Minha configuração de soho LAN é baseada no servidor principal que atua como um roteador de gateway para a rede, como uma máquina de backup, um servidor de mídia, etc, e é configurado com dhcpd , bind9 , iptables , com pppoe fazendo a conexão ao mundo através do meu novo e brilhante modem Draytek Vigor 130.
Funciona meio - então os clientes DHCP podem resolver um ao outro ( lorien pode reconhecer Adams-iPad ) e o log de bind em syslog parece perfeito, mas não consigo obter a resolução do nome do host diretamente do servidor DHCP / DNS do gateway.
Então gondor (o gateway) não reconhece o nome lorien.localdomain , android.8f9ds0 , Adams-iPad etc dos dispositivos e clientes DHCP usando a LAN.
Isso é muito importante porque os backups também são executados em gondor e não podem resolver os nomes de host que eu quero fazer backup! backuppc é ótimo, mas atualmente totalmente morto por isso.
Ignorei todos os conselhos para usar dnsmasq e configurei bind9 e dhcpd para atender aos clientes da LAN.
Eu tenho o básico funcionando, mas algo está impedindo dynamic DNS de funcionar e eu acho que é um ou ambos:
dnsmasq e dhcpd baseado no modem (no meu modem anterior) bind9 zones onde admito que não estou confiante Aqui estão os trechos de configuração e registro das áreas relevantes (onde gondor é o servidor bind9 dhcpd que está sendo veiculado em 192.168.0.3 ):
adam@gondor:~$ hostname
gondor
adam@gondor:~$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain gondor
192.168.0.3 gondor.localdomain gondor
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
adam@gondor:~$ cat /etc/resolv.conf
nameserver 81.139.57.100
nameserver 81.139.56.100
domain localdomain
search localdomain
O arquivo dhcpd.conf:
adam@gondor:~$ cat /etc/dhcp/dhcpd.conf
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.4 192.168.0.250;
option subnet-mask 255.255.255.0;
option domain-search "localdomain";
option domain-name-servers 192.168.0.3;
option routers 192.168.0.3;
}
log-facility local7;
default-lease-time 600;
max-lease-time 7200;
authoritative;
option domain-name "localdomain";
option domain-name-servers gondor.localdomain;
ddns-updates on;
ignore client-updates;
update-static-leases on;
ddns-update-style standard;
include "/etc/dhcp/ddns-keys/rndc.key";
zone localdomain. {
primary 127.0.0.1;
key "rndc-key";
}
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1;
key "rndc-key";
}
O material bind9 - named.conf.options - na verdade, incluirei o máximo de material relevante possível, porque o aviso mais lido na rede que vi foi sobre a interrupção de períodos nos quais Endereços IP ou nomes de host.
A verdade é que não tenho certeza se esta configuração aqui está correta para apenas uma LAN SOHO.
adam@gondor:~$ cat /etc/bind/named.conf.options
acl internals {
localhost;
localnets;
};
options {
directory "/var/cache/bind";
forwarders {
208.67.220.220;
208.67.222.222;
};
allow-query {
internals;
};
allow-recursion {
internals;
};
allow-transfer {
internals;
};
dnssec-enable no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
e o arquivo db.192.168.0:
adam@gondor:~$ cat /var/cache/bind/db.192.168.0
$ORIGIN .
$TTL 86400 ; 1 day
0.168.192.in-addr.arpa IN SOA localdomain. root.localdomain. (
260 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS gondor.localdomain.
$ORIGIN 0.168.192.in-addr.arpa.
$TTL 300 ; 5 minutes
156 PTR android-78d3547f2c070ce.localdomain.
219 PTR lorien.localdomain.
223 PTR lorien.localdomain.
224 PTR android-e321418bcf1711ab.localdomain.
$TTL 86400 ; 1 day
3 PTR gondor.localdomain.
$TTL 3600 ; 1 hour
4 PTR Adams-iPad.localdomain.
adam@gondor:~$
e o arquivo db.localdomain:
adam@gondor:~$ cat /var/cache/bind/db.localdomain
$ORIGIN .
$TTL 86400 ; 1 day
localdomain IN SOA localdomain. root.localdomain. (
377 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS gondor.localdomain.
$ORIGIN localdomain.
$TTL 3600 ; 1 hour
Adams-iPad A 192.168.0.4
$TTL 300 ; 5 minutes
DHCID ( AAEBaPTA3zxsxfRmSYmdEU/Ge8H3zNGfG7hLZox54bEv
56k= ) ; 48664 113 32
android-78d3547f2c070ce A 192.168.0.156
DHCID ( AAAB3+MnvAXYscuh/k5o1jG3xOnIRidwL7LS+NZOcUH8
i2Q= ) ; 48641 0 32
android-e321418bcf1711ab A 192.168.0.224
DHCID ( AAEBgY7MfFwS7HwjcyV/a2KPWUiUBQ8/kKjiIEAuTKN5
JBU= ) ; 48641 0 32
$TTL 86400 ; 1 day
gondor A 192.168.0.3
$TTL 300 ; 5 minutes
lorien A 192.168.0.223
DHCID ( AAABVbCYDl/I3wRM4hbscswZy4ueESf/snd7/gyExfLn
s3o= ) ; 48784 242 32
Esses dois "arquivos de zona" parecem funcionar e os utilitários de verificação funcionam:
adam@gondor:~$ sudo named-checkzone 192.168.0 /var/cache/bind/db.192.168.0
zone 192.168.0/IN: loaded serial 259
OK
adam@gondor:~$ sudo named-checkzone localdomain /var/cache/bind/db.localdomain
zone localdomain/IN: loaded serial 374
OK
adam@gondor:~$ sudo named-checkconf
adam@gondor:~$
mas é muito estranho o modo como são atualizados automaticamente com coisas como $ORIGIN . e $TTL 3600 .
Tenho certeza de que pelo menos meus clientes linux estão tentando fazer o dhcp corretamente, já que vejo coisas assim nos logs:
Feb 18 14:31:12 gondor dhcpd[1259]: DHCPREQUEST for 192.168.0.156 from 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
Feb 18 14:31:12 gondor dhcpd[1259]: DHCPACK on 192.168.0.156 to 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
Feb 18 14:33:34 gondor dhcpd[1259]: DHCPREQUEST for 192.168.0.219 from 18:3d:a2:be:df:2f (lorien) via enx283737034225
Feb 18 14:33:34 gondor dhcpd[1259]: DHCPACK on 192.168.0.219 to 18:3d:a2:be:df:2f (lorien) via enx283737034225
Feb 18 14:36:00 gondor dhcpd[1259]: DHCPREQUEST for 192.168.0.156 from 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
Feb 18 14:36:00 gondor dhcpd[1259]: DHCPACK on 192.168.0.156 to 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
e eles estão obviamente transmitindo seus nomes de host.
Eu também vejo as concessões sendo dadas para esses nomes de host:
lease 192.168.0.219 {
starts 0 2018/02/18 17:49:34;
ends 0 2018/02/18 17:59:34;
cltt 0 2018/02/18 17:49:34;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 18:3d:a2:be:df:2f;
set ddns-rev-name = "219.0.168.192.in-addr.arpa.";
set ddns-dhcid = "adam@lorien ~ $ hostname
lorien
adam@lorien ~ $ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain lorien
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
adam@lorien ~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search localdomain
0adam@lorien ~ $ nslookup gondor
Server: 127.0.1.1
Address: 127.0.1.1#53
Name: gondor.localdomain
Address: 192.168.0.3
0adam@gondor:~$ hostname
gondor
adam@gondor:~$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain gondor
192.168.0.3 gondor.localdomain gondor
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
adam@gondor:~$ cat /etc/resolv.conf
nameserver 81.139.57.100
nameserver 81.139.56.100
domain localdomain
search localdomain
1U006_07adam@gondor:~$ cat /etc/dhcp/dhcpd.conf
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.4 192.168.0.250;
option subnet-mask 255.255.255.0;
option domain-search "localdomain";
option domain-name-servers 192.168.0.3;
option routers 192.168.0.3;
}
log-facility local7;
default-lease-time 600;
max-lease-time 7200;
authoritative;
option domain-name "localdomain";
option domain-name-servers gondor.localdomain;
ddns-updates on;
ignore client-updates;
update-static-leases on;
ddns-update-style standard;
include "/etc/dhcp/ddns-keys/rndc.key";
zone localdomain. {
primary 127.0.0.1;
key "rndc-key";
}
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1;
key "rndc-key";
}
4L264r413361'72w{6445273z";
set ddns-fwd-name = "lorien.localdomain";
client-hostname "lorien";
}
lease 192.168.0.156 {
starts 0 2018/02/18 17:52:59;
ends 0 2018/02/18 18:02:59;
cltt 0 2018/02/18 17:52:59;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 6c:ad:f8:20:12:d3;
set ddns-rev-name = "156.0.168.192.in-addr.arpa.";
set ddns-dhcid = "adam@gondor:~$ cat /etc/bind/named.conf.options
acl internals {
localhost;
localnets;
};
options {
directory "/var/cache/bind";
forwarders {
208.67.220.220;
208.67.222.222;
};
allow-query {
internals;
};
allow-recursion {
internals;
};
allow-transfer {
internals;
};
dnssec-enable no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
0adam@gondor:~$ cat /var/cache/bind/db.192.168.0
$ORIGIN .
$TTL 86400 ; 1 day
0.168.192.in-addr.arpa IN SOA localdomain. root.localdomain. (
260 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS gondor.localdomain.
$ORIGIN 0.168.192.in-addr.arpa.
$TTL 300 ; 5 minutes
156 PTR android-78d3547f2c070ce.localdomain.
219 PTR lorien.localdomain.
223 PTR lorien.localdomain.
224 PTR android-e321418bcf1711ab.localdomain.
$TTL 86400 ; 1 day
3 PTR gondor.localdomain.
$TTL 3600 ; 1 hour
4 PTR Adams-iPad.localdomain.
adam@gondor:~$
0adam@gondor:~$ cat /var/cache/bind/db.localdomain
$ORIGIN .
$TTL 86400 ; 1 day
localdomain IN SOA localdomain. root.localdomain. (
377 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS gondor.localdomain.
$ORIGIN localdomain.
$TTL 3600 ; 1 hour
Adams-iPad A 192.168.0.4
$TTL 300 ; 5 minutes
DHCID ( AAEBaPTA3zxsxfRmSYmdEU/Ge8H3zNGfG7hLZox54bEv
56k= ) ; 48664 113 32
android-78d3547f2c070ce A 192.168.0.156
DHCID ( AAAB3+MnvAXYscuh/k5o1jG3xOnIRidwL7LS+NZOcUH8
i2Q= ) ; 48641 0 32
android-e321418bcf1711ab A 192.168.0.224
DHCID ( AAEBgY7MfFwS7HwjcyV/a2KPWUiUBQ8/kKjiIEAuTKN5
JBU= ) ; 48641 0 32
$TTL 86400 ; 1 day
gondor A 192.168.0.3
$TTL 300 ; 5 minutes
lorien A 192.168.0.223
DHCID ( AAABVbCYDl/I3wRM4hbscswZy4ueESf/snd7/gyExfLn
s3o= ) ; 48784 242 32
173'4adam@gondor:~$ sudo named-checkzone 192.168.0 /var/cache/bind/db.192.168.0
zone 192.168.0/IN: loaded serial 259
OK
adam@gondor:~$ sudo named-checkzone localdomain /var/cache/bind/db.localdomain
zone localdomain/IN: loaded serial 374
OK
adam@gondor:~$ sudo named-checkconf
adam@gondor:~$
501316Nh617410F'p/2206NqA43d";
set ddns-fwd-name = "android-78d3547f2c070ce.localdomain";
set vendor-class-identifier = "dhcpcd-5.5.6";
client-hostname "android-78d3547f2c070ce";
}
Eu pensei que o dhcpd diria aos clientes para usarem o local DNS , mas no meu cliente ubuntu lorien ele não parece ter pegado nada:
Feb 18 14:31:12 gondor dhcpd[1259]: DHCPREQUEST for 192.168.0.156 from 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
Feb 18 14:31:12 gondor dhcpd[1259]: DHCPACK on 192.168.0.156 to 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
Feb 18 14:33:34 gondor dhcpd[1259]: DHCPREQUEST for 192.168.0.219 from 18:3d:a2:be:df:2f (lorien) via enx283737034225
Feb 18 14:33:34 gondor dhcpd[1259]: DHCPACK on 192.168.0.219 to 18:3d:a2:be:df:2f (lorien) via enx283737034225
Feb 18 14:36:00 gondor dhcpd[1259]: DHCPREQUEST for 192.168.0.156 from 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
Feb 18 14:36:00 gondor dhcpd[1259]: DHCPACK on 192.168.0.156 to 6c:ad:f8:20:12:d3 (android-78d3547f2c070ce) via enx283737034225
e essa entrada do servidor de nomes está me incomodando, mas o teste do nslookup neste cliente funciona, ao contrário das expectativas:
lease 192.168.0.219 {
starts 0 2018/02/18 17:49:34;
ends 0 2018/02/18 17:59:34;
cltt 0 2018/02/18 17:49:34;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 18:3d:a2:be:df:2f;
set ddns-rev-name = "219.0.168.192.in-addr.arpa.";
set ddns-dhcid = "adam@lorien ~ $ hostname
lorien
adam@lorien ~ $ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain lorien
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
adam@lorien ~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search localdomain
0adam@lorien ~ $ nslookup gondor
Server: 127.0.1.1
Address: 127.0.1.1#53
Name: gondor.localdomain
Address: 192.168.0.3
0%pre%1U006_07%pre%4L264r413361'72w{6445273z";
set ddns-fwd-name = "lorien.localdomain";
client-hostname "lorien";
}
lease 192.168.0.156 {
starts 0 2018/02/18 17:52:59;
ends 0 2018/02/18 18:02:59;
cltt 0 2018/02/18 17:52:59;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 6c:ad:f8:20:12:d3;
set ddns-rev-name = "156.0.168.192.in-addr.arpa.";
set ddns-dhcid = "%pre%0%pre%0%pre%173'4%pre%501316Nh617410F'p/2206NqA43d";
set ddns-fwd-name = "android-78d3547f2c070ce.localdomain";
set vendor-class-identifier = "dhcpcd-5.5.6";
client-hostname "android-78d3547f2c070ce";
}
Por favor, deixe-me saber se você pode ver algum erro na configuração.
Isso é o que eu me referi:
Para testar, renove a concessão do DHCP em um cliente: sudo dhclient -r; sudo dhclient (de link )
e se você vir erros de "rollforward de diário" no syslog, então é apenas um erro temporário - veja