Ddns et dhcp sur centos 5
Prérequis
[modifier]Installation d'une centos 5.1
Réseau
[modifier]Pendant l'installation: ip 192.168.0.20/24 passerelle 192.168.0.5 dns 192.168.0.1
Package
[modifier]Cochez le package serveur , vous pouvez garder gnome si la machine est suffisament performante. Vous pourrez alors ajouter l'interface graphique de gestion dns.
Attention: le daemon dns redhat est named pas bind (debian)
Après l'installation, lancer les mises à jour
yum update
Installer le serveur DHCP
yum install DHCP
Installation du DNS
[modifier]Rq: Si vous avez coché serveur dans les packages, le service dns est installé en mode chrooté. yum install bind bind-chroot bind-libs bind-utils
Commençons par installé la clé permettant au dhcp de mettre à jour le dns
[modifier]On suppose que l'on est connecté en session ROOT.
genDDNSkey.sh
[modifier]Commençons par créer par winscp ou par la commande touch, le fichier genDDNSkey.sh comme ci-dessous:
#!/bin/bash
progname=$(basename $0)
keyfile_default=/etc/named.keys
keyname_default=DHCP_UPDATER
random_dev_default=/dev/random
force=false
function usage
{
cat 1>&2 <<- EOF
Usage:
$progname <options>
Options:
-f|--key-file <FILENAME> key is written to this file (default: $keyfile_default)
-n|--key-name <NAME> name of the key (default: $keyname_default)
-r|--random random device to use (default: $random_dev_default)
--force overwrite an existing key file
--help print usage info
See /usr/share/doc/packages/dhcp-server/DDNS-howto.txt (in dhcp-server package) about
configuration of a DHCP server to do DDNS updates.
EOF
exit 1
}
while [ $# -ge 1 ]; do
case "$1" in
"")
;;
-f|--key-file)
shift
KEYFILE=${1:?option requires an argument} ;;
-n|--key-name)
shift
KEYNAME=${1:?option requires an argument} ;;
-r|--random)
shift
RANDOM_DEV=${1:?option requires an argument} ;;
--force)
force=true ;;
-h|--help|*)
usage ;;
esac
shift
done
: ${KEYFILE:=$keyfile_default}
: ${KEYNAME:=$keyname_default}
: ${RANDOM_DEV:=$random_dev_default}
if ! $force; then
if [ -e $ROOT/$KEYFILE ]; then
echo >&2 $KEYFILE exists, use --force to overwrite
exit 1
fi
fi
# This is where the keys are created
cd $ROOT/$(dirname $KEYFILE)
# determine the BIND version
if [ -f /usr/sbin/rndc ]; then
bind9=true
elif [ -f /usr/sbin/ndc ]; then
bind9=false
else
echo could not determine the BIND version. Exiting.
exit 1
fi
umask 600
# generate a 512 bit HMAC-MD5 Zone (DNS validation) key
if $bind9; then
keyfile=$(/usr/sbin/dnssec-keygen -a hmac-md5 -b 512 -r ${RANDOM_DEV} -n user ${KEYNAME})
else
keyfile=$(/usr/sbin/dnskeygen -H 512 -z -c -n ${KEYNAME})
# dhskeygen has (had) a weekness, it puts one key into a world readable file
# (see http://xforce.iss.net/alerts/advise78.php)
chmod 600 $keyfile*
fi
# now we've got files like these:
# -rw------- 1 root root 77 Sep 11 01:03 K${KEYNAME}+157+00000.private
# -rw-r--r-- 1 root root 58 Sep 11 01:03 K${KEYNAME}+157+00000.key
#
# ---------- -----
# name key id
#
# ---
# 157 is short
# for hmac-md5
echo $keyfile
# read the secret
while read line; do
case $line in
Key:*) secret=${line#* }
esac
done < $keyfile.private
cat >$KEYFILE <<-EOF
# generated by $(basename $0) on $(date)
key ${KEYNAME} {
$(if $bind9; then
echo "algorithm hmac-md5;"
else
echo "algorithm HMAC-MD5.SIG-ALG.REG.INT;"
fi)
secret "$secret";
};
EOF
# set permissions
chown root.named $KEYFILE
chmod 640 $KEYFILE
Génération de la clé
[modifier]Exécutez le après avoir modifier les droits si besoin
chmod a+rwx genddnskey.sh ./genddnskey.sh
Copie dans le répertoire de named
cp /etc/named.keys /var/named/chroot/etc/*.*
Mise en place du serveur DNS
[modifier]Prèrequis
[modifier]DNS & DHCP Server IP: 192.168.0.20
DNS & DHCP Serveur NetbiosName: centodns.squalebis.local Passerelle: 192.168.0.5
DNS domaine: squalebis.local
Modification fichier /etc/hosts
[modifier]# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.0.20 centodns.squalebis.local centodns
Modification du /etc/resolv.conf
[modifier]search squalebis.local nameserver 192.168.0.20 nameserver 192.168.0.1
Rq: 192.168.0.1 est l'adresse d'un deuxième serveur dns
named.conf
[modifier]Editer /var/named/chroot/etc/named.conf
# Include file with key
#################################################
include "/etc/named.keys";
# Access Control Lists
#################################################
acl mynet {
192.168.0.0/24;
127.0.0.1;
};
# Various Options
#################################################
options {
directory "/var/named";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
forwarders {
192.168.0.1;
};
};
# Misc zone declarations
#################################################
zone "localhost" in {
type master;
file "localhost.zone";
};
#zone "0.0.127.in-addr.arpa" in {
# type master;
# file "127.0.0.zone";
#};
#zone "." in {
# type hint;
# file "root.hint";
#};
# Forward squalebis.local zone declaration
#################################################
zone "squalebis.local" {
type master;
file "squalebis.local.hosts";
allow-update { key DHCP_UPDATER; };
allow-query { mynet; };
allow-transfer { mynet; };
};
# Reverse squalebis.local zone declaration
#################################################
zone "0.168.192.in-addr.arpa" {
type master;
file "0.168.192.rev";
allow-update { key DHCP_UPDATER; };
allow-query { mynet; };
allow-transfer { mynet; };
};
Mise en place du serveur DHCP
[modifier]Editer le fichier /etc/dhcpd.conf
allow unknown-clients;
ddns-rev-domainname "squalebis.local";
server-name "centodns.squalebis.local";
use-host-decl-names on;
option time-servers 192.168.0.1;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
option routers 192.168.0.5;
# File with key we shall use to securely update zone files
###########################################################
include "/etc/named.keys";
# Our server is authority
#########################################################
server-identifier squalebis.local;
authoritative;
# Fedora 's DDNS Zone
zone squalebis.local. {
primary 192.168.0.20;
key DHCP_UPDATER;
}
default-lease-time 86400;
max-lease-time 172800;
option domain-name "squalebis.local";
option domain-name-servers 192.168.0.20;
allow client-updates;
ddns-domainname "squalebis.local";
ddns-updates on;
ddns-update-style interim;
# Declaration of network properties ( range ... )
# Fedora 's DDNS Zone
subnet 192.168.0.0 netmask 255.255.255.0 {
max-lease-time 172800;
default-lease-time 86400;
next-server centodns.squalebis.local;
authoritative;
allow client-updates;
allow unknown-clients;
ddns-updates on;
ddns-rev-domainname "squalebis.local";
ddns-domainname "squalebis.local";
server-name "centodns.squalebis.local";
range dynamic-bootp 192.168.0.40 192.168.0.50;
zone squalebis.local {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
option subnet-mask 255.255.255.0;
option routers 192.168.0.5;
one-lease-per-client on;
group {
ddns-rev-domainname "squalebis.local";
ddns-domainname "squalebis.local";
server-name "centodns.squalebis.local";
max-lease-time 172800;
default-lease-time 86400;
allow client-updates;
allow unknown-clients;
ddns-updates on;
use-host-decl-names on;
}
}
Zones dns
[modifier]zone directe
[modifier]Editer /var/named/chroot/var/named/squalebis.local.hosts
$ORIGIN . $TTL 38400 ; 10 hours 40 minutes squalebis.local IN SOA centodns.squalebis.local. pascal.localhost. ( 1135926781 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 38400 ; minimum (10 hours 40 minutes) ) NS centodns.squalebis.local.
zone indirecte
[modifier]Editer /var/named/chroot/var/named/0.168.192.rev
$ttl 38400
0.168.192.in-addr.arpa. IN SOA centodns.squalebis.local. pascal.localhost. (
1135926872
10800
3600
604800
38400 )
0.168.192.in-addr.arpa. IN NS centodns.squalebis.local.
20 IN PTR centodns.squalebis.local.
Droits et permissions
[modifier]chmod 755 /var/named/ chmod 775 /var/named/chroot/ chmod 775 /var/named/chroot/var/ chmod 775 /var/named/chroot/var/named/ chmod 775 /var/named/chroot/var/run/ chmod 777 /var/named/chroot/var/run/named/ cd /var/named/chroot/var/named/ ln -s ../../ chroot chown -R named:named /var/named/chroot/etc chown -R named:named /var/named/chroot/var chmod -R u+rwx /var/named/chroot/etc chmod -R u+rwx /var/named/chroot/var
Redémarrage
[modifier]/etc/init.d/dhcpd start /etc/init.d/named start
Pour automatiser, vous pouvez utiliser
- chkconfig --levels 235 named on
- chkconfig --levels 235 dhcpd on
Pour vérifier, utiliser les commandes dig et nslookup.
De plus dans le fichier de zone directe vous aurez des infos du type
$ORIGIN . $TTL 38400 ; 10 hours 40 minutes squalebis.local IN SOA centodns.squalebis.local. paul.localhost. ( 1135926781 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 38400 ; minimum (10 hours 40 minutes) ) NS centodns.squalebis.local. $ORIGIN 0.168.192.squalebis.local. $TTL 43200 ; 12 hours 49 PTR PC-de-Pascal.squalebis.local. 50 PTR pascal-desktop.squalebis.local. $ORIGIN squalebis.local. $TTL 38400 ; 10 hours 40 minutes centodns A 192.168.0.20 $TTL 43200 ; 12 hours pascal-desktop A 192.168.0.50 TXT "0008a2e805741f6a976160879ec3100f72" PC-de-Pascal A 192.168.0.49 TXT "31fe3de152485e4a0a58ec86aa35c8b655"
Personnalisations
[modifier]Dans toutes les fichiers précédents remplacer par vos valeurs les données suivantes=
domaine dns
squalebis.local -->
nom netbios
centodns -->
adresse ip du serveur dns
192.168.0.20 -->
adresse ip d'un autre serveur dns (pas le secondaire, mais un dns sachant résoudre le net)
192.168.0.1 -->
Passerelle
192.168.0.5 -->
Zones
0.168.192.in-addr.arpa --> par exemple 0.30.21.10 et le pointeur dns dans cette zone, voir la dernière ligne (20 IN PTR)