- Linux Networking Cookbook
- Gregory Boyce
- 616字
- 2021-07-02 16:32:46
Configuring dynamic DNS on your local network
Right now you get your IP address configured automatically via DHCP and you're able to resolve DNS records from the internet via your DNS server. With the use of Dynamic DNS, you can also leverage your DNS server to address your local systems by name as well.
How to do it…
Let's configure dynamic DNS on your local network:
- First, we need to configure your bind instance to host DNS for your internal domain, as well as reverse DNS for your IP range. For our example, we'll use a domain of
example.org:zone "example.org" { type master; notify no; file "/var/lib/bind/example.org.db"; } zone "0.168.192.in-addr.arpa" { type master; notify no; file "/var/lib/bind/rev.1.168.192.in-addr.arpa"; }; - Next we populate the zone in
example.org.db:example.org. IN SOA router.example.org. admin.example.org. ( 2015081401 28800 3600 604800 38400 ) example.org. IN NS ns1.example.org. router IN A 192.168.1.1
- Then we populate the reverse zone in
rev.1.168.192.in-addr.arpa:@ IN SOA ns1.example.org. admin.example.org. ( 2006081401 28800 604800 604800 86400 ) IN NS ns1.example.org. 1 IN PTR router.example.org.
- In order to connect the DHCP and DNS services, we need to generate a HMAC key for securing the communication. This can be completed by executing
dnssec-keygen -a HMAC-SHA512 -b 512 -r /dev/urandom -n USER DDNS. This command will generate a pair of files namedKddns_update.+NNN+NNNNN.privateandKddns_update.+NNN+NNNNN.key. - Create a file called
ddns.keyand insert the following content with<key>replaced by the string markedKey:in the.privatefile:key DDNS { algorithm HMAC-SHA512; secret "<key>"; }; - Copy
ddns.keyto both/etc/dhcpand/etc/bindwith the proper permissions using the following:# install -o root -g bind -m 0640 ddns.key \ /etc/bind/ddns.key # install -o root -g root -m 0640 ddns.key \ /etc/dhcp/ddns.key
- Tell bind about the DDNS updating key by adding it to
/etc/bind/named.conf.local:include "/etc/bind/ddns.key";
- Then tell bind to allow updating of the zones you previously created by adding an allow-update entry to your zones so that they look similar to the following:
zone "example.org" { type master; notify no; file "/var/lib/bind/example.org.db"; allow-update { key DDNS; }; } - Now we need to update the DHCP server to have it hand out your nameserver instead of Google's and send hostname updates to your DNS server using the correct key:
option domain-name "example.org"; option domain-name-servers 192.168.1.1; default-lease-time 600; max-lease-time 7200; authoritative; ddns-updates on; ddns-update-style interim; ignore client-updates; update-static-leases on; include "/etc/dhcp/ddns.key"; subnet 10.0.0.0 netmask 255.255.255.0 { range 10.0.0.10 10.0.0.100; option routers 10.0.0.1; } zone EXAMPLE.ORG. { primary 127.0.0.1; key DDNS; } zone 2.168.192.in-addr.arpa. { primary 127.0.0.1; key DDNS; }
How it works…
Bind/named supports the ability to dynamically update DNS records through the use of clients, which are configured to sign the update messages using HMAC. The server is able to validate the authenticity of the messages by performing the same hashing operation that the client had performed with the same shared key. If the hash value sent by the client with the message matches the hash value calculated locally by the server, then we know that the client and server both have the same shared key.
This dynamic update feature can be leveraged to create/modify DNS records on the fly using the nsupdate command. In our case, we're going to have ISC DHCPD send the update commands directly, as new hosts are found.
As a system requests an IP address through the DHCP protocol, the client includes its hostname as a part of the initial discovery request. This hostname is recorded as a part of the lease. When ISC DHCP is set up for DDNS, it issues a DNS update request to the configured DNS server. Now your system is resolvable by other clients, at least until its lease expires.
- Python爬蟲開發(fā):從入門到實(shí)戰(zhàn)(微課版)
- JavaScript+jQuery網(wǎng)頁特效設(shè)計(jì)任務(wù)驅(qū)動教程(第2版)
- Java EE 8 Application Development
- 快人一步:系統(tǒng)性能提高之道
- 軟件測試實(shí)用教程
- C# and .NET Core Test Driven Development
- Python語言科研繪圖與學(xué)術(shù)圖表繪制從入門到精通
- Android Sensor Programming By Example
- C語言程序設(shè)計(jì)
- Learning Unreal Engine Game Development
- 計(jì)算機(jī)常用算法與程序設(shè)計(jì)教程(第2版)
- C#從入門到精通(微視頻精編版)
- Python編程基礎(chǔ)與數(shù)據(jù)分析
- 精通Rust(第2版)
- iOS程序員面試筆試真題與解析