DDNS实现

1) 本实验中先配置好DHCP/DNS并能够让客户端解析通过

2) 生成ddns秘钥,实现DDNS安全更新
[root@dnsmaster ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n USER ddnskey
Kddnskey.+157+40960

[root@dnsmaster ~]# ls -l K*
-rw------- 1 root root  49 Feb 14 16:33 Kddnskey.+157+40960.key
-rw------- 1 root root 165 Feb 14 16:33 Kddnskey.+157+40960.private

[root@dnsmaster ~]# cat Kddnskey.+157+40960.private 
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: aKs95s9adUbZaLLaSFjclA==
Bits: AAA=
Created: 20200214083359
Publish: 20200214083359
Activate: 20200214083359

3) 配置DNS
[root@dnsmaster ~]# vim /etc/named.conf
options {
        directory       "/var/named";
};

zone "." IN {
        type hint;
        file "named.ca";
};

# 增加key区段
key 1000cc {
        algorithm hmac-md5;
        secret aKs95s9adUbZaLLaSFjclA==;     # 将key复制到此处
};

zone "1000cc.net" IN {
        type master;
        file "1000cc.db";
        allow-update { key 1000cc; };     # 更新时使用key
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@dnsmaster ~]# systemctl restart named

4) 配置DHCP
[root@dhcpsrv ~]# vim /etc/dhcp/dhcpd.conf
option domain-name "1000cc.net";
option domain-name-servers dnsmaster.1000cc.net;
ddns-update-style interim;     # 定义ddns更新类型

default-lease-time 600;
max-lease-time 7200;

subnet 192.168.10.0 netmask 255.255.255.0 {
  range 192.168.10.21 192.168.10.29;
  option routers 192.168.10.1;
}

# 增加key区段
key 1000cc {
        algorithm hmac-md5;
        secret aKs95s9adUbZaLLaSFjclA==;
};

# 定义更新区域
ddns-domainname "1000cc.net";
zone 1000cc.net. {
Primary 192.168.10.12;     # 指定DNS
key 1000cc;     # 指定key
}

[root@dhcpsrv ~]# systemctl restart dhcpd
5) 客户端测试
[root@client ~]# dhclient -v -H client
......
......
bound to 192.168.10.21 -- renewal in 297 seconds.

[root@client ~]# nslookup client.1000cc.net
Server:         192.168.10.12
Address:        192.168.10.12#53

Name:   client.1000cc.net
Address: 192.168.10.21 

6) nmcli设置
[root@client ~]# nmcli con mod eth0 ipv4.dhcp-send-hostname yes

7) 确认DNS数据库生成
[root@dnsmaster ~]# ls -l /var/named/*.jnl
-rw-r--r-- 1 named named 1162 Feb 14 17:34 /var/named/1000cc.db.jnl
-rw-r--r-- 1 named named  512 Feb 14 17:35 /var/named/managed-keys.bind.jnl