User Tools

Site Tools


admin:tp8

TP8 (DNS & DHCP)

Config Serveur DNS

domain: metal.fr server: immortal (192.168.0.2)

Dans /etc/bind/named.conf.local :

zone "metal.fr" {
        type master;
        file "/etc/bind/db.metal";
};

zone "0.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0.168.192";
};

Dans /etc/bind/db.metal :

; $ORIGIN metal.fr
$TTL	86400
@	IN	SOA	dns1.metal.fr. mailer.metal.fr. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			  86400 )	; Negative Cache TTL
;

@	IN	NS	immortal
@	IN	MX	10	nile

immortal	IN	A	192.168.0.2
syl		IN	A	192.168.0.1
nile		IN	A	192.168.0.3

; alias
mailer		IN	CNAME	nile
dns1		IN	CNAME	immortal

Nota Bene : NS = DNS Server, IN = Internet (optionel), mailer.metal.fr ⇒ mailer@metal.fr (@email du DNS admin)

Dans /etc/bind/db.0.168.192 (reverse) :

; $ORIGIN 0.168.192.in-addr.arpa
$TTL	86400
@	IN	SOA	dns1.metal.fr. mailer.metal.fr. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			  86400 )	; Negative Cache TTL
;

@	IN	NS	dns1.metal.fr.

; reverse
2	IN	PTR	immortal.metal.fr.
1	IN	PTR	syl.metal.fr.
3	IN	PTR	nile.metal.fr.

Vérif Config Serveur :

  $ named-checkzone 0.168.192.in-addr.arpa db.0.168.192
  $ named-checkzone metal.fr db.metal
  $ named-checkconf -z

Démarrage du serveur :

$ /etc/init.d/bind9 restart

Les logs :

$ tail /var/log/syslog 
Config Client DNS

Dans /etc/resolv.conf :

search metal.fr
nameserver 192.168.0.2

Dans /etc/nsswitch.conf :

...
hosts:          files dns
...

Ne pas oublier de redémarrer le daemon nscd.

Test Client, sur syl par exemple :

  $ nslookup nile
  Server:		192.168.0.2
  Address:	192.168.0.2#53
  Name:	nile.metal.fr
  Address: 192.168.0.3

  $ ping nile
  PING nile.metal.fr (192.168.0.3) 56(84) bytes of data.
  64 bytes from nile.metal.fr (192.168.0.3): icmp_seq=1 ttl=64 time=12.8 ms
Config du serveur DHCP

Serveur DHCP su syl.

Configuration sans DNS

Dans /etc/dhcp/dhcpd.conf:

  default-lease-time 600;
  max-lease-time 7200;

  subnet 192.168.0.0 netmask 255.255.255.0 {
    range 192.168.0.10 192.168.0.20;
    option broadcast-address 192.168.0.255;
  }

On démarre le serveur DHCP :

 $/etc/init.d/isc-dhcp-server start

Configuration avec DNS

On suppose le serveur DNS bien configuré sur immortal…

Dans /etc/dhcp/dhcpd.conf (syl), ajouter à la fin :

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.10 192.168.0.30;               # Range of IP addresses to be issued to DHCP clients
  option domain-name "metal.fr";		 # Domain name
  option domain-name-servers 192.168.0.2;        # Default DNS to be used by DHCP clients
  # option routers 192.168.0.254;		 # Default gateway to be used by DHCP clients
  option subnet-mask 255.255.255.0;		 # Default subnet mask to be used by DHCP clients
  option broadcast-address 192.168.0.255;      	 # Default broadcast address to be used by DHCP clients

  host nile {
    hardware ethernet A2:00:00:00:03:00;
    fixed-address 192.168.0.9;
  }

}

On redémarre le serveur DHCP.

Configuration du Client DHCP

Dans /etc/network/interfaces (nile) :

	
auto eth0
iface eth0 inet dhcp

Puis on démarre le client…

$/etc/init.d/networking restart

Ou encore :

  root@nile:~ #dhclient -v

  Listening on LPF/eth0/a2:00:00:00:03:00
  Sending on   LPF/eth0/a2:00:00:00:03:00
  Sending on   Socket/fallback
  DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
  DHCPOFFER from 192.168.0.1
  DHCPREQUEST on eth0 to 255.255.255.255 port 67
  DHCPACK from 192.168.0.1
  bound to 192.168.0.10 -- renewal in 265 seconds.

On peut vérifier les entrées ajoutées dynamiquement sur le serveur DHCP dans le fichier /var/lib/dhcp/dhcpd.leases

Configuration avançée du serveur DHCP

On souhaite maintenant faire en sorte que le serveur DHCP collabore avec le serveur DNS pour mettre à jour automatiquement la liste desnouvelles machines reconnues par DNS.

On utilise le secret définie dans /etc/bind/rndc.key

On modifie la config DHCP du serveur dans /etc/dhcp/dhcpd.conf :

  ddns-update-style interim;
  ddns-updates on;
  deny client-updates;
  ddns-domainname "metal.fr.";
  ddns-rev-domainname "0.168.192.in-addr.arpa.";
  authoritative;

  key "rndc-key" {
    algorithm hmac-md5;
    secret "nnuTF/RJEhvmKhttRzIv8w==";
  }

  zone metal.fr. {
    primary 192.168.0.2;
    key rndc-key;
  }

  zone 0.168.192.in-addr.arpa. {
    primary 192.168.0.2;
    key rndc-key;
  }
  
  subnet 192.168.0.0 netmask 255.255.255.0 {
    range 192.168.0.10 192.168.0.30;               # Range of IP addresses to be issued to DHCP clients
    option domain-name "metal.fr";		   # Domain name
    option domain-name-servers 192.168.0.2;        # Default DNS to be used by DHCP clients
    option subnet-mask 255.255.255.0;		   # Default subnet mask to be used by DHCP clients
    option broadcast-address 192.168.0.255;        # Default broadcast address to be used by DHCP clients
  }

Puis on modifie la config su serveur DNS dans /etc/bind/named.conf.local :

key "rndc-key" {
 algorithm hmac-md5;
 secret "nnuTF/RJEhvmKhttRzIv8w==";
};

zone "metal.fr" {
        type master;
        file "/etc/bind/db.metal";
        allow-update {key "rndc-key"; };
};

zone "0.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0.168.192";
        allow-update {key "rndc-key"; };
};

Ne pas oublier chmod g+wx /etc/bind (pour le group “bind”).

Finalement, côté client DHCP (nile), dans /etc/dhcp/dhclient.conf :

send host-name "ninile";

Puis :

$ dhclient -v
admin/tp8.txt · Last modified: 2024/03/18 15:06 by 127.0.0.1