docServices DHCP et DNS dynamique
download 
Plainte Transcription
Services DHCP et DNS dynamique
Services DHCP et DNS dynamique
Environnement de test : Mandrake 10.0 (noyau 2.6.3), DHCP 3 et BIND 9.2
I. Génération des clés cryptés
avec Webmin Serveur Bind Setup RNDC
puis aller dans clé DNS pour récupérer la chaine cryptée; ex : "W/Ho7530vE1l1NjVQNxkzA==";
Contenu du /etc/rndc.conf (généré automatiquement par Webmin)
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "W/Ho7530vE1l1NjVQNxkzA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
Configuration du /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5 ;
secret "W/Ho7530vE1l1NjVQNxkzA==";
};
II. Configuration du /etc/dhcpd.conf (les parties liées au DNS dynamique sont surlignées)
option domain-name "home.net";
ddns-update-style interim;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
authoritative;
option domain-name-servers 192.168.0.207, 192.168.2.254;
option routers 192.168.0.207;
range dynamic-bootp 192.168.0.10 192.168.0.20;
}
key rndc-key {
algorithm hmac-md5;
secret "W/Ho7530vE1l1NjVQNxkzA==";
}
zone home.net. {
primary 127.0.0.1;
key rndc-key;
}
III. Configuration du /etc/named.conf (les parties liées au DNS dynamique sont surlignées) :
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
Allow-query { 127.0.0.0/8; 192.168.0.0/24; 192.168.2.0/24;};
query-source address * port 53;
listen-on port 53 { 127.0.0.1; 192.168.0.207 ;};
};
key rndc-key {
algorithm hmac-md5;
secret "W/Ho7530vE1l1NjVQNxkzA==";
};
acl "home" { 192.168.0.0/24; 127.0.0.1;};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};
zone "localhost" {
type master;
file "db.localhost";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0.1";
allow-transfer { 127.0.0.1; };
notify no;
};
// Zone de recherche home.net
zone "home.net" {
type master;
file "db.home.net";
allow-update {key rndc-key;};
};
zone "0.168.192.in-addr.arpa" {
type master;
file "db.home.net.rev";
allow-update {key rndc-key;};
};
Attention : le répertoire /var/named doit avoir les propriétaires (named:named)
Configuration de /var/named/db.home.net (named:named)
$ORIGIN .
$TTL 864
home.net
; 14 minutes 24 seconds
IN
SOA home.net. mdkphp.home.net. (
2000111400
108
36
6048
864 )
NS
mdkphp.home.net.
$ORIGIN home.net.
$TTL 21600
; 6 hours
vm2k-poste1
A
192.168.0.19
TXT
"31f5cff3428b6d1226a7e7d0c1891685e1"
vm98
A
192.168.0.20
TXT
"31c4f3e58f234e764b898277562ec068c8"
dhcp.home.net. IN
A
192.168.0.207
mdkphp.home.net.
IN
A
192.168.0.207
messages d'erreur dans /var/log/messages
Jan 27 06:55:59 mdkPHP named[4599]: starting BIND 9.2.3 -u named
Jan 27 06:55:59 mdkPHP named[4599]: using 1 CPU
Jan 27 06:55:59 mdkPHP named[4599]: loading configuration from '/etc/named.conf'
Jan 27 06:55:59 mdkPHP named[4599]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 27 06:55:59 mdkPHP named[4599]: listening on IPv4 interface eth1, 192.168.0.207#53
Jan 27 06:55:59 mdkPHP named[4599]: command channel listening on 127.0.0.1#953
Jan 27 06:55:59 mdkPHP named[4599]: couldn't open pid file '/var/run/named.pid': File exists
Jan 27 06:54:12 mdkPHP named[4512]: couldn't open pid file '/var/run/named.pid': Permission denied
Jan 27 06:55:59 mdkPHP named[4599]: exiting (due to early fatal error)
la lecture du message d'erreur implique 2 actions correctrices : vérifier que /var/run/named appartient à named:named
avec des droits en écriture, puis supprimer named.pid
messages dhcpd/named dans /var/log/messages
Jan 27 06:59:58 mdkPHP dhcpd: DHCPDISCOVER from 00:0c:29:96:89:52 via eth1
Jan 27 06:59:59 mdkPHP dhcpd: DHCPOFFER on 192.168.0.20 to 00:0c:29:96:89:52 (vm98) via eth1
Jan 27 06:59:59 mdkPHP named[4686]: client 127.0.0.1#1051: updating zone 'home.net/IN': adding an RR
Jan 27 06:59:59 mdkPHP named[4686]: client 127.0.0.1#1051: updating zone 'home.net/IN': adding an RR
Jan 27 06:59:59 mdkPHP named[4686]: journal file db.home.net.jnl does not exist, creating it
Jan 27 06:59:59 mdkPHP named[4686]: zone home.net/IN: sending notifies (serial 2000111384)
Jan 27 06:59:59 mdkPHP dhcpd: Added new forward map from vm98.home.net to 192.168.0.20
Jan 27 06:59:59 mdkPHP named[4686]: received notify for zone 'home.net'
Jan 27 06:59:59 mdkPHP dhcpd: unable to add reverse map from 20.0.168.192.in-addr.arpa. to vm98.home.net: not authorized
Jan 27 06:59:59 mdkPHP dhcpd: DHCPREQUEST for 192.168.0.20 (192.168.0.207) from 00:0c:29:96:89:52 (vm98) via eth1
Jan 27 06:59:59 mdkPHP dhcpd: DHCPACK on 192.168.0.20 to 00:0c:29:96:89:52 (vm98) via eth1
Jan 27 07:04:48 mdkPHP named[4686]: client 127.0.0.1#1052: updating zone 'home.net/IN': deleting an RR
Jan 27 07:04:48 mdkPHP named[4686]: zone home.net/IN: sending notifies (serial 2000111385)
