CentOS 7实现DNS+DHCP动态更新详解

CentOS 7实现DNS+DHCP动态更新详解

windows域里有一个功能，dhcp把新分发的ip数据发给DNS服务器，这样只要知道一个人的电脑名字就可以很方便的远程。

linux当然也能很好的实现类似的功能。man 5 nf 有详细描述。

昨天运维帮组织线下的沙龙，又拍云的运维总监邵海杨uo;。是啊，就在实现动态更新的功能上，在网上找了不少博客，照着做又遇到各种问题，最后不不知道到底什么原理实现的。早知道认真看一下man，问题早解决了，对实现的原理也理解得深些。所以，在这个信息爆炸的时代，很多时候真的互联网没有让人更聪明，反而大量的信息经常把人淹没了。技术，还是需要静下心来去钻研的。

dhcp和dns的基本配置资料比较完善，此处不再赘述。有心的朋友认真看一下man 5 nf，瞧一眼下面配置中标红的部分，相信就能搞定了。

另外分享一个dns chroot的流程，先安装 bind,调通named，然后再安装bind-chroot

执行/usr/libexec/ /var/named/chroot on

停用named,启用named-chroot即可

systemctl disabled named ; systemctl stop named

systemctl enable named-chroot;systemctl start named-chroot

[root@pxe ~]# cat /etc/dhcp/nf

ddns-update-style interim;

新疆癫痫病专业医院有哪些

ddns-updates on;

do-forward-updates on;

allow client-updates;

allow bootp;

allow booting;

#allow client-updates;

option space Cisco_LWAPP_AP;

option Cisco_LWAPP_rver-address code 241 = array of ip-address;

option space pxelinux;

option gic code 208 = string;

option nfigfile code 209 = text;

羊角风治疗医院哪家好

option thprefix code 210 = text;

option boottime code 211 = unsigned integer 32;

option architecture-type code 93 = unsigned integer 16;

subnet 192.168.1.0 netmask 255.255.255.0 {

authoritative;

option routers 192.168.1.1;

option subnet-mask 255.255.255.0;

option broa1.255;

option domain-name b;

option domain-name-servers 192.168.1.200;

癫痫病新的治疗方法

range dynamic-bootp 192.168.1.100 192.168.1.199;

key SEC_DDNS {

algorithm hmac-md5;

secret 7ObhTIhKeDFMR2SbbS5s8A==;

};

ddns-domainname b;

zone b.{

primary 192.168.1.200;

key SEC_DDNS;

}

zone pa.{

primary 192.168.1.200;

key SEC_DDNS;

}

default-lease-time 600;

max-lease-time 7200;

class pxeclients {

match if substring (option vendor-class-identifier, 0, 9) = PXEClient;

next-server 192.168.1.200;

if option architecture-type = 00:07 {

filename uefi/i; }

else {

filename bios/pxelinux.0; }

#filename pxelinux.0; }

}

}

[root@pxe ~]# cat /etc/nf

//

// nf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { 127.0.0.1;192.168.1.200; };

listen-on-v6 port 53 { ::1; };

directory /var/named;

dump-file /var/named/data/cache_;

statistics-file /var/named/data/named_t;

memstatistics-file /var/named/data/named_mem_t;

allow-que四川治疗癫痫哪家医院好ry { any;};

/*

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 wi河北教育thin your network would greatly

reduce such attack surface

治癫痫病上哪家医院比较好*/

recursion no;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/*治癫痫的最新方法 Path to ISC DLV key */

bindkeys-file /etc/y;

managed-keys-directory /var/named/dynamic;

pid-file /run/named/d;

session-keyfile /run/named/y;

};

logging {

channel default_debug {

file data/n;

severity dynamic;

};

哪些癫痫医院好

};

zone . IN {

type hint;

file ;

};

include /etc/nes;

include /etc/y;

key SEC_DDNS {

algorithm hmac-md5;

secret 北京治癫痫哪家医院最癫痫去哪里治疗好7ObhTIhKeDFMR2SbbS5s8A==;

};

zone b IN {

type master;

file rward;

allow-update { key SEC_DDNS ; };

};

zone pa IN {

北京癫痫病专科医院哪家最好

type master;

file verse;

allow-update { key SEC_DDNS ; };

};