这篇文章给大家分享的是有关CentOS 7如何实现DNS+DHCP动态更新的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。
windows域里有一个功能,dhcp把新分发的ip数据发给DNS服务器,这样只要知道一个人的电脑名字就可以很方便的远程。
linux当然也能很好的实现类似的功能。man 5 dhcpd.conf 有详细描述。
昨天运维帮组织线下的沙龙,又拍云的运维总监邵海杨先生分享了一句“千金难买早知道”。是啊,就在实现动态更新的功能上,在网上找了不少博客,照着做又遇到各种问题,最后不不知道到底什么原理实现的。早知道认真看一下man,问题早解决了,对实现的原理也理解得深些。所以,在这个信息爆炸的时代,很多时候真的互联网没有让人更聪明,反而大量的信息经常把人淹没了。技术,还是需要静下心来去钻研的。
dhcp和dns的基本配置资料比较完善,此处不再赘述。有心的朋友认真看一下man 5 dhcpd.conf,瞧一眼下面配置中标红的部分,相信就能搞定了。
另外分享一个dns chroot的流程,先安装 bind,调通named,然后再安装bind-chroot
执行/usr/libexec/setup-named-chroot.sh /var/named/chroot on
停用named,启用named-chroot即可
systemctl disabled named ; systemctl stop namedsystemctl enable named-chroot;systemctl start named-chroot[root@pxe ~]# cat /etc/dhcp/dhcpd.conf ddns-update-style interim; ddns-updates on; do-forward-updates on; allow client-updates; allow bootp; allow booting; #allow client-updates; option space Cisco_LWAPP_AP; option Cisco_LWAPP_AP.server-address code 241 = array of ip-address; option space pxelinux; option pxelinux.magic code 208 = string; option pxelinux.configfile code 209 = text; option pxelinux.pathprefix code 210 = text; option pxelinux.reboottime code 211 = unsigned integer 32; option architecture-type code 93 = unsigned integer 16; subnet 192.168.1.0 netmask 255.255.255.0 { authoritative; option routers 192.168.1.1; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option domain-name "it.lab"; option domain-name-servers 192.168.1.200; range dynamic-bootp 192.168.1.100 192.168.1.199; key SEC_DDNS { algorithm hmac-md5; secret 7ObhTIhKeDFMR2SbbS5s8A==; }; ddns-domainname "it.lab"; zone it.lab.{ primary 192.168.1.200; key SEC_DDNS; } zone 1.168.192.in-addr.arpa.{ primary 192.168.1.200; key SEC_DDNS; } default-lease-time 600; max-lease-time 7200; class "pxeclients" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; next-server 192.168.1.200; if option architecture-type = 00:07 { filename "uefi/syslinux.efi"; } else { filename "bios/pxelinux.0"; } #filename "pxelinux.0"; } }} [root@pxe ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //options { listen-on port 53 { 127.0.0.1;192.168.1.200; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any;}; recursion no; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; };logging { channel default_debug { file "data/named.run"; severity dynamic; }; };zone "." IN { type hint; file "named.ca"; };include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";key SEC_DDNS { algorithm hmac-md5; secret 7ObhTIhKeDFMR2SbbS5s8A==; }; zone "it.lab" IN { type master; file "it.lab.forward"; allow-update { key SEC_DDNS ; }; };zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.reverse"; allow-update { key SEC_DDNS ; }; };感谢各位的阅读!关于“CentOS 7如何实现DNS+DHCP动态更新”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!
