In network management, the management of DNS services is a fundamental task. As the size of the user grows, it is not an easy task to manually modify the DNS zone database file frequently. Research on dynamic DNS (DDNS) has gradually attracted people's attention, and different platforms have launched their own solutions. This article will detail the DDNS solution in the Linux environment, that is, the BIND-DNS and the Dynamic Host Configure Protocol (DHCP) developed by the Internet Software Consortium (ISC) work together to implement the DDNS method.
The implementation of dynamic DNS under Linux requires not only the DNS software of Bind 8 or above, but also the version of DHCP Server v3.0 or higher, because only the version of 3.0 or above fully implements DDNS support. Therefore, the implementation environment of this paper uses Slackware Linux 9.0 as the DDNS server, which runs both DNS and DHCP services. The DNS Server uses Bind 9.2.2 and the DHCP Server uses DHCP Server v3.0pl2.
The following is a detailed introduction to the implementation of secure and dynamic DNS in the Linux environment.
Creating a Key
To achieve dynamic DNS updates, the first thing to consider is how to ensure DDNS is securely implemented. The method given by the ISC is to create a key for dynamic update, which is verified by the key when the update is made. In order to do this, you need to run the following command as root:
root@slack9:/etc# dnssec-keygen -a HMAC-MD5 -b 128 -n USER myddns
Kmyddns. +157+37662
The function of the above dnssec-keygen command is to generate an update key, where the parameter -a HMAC-MD5 means that the key generation algorithm uses HMAC-MD5; the parameter -b 128 refers to the key. The number of bits is 128 bits; the parameter -n USER myddns means that the user of the key is myddns.
The pair of key files generated by this command are as follows:
-rw------- 1 root root 48 Jan 14 18:26 Kmyddns.+157+37662.key< Br>
-rw------- 1 root root 81 Jan 14 18:26 Kmyddns.+157+37662.private
You can view the contents of the newly generated key file:
root@slack9:/etc# cat Kmyddns.+157+37662.key
myddns.INKEY02157 4gEF1Mkmn5hrlwYUeGJV3g==
root@slack9:/etc# cat Kmyddns.+157+ 37662.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 4gEF1Mkmn5hrlwYUeGJV3g==
Read this carefully The key file will find that the keys contained in the two files are the same, which is the credential of DHCP for dynamic dynamic update of DNS. This key needs to be added to the DNS and DHCP configuration files respectively.
Modify the DNS main configuration file
After the key is generated, the /etc/named.conf file should be edited and modified. The main purpose is to add the key information to the DNS main configuration. In the file. This article gives an example of the modified /etc/named.conf:
options { directory "/var/named"; file://specifies the directory where the database files are stored}; zone ". " IN { type hint; file "caching-example/named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; } ; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; key myddns { algorithm HMAC-MD5 .SIG-ALG.REG.INT; file://indicates the algorithm for generating the key secret 4gEF1Mkmn5hrlwYUeGJV3g==; file://specifies the key}; zone "tcbuu.cn" IN { type master; file "tcbuu. Cn"; file://forward area file name tcbuu.cn, which will be used later allow-update { key myddns; }; file://indicates key myddns The user who is the key can dynamically update the area <tcbuu.cn” }; zone "1.22.10.in-addr.arpa" IN { type master; file "tcbuu.cn.arpa";//reverse The zone file name tcbuu.cn allow-update { key myddns; }; file://indicates that the user who uses key myddns as the key can dynamically update the zone <1.22.10.in-addr.arpa” };
You can define multiple areas in /etc/named.conf. You can implement dynamic update by adding the allow-update { key myddns; } command in the area that allows dynamic updates, and only have the key myddns entity. In this implementation, the entity is a DHCP server with the same key) to achieve secure dynamic updates to the zone. This method is much safer than the original method of only limiting the IP address.
This completes the configuration of the DNS server, you can run #named to run the DNS service.
Implementing parent and child domains in DNS, and authorizing and forwarding 1: Setting up
Regardless of whether it is on the local area network or the Internet, people are also faced
Whether on the LAN or the Internet, people are also faced with another confusion: computers can only
1. DNS Server Introduction Domain Name System (English: Domain Name System, abbreviation: DNS) is a
Implementing parent and child domains in DNS, as well as authorization and forwarding
Using FastNet99 to set up its own free DNS server
How to set DNS on Linux server
windows2003DNS server configuration [graphic details]
Get the DNS (network domain name) resolution failure at zero start
The role of SPF records in DNS
How does the Win10 system use commands to uninstall its own applications?
How to remove the desktop icon with shadows _ How to remove the icon shadow (a)
Quickly find the Bluetooth option that is not seen in the system.
Linux user and user group settings
Comprehensive analysis of RUNDLL32.EXE file
How to do a speaker with a Win7 notebook? Computer one speaker loss solution
Windows 2008 system how to cancel Ctrl+Alt+Delete key combination login
Win7 changes the default Opera browser method
Win10 modify the local network as a method based on traffic accounting network