1、實驗拓撲結構
圖1 實驗拓撲圖
2、項目要求
通過系統的搭建,能夠為Web Server動態更新DNS信息。
3、項目開展思路(思維導圖)
圖2 DDNS實驗思維導圖
4、實驗步驟
(1) 基礎網絡搭建
DHCP Server能Ping通DNS Server
圖3 網絡連通測試
(2)在DNS Server上
1)安裝DNS服務
[root@lyy 桌面]# yum install bind -y
2)生成密鑰
[root@lyy 桌面]# mkdir key
[root@lyy 桌面]# cd key/
[root@lyy key]# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST www
Kwww.+157+55680
[root@lyy key]# ls
Kwww.+157+55680.key Kwww.+157+55680.private
[root@lyy key]# cat Kwww.+157+55680.key
www. IN KEY 512 3 157 7mThflorkZ+uJGSGK7XmKxYkDxm+nzP49CITZ+njEmQajyAWkk8lTtpw 8AnC+pMP8hXGu2QK5hf4zlaqf4DzSw==
3)配置主配置文件named.conf
將生成的公鑰(空格去掉)復制到named.conf中,加入key字段
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
};
key www {
algorithm hmac-md5;
secret"7mThflorkZ+uJGSGK7XmKxYkDxm+nzP49CITZ+njEmQajyAWkk8lTtpw8AnC+pMP8hXGu2QK5hf4zlaqf4DzSw==";
};
zone "xh27.com" IN {
type master;
file "named.xh27.com";
allow-update {
key www;
};
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.0";
allow-update {
key www;
};
};
4)添加正解文件
[root@lyy 桌面]# cd /var/named/
[root@lyy named]# touch named.xh27.com
[root@lyy named]# gedit named.xh27.com
$TTL 3H
@ IN SOA master.xh27.com. admin.mail.xh27.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.xh27.com.
master.xh27.com. IN A 192.168.0.253
5)添加反解文件
[root@lyy named]# touch named.192.168.0
[root@lyy named]# gedit named.192.168.0
$TTL 3H
@ IN SOA master.xh27.com. admin.mail.xh27.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master. xh27.com.
253 IN PTR master. xh27.com.
6)防火牆開放53端口
[root@lyy named]# iptables -I INPUT -i eth0 -p udp --dport 53 -j ACCEPT
[root@lyy named]# iptables -I INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
7)設置Selinux
[root@lyy named]# setsebool -P named_write_master_zones=1
//允許動態更新文件的寫入
8)設置文件夾權限
[root@lyy named]# chmod g+w /var/named
[root@lyy named]# chown named /var/named
9)啟動DNS服務
[root@lyy named]# service named start
(3)在DHCP Server上
1)安裝DHCP服務
[root@lyy yum.repos.d]# yum install dhcp -y
2)配置DHCP主配置文件
[root@lyy yum.repos.d]# gedit /etc/dhcp/dhcpd.conf
option domain-name "xh27.com";
option domain-name-servers master.xh27.com;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim;
key www {
algorithm hmac-md5; secret"7mThflorkZ+uJGSGK7XmKxYkDxm+nzP49CITZ+njEmQajyAWkk8lTtpw8AnC+pMP8hXGu2QK5hf4zlaqf4DzSw==";
}
zone xh27.com {
key www;
primary 192.168.0.253;
}
zone 0.168.192.in-addr.arpa {
key www;
primary 192.168.0.253;
}
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.50 192.168.0.150;
option routers 192.168.0.254;
}
3)設置DNS服務器
[root@lyy yum.repos.d]# gedit /etc/resolv.conf
nameserver 192.168.0.253
4)啟動DHCP服務
[root@lyy yum.repos.d]# service dhcpd start
(4)在WEB server上
1)設置主機名
[root@lyy 桌面]# gedit /etc/sysconfig/network
HOSTNAME=www
2)重啟網絡服務
[root@www 桌面]# service network restart
[root@www 桌面]# ifconfig
圖4 WEB Server第一次獲取IP
5、結果檢測
(1)在DHCP Server上
將IP地址分配的范圍從50-150,改為151-200,重啟DHCP服務器
圖5 修改分配的IP范圍
[root@lyy yum.repos.d]# service dhcpd restart
(2)在WEB Server上
1)重啟網絡服務
圖6 WEB Server第二次獲取IP
2)解析www.xh27.com和192.168.0.151
圖7 WEB Server解析域名和IP
(3)在DNS Server上
1)查看獲取的動態更新文件
[root@lyy 桌面]# ll /var/named/
圖 8 DNS查看更新文件
2)查看日志文件
[root@lyy 桌面]# gedit /var/log/messages
圖 9 DNS查看日志文件
【版權所有,轉載請注明原文出處:http://www.cnblogs.com/liaoyuanyang/p/7029234.html 】