Services DHCP et DNS dynamique
Transcription
Services DHCP et DNS dynamique
Services DHCP et DNS dynamique Environnement de test : Mandrake 10.0 (noyau 2.6.3), DHCP 3 et BIND 9.2 I. Génération des clés cryptés avec Webmin Serveur Bind Setup RNDC puis aller dans clé DNS pour récupérer la chaine cryptée; ex : "W/Ho7530vE1l1NjVQNxkzA=="; Contenu du /etc/rndc.conf (généré automatiquement par Webmin) # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "W/Ho7530vE1l1NjVQNxkzA=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf Configuration du /etc/rndc.key key "rndc-key" { algorithm hmac-md5 ; secret "W/Ho7530vE1l1NjVQNxkzA=="; }; II. Configuration du /etc/dhcpd.conf (les parties liées au DNS dynamique sont surlignées) option domain-name "home.net"; ddns-update-style interim; ignore client-updates; subnet 192.168.0.0 netmask 255.255.255.0 { authoritative; option domain-name-servers 192.168.0.207, 192.168.2.254; option routers 192.168.0.207; range dynamic-bootp 192.168.0.10 192.168.0.20; } key rndc-key { algorithm hmac-md5; secret "W/Ho7530vE1l1NjVQNxkzA=="; } zone home.net. { primary 127.0.0.1; key rndc-key; } III. Configuration du /etc/named.conf (les parties liées au DNS dynamique sont surlignées) : options { directory "/var/named"; pid-file "/var/run/named/named.pid"; Allow-query { 127.0.0.0/8; 192.168.0.0/24; 192.168.2.0/24;}; query-source address * port 53; listen-on port 53 { 127.0.0.1; 192.168.0.207 ;}; }; key rndc-key { algorithm hmac-md5; secret "W/Ho7530vE1l1NjVQNxkzA=="; }; acl "home" { 192.168.0.0/24; 127.0.0.1;}; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; }; }; zone "localhost" { type master; file "db.localhost"; }; zone "0.0.127.in-addr.arpa" { type master; file "db.127.0.0.1"; allow-transfer { 127.0.0.1; }; notify no; }; // Zone de recherche home.net zone "home.net" { type master; file "db.home.net"; allow-update {key rndc-key;}; }; zone "0.168.192.in-addr.arpa" { type master; file "db.home.net.rev"; allow-update {key rndc-key;}; }; Attention : le répertoire /var/named doit avoir les propriétaires (named:named) Configuration de /var/named/db.home.net (named:named) $ORIGIN . $TTL 864 home.net ; 14 minutes 24 seconds IN SOA home.net. mdkphp.home.net. ( 2000111400 108 36 6048 864 ) NS mdkphp.home.net. $ORIGIN home.net. $TTL 21600 ; 6 hours vm2k-poste1 A 192.168.0.19 TXT "31f5cff3428b6d1226a7e7d0c1891685e1" vm98 A 192.168.0.20 TXT "31c4f3e58f234e764b898277562ec068c8" dhcp.home.net. IN A 192.168.0.207 mdkphp.home.net. IN A 192.168.0.207 messages d'erreur dans /var/log/messages Jan 27 06:55:59 mdkPHP named[4599]: starting BIND 9.2.3 -u named Jan 27 06:55:59 mdkPHP named[4599]: using 1 CPU Jan 27 06:55:59 mdkPHP named[4599]: loading configuration from '/etc/named.conf' Jan 27 06:55:59 mdkPHP named[4599]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 27 06:55:59 mdkPHP named[4599]: listening on IPv4 interface eth1, 192.168.0.207#53 Jan 27 06:55:59 mdkPHP named[4599]: command channel listening on 127.0.0.1#953 Jan 27 06:55:59 mdkPHP named[4599]: couldn't open pid file '/var/run/named.pid': File exists Jan 27 06:54:12 mdkPHP named[4512]: couldn't open pid file '/var/run/named.pid': Permission denied Jan 27 06:55:59 mdkPHP named[4599]: exiting (due to early fatal error) la lecture du message d'erreur implique 2 actions correctrices : vérifier que /var/run/named appartient à named:named avec des droits en écriture, puis supprimer named.pid messages dhcpd/named dans /var/log/messages Jan 27 06:59:58 mdkPHP dhcpd: DHCPDISCOVER from 00:0c:29:96:89:52 via eth1 Jan 27 06:59:59 mdkPHP dhcpd: DHCPOFFER on 192.168.0.20 to 00:0c:29:96:89:52 (vm98) via eth1 Jan 27 06:59:59 mdkPHP named[4686]: client 127.0.0.1#1051: updating zone 'home.net/IN': adding an RR Jan 27 06:59:59 mdkPHP named[4686]: client 127.0.0.1#1051: updating zone 'home.net/IN': adding an RR Jan 27 06:59:59 mdkPHP named[4686]: journal file db.home.net.jnl does not exist, creating it Jan 27 06:59:59 mdkPHP named[4686]: zone home.net/IN: sending notifies (serial 2000111384) Jan 27 06:59:59 mdkPHP dhcpd: Added new forward map from vm98.home.net to 192.168.0.20 Jan 27 06:59:59 mdkPHP named[4686]: received notify for zone 'home.net' Jan 27 06:59:59 mdkPHP dhcpd: unable to add reverse map from 20.0.168.192.in-addr.arpa. to vm98.home.net: not authorized Jan 27 06:59:59 mdkPHP dhcpd: DHCPREQUEST for 192.168.0.20 (192.168.0.207) from 00:0c:29:96:89:52 (vm98) via eth1 Jan 27 06:59:59 mdkPHP dhcpd: DHCPACK on 192.168.0.20 to 00:0c:29:96:89:52 (vm98) via eth1 Jan 27 07:04:48 mdkPHP named[4686]: client 127.0.0.1#1052: updating zone 'home.net/IN': deleting an RR Jan 27 07:04:48 mdkPHP named[4686]: zone home.net/IN: sending notifies (serial 2000111385)