搭建簡單的DDNS服務(wù)器

1、搭建簡單的 DDNS 服務(wù)器版本:2文檔:Yunlin Fang日期:7 Nov, 2009Blog :MSN :GTalk :環(huán)境OS:Red Hat Enterprise Linux 5 update 4前言在 baidu 上搜 DDNS ,很多地方把 DDNS 解釋為 DHCP + DNS,其實(shí)這是牽強(qiáng)附會(huì)。 DDNS 是 Dynamic Domain Name Server的簡稱。 DHCP 分配 IP 的時(shí)候更新 DNS 服務(wù)器域名解析記錄,這 就是 DDNS 所做的事情,而是否更新客戶端的 hostname 顯示倒是其次。操作這是 DNS 服務(wù)器的環(huán)境:rootserver # c

2、at /etc/sysconfig/networkNETWORKING=yesNETWORKING_IPV6=norootserver # cat /etc/sysconfig/network-scripts/ifcfg-eth0# Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+DEVICE=eth0BOOTPROTO=staticHWADDR=54:52:00:4F:D5:68ONBOOT=yesrootserver # ifconfigeth0 Link encap:Ethernet HWaddr 54:52:00:4F:D5:6

3、8inet6 addr: fe80:5652:ff:fe4f:d568/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:280 errors:0 dropped:0 overruns:0 frame:0TX packets:232 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:24404 (23.8 KiB TX bytes:31850 (31.1 KiBInterrupt:10lo Link

4、encap:Local Loopbackinet6 addr: :1/128 Scope:HostUP LOOPBACK RUNNING MTU:16436 Metric:1RX packets:180 errors:0 dropped:0 overruns:0 frame:0TX packets:180 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:14680 (14.3 KiB TX bytes:14680 (14.3 KiBrootserver #安裝配置 DNS 服務(wù)器rootserve

5、r # cd /misc/cd/Server1:bind # 33%2:bind-chroot # 67%3:caching-nameserver # 100%rootserver Server# cd /var/named/chroot/etc/rootserver etc# lsrootserver etc# mv named.caching-nameserver.conf named.confrootserver etc# ln -s /var/named/chroot/etc/named.conf /etc/named.confrootserver etc# ln -s /var/na

6、med/chroot/etc/named.zones /etc/named.zonesrootserver etc#這是我的 named.conf 和 named.zones 配置named.confrootserver etc# cat named.confoptions listen-on-v6 port 53 :1; ;directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;memstatistics-file /var/nam

7、ed/data/named_mem_stats.txt;allow-query localhost; ; ;allow-query-cache localhost; ; ;logging channel default_debug file data/named.run;severity dynamic;view match-clients localhost; ; ;match-destinations localhost; ;recursion yes;include /etc/named.zones;rootser

8、ver etc#named.zonesrootserver etc# cat named.zoneszone . IN type hint;file named.ca;zone localdomain IN type master;file localdomain.zone;allow-update none; ;zone localhost IN type master;file localhost.zone;allow-update none; ;type master;file named.local;allow-update none; ;allow-update none; ;zon

9、e 255. IN type master;file named.broadcast;allow-update none; ;zone 0. IN type master;file named.zero;allow-update none; ;zone IN type master;allow-update localhost; ;type master;allow-update localhost; ;rootserver etc#對(duì) named.zones 的一些解釋zone IN type maste

10、r;allow-update localhost; ;type master;allow-update localhost; ;這里 allow-update 允許 DHCP 服務(wù)器從本地 IP 來更新 DNS 的解析記錄。如果你的 DNS 和 DHCP 服務(wù)不在同一臺(tái)機(jī)器上,你也可以在 allow-update 里面指定 DHCP 服務(wù)器的 IP 。但是這 樣是不安全的。如果有人惡意把自己的 IP 設(shè)置為該 IP ,則 DNS 服務(wù)器就很容易給入侵。 這是我的域名解析記錄rootserver named# pwd/var/named/chroot/var/namedrootserver na

11、med# ls$TTL86400IN SOAlocalhost root (42; serial (d. adams 3H ; refresh15M ; retry1W ; expiry1D ; minimumIN NSlocalhostrootserver named#$TTL86400 IN SOA localhost. root.localhost. (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ; MinimumIN NS localhost.rootserver named#此外對(duì)目錄和文件

12、設(shè)置合適的權(quán)限r(nóng)ootserver named# lltotal 44drwxrwx- 2 named named 4096 Nov 7 10:30 data-rw-r- 1 root named 198 Jul 30 04:10 localdomain.zone-rw-r- 1 root named 195 Jul 30 04:10 localhost.zone-rw-r- 1 root named 427 Jul 30 04:10 named.broadcast-rw-r- 1 root named 1892 Jul 30 04:10 named.ca-rw-r- 1 root named

13、 426 Jul 30 04:10 named.local-rw-r- 1 root named 427 Jul 30 04:10 named.zerodrwxrwx- 2 named named 4096 Jul 27 2004 slaves/var/named/chroot/var/namedrootserver named# chmod g=rwx pwdrootserver named# ll -d .drwxrwx- 4 root named 4096 Nov 7 10:44 .rootserver named#測(cè)試并開啟域名解析服務(wù)rootserver named# service

14、 named restartStopping named: OK Starting named: OK rootserver named# nslookup exitrootserver named# chkconfig -level 35 named onrootserver named#安裝并配置 DHCP 服務(wù)rootserver named# cd /misc/cd/Server1:dhcp # 100%rootserver Server#這是我的 dhcpd.conf 配置rootserver # cat /etc/dhcpd.confddns-update-style interi

15、m;ignore client-updates;option ;option time-offset-18000; # Eastern Standard Timedefault-lease-time 21600;max-lease-time 43200;# - Add by afangzone option server.ddns-hostname = concat(dhcp-, substring( binary-to-ascii(10, 8, -, leased-address , 8, 7;option server.ddns-

16、domainname = config-option domain-name;option host-name = concat(config-option server.ddns-hostname, ., config-option server.ddns-domainname;# - Add endrootserver #對(duì) dhcpd.conf 的配置做一個(gè)解釋zone 對(duì)該地址池設(shè)置正解以及反解主機(jī)option server.ddns-hostname = concat(dhcp-, substring( binary-to-ascii(10, 8, -, leas

17、ed-address , 8, 7;substring 是字符串裁剪函數(shù),格式是 substring(要裁剪的字符串 , 裁剪的起始位置 , 要裁剪的字符串長度 。比如 substring(“believe”, 2, 3,則返回字符串 lie 。binary-to-ascii 可以實(shí)現(xiàn)二進(jìn)制到字符的轉(zhuǎn)換。格式為 binary-to-ascii(轉(zhuǎn)換成幾進(jìn)制 的字符 , 二進(jìn)制里多少位代表一個(gè)數(shù)字 , 轉(zhuǎn)換后數(shù)字之間以什么字符隔開 , 二進(jìn)制原數(shù)據(jù) 。 更多函數(shù)請(qǐng)參考 man dhcp-eval 。option server.ddns-domainname = config-option dom

18、ain-name;設(shè)置 ddns 的域option host-name = concat(config-option server.ddns-hostname, ., config-option server.ddns-domainname;設(shè)置客戶端 hostname 的值。該參數(shù)只影響客戶端,對(duì) DDNS 服務(wù)器的域名正解和 反解沒有絲毫關(guān)系。 DDNS 的精髓就是在分配 IP 給客戶端的時(shí)候,動(dòng)態(tài)的為 DNS 服務(wù)器設(shè)置 IP 對(duì)應(yīng)的域名解析。 而一些庸俗的人要配置 DDNS 的動(dòng)機(jī)只是要讓 DHCP 服務(wù)器來指定客戶端 的 hostname 輸出,如果是這樣,只要指定該參數(shù)以及相關(guān)參數(shù)

19、,就可以了。 什么 DNS 之類都 不用配置。但是我認(rèn)為這種庸俗的動(dòng)機(jī)是不對(duì)的。開啟 dhcpd 服務(wù)rootserver Server# service dhcpd restartShutting down dhcpd: OK Starting dhcpd: OK rootserver Server# chkconfig -level 35 dhcpd onrootserver Server# 這是效果附加內(nèi)容:增加 DDNS 的安全性如果說, DNS 和 DHCP 服務(wù)不在同一臺(tái)機(jī)器上,你也可以在 allow-update 里面指定 DHCP 服務(wù) 器的 IP ,允許該 IP 來更新 DN

20、S 解析記錄。但是這樣是不安全的。如果有人惡意把自己的 IP 設(shè) 置為該 IP ,則 DNS 服務(wù)器就很容易給入侵。我們可以用 key 認(rèn)證方式來解決這個(gè)問題。 環(huán)境在 DNS 服務(wù)器上操作安裝完 bind ,做如下操作rootdns etc# pwd/var/named/chroot/etcrootdns etc# lltotal 48-rw-r-r- 1 root root 405 Nov 5 13:06 localtime-rw-r- 1 root named 1387 Nov 9 14:19 named.conf-rw-r- 1 root named 1191 Nov 9 14:21 named.zones-rw-r- 1 root named 113 Nov 9 14:11 rndc.keyPrivate-key-format: v1.2Algorithm: 157 (HMAC_MD5Key: dHK0KLTIU1I+6S6Y0zE79A=rootdns etc#記住上面的 Key 。這是我的 named.conf 配置algorithm hmac-md5;secret dHK0KLTIU