====== DDNS Service einrichten ======
===== DNS Service =====
Pakete installieren
apt install bind9 bind9utils
/etc/bind/named.conf.options anpassen
acl internals {
// lo adapter
127.0.0.1;
// CIDR for your local networks
192.168.16.0/24;
};
options {
directory "/var/cache/bind";
forwarders {
9.9.9.9;
8.8.8.8;
};
allow-query {
internals;
};
allow-query-cache {
internals;
};
// enables recursive queries but on from our local nets and local hosts
// Do not allow externals to do recursive queries.
recursion yes;
allow-recursion {
internals;
};
allow-transfer {
internals;
};
dnssec-enable no;
dnssec-validation auto;
listen-on-v6 { any; };
};
==== lokale Zonen definieren ====
/etc/bind/named.conf.local erweitern
//
// Do any local configuration here
//
include "/etc/bind/rndc.key";
# Forward zone definition
zone "schubert.home" {
type master;
file "/var/lib/bind/schubert.home.zone";
allow-update { key rndc-key; };
};
# This is the zone definition for reverse DNS. replace 16.168.192 with your network
# address in reverse notation - e.g my network address is 192.168.16
zone "16.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/16.168.192.zone";
allow-update { key rndc-key; };
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
==== forwarding Zone erstellen ====
=== /var/lib/bind/schubert.home.zone erstellen ===
$ORIGIN .
$TTL 907200 ; 1 week 3 days 12 hours
schubert.home IN SOA aps.schubert.home. admin.schubert.home. (
2019092701 ; serial
28800 ; refresh (8 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
38400 ; minimum (10 hours 40 minutes)
)
NS aps.schubert.home.
$ORIGIN schubert.home.
gateway A 192.168.16.1
aps A 192.168.16.2
nas-1 A 192.168.16.4
nas-2 A 192.168.16.5
prn-keller A 192.168.16.7
server A 192.168.16.9
fhem A 192.186.16.11
owserver2 A 192.168.16.12
owserver1 A 192.168.16.128
HM-Lan A 192.168.16.129
hue A 192.168.16.130
icinga CNAME server
www CNAME server
==== Zonendatei für die reverse Zone erstellen ====
=== /var/lib/bind/16.168.192.zone erstellen ===
$ORIGIN .
$TTL 907200 ; 1 week 3 days 12 hours
16.168.192.in-addr.arpa IN SOA server.schubert.home. admin.schubert.home. (
2019024233 ; serial
28800 ; refresh (8 hours)
604800 ; retry (1 week)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS server.schubet.home.
$ORIGIN 16.168.192.in-addr.arpa.
1 PTR gateway.schubert.home.
2 PTR aps.schubert.home.
4 PTR nas-1.schubert.home.
5 PTR nas-2.schubert.home.
7 PTR prn-keller.schubert.home.
9 PTR server.schubert.home.
===== DHCP Server =====
Pakete installieren
apt install isc-dhcp-server
==== DHCP Serice aktivieren ====
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="br1"
INTERFACESv6=""
=== Den keyfile des DNS Servers zum DHCP Server kopieren ===
mkdir -p /etc/dhcp/ddns-keys
cp /etc/bind/rndc.key /etc/dhcp/ddns-keys
==== DHCP-Zonen erstellen und reservierungen anlegen ====
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "schubert.home";
option domain-name-servers aps.schubert.home, gateway.schubert.home;
default-lease-time 21600;
max-lease-time 86400;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-updates on;
ddns-update-style standard;
allow unknown-clients;
use-host-decl-names on;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# This option points to the copy rndc.key we created for bind9.
include "/etc/dhcp/ddns-keys/rndc.key";
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
zone schubert.home. {
primary 192.168.16.2;
key rndc-key;
}
zone 16.168.192.in-addr.arpa. {
primary 192.168.16.2;
key rndc-key;
}
subnet 192.168.16.0 netmask 255.255.255.0 {
range 192.168.16.150 192.168.16.230;
option domain-name-servers 192.168.16.2;
option domain-name "schubert.home";
option domain-search "schubert.home";
option netbios-name-servers 192.168.16.2;
option routers 192.168.16.1;
option ntp-servers 192.168.16.2;
option broadcast-address 192.168.16.255;
option subnet-mask 255.255.255.0;
ddns-domainname "schubert.home.";
ddns-rev-domainname "in-addr.arpa.";
host fb-lisa {
hardware ethernet e8:df:70:f2:a1:ee;
fixed-address 192.168.16.3;
option host-name "fb-lisa";
}
host nas-1 {
hardware ethernet 00:16:01:A5:19:3A;
fixed-address 192.168.16.4;
option host-name "nas-1";
}
....
}
===== DNS und DHCP Services neustarten und kontrollieren =====
==== DNS Service ====
systemctl restart bind9.service; tail -f /var/log/syslog
Sep 29 08:04:39 aps named[6783]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 29 08:04:39 aps named[6783]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 29 08:04:39 aps named[6783]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 29 08:04:39 aps named[6783]: zone 16.168.192.in-addr.arpa/IN: loaded serial 2019024233
Sep 29 08:04:39 aps named[6783]: zone schubert.home/IN: loaded serial 2019092701
Sep 29 08:04:39 aps named[6783]: zone localhost/IN: loaded serial 2
Sep 29 08:04:39 aps named[6783]: all zones loaded
Sep 29 08:04:39 aps named[6783]: running
Sep 29 08:04:39 aps named[6783]: zone 16.168.192.in-addr.arpa/IN: sending notifies (serial 2019024233)
Sep 29 08:04:39 aps systemd[1]: Started BIND Domain Name Server.
Sep 29 08:04:39 aps named[6783]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Sep 29 08:04:39 aps named[6783]: resolver priming query complete
^C
==== DHCP Service ====
service isc-dhcp-server start ; tail -f /var/log/syslog
Sep 29 08:13:01 aps dhcpd[7341]: Internet Systems Consortium DHCP Server 4.4.1
Sep 29 08:13:01 aps dhcpd[7341]: Copyright 2004-2018 Internet Systems Consortium.
Sep 29 08:13:01 aps dhcpd[7341]: All rights reserved.
Sep 29 08:13:01 aps dhcpd[7341]: For info, please visit https://www.isc.org/software/dhcp/
Sep 29 08:13:01 aps dhcpd[7341]: Wrote 0 deleted host decls to leases file.
Sep 29 08:13:01 aps dhcpd[7341]: Wrote 0 new dynamic host decls to leases file.
Sep 29 08:13:01 aps dhcpd[7341]: Wrote 0 leases to leases file.
Sep 29 08:13:01 aps dhcpd[7341]: Server starting service.
Sep 29 08:13:03 aps isc-dhcp-server[7329]: Starting ISC DHCPv4 server: dhcpd.
Sep 29 08:13:03 aps systemd[1]: Started LSB: DHCP server.
Sep 29 08:14:01 aps dhcpd[7341]: DHCPREQUEST for 192.168.16.152 from 6c:19:c0:33:79:7c via br1
Sep 29 08:14:01 aps dhcpd[7341]: DHCPACK on 192.168.16.152 to 6c:19:c0:33:79:7c (iPad-von-Markus) via br1
Sep 29 08:14:01 aps named[6783]: client @0x7f6b781da760 192.168.16.2#45737/key rndc-key: signer "rndc-key" approved
Sep 29 08:14:01 aps named[6783]: client @0x7f6b781da760 192.168.16.2#45737/key rndc-key: updating zone 'schubert.home/IN': adding an RR at 'iPad-von-Markus.schubert.home' A 192.168.16.152
Sep 29 08:14:01 aps named[6783]: client @0x7f6b781da760 192.168.16.2#45737/key rndc-key: updating zone 'schubert.home/IN': adding an RR at 'iPad-von-Markus.schubert.home' DHCID AAEBaxeQMwrAU7AH1/44hEOxUm9ujWlSCcpqnJcY47SB+7E=
Sep 29 08:14:01 aps dhcpd[7341]: Added new forward map from iPad-von-Markus.schubert.home. to 192.168.16.152
Sep 29 08:14:01 aps named[6783]: client @0x7f6b5c00b8b0 192.168.16.2#41191/key rndc-key: signer "rndc-key" approved
Sep 29 08:14:01 aps named[6783]: client @0x7f6b5c00b8b0 192.168.16.2#41191/key rndc-key: updating zone '16.168.192.in-addr.arpa/IN': deleting rrset at '152.16.168.192.in-addr.arpa' PTR
Sep 29 08:14:01 aps named[6783]: client @0x7f6b5c00b8b0 192.168.16.2#41191/key rndc-key: updating zone '16.168.192.in-addr.arpa/IN': adding an RR at '152.16.168.192.in-addr.arpa' PTR iPad-von-Markus.schubert.home.
Sep 29 08:14:01 aps named[6783]: zone 16.168.192.in-addr.arpa/IN: sending notifies (serial 2019024234)
Sep 29 08:14:01 aps dhcpd[7341]: Added reverse map from 152.16.168.192.in-addr.arpa. to iPad-von-Markus.schubert.home.
Sep 29 08:14:04 aps named[6783]: resolver priming query complete
Sep 29 08:14:05 aps named[6783]: resolver priming query complete
==== Test der Services ====
Kontrolle von einem laufenden System aus
root@Vaio-MS:~# nslookup 192.168.16.152 192.168.16.2
Server: 192.168.16.2
Address: 192.168.16.2#53
152.16.168.192.in-addr.arpa name = iPad-von-Markus.schubert.home.
root@Vaio-MS:~# nslookup iPad-von-Markus.schubert.home 192.168.16.2
Server: 192.168.16.2
Address: 192.168.16.2#53
Name: iPad-von-Markus.schubert.home
Address: 192.168.16.152
root@Vaio-MS:~#