Services DHCP et DNS dynamique


Environnement de test : Mandrake 10.0 (noyau 2.6.3), DHCP 3 et BIND 9.2


I. Génération des clés cryptés

avec Webmin Serveur Bind Setup RNDC

puis aller dans clé DNS pour récupérer la chaine cryptée; ex : "W/Ho7530vE1l1NjVQNxkzA==";

Contenu du /etc/rndc.conf (généré automatiquement par Webmin)

# Start of rndc.conf

key "rndc-key" {

algorithm hmac-md5;

secret "W/Ho7530vE1l1NjVQNxkzA==";

};

options {

default-key "rndc-key";

default-server 127.0.0.1;

default-port 953;

};

# End of rndc.conf


Configuration du /etc/rndc.key

key "rndc-key" {

algorithm hmac-md5 ;

secret "W/Ho7530vE1l1NjVQNxkzA==";

};


II. Configuration du /etc/dhcpd.conf (les parties liées au DNS dynamique sont surlignées)

option domain-name "home.net";

ddns-update-style interim;

ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {

authoritative;

option domain-name-servers 192.168.0.207, 192.168.2.254;

option routers 192.168.0.207;

range dynamic-bootp 192.168.0.10 192.168.0.20;

}

key rndc-key {

algorithm hmac-md5;

secret "W/Ho7530vE1l1NjVQNxkzA==";

}

zone home.net. {

primary 127.0.0.1;

key rndc-key;

}



III. Configuration du /etc/named.conf (les parties liées au DNS dynamique sont surlignées) :

options {

directory "/var/named";

pid-file "/var/run/named/named.pid";

Allow-query { 127.0.0.0/8; 192.168.0.0/24; 192.168.2.0/24;};

query-source address * port 53;

listen-on port 53 { 127.0.0.1; 192.168.0.207 ;};

};

key rndc-key {

algorithm hmac-md5;

secret "W/Ho7530vE1l1NjVQNxkzA==";

};

acl "home" { 192.168.0.0/24; 127.0.0.1;};

controls {

inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };

};

zone "localhost" {

type master;

file "db.localhost";

};

zone "0.0.127.in-addr.arpa" {

type master;

file "db.127.0.0.1";

allow-transfer { 127.0.0.1; };

notify no;

};

// Zone de recherche home.net

zone "home.net" {

type master;

file "db.home.net";

allow-update {key rndc-key;};

};

zone "0.168.192.in-addr.arpa" {

type master;

file "db.home.net.rev";

allow-update {key rndc-key;};

};

Attention : le répertoire /var/named doit avoir les propriétaires (named:named)

Configuration de /var/named/db.home.net (named:named)

$ORIGIN .

$TTL 864 ; 14 minutes 24 seconds

home.net IN SOA home.net. mdkphp.home.net. (

2000111400

108

36

6048

864 )

NS mdkphp.home.net.

$ORIGIN home.net.

$TTL 21600 ; 6 hours

vm2k-poste1 A 192.168.0.19

TXT "31f5cff3428b6d1226a7e7d0c1891685e1"

vm98 A 192.168.0.20

TXT "31c4f3e58f234e764b898277562ec068c8"

dhcp.home.net. IN A 192.168.0.207

mdkphp.home.net. IN A 192.168.0.207

Configuration de /var/named/db.localhost  (named:named)

$TTL 864
localhost.localhost.    IN    A    127.0.0.1

messages d'erreur dans /var/log/messages

Jan 27 06:55:59 mdkPHP named[4599]: starting BIND 9.2.3 -u named

Jan 27 06:55:59 mdkPHP named[4599]: using 1 CPU

Jan 27 06:55:59 mdkPHP named[4599]: loading configuration from '/etc/named.conf'

Jan 27 06:55:59 mdkPHP named[4599]: listening on IPv4 interface lo, 127.0.0.1#53

Jan 27 06:55:59 mdkPHP named[4599]: listening on IPv4 interface eth1, 192.168.0.207#53

Jan 27 06:55:59 mdkPHP named[4599]: command channel listening on 127.0.0.1#953

Jan 27 06:55:59 mdkPHP named[4599]: couldn't open pid file '/var/run/named.pid': File exists

Jan 27 06:54:12 mdkPHP named[4512]: couldn't open pid file '/var/run/named.pid': Permission denied

Jan 27 06:55:59 mdkPHP named[4599]: exiting (due to early fatal error)


la lecture du message d'erreur implique 2 actions correctrices : vérifier que /var/run/named appartient à named:named avec des droits en écriture, puis supprimer named.pid


messages dhcpd/named dans /var/log/messages


Jan 27 06:59:58 mdkPHP dhcpd: DHCPDISCOVER from 00:0c:29:96:89:52 via eth1

Jan 27 06:59:59 mdkPHP dhcpd: DHCPOFFER on 192.168.0.20 to 00:0c:29:96:89:52 (vm98) via eth1

Jan 27 06:59:59 mdkPHP named[4686]: client 127.0.0.1#1051: updating zone 'home.net/IN': adding an RR

Jan 27 06:59:59 mdkPHP named[4686]: client 127.0.0.1#1051: updating zone 'home.net/IN': adding an RR

Jan 27 06:59:59 mdkPHP named[4686]: journal file db.home.net.jnl does not exist, creating it

Jan 27 06:59:59 mdkPHP named[4686]: zone home.net/IN: sending notifies (serial 2000111384)

Jan 27 06:59:59 mdkPHP dhcpd: Added new forward map from vm98.home.net to 192.168.0.20

Jan 27 06:59:59 mdkPHP named[4686]: received notify for zone 'home.net'

Jan 27 06:59:59 mdkPHP dhcpd: unable to add reverse map from 20.0.168.192.in-addr.arpa. to vm98.home.net: not authorized

Jan 27 06:59:59 mdkPHP dhcpd: DHCPREQUEST for 192.168.0.20 (192.168.0.207) from 00:0c:29:96:89:52 (vm98) via eth1

Jan 27 06:59:59 mdkPHP dhcpd: DHCPACK on 192.168.0.20 to 00:0c:29:96:89:52 (vm98) via eth1

Jan 27 07:04:48 mdkPHP named[4686]: client 127.0.0.1#1052: updating zone 'home.net/IN': deleting an RR

Jan 27 07:04:48 mdkPHP named[4686]: zone home.net/IN: sending notifies (serial 2000111385)