arand263: Debian Squeeze : DNS Dynamique

Préparation :

# vim /etc/hosts

127.0.0.1 localhost

127.0.1.1 Server Server.mydomain.org

192.168.0.254 Server Server.mydomain.org

# vim /etc/hostname

Server.mydomain.org

# service hostname.sh start

# hostname –s

Server

# hostname –d

mydomain.org

# hostname –f

Server.mydomain.org

# vim /etc/network/interfaces

auto eth0

iface eth0 inet static

address 192.168.0.254

netmask 255.255.255.0

dns-nameservers 127.0.0.1

dns-search mydomain.org

Nom du serveur : Server (résultat de la commande hostname -s)

Addresse IP : 192.168.0.254

Nom de domaine : mydomain.org (résultat de la commande hostname -d)

Plage d’adresse IP à envoyer : 192.168.0.100 à 192.168.0.200

Installation du DHCP :

# aptitude install dhcp3-server

# vim /etc/dhcp/dhcpd.conf

ddns-update-style none;

option domain-name "mydomain.org";

option domain-name-servers Server.mydomain.org;

default-lease-time 600;

max-lease-time 7200;

authoritative;

log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {

range 192.168.0.100 192.168.0.200;

option routers <default_gateway>;

}

# vim /etc/default/isc-dhcp-server

INTERFACES= ’’eth0’’

Tester les paramètres :

# dhcpd

# /etc/init.d/isc-dhcp-server start

Sortie des logs du serveur dhcp :

Envoyer la sortie des logs vers /var/log/dhcpd.log

# vim /etc/rsyslog.conf

#Ajouter la ligne

local7.* /var/log/dhcpd.log

# invoke-rc.d rsyslog restart

# /etc/init.d/isc-dhcp-server restart

Installation du DNS :

Résolution directe:

# aptitude install bind9 bind9-host bind9utils host

# cp /etc/bind/db.local /etc/bind/db.mydomain.org

# vim /etc/bind/db.mydomain.org

Remplacer localhost par Server.mydomain.org

Et ajouter la ligne :

Server IN A 192.168.0.254

En tout on a:

# cat /etc/bind/db.mydomain.org

$TTL 604800

@ IN SOA Server.mydomain.org. root.Server.mydomain.org. (

2 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 ) ; Negative Cache TTL

@ IN NS Server.mydomain.org.

Server IN A 192.168.0.254

# vim /etc/bind/named.conf.local

zone "mydomain.org" {

type master;

file "/etc/bind/db. mydomain.org ";

};

# vim /etc/resolv.conf

domain mydomain.org

search mydomain.org

nameserver 192.168.0.254

# invoke-rc.d bind9 restart

Test:

# nslookup Server

Résolution inversée:

# cp /etc/bind/db.127 /etc/bind/db.192.168.0

# vim /etc/bind/db.192.168.0

Remplacer localhost par Server.mydomain.org

Et ajouter la ligne :

1 IN PTR Server.mydomain.org

En tout, on a :

$TTL 604800

@ IN SOA mydomain.org. root.mydomain.org. (

1 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 ) ; Negative Cache TTL

@ IN NS mydomain.org.

254 IN PTR mydomain.org.

# vim /etc/bind/named.conf.local

zone "0.168.192.in-addr.arpa" {

type master;

file "/etc/bind/db.192.168.0";

};

# invoke-rc.d bind9 restart

# nslookup 192.168.0.254

Mise à jour dynamique:

Génération de la clé DNS:

# rndc-confgen > /etc/bind/rndc.key

Voir le contenue du fichier /etc/bind/named.conf

# cat /etc/bind/named.conf

include "/etc/bind/named.conf.options";

include "/etc/bind/named.conf.local";

include "/etc/bind/named.conf.default-zones";

# tail /etc/bind/rndc.key >> named.conf

# vim /etc/bind/named.conf

Décommenter les lignes ajoutées sauf la dernière

include "/etc/bind/named.conf.options";

include "/etc/bind/named.conf.local";

include "/etc/bind/named.conf.default-zones";

key "rndc-key" {

algorithm hmac-md5;

secret "XE3biRLBzr/RUPiXy3MDRA==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

# End of named.conf

# vim /etc/bind/rndc.key

Commenter le bloc options :

# Start of rndc.conf

key "rndc-key" {

algorithm hmac-md5;

secret "XE3biRLBzr/RUPiXy3MDRA==";

};

#options {

# default-key "rndc-key";

# default-server 127.0.0.1;

# default-port 953;

#};

# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

# algorithm hmac-md5;

# secret "XE3biRLBzr/RUPiXy3MDRA==";

# };

# controls {

# inet 127.0.0.1 port 953

# allow { 127.0.0.1; } keys { "rndc-key"; };

# };

# End of named.conf

Les zones qui utilisent la clé :

# vim /etc/bind/named.conf.local

Ajouter la ligne suivante dans chaque zone:

allow-update key{rndc-key;};

En tout, on a:

# cat /etc/bind/named.conf.local

zone "mydomain.org" {

type master;

file "/etc/bind/db.mydomain.org";

allow-update {key rndc-key;};

};

zone "0.168.192.in-addr.arpa" {

type master;

file "/etc/bind/db.192.168.0";

allow-update {key rndc-key;};

};

Mise a jour DHCP:

# vim /etc/dhcp/dhcpd.conf

Commenter la ligne : ddns-update-style none ;

Ajouter les lignes suivantes, juste en dessous :

ddns-updates on;

ddns-update-style interim;

ddns-domainname "mydomain.org";

ddns-rev-domainname "in-addr.arpa";

allow client-updates;

Dans la partie subnet :

Ajouter :

include "/etc/bind/rndc.key";

zone mydomain.org {

primary 192.168.0.254;

key rndc-key;

}

zone 0.168.192.in-addr.arpa.{

primary 192.168.0.254;

key rndc-key;

}

En tout, on a:

# cat /etc/dhcp/dhcpd.conf

#ddns-update-style none;

ddns-updates on;

ddns-update-style interim;

ddns-domainname "mydomain.org";

ddns-rev-domainname "in-addr.arpa";

allow client-updates;

option domain-name "mydomain.org";

option domain-name-servers Server.mydomain.org;

default-lease-time 600;

max-lease-time 7200;

authoritative;

log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {

range 192.168.0.100 192.168.0.200;

option routers <default_gateway>;

include "/etc/bind/rndc.key";

zone mydomain.org {

primary 192.168.0.254;

key rndc-key;

}

zone 0.168.192.in-addr.arpa. {

primary 192.168.0.254;

key rndc-key;

}

# chown -R bind:bind /etc/bind

# invoke-rc.d bind9 restart

# invoke-rc.d isc-dhcp-server restart

# tail –f /var/log/syslog

# tail –f /var/log/dhcpd.log

C'est tout!

arand263

lundi 3 octobre 2011

Debian Squeeze : DNS Dynamique – avec mise à jour DHCP

Pages