系統(tǒng)：Red Hat EnterPRise linux 4 AS 4.0實(shí)現(xiàn)：DHCP+DNS

1、生成KEY

# dnssec-keygen -a HMAC-md5 -b 128 -n USER DHCP_UPDATER

這時(shí)當(dāng)前目錄下會(huì)生成Kdhcp_updater.+xxx+xxxxx.key及.private兩個(gè)文件

# cat Kdhcp_updater.+xxx+xxxxx.key

DHCP_UPDATER. IN KEY 0 2 157 qSSpjerAuaPE/X3JJyxSww==

其中qSSpjerAuaPE/X3JJyxSww==下面要用到的

2、DHCP

在dhcpd.conf后加上

# ----------- DDNS -----------------

key DHCP_UPDATER {

algorithm HMAC-MD5;

secret "qSSpjerAuaPE/X3JJyxSww==";

}

zone scott.home. {

primary 127.0.0.1;

key DHCP_UPDATER;

}

ps:PXE安裝中option domain-name及option domain-name-servers前面的“#”也 可以去掉了，因?yàn)橄旅嫖覀儊?lái)設(shè)DNS

3、DNS

# rpm -qa | gerp bind

看有沒(méi)有bind-xx及bind-chroot-xx理論上chroot可以提高安全性但設(shè)置時(shí)繁瑣一點(diǎn)

# rpm -qa | gerp caching-name

看caching-nameserver是否也已經(jīng)裝了，這個(gè)不裝的話就要自己寫(xiě)named.ca等幾個(gè)文 件了

# vi /etc/named.conf 在最后加上

key DHCP_UPDATER {

algorithm HMAC-MD5;

secret "qSSpjerAuaPE/X3JJyxSww==";

};

zone "scott.home" IN {

type master;

file "scott.home.zone";

allow-update { key DHCP_UPDATER; };

};

# cd /var/named/chroot/var/named

# cp localdomain.zone scott.home.zone

# chown named:named scott.home.zone

# cd /var/named/chroot/var

# chown named:named named/

# cd /var/named

# ln -s /var/named/chroot/var/named/scott.home.zone

# vi scott.home.zone (修改成你自己的DNS設(shè)置，不要抄我)

$TTL 86400

@ IN SOA scott.home. root.scott.home. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

@ IN NS scott.home.

@ IN A 192.168.1.100

4、防火墻iptables

# iptables -F

# iptables -P INPUT DROP

# iptables -A INPUT -i lo -j ACCEPT

# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dports 53,953 -j ACCEPT

# iptables -A INPUT -s 192.168.1.0/24 -p udp -m multiport --dports 53,953 -j ACCEPT

# /etc/init.d/iptables save 實(shí)際實(shí)驗(yàn)中可關(guān)閉iptables:service iptables stop

5、啟動(dòng)服務(wù)

# /etc/init.d/dhcpd restart

# chkconfig dhcpd on

# /etc/init.d/named restart

# chkconfig named on

6、測(cè)試（主要講講LINUX,實(shí)驗(yàn)過(guò)程中發(fā)現(xiàn)windows作客戶機(jī)還不行）

在客戶機(jī)上加入一個(gè)文件/etc/dhclient.conf內(nèi)容如下

send fqdn.fqdn "test"; //test為本機(jī)的hostname

send fqdn.encoded on;

send fqdn.server-update off;

運(yùn)行dhclient或重新啟動(dòng)

正常的話DNS服務(wù)器主機(jī)的/var/named/chroot/var/named下會(huì)多出一個(gè)以jnl結(jié)尾的

文件如：scott.home.zone.jnl 這時(shí)ping test.scott.home看看能否PING通

測(cè)試均已通過(guò)。