Cv5lw : 1 version importée

2024-02-01T09:10:26Z

1 version importée

← Version précédente	Version du 1 février 2024 à 11:10
(Aucune différence)

2024>WikiSysop le 17 mars 2010 à 16:06

2010-03-17T16:06:20Z

Nouvelle page

[[category:5_minutes]]
[[category:Linux]]
=Prérequis=
Installation d'une centos 5.1
==Réseau==
Pendant l'installation:
ip 192.168.0.20/24
passerelle 192.168.0.5
dns 192.168.0.1

==Package==
Cochez le package serveur , vous pouvez garder gnome si la machine est suffisament performante.
Vous pourrez alors ajouter l'interface graphique de gestion dns.

Attention: le daemon dns redhat est '''named''' pas '''bind''' (debian)

Après l'installation, lancer les mises à jour
yum update
Installer le serveur DHCP
yum install DHCP

=Installation du DNS=
Rq: Si vous avez coché serveur dans les packages, le service dns est installé en mode chrooté.
yum install bind bind-chroot bind-libs bind-utils

==Commençons par installé la clé permettant au dhcp de mettre à jour le dns==

On suppose que l'on est connecté en session ROOT.

===genDDNSkey.sh===
Commençons par créer par winscp ou par la commande touch, le fichier genDDNSkey.sh comme ci-dessous:

<pre>
#!/bin/bash

progname=$(basename $0)

keyfile_default=/etc/named.keys
keyname_default=DHCP_UPDATER
random_dev_default=/dev/random
force=false

function usage
{
cat 1>&2 <<- EOF

Usage:

$progname <options>

Options:

-f|--key-file <FILENAME> key is written to this file (default: $keyfile_default)
-n|--key-name <NAME> name of the key (default: $keyname_default)
-r|--random random device to use (default: $random_dev_default)
--force overwrite an existing key file
--help print usage info

See /usr/share/doc/packages/dhcp-server/DDNS-howto.txt (in dhcp-server package) about
configuration of a DHCP server to do DDNS updates.

EOF
exit 1
}

while [ $# -ge 1 ]; do
case "$1" in
"")
;;

-f|--key-file)
shift
KEYFILE=${1:?option requires an argument} ;;

-n|--key-name)
shift
KEYNAME=${1:?option requires an argument} ;;

-r|--random)
shift
RANDOM_DEV=${1:?option requires an argument} ;;

--force)
force=true ;;

-h|--help|*)
usage ;;

esac
shift
done

: ${KEYFILE:=$keyfile_default}
: ${KEYNAME:=$keyname_default}
: ${RANDOM_DEV:=$random_dev_default}

if ! $force; then
if [ -e $ROOT/$KEYFILE ]; then
echo >&2 $KEYFILE exists, use --force to overwrite
exit 1
fi
fi

# This is where the keys are created
cd $ROOT/$(dirname $KEYFILE)

# determine the BIND version
if [ -f /usr/sbin/rndc ]; then
bind9=true
elif [ -f /usr/sbin/ndc ]; then
bind9=false
else
echo could not determine the BIND version. Exiting.
exit 1
fi

umask 600

# generate a 512 bit HMAC-MD5 Zone (DNS validation) key
if $bind9; then
keyfile=$(/usr/sbin/dnssec-keygen -a hmac-md5 -b 512 -r ${RANDOM_DEV} -n user ${KEYNAME})
else
keyfile=$(/usr/sbin/dnskeygen -H 512 -z -c -n ${KEYNAME})
# dhskeygen has (had) a weekness, it puts one key into a world readable file
# (see http://xforce.iss.net/alerts/advise78.php)
chmod 600 $keyfile*
fi
# now we've got files like these:
# -rw------- 1 root root 77 Sep 11 01:03 K${KEYNAME}+157+00000.private
# -rw-r--r-- 1 root root 58 Sep 11 01:03 K${KEYNAME}+157+00000.key
#
# ---------- -----
# name key id
#
# ---
# 157 is short
# for hmac-md5
echo $keyfile

# read the secret
while read line; do
case $line in
Key:*) secret=${line#* }
esac
done < $keyfile.private

cat >$KEYFILE <<-EOF

# generated by $(basename $0) on $(date)

key ${KEYNAME} {
$(if $bind9; then
echo "algorithm hmac-md5;"
else
echo "algorithm HMAC-MD5.SIG-ALG.REG.INT;"
fi)
secret "$secret";
};

EOF

# set permissions
chown root.named $KEYFILE
chmod 640 $KEYFILE

</pre>

===Génération de la clé===
Exécutez le après avoir modifier les droits si besoin
chmod a+rwx genddnskey.sh
./genddnskey.sh

Copie dans le répertoire de named
cp /etc/named.keys /var/named/chroot/etc/*.*

=Mise en place du serveur DNS=
==Prèrequis==

DNS & DHCP Server IP: 192.168.0.20

DNS & DHCP Serveur NetbiosName: centodns.squalebis.local
Passerelle: 192.168.0.5

DNS domaine: squalebis.local

===Modification fichier /etc/hosts===
<pre>
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.0.20 centodns.squalebis.local centodns
</pre>

===Modification du /etc/resolv.conf===
<pre>
search squalebis.local
nameserver 192.168.0.20
nameserver 192.168.0.1
</pre>

Rq: 192.168.0.1 est l'adresse d'un deuxième serveur dns

===named.conf===

Editer /var/named/chroot/etc/named.conf

<pre>
# Include file with key
#################################################
include "/etc/named.keys";

# Access Control Lists
#################################################
acl mynet {
192.168.0.0/24;
127.0.0.1;
};

# Various Options
#################################################
options {
directory "/var/named";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
forwarders {
192.168.0.1;
};
};

# Misc zone declarations
#################################################
zone "localhost" in {
type master;
file "localhost.zone";
};

#zone "0.0.127.in-addr.arpa" in {
# type master;
# file "127.0.0.zone";
#};

#zone "." in {
# type hint;
# file "root.hint";
#};

# Forward squalebis.local zone declaration
#################################################
zone "squalebis.local" {
type master;
file "squalebis.local.hosts";
allow-update { key DHCP_UPDATER; };
allow-query { mynet; };
allow-transfer { mynet; };
};

# Reverse squalebis.local zone declaration
#################################################
zone "0.168.192.in-addr.arpa" {
type master;
file "0.168.192.rev";
allow-update { key DHCP_UPDATER; };
allow-query { mynet; };
allow-transfer { mynet; };
};
</pre>

=Mise en place du serveur DHCP=

Editer le fichier /etc/dhcpd.conf

<pre>
allow unknown-clients;
ddns-rev-domainname "squalebis.local";
server-name "centodns.squalebis.local";
use-host-decl-names on;
option time-servers 192.168.0.1;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
option routers 192.168.0.5;
# File with key we shall use to securely update zone files
###########################################################
include "/etc/named.keys";

# Our server is authority
#########################################################
server-identifier squalebis.local;
authoritative;

# Fedora 's DDNS Zone
zone squalebis.local. {
primary 192.168.0.20;
key DHCP_UPDATER;
}

default-lease-time 86400;
max-lease-time 172800;

option domain-name "squalebis.local";
option domain-name-servers 192.168.0.20;

allow client-updates;
ddns-domainname "squalebis.local";
ddns-updates on;
ddns-update-style interim;

# Declaration of network properties ( range ... )
# Fedora 's DDNS Zone
subnet 192.168.0.0 netmask 255.255.255.0 {
max-lease-time 172800;
default-lease-time 86400;
next-server centodns.squalebis.local;
authoritative;
allow client-updates;
allow unknown-clients;
ddns-updates on;
ddns-rev-domainname "squalebis.local";
ddns-domainname "squalebis.local";
server-name "centodns.squalebis.local";
range dynamic-bootp 192.168.0.40 192.168.0.50;
zone squalebis.local {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
option subnet-mask 255.255.255.0;
option routers 192.168.0.5;
one-lease-per-client on;
group {
ddns-rev-domainname "squalebis.local";
ddns-domainname "squalebis.local";
server-name "centodns.squalebis.local";
max-lease-time 172800;
default-lease-time 86400;
allow client-updates;
allow unknown-clients;
ddns-updates on;
use-host-decl-names on;
}
}

</pre>

=Zones dns=
==zone directe==
Editer /var/named/chroot/var/named/squalebis.local.hosts

<pre>
$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
squalebis.local IN SOA centodns.squalebis.local. pascal.localhost. (
1135926781 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
38400 ; minimum (10 hours 40 minutes)
)
NS centodns.squalebis.local.
</pre>

==zone indirecte==
Editer /var/named/chroot/var/named/0.168.192.rev

<pre>
$ttl 38400
0.168.192.in-addr.arpa. IN SOA centodns.squalebis.local. pascal.localhost. (
1135926872
10800
3600
604800
38400 )
0.168.192.in-addr.arpa. IN NS centodns.squalebis.local.
20 IN PTR centodns.squalebis.local.
</pre>

=Droits et permissions=

<pre>
chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
chown -R named:named /var/named/chroot/etc
chown -R named:named /var/named/chroot/var
chmod -R u+rwx /var/named/chroot/etc
chmod -R u+rwx /var/named/chroot/var
</pre>

=Redémarrage=

/etc/init.d/dhcpd start
/etc/init.d/named start

Pour automatiser, vous pouvez utiliser
* chkconfig --levels 235 named on
* chkconfig --levels 235 dhcpd on

Pour vérifier, utiliser les commandes dig et nslookup.

De plus dans le fichier de zone directe vous aurez des infos du type
<pre>
$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
squalebis.local IN SOA centodns.squalebis.local. paul.localhost. (
1135926781 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
38400 ; minimum (10 hours 40 minutes)
)
NS centodns.squalebis.local.
$ORIGIN 0.168.192.squalebis.local.
$TTL 43200 ; 12 hours
49 PTR PC-de-Pascal.squalebis.local.
50 PTR pascal-desktop.squalebis.local.
$ORIGIN squalebis.local.
$TTL 38400 ; 10 hours 40 minutes
centodns A 192.168.0.20
$TTL 43200 ; 12 hours
pascal-desktop A 192.168.0.50
TXT "0008a2e805741f6a976160879ec3100f72"
PC-de-Pascal A 192.168.0.49
TXT "31fe3de152485e4a0a58ec86aa35c8b655"
</pre>
=Personnalisations=
Dans toutes les fichiers précédents remplacer par vos valeurs les données suivantes=

domaine dns
squalebis.local -->

nom netbios
centodns -->

adresse ip du serveur dns
192.168.0.20 -->

adresse ip d'un autre serveur dns (pas le secondaire, mais un dns sachant résoudre le net)
192.168.0.1 -->

Passerelle
192.168.0.5 -->

Zones
0.168.192.in-addr.arpa --> par exemple 0.30.21.10
et le pointeur dns dans cette zone, voir la dernière ligne (20 IN PTR)

Ddns et dhcp sur centos 5 - Historique des versions

Cv5lw : 1 version importée

2024>WikiSysop le 17 mars 2010 à 16:06

Cv5lw : 1 version importée