Shulou(Shulou.com)06/01 Report--

This article is about how CentOS 7 implements DNS+DHCP dynamic updates. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

There is a function in the windows domain that dhcp sends newly distributed ip data to the DNS server, so that you can easily remotely as long as you know a person's computer name.

Of course, linux can also achieve similar functions very well. Man 5 dhcpd.conf is described in detail.

Yesterday, Mr. Shao Haiyang, director of operation and maintenance, who helped organize the offline salon and filmed the cloud, shared a saying, "it is hard to buy money." Yes, in the realization of dynamic update function, found a lot of blogs on the Internet, followed and encountered a variety of problems, and finally do not know what the principle of the realization. If I had known to take a closer look at man, the problem would have been solved and I had a better understanding of the principle of implementation. Therefore, in this era of information explosion, many times the Internet does not make people smarter, but a large amount of information often inundates people. Technology, or need to calm down to study.

The basic configuration materials of dhcp and dns are relatively complete, so I won't repeat them here. Interested friends take a careful look at man 5 dhcpd.conf, take a look at the red part of the configuration below, and I believe it can be done.

Also share a dns chroot process, first install bind, call named, and then install bind-chroot

Execute / usr/libexec/setup-named-chroot.sh / var/named/chroot on

Disable named and enable named-chroot.

Systemctl disabled named; systemctl stop namedsystemctl enable named-chroot;systemctl start named-chroot [root@pxe ~] # cat / etc/dhcp/dhcpd.conf ddns-update-style interim; ddns-updates on; do-forward-updates on; allow client-updates; allow bootp; allow booting; # allow client-updates; option space Cisco_LWAPP_AP Option Cisco_LWAPP_AP.server-address code 241 = array of ip-address; option space pxelinux; option pxelinux.magic code 208 = string; option pxelinux.configfile code 209 = text; option pxelinux.pathprefix code 21111 = unsigned integer 32; option architecture-type code 93 = unsigned integer 16; subnet 192.168.1.0 netmask 255.255.255.0 {authoritative Option routers 192.168.1.1; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option domain-name "it.lab"; option domain-name-servers 192.168.1.200; range dynamic-bootp 192.168.1.100 192.168.1.199; key SEC_DDNS {algorithm hmac-md5 Secret 7ObhTIhKeDFMR2SbS5s8Anodes;}; ddns-domainname "it.lab"; zone it.lab. {primary 192.168.1.200; key SEC_DDNS;} zone 1.168.192.in-addr.arpa. {primary 192.168.1.200 Key SEC_DDNS;} default-lease-time 600; max-lease-time 7200; class "pxeclients" {match if substring (option vendor-class-identifier, 0,9) = "PXEClient"; next-server 192.168.1.200; if option architecture-type = 00:07 {filename "uefi/syslinux.efi" } else {filename "bios/pxelinux.0";} # filename "pxelinux.0";}} [root@pxe ~] # cat / etc/named.conf / / named.conf / Provided by Red Hat bind package to configure the ISC BIND named (8) DNS / / server as a caching only nameserver (as a localhost DNS resolver only). / See / usr/share/doc/bind*/sample/ for example named configuration files. / / options {listen-on port 53 {127.0.0.1 * 192.168.1.200;}; listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any;}; / *-If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. -If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. -If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface * / recursion no; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; / * Path to ISC DLV key * / bindkeys-file "/ etc/named.iscdlv.key"; managed-keys-directory "/ var/named/dynamic" Pid-file "/ run/named/named.pid"; session-keyfile "/ run/named/session.key";}; logging {channel default_debug {file "data/named.run"; severity dynamic;};}; zone "." IN {type hint; file "named.ca";}; include "/ etc/named.rfc1912.zones"; include "/ etc/named.root.key"; key SEC_DDNS {algorithm hmac-md5; secret 7ObhTIhKeDFMR2SbbS5s8Aids;}; zone "it.lab" IN {type master; file "it.lab.forward"; allow-update {key SEC_DDNS }; zone "1.168.192.in-addr.arpa" IN {type master; file "1.168.192.reverse"; allow-update {key SEC_DDNS;};}; Thank you for reading! This is the end of this article on "how to achieve DNS+DHCP dynamic updates in CentOS 7". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.