国产精品国产三级国产试看,香蕉人精品视频多人免费永久视频,宅男噜噜噜66一区二区,天天插天天射,女人体(1963)菠萝蜜视频,97在线视频人妻无码一区,精品久久久久精品色婷婷综合

CentOS 7實現(xiàn)DNS+DHCP動態(tài)更新詳解

更新時間:2023-09-01 00:24:17作者:未知

CentOS 7實現(xiàn)DNS+DHCP動態(tài)更新詳解

  CentOS 7實現(xiàn)DNS+DHCP動態(tài)更新詳解

windows域里有一個功能,dhcp把新分發(fā)的ip數(shù)據(jù)發(fā)給DNS服務(wù)器,這樣只要知道一個人的電腦名字就可以很方便的遠程。

  linux當(dāng)然也能很好的實現(xiàn)類似的功能。man 5 dhcpd.conf 有詳細描述。

  昨天運維幫組織線下的沙龍,又拍云的運維總監(jiān)邵海楊先生分享了一句“千金難買早知道”。是啊,就在實現(xiàn)動態(tài)更新的功能上,在網(wǎng)上找了不少博客,照著做又遇到各種問題,最后不不知道到底什么原理實現(xiàn)的。早知道認真看一下man,問題早解決了,對實現(xiàn)的原理也理解得深些。所以,在這個信息爆炸的時代,很多時候真的互聯(lián)網(wǎng)沒有讓人更聰明,反而大量的信息經(jīng)常把人淹沒了。技術(shù),還是需要靜下心來去鉆研的。

  dhcp和dns的基本配置資料比較完善,此處不再贅述。有心的朋友認真看一下man 5 dhcpd.conf,瞧一眼下面配置中標(biāo)紅的部分,相信就能搞定了。

  另外分享一個dns chroot的流程,先安裝 bind,調(diào)通named,然后再安裝bind-chroot

  執(zhí)行/usr/libexec/setup-named-chroot.sh /var/named/chroot on

  停用named,啟用named-chroot即可

  systemctl disabled named ; systemctl stop named

  systemctl enable named-chroot;systemctl start named-chroot

  [root@pxe ~]# cat /etc/dhcp/dhcpd.conf

  ddns-update-style interim;

  ddns-updates on;

  do-forward-updates on;

  allow client-updates;

  allow bootp;

  allow booting;

  #allow client-updates;

  option space Cisco_LWAPP_AP;

  option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;

  option space pxelinux;

  option pxelinux.magic code 208 = string;

  option pxelinux.configfile code 209 = text;

  option pxelinux.pathprefix code 210 = text;

  option pxelinux.reboottime code 211 = unsigned integer 32;

  option architecture-type code 93 = unsigned integer 16;

  subnet 192.168.1.0 netmask 255.255.255.0 {

  authoritative;

  option routers 192.168.1.1;

  option subnet-mask 255.255.255.0;

  option broadcast-address 192.168.1.255;

  option domain-name "it.lab";

  option domain-name-servers 192.168.1.200;

  range dynamic-bootp 192.168.1.100 192.168.1.199;

  key SEC_DDNS {

  algorithm hmac-md5;

  secret 7ObhTIhKeDFMR2SbbS5s8A==;

  };

  ddns-domainname "it.lab";

  zone it.lab.{

  primary 192.168.1.200;

  key SEC_DDNS;

  }

  zone 1.168.192.in-addr.arpa.{

  primary 192.168.1.200;

  key SEC_DDNS;

  }

  default-lease-time 600;

  max-lease-time 7200;

  class "pxeclients" {

  match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";

  next-server 192.168.1.200;

  if option architecture-type = 00:07 {

  filename "uefi/syslinux.efi"; }

  else {

  filename "bios/pxelinux.0"; }

  #filename "pxelinux.0"; }

  }

  }

  [root@pxe ~]# cat /etc/named.conf

  //

  // named.conf

  //

  // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

  // server as a caching only nameserver (as a localhost DNS resolver only).

  //

  // See /usr/share/doc/bind*/sample/ for example named configuration files.

  //

  options {

  listen-on port 53 { 127.0.0.1;192.168.1.200; };

  listen-on-v6 port 53 { ::1; };

  directory "/var/named";

  dump-file "/var/named/data/cache_dump.db";

  statistics-file "/var/named/data/named_stats.txt";

  memstatistics-file "/var/named/data/named_mem_stats.txt";

  allow-query { any;};

  /*

  - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

  - If you are building a RECURSIVE (caching) DNS server, you need to enable

  recursion.

  - If your recursive DNS server has a public IP address, you MUST enable access

  control to limit queries to your legitimate users. Failing to do so will

  cause your server to become part of large scale DNS amplification

  attacks. Implementing BCP38 within your network would greatly

  reduce such attack surface

  */

  recursion no;

  dnssec-enable yes;

  dnssec-validation yes;

  dnssec-lookaside auto;

  /* Path to ISC DLV key */

  bindkeys-file "/etc/named.iscdlv.key";

  managed-keys-directory "/var/named/dynamic";

  pid-file "/run/named/named.pid";

  session-keyfile "/run/named/session.key";

  };

  logging {

  channel default_debug {

  file "data/named.run";

  severity dynamic;

  };

  };

  zone "." IN {

  type hint;

  file "named.ca";

  };

  include "/etc/named.rfc1912.zones";

  include "/etc/named.root.key";

  key SEC_DDNS {

  algorithm hmac-md5;

  secret 7ObhTIhKeDFMR2SbbS5s8A==;

  };

  zone "it.lab" IN {

  type master;

  file "it.lab.forward";

  allow-update { key SEC_DDNS ; };

  };

  zone "1.168.192.in-addr.arpa" IN {

  type master;

  file "1.168.192.reverse";

  allow-update { key SEC_DDNS ; };

  };

本文標(biāo)簽: 功能  看一下  早知道  

為您推薦

centos如何安裝桌面快捷方式?(centos 建立桌面快捷)

centos如何安裝桌面快捷方式? centos如何安裝桌面快捷方式? 1.右擊Desktop,點擊"Create Launcher". 2.直接輸入或者Bro

2023-09-01 00:24

CentOS 7實現(xiàn)DNS+DHCP動態(tài)更新詳解

CentOS 7實現(xiàn)DNS+DHCP動態(tài)更新詳解 CentOS 7實現(xiàn)DNS+DHCP動態(tài)更新詳解 windows域里有一個功能,dhcp把新分發(fā)的ip數(shù)據(jù)發(fā)給

2023-09-01 00:24

CentOS命令綜合詳解 centos基本命令

CentOS命令綜合詳解 1,顯示當(dāng)前使用的shell [root@localhost ~]# echo $SHELL 2,顯示當(dāng)前系統(tǒng)使用的所有shell [

2023-09-01 00:23

centos7如何快速啟動應(yīng)用程序?(centos7設(shè)置軟件開機啟動)

centos7如何快速啟動應(yīng)用程序? ? centos7如何快速啟動應(yīng)用程序? 一切不說版本的安裝教程都是耍流氓TT 系統(tǒng):CentOS 7 桌面系統(tǒng)版本:gn

2023-09-01 00:23

CentOS7系統(tǒng)進行IP和主機名的網(wǎng)絡(luò)配置是什么?

CentOS7系統(tǒng)進行IP和主機名的網(wǎng)絡(luò)配置是什么? 提示:Centos7是沒有可視化界面的. 進入登錄界面 賬號輸入root 回車 再輸入上面設(shè)置的root密

2023-09-01 00:23

Centos6.8如何進入救援模式

Centos6.8如何進入救援模式 使用版本:Centos6.8 救援模式有什么作用: ◆可以更改root密碼; ◆恢復(fù)硬盤.文件系統(tǒng)操作; ◆系統(tǒng)啟動不來的時

2023-09-01 00:22