.lab";      

        zone it.lab.{      

        primary 192.168.1.200;      

        key SEC_DDNS;      

        }      

        zone 1.168.192.in-addr.arpa.{      

        primary 192.168.1.200;      

        key SEC_DDNS;      

        }      

        default-lease-time 600;    

        max-lease-time 7200;

   class "pxeclients" {   

      match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";    

      next-server 192.168.1.200;

      if option architecture-type = 00:07 {   

        filename "uefi/syslinux.efi";      }    

        else {    

        filename "bios/pxelinux.0";      }

        #filename "pxelinux.0";      }   

         }

}   

[root@pxe ~]# cat /etc/named.conf   

//    

// named.conf    

//    

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS    

// server as a caching only nameserver (as a localhost DNS resolver only).    

//    

// See /usr/share/doc/bind*/sample/ for example named configuration files.    

//

options {   

        listen-on port 53 { 127.0.0.1;192.168.1.200; };    

        listen-on-v6 port 53 { ::1; };    

        directory       "/var/named";    

        dump-file       "/var/named/data/cache_dump.db";    

        statistics-file "/var/named/data/named_stats.txt";    

        memstatistics-file "/var/named/data/named_mem_stats.txt";    

        allow-query     { any;};

        /*   

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.    

         - If you are building a RECURSIVE (caching) DNS server, you need to enable    

           recursion.    

         - If your recursive DNS server has a public IP address, you MUST enable access    

           control to limit queries to your legitimate users. Failing to do so will    

           cause your server to become part of large scale DNS amplification    

           attacks. Implementing BCP38 within your network would greatly    

           reduce such attack surface    

        */    

        recursion no;

        dnssec-enable yes;   

        dnssec-validation yes;    

        dnssec-lookaside auto;

        /* Path to ISC DLV key */   

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";   

        session-keyfile "/run/named/session.key";    

};

logging {   

        channel default_debug {    

                file "data/named.run";    

                severity dynamic;    

        };    

};

zone "." IN {   

        type hint;    

        file "named.ca";    

};

include "/etc/named.rfc1912.zones";   

include "/etc/named.root.key";

key SEC_DDNS {     

        algorithm hmac-md5;      

        secret 7ObhTIhKeDFMR2SbbS5s8A==;      

};      

zone "it.lab" IN {    

        type master;    

        file "it.lab.forward";    

       allow-update { key SEC_DDNS ; };    

};

zone "1.168.192.in-addr.arpa" IN {    

        type master;    

        file "1.168.192.reverse";    

        allow-update { key SEC_DDNS ; };     

};

標(biāo)簽:汕頭 大連 遼陽(yáng) 陜西 茂名 玉林 紹興 泰安

巨人網(wǎng)絡(luò)通訊聲明:本文標(biāo)題《CentOS 7實(shí)現(xiàn)DNS+DHCP動(dòng)態(tài)更新詳解》,本文關(guān)鍵詞  CentOS,實(shí)現(xiàn),DNS+DHCP,動(dòng)態(tài),;如發(fā)現(xiàn)本文內(nèi)容存在版權(quán)問(wèn)題,煩請(qǐng)?zhí)峁┫嚓P(guān)信息告之我們,我們將及時(shí)溝通與處理。本站內(nèi)容系統(tǒng)采集于網(wǎng)絡(luò),涉及言論、版權(quán)與本站無(wú)關(guān)。
  • 相關(guān)文章
  • 下面列出與本文章《CentOS 7實(shí)現(xiàn)DNS+DHCP動(dòng)態(tài)更新詳解》相關(guān)的同類信息!
  • 本頁(yè)收集關(guān)于CentOS 7實(shí)現(xiàn)DNS+DHCP動(dòng)態(tài)更新詳解的相關(guān)信息資訊供網(wǎng)民參考!
    • 推薦文章