工作场景:
位于192.168.100.0/24网中的计算机,请向DHCP服务器请求IP-> DHCP服务器正在用192.168.100.2应答-> DNS服务器从DHCP服务器获取更新一百个testlab.net的请求。区域/ 100.168.192.in-addr.arpa.zone
将计算机移动到192.168.200.0/24 net->使用192.168.200.2的DHCP应答-> DNS服务器收到更新一个200.testlab.net.zone / 200.168.192.in-addr.arpa的请求。区域
我们需要的是,即使将机器移至192.168.200.0/24网络,仍然应该更新onehundred.testlab.net.zone。 我们的某些计算机已在onehundred.testlab.net域中注册,因此DHCP服务器将意识到这一点,并且每次都会请求更新onehundred.testlab.net.zone,即使该计算机实际上使用的是192.168.200.0/24网络和从DHCP获得192.168.200.x ip。 即使这看起来很奇怪,这也是我们想要的。如果计算机使用的是192.168.200.x ip,则DNS拒绝更新onehundred.testlab.net.zone时,就会发生此问题。
示例:
命名为工作:客户端192.168.100.101#58211:客户端127.0.0.1#12637 / key dhcp_key:更新区域'onehundred.testlab.net/IN':在'vm1.onehundred.testlab.net'上添加RR A < / p>
命名错误:客户端192.168.200.101#58211:更新'onehundred.testlab.net/IN'被拒绝
是否可以将DNS配置为接受相邻区域的更新?
named.conf的内容:
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
#
# For any information/description about DNS:
# http://www.zytrax.com/books/dns/
##
# Include can appear anywhere in a named.conf file either inside
# or outside a clause. Allows inclusion of external files into named.conf
# for administrative convenience or security reasons.
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# See also /etc/sysconfig/named
include "/etc/named.conf.include";
# Configures the location, level and type of logging that BIND performs.
# Unless you are using syslog you need a logging statement for BIND.
logging {
channel log_file {
file "/var/log/named.log" versions 5 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel debug_log {
file "debug.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "query.log";
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
# 'default' logs all values which are not explicitly defined in category statements
# i.e. if this is the only category defined it will log all categories listed
# in this table with the exception of queries which are not turned on by default.
# Logs all query transactions.
# Logging of all dynamic update (DDNS) transactions.
# Details of zone transfers the server is receiving.
# Details of zone transfers the server is sending.
category xfer-out {
log_file;
default_syslog;
};
category xfer-in {
log_file;
default_syslog;
};
category update {
log_file;
default_syslog;
};
category queries {
log_file;
};
category default {
log_file;
debug_log;
query_log;
default_syslog;
default_debug;
default_stderr;
};
};
# Groups statements that control generic or global behavior and that have scope
# for all zones and views unless overridden within a zone, views or other clause.
options {
#switch on logging as configured
querylog yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory.
# The pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
zone-statistics yes;
# The listen-on record contains a list of local network interfaces to listen on.
# Optionally the port can be specified. Default is to listen on all interfaces
# found on your system. The default port is 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6 interfaces.
# Allowed values are 'any' and 'none' or a list of addresses.
listen-on-v6 { any; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
# If set to 'only' the server will only forward queries, if set to 'first' (default)
# it will send the queries to the forwarder and if not answered will attempt to answer the query.
#forward first;
# forwarders defines a list of IP address(es) (and optional port numbers)
# to which queries will be forwarded.
include "/etc/named.d/forwarders.conf";
empty-zones-enable no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
#allow dns requested forwarded by foreman, (provision server)
#allow-recursion { 192.168.100.32; };
allow-query { 192.168.0.0/16; 127.0.0.1/8; };
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
file "root.hint";
type hint;
};
zone "localhost" in {
file "localhost.zone";
type master;
};
zone "0.0.127.in-addr.arpa" in {
file "127.0.0.zone";
type master;
};
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
zone "100.168.192.in-addr.arpa" in {
file "dyn/100.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "onehundred.testlab.net" in {
file "dyn/onehundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
zone "200.168.192.in-addr.arpa" in {
file "dyn/200.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "twohundred.testlab.net" in {
file "dyn/twohundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};