Код: Выделить всё
bind913-9.13.5 BIND DNS suite with updated DNSSEC and DNS64
isc-dhcp44-server-4.4.1_3 ISC Dynamic Host Configuration Protocol server
Код: Выделить всё
buzz@nas:/usr/local/etc/namedb# tsig-keygen
Код: Выделить всё
key "tsig-key" {
algorithm hmac-sha256;
secret "gIuNGufE38XfSgPUKpCKWZZxmq2p41u2SGZpQ/GFIyc=";
};
Код: Выделить всё
ddns-updates on;
update-static-leases on;
ddns-domainname "kdc.org";
ddns-update-style interim;
ignore client-updates;
update-static-leases true;
default-lease-time 3600;
max-lease-time 3600;
key "tsig-key" {
algorithm hmac-sha256;
secret "gIuNGufE38XfSgPUKpCKWZZxmq2p41u2SGZpQ/GFIyc=";
};
zone kdc.org. { primary 192.168.100.22; key "tsig-key"; }
zone 100.168.192.in-addr.arpa. { primary 192.168.100.22; key "tsig-key"; }
subnet 192.168.100.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.100.22;
option domain-name "kdc.org";
range 192.168.100.5 192.168.100.50;
option routers 192.168.100.105;
}
Редактируем bind, добавляем в конфиг:
Код: Выделить всё
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
version "Вроде бы Windows XP home edition, а вообще х.з. :)";
allow-transfer { 192.168.100.22; };
query-source port 53;
listen-on { 192.168.100.22; }
};
key "tsig-key" {
algorithm hmac-sha256;
secret "gIuNGufE38XfSgPUKpCKWZZxmq2p41u2SGZpQ/GFIyc=";
};
controls {
inet 192.168.100.22 port 953
allow { 192.168.100.22; } keys { "tsig-key"; };
};
zone "kdc.org" {
type master;
file "/usr/local/etc/namedb/master/kdc.org.hosts";
allow-update {key "tsig-key";};
};
zone "100.168.192.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/192.168.100.rev";
allow-update {key "tsig-key";};
};
# не забудьте создать эти файлы для логов!
logging {
channel update_debug {
file "/var/log/namedb/named-update.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/namedb/named-auth.log";
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
};
Код: Выделить всё
buzz@nas:/usr/local/etc/namedb# more rndc.conf
# Start of rndc.conf
key "tsig-key" {
algorithm hmac-sha256;
secret "gIuNGufE38XfSgPUKpCKWZZxmq2p41u2SGZpQ/GFIyc=";
};
options {
default-key "tsig-key";
default-server 192.168.100.22;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-sha256;
# secret "gIuNGufE38XfSgPUKpCKWZZxmq2p41u2SGZpQ/GFIyc=";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf