-leliel-
01.06.03, 22:23
Hi,
ich versuch seit heute nachmittag, einen dhcp und dns server auf zu setzen. :(
namensaufloesung geht, bei den servern, die ich in die zonefiles eingetragen habe ... dhcp ipvergabe geht auch ... nur dynamic update, also ddns geht nicht. :(
eventuell hab ich ja was uebersehen ... :confused:
quellen: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
http://www.ibiblio.org/pub/Linux/docs/HOWTO/DNS-HOWTO
http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/DHCP
kernellog
Jun 1 22:05:02 [named] starting BIND 9.2.2 -u named -n 1
Jun 1 22:05:02 [named] using 1 CPU
Jun 1 22:05:02 [named] loading configuration from '/etc/bind/named.conf'
Jun 1 22:05:02 [named] listening on IPv4 interface lo, 127.0.0.1#53
Jun 1 22:05:02 [named] command channel listening on 127.0.0.1#953
Jun 1 22:05:02 [named] zone 127.in-addr.arpa/IN: loaded serial 2002081601
Jun 1 22:05:02 [named] zone 30.172.in-addr.arpa/IN: loaded serial 2003060101
Jun 1 22:05:02 [named] zone l-c-f.lan/IN: loaded serial 2003060101
Jun 1 22:05:02 [named] zone localhost/IN: loaded serial 2002081601
Jun 1 22:05:02 [named] running
Jun 1 22:05:04 [dhcpd] Internet Software Consortium DHCP Server V3.0pl2
Jun 1 22:05:04 [dhcpd] Copyright 1995-2003 Internet Software Consortium.
Jun 1 22:05:04 [dhcpd] All rights reserved.
Jun 1 22:05:04 [dhcpd] For info, please visit http://www.isc.org/products/DHCP
Jun 1 22:05:04 [dhcpd] Internet Software Consortium DHCP Server V3.0pl2
Jun 1 22:05:04 [dhcpd] Copyright 1995-2003 Internet Software Consortium.
Jun 1 22:05:04 [dhcpd] All rights reserved.
Jun 1 22:05:04 [dhcpd] For info, please visit http://www.isc.org/products/DHCP
Jun 1 22:05:04 [dhcpd] Wrote 1 leases to leases file.
Jun 1 22:05:04 [dhcpd] Listening on LPF/eth0/00:0a:e6:45:8d:f8/172.30
Jun 1 22:05:04 [dhcpd] Sending on LPF/eth0/00:0a:e6:45:8d:f8/172.30
Jun 1 22:05:04 [dhcpd] Sending on Socket/fallback/fallback-net
named.conf
options {
directory "/etc/bind/";
listen-on-v6 { none; };
listen-on { any; };
# auth-nxdomain no;
forwarders {
172.30.0.1;
194.25.2.129;
};
pid-file "/var/run/named/named.pid";
};
key l-c-f.lan {
algorithm HMAC-MD5;
secret "xxx";
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/zones/root.hints";
};
zone "localhost" IN {
type master;
file "pri/localhost";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127";
allow-update { none; };
notify no;
};
zone "l-c-f.lan" IN {
type master;
file "/etc/bind/zones/l-c-f.lan";
allow-update {
key l-c-f.lan;
};
notify no;
};
zone "30.172.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/172.30";
allow-update {
key l-c-f.lan;
};
notify no;
};
logging {
category dnssec { security_log; };
category update { security_log; };
category security { security_log; };
channel security_log {
file "dns-security.log" versions 5 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
};
zones/l-c-f.lan
$TTL 1W
@ IN SOA ns.localhost. root.localhost. (
2003060101 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns1.l-c-f.lan.
IN NS ns2.l-c-f.lan.
; Servers
localhost IN A 127.0.0.1
www IN A 172.30.0.1
gateway IN A 172.30.0.1
TXT "highway to hell"
ns1 IN A 172.30.0.1
ns2 IN A 172.30.1.2
smtp IN A 172.30.1.2
imap IN A 172.30.1.2
ftp IN A 172.30.1.3
teamspeak IN A 172.30.1.3
; Workstations
zones/172.30
$ORIGIN 30.172.in-addr.arpa.
$TTL 1W
@ 1D IN SOA l-c-f.lan. root.l-c-f.lan. (
2003060101 ; serial
3H ; refresh
15M ; retry
2W ; expiry
1D ) ; minimum
IN NS ns1.l-c-f.lan.
IN NS ns2.l-c-f.lan.
; Servers
1.0 PTR gateway.l-c-f.lan.
1.0 PTR ns1.l-c-f.lan.
2.1 PTR ns2.l-c-f.lan.
2.1 PTR ldap.l-c-f.lan.
2.1 PTR imap.l-c-f.lan.
2.1 PTR smtp.l-c-f.lan.
3.1 PTR www.l-c-f.lan.
3.1 PTR ftp.l-c-f.lan.
3.1 PTR teamspeak.l-c-f.lan.
; Workstations
dhcpd.conf
#
# Sample configuration file for ISC dhcpd for Debian
#
# $Id: dhcpd.conf,v 1.4 2002/05/05 21:28:06 peloy Exp $
#
key l-c-f.lan {
algorithm HMAC-MD5;
secret "xxx";
}
zone 30.172.in-addr.arpa {
key l-c-f.lan;
}
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style interim;
allow-client-updates;
ddns-domainname "l-c-f.lan";
ddns-rev-domainname "l-c-f.lan";
# option definitions common to all supported networks...
option domain-name "l-c-f.lan";
option domain-name-servers ns1.l-c-f.lan, ns2.l-c-f.lan;
option subnet-mask 255.255.0.0;
option routers gateway.l-c-f.lan;
option netbios-name-servers ns2.l-c-f.lan;
default-lease-time 3600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
shared-network 172.30 {
option broadcast-address 172.30.255.255;
option subnet-mask 255.255.0.0;
subnet 172.30.0.0 netmask 255.255.0.0 {
range dynamic-bootp 172.30.5.1 172.30.5.220;
default-lease-time 3600;
max-lease-time 7200
}
}
versionen:
bind-9.2.2
dhcp-3.0_p2
bind-tools-9.2.2;
danke schonmal. :)
ich versuch seit heute nachmittag, einen dhcp und dns server auf zu setzen. :(
namensaufloesung geht, bei den servern, die ich in die zonefiles eingetragen habe ... dhcp ipvergabe geht auch ... nur dynamic update, also ddns geht nicht. :(
eventuell hab ich ja was uebersehen ... :confused:
quellen: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
http://www.ibiblio.org/pub/Linux/docs/HOWTO/DNS-HOWTO
http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/DHCP
kernellog
Jun 1 22:05:02 [named] starting BIND 9.2.2 -u named -n 1
Jun 1 22:05:02 [named] using 1 CPU
Jun 1 22:05:02 [named] loading configuration from '/etc/bind/named.conf'
Jun 1 22:05:02 [named] listening on IPv4 interface lo, 127.0.0.1#53
Jun 1 22:05:02 [named] command channel listening on 127.0.0.1#953
Jun 1 22:05:02 [named] zone 127.in-addr.arpa/IN: loaded serial 2002081601
Jun 1 22:05:02 [named] zone 30.172.in-addr.arpa/IN: loaded serial 2003060101
Jun 1 22:05:02 [named] zone l-c-f.lan/IN: loaded serial 2003060101
Jun 1 22:05:02 [named] zone localhost/IN: loaded serial 2002081601
Jun 1 22:05:02 [named] running
Jun 1 22:05:04 [dhcpd] Internet Software Consortium DHCP Server V3.0pl2
Jun 1 22:05:04 [dhcpd] Copyright 1995-2003 Internet Software Consortium.
Jun 1 22:05:04 [dhcpd] All rights reserved.
Jun 1 22:05:04 [dhcpd] For info, please visit http://www.isc.org/products/DHCP
Jun 1 22:05:04 [dhcpd] Internet Software Consortium DHCP Server V3.0pl2
Jun 1 22:05:04 [dhcpd] Copyright 1995-2003 Internet Software Consortium.
Jun 1 22:05:04 [dhcpd] All rights reserved.
Jun 1 22:05:04 [dhcpd] For info, please visit http://www.isc.org/products/DHCP
Jun 1 22:05:04 [dhcpd] Wrote 1 leases to leases file.
Jun 1 22:05:04 [dhcpd] Listening on LPF/eth0/00:0a:e6:45:8d:f8/172.30
Jun 1 22:05:04 [dhcpd] Sending on LPF/eth0/00:0a:e6:45:8d:f8/172.30
Jun 1 22:05:04 [dhcpd] Sending on Socket/fallback/fallback-net
named.conf
options {
directory "/etc/bind/";
listen-on-v6 { none; };
listen-on { any; };
# auth-nxdomain no;
forwarders {
172.30.0.1;
194.25.2.129;
};
pid-file "/var/run/named/named.pid";
};
key l-c-f.lan {
algorithm HMAC-MD5;
secret "xxx";
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/zones/root.hints";
};
zone "localhost" IN {
type master;
file "pri/localhost";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127";
allow-update { none; };
notify no;
};
zone "l-c-f.lan" IN {
type master;
file "/etc/bind/zones/l-c-f.lan";
allow-update {
key l-c-f.lan;
};
notify no;
};
zone "30.172.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/172.30";
allow-update {
key l-c-f.lan;
};
notify no;
};
logging {
category dnssec { security_log; };
category update { security_log; };
category security { security_log; };
channel security_log {
file "dns-security.log" versions 5 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
};
zones/l-c-f.lan
$TTL 1W
@ IN SOA ns.localhost. root.localhost. (
2003060101 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns1.l-c-f.lan.
IN NS ns2.l-c-f.lan.
; Servers
localhost IN A 127.0.0.1
www IN A 172.30.0.1
gateway IN A 172.30.0.1
TXT "highway to hell"
ns1 IN A 172.30.0.1
ns2 IN A 172.30.1.2
smtp IN A 172.30.1.2
imap IN A 172.30.1.2
ftp IN A 172.30.1.3
teamspeak IN A 172.30.1.3
; Workstations
zones/172.30
$ORIGIN 30.172.in-addr.arpa.
$TTL 1W
@ 1D IN SOA l-c-f.lan. root.l-c-f.lan. (
2003060101 ; serial
3H ; refresh
15M ; retry
2W ; expiry
1D ) ; minimum
IN NS ns1.l-c-f.lan.
IN NS ns2.l-c-f.lan.
; Servers
1.0 PTR gateway.l-c-f.lan.
1.0 PTR ns1.l-c-f.lan.
2.1 PTR ns2.l-c-f.lan.
2.1 PTR ldap.l-c-f.lan.
2.1 PTR imap.l-c-f.lan.
2.1 PTR smtp.l-c-f.lan.
3.1 PTR www.l-c-f.lan.
3.1 PTR ftp.l-c-f.lan.
3.1 PTR teamspeak.l-c-f.lan.
; Workstations
dhcpd.conf
#
# Sample configuration file for ISC dhcpd for Debian
#
# $Id: dhcpd.conf,v 1.4 2002/05/05 21:28:06 peloy Exp $
#
key l-c-f.lan {
algorithm HMAC-MD5;
secret "xxx";
}
zone 30.172.in-addr.arpa {
key l-c-f.lan;
}
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style interim;
allow-client-updates;
ddns-domainname "l-c-f.lan";
ddns-rev-domainname "l-c-f.lan";
# option definitions common to all supported networks...
option domain-name "l-c-f.lan";
option domain-name-servers ns1.l-c-f.lan, ns2.l-c-f.lan;
option subnet-mask 255.255.0.0;
option routers gateway.l-c-f.lan;
option netbios-name-servers ns2.l-c-f.lan;
default-lease-time 3600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
shared-network 172.30 {
option broadcast-address 172.30.255.255;
option subnet-mask 255.255.0.0;
subnet 172.30.0.0 netmask 255.255.0.0 {
range dynamic-bootp 172.30.5.1 172.30.5.220;
default-lease-time 3600;
max-lease-time 7200
}
}
versionen:
bind-9.2.2
dhcp-3.0_p2
bind-tools-9.2.2;
danke schonmal. :)