Рабочий сценарий:
Аппарат, расположенный в сети 192.168.100.0/24, запросить у IP-сервера DHCP -> DHCP-сервер отвечает с 192.168.100.2 -> DNS-сервер получает запрос от DHCP-сервера на обновление одного onehundred.testlab.net. zone / 100.168.192.in-addr.arpa.zone
Машина перемещена в 192.168.200.0/24 net -> DHCP-ответ с 192.168.200.2 -> DNS-сервер получает запрос на обновление одного twohundred.testlab.net.zone / 200.168.192.in-addr.arpa. зона
Что нам нужно, так это то, что, даже если машина перемещена в сеть 192.168.200.0/24, все же нужно обновить onehundred.testlab.net.zone.
Некоторые из наших машин зарегистрированы в домене onehundred.testlab.net, поэтому сервер DHCP поймет это и будет каждый раз запрашивать обновление onehundred.testlab.net.zone, даже если машина фактически использует сеть 192.168.200.0/24 и получите 192.168.200.x ip от DHCP.
Даже если это выглядит странно, это то, что мы хотим. Эта проблема возникает, когда DNS отказывает в обновлении onehundred.testlab.net.zone, если машина использует IP-адрес 192.168.200.x
.
Пример:
по имени работает: клиент 192.168.100.101 # 58211: клиент 127.0.0.1 # 12637 / ключ dhcp_key: обновление зоны 'onehundred.testlab.net/IN': добавление RR в vm1.onehundred.testlab.net 'A
именованная ошибка: клиент 192.168.200.101 # 58211: в обновлении onehundred.testlab.net/IN отказано
Есть ли способ настроить DNS для принятия обновления соседних зон?
Содержимое named.conf:
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
#
# For any information/description about DNS:
# http://www.zytrax.com/books/dns/
##
# Include can appear anywhere in a named.conf file either inside
# or outside a clause. Allows inclusion of external files into named.conf
# for administrative convenience or security reasons.
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# See also /etc/sysconfig/named
include "/etc/named.conf.include";
# Configures the location, level and type of logging that BIND performs.
# Unless you are using syslog you need a logging statement for BIND.
logging {
channel log_file {
file "/var/log/named.log" versions 5 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel debug_log {
file "debug.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "query.log";
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
# 'default' logs all values which are not explicitly defined in category statements
# i.e. if this is the only category defined it will log all categories listed
# in this table with the exception of queries which are not turned on by default.
# Logs all query transactions.
# Logging of all dynamic update (DDNS) transactions.
# Details of zone transfers the server is receiving.
# Details of zone transfers the server is sending.
category xfer-out {
log_file;
default_syslog;
};
category xfer-in {
log_file;
default_syslog;
};
category update {
log_file;
default_syslog;
};
category queries {
log_file;
};
category default {
log_file;
debug_log;
query_log;
default_syslog;
default_debug;
default_stderr;
};
};
# Groups statements that control generic or global behavior and that have scope
# for all zones and views unless overridden within a zone, views or other clause.
options {
#switch on logging as configured
querylog yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory.
# The pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
zone-statistics yes;
# The listen-on record contains a list of local network interfaces to listen on.
# Optionally the port can be specified. Default is to listen on all interfaces
# found on your system. The default port is 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6 interfaces.
# Allowed values are 'any' and 'none' or a list of addresses.
listen-on-v6 { any; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
# If set to 'only' the server will only forward queries, if set to 'first' (default)
# it will send the queries to the forwarder and if not answered will attempt to answer the query.
#forward first;
# forwarders defines a list of IP address(es) (and optional port numbers)
# to which queries will be forwarded.
include "/etc/named.d/forwarders.conf";
empty-zones-enable no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
#allow dns requested forwarded by foreman, (provision server)
#allow-recursion { 192.168.100.32; };
allow-query { 192.168.0.0/16; 127.0.0.1/8; };
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
file "root.hint";
type hint;
};
zone "localhost" in {
file "localhost.zone";
type master;
};
zone "0.0.127.in-addr.arpa" in {
file "127.0.0.zone";
type master;
};
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
zone "100.168.192.in-addr.arpa" in {
file "dyn/100.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "onehundred.testlab.net" in {
file "dyn/onehundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
zone "200.168.192.in-addr.arpa" in {
file "dyn/200.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "twohundred.testlab.net" in {
file "dyn/twohundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};