| ÄúµÄλÖãºÊ×Ò³ > Îĵµ > bind > |
ÎÄÕ·ÖÀàÈÈÃÅÎÄÕ |
¶¯Ì¬DNSÉèÖù¥ÂÔ´´½¨£º2005-10-27 16:19:05 ×÷ÕߣºUnlinux À´×Ô: http://www.Unlinux.com ÕâÊÇһƪÔŲ́ÍåÍøվתÌùµÄÎÄÕ£¬ÎÒ¾õµÃºÜÓвο¼ÐÔ£¬ÌرðÊÇÏñ×ö¶¯Ì¬DNSµÄ£¬ËùÓжԶ¯Ì¬DNSÓÐÐËȤµÄÅóÓѶ¼Ó¦¸Ã¿´µÄ¡£ÓÉÓÚʱ¼ä¹Øϵ£¬ÎÒûÓÐ×ö¹ýÕûÀí¡£ name.conf : // --------------- Ðû¸æ Key µÄ²¿·Ö--------------- // P.S: µ×Ï嵀 leo, mail key ÊDz»Õý´_µÄ key "leo" { algorithm hmac-md5; secret "hB/XM2eFTyxA5r/scautOZ=="; }; key "mail" { algorithm hmac-md5; secret "ht5TkKKFP5l8u9ZTcDbStw=="; }; // --------------- Ðû¸æ ZONE µÄ²¿·Ö--------------- zone "sayya.org" { type master; file "named.sayya"; notify yes; also-notify { 140.128.78.250; 211.23.99.147; 61.218.164.83; }; allow-transfer { 140.128.78.250; 211.23.99.147; 61.218.164.83; }; allow-query { 0.0.0.0/0; }; update-policy { // ʹÓà mail HOST µÄ key£¬ƒHÓЙàÏÞ׃¸ü mail.sayya.org Åc rsync.sayya.org µÄ A record grant mail name mail.sayya.org. A; grant mail name rsync.sayya.org. A; // ʹÓà leo USER µÄ key£¬¿ÉÒÔÍêÈ«¿ØÖÆ sayya.org£¬±È·½ÐÂÔöÒ» subdomain£¬Ö¸¶¨ DNS // »òÊÇÔö¼ÓÒ» A, CNAME,TXT.. record µÈµÈ grant leo subdomain sayya.org. ANY; }; }; ´ó¸Å¾ÍÊÇß@‚€˜Ó×Ó£¬ÁíÍ⸽ÉÏ֮ǰ»Ø¸²µÄÄÇƪ.. -------- ×÷Õß: leoliou (ů¶¬) ¿´°å: Linux ˜Ëî}: Re: „Ó‘B IP ¼ÜÕ¾ @_@ •rég: Sun Feb 10 14:49:30 2002 ¡ù ÒýÊö¡¶skchen.bbs@bbs.nsysu.edu.tw (¨Ú„P)¡·Ö®ã‘ÑÔ£º > СµÜÔÚ֮ǰ¾ÍÓÐÌáß^ÏàêPµÄ†–î} > ´ó¼ÒÓõĄӑBIPŒ¦Ó³µÄϵ½y¶¼²»Ò»˜Ó > ÎÒÊÇÓà DynDNS µÄϵ½y > Ò²²»ÖªµÀžéʲüNÅÜÁËÒ»¶Î•rég¾Í•þ®aÉúÒ»´ó¶Ñš™ŒÆ³ÌÐò @_@ > ¸üÉñµÄÊÇÕÒ²»µ½³ÌÐòÔÚÄÄÑe(߀ÊÇÎÒ±ÈÝ^ßdÄ_????) @_@ > ß@ºÃÏñÊÇ DynDNS ½oµÄ ddClient ³ÌʽÓÐ BUG °É > ÎÒÀûÓÃÁË perl ºÍ bash shell script Œ‘ÁËһЩС³Ìʽ > ¿ÉÒÔÓÃ?í‚Éœy PPP ½éÃæÊÇ·ñ´æÔÚ > Èç¹û²»´æÔÚ¾ÍßB¾€ ^o^ àÅ£¬¿´µ½ß@·âПÐÓXÊÇÕæµÄÓÐÓ‘Õ“µÄšâ·Õ£¬³¬Ï²šgß@·N¸ÐÓX~ Ó›µÃÒÔǰ߀Óà ADSL “ܽÓÖƵĕrºò£¬ÊÇʹÓà rp-pppoe ßB¾€µÄ£¬•þÔڔྀáá×Ô„Ó ÖØÐÂßB¾€£¬ß@‚€¿ÉÒÔ½â›Q”ྀµÄ†–î}¡£ ÔÙ?íÊÇÖØücÁË£¬Dynamic IP ÔõüNÞkÄØ£¿ÎÒÄ¿Ç°µÄh¾³ÊÇëpÏò Cable£¬IP Ò²ÊÇÓÉ DHCP Server È¡µÃ Dynamic IP µÄ¡£®”È»£¬Èç¹ûÄúÈ¥ÉêÕˆ dns2go î?ËƵijÌʽ£¬ ÊÇ¿ÉÒÔ½â›QÄú„Ó‘B IP µÄ†–î}£¬µ«ÊÇȱücÊÇÄú²»¿ÉÒÔʹÓÃ×Ô¼ºµÄ¾WÖ·£¬Ò»¶¨ÒªÊÇ Ä³Ò»Ð©Òѽ›Âɶ¨ºÃµÄ¾WÖ·£¬»òÕßÊÇÓпÉÄÜÒªÇóÄú°Ñ Primary DNS Ö¸ÏòÔ“¹«Ë¾´ú ¹Ü£¬ÁíÍ⣬¾ÍÊÇÄú¿ÉÄÜ߀ҪÔÚ Server ÖЈÌÐÐÔ“¹«Ë¾ËùÌṩµÄ„Ó‘B IP ¸üгÌʽ.. ŸoÕ“ÈçºÎ£¬¾Í•þ׌ÎÒ“Ï뵽ϵ½y°²È«ÐԵĆ–î}.. Œ¦ÎÒ?íÕf£¬·Ç³£²»·½±ã¡£ ì¶ÊÇ£¬ÎÒÕÒÁËһ̨¹Ì¶¨ IP µÄ Server£¬¼ÜÉÏÁË Bind£¬ß@̨¾ÍÊÇÎÒ×Ô¼º¾WÓòµÄ Primary DNS£¬Ò²¾ÍÊÇ Dynamic DNS£¬ÈçºÎÔO¶¨£¬ÍíücÌáµ½¡£¶øß@̨ DNS µÄ ¹Ì¶¨ IP ¼ÙÔOžé 61.22.33.20£¬Domain žé example.com£¬Ô]ƒÔÃû·Qžé ns.example.com ÔÙ?í£¬±È·½ÎÒµÄ mail server ¼ÜÔÚ¼ÒÑe£¬¾ÍÊÇÎÒ¬FÔÚëpÏò Cable µÄ¾€Â·ÉÏ£¬ ß@̨ mail server µÄ Domain name ¼ÙÔOžé£º mail.example.com ÎÒÖ»Òª¶¨•rÏòÎÒµÄ Primary DNS ¸üÐÂÎÒµÄ mail server µÄ IP ¾Í¿ÉÒÔ‡Ó£¬ Primary DNS ÔõüNÅДàÔÊÔSÄÄЩëŠÄX×ö¸üÐÂÄØ£¿ÓЃɷN·½Ê½£¬µÚÒ»·N·½Ê½žé ÔÚ Primary DNS ÖÐÔO¶¨ allow-update£¬ÔO¶¨Ä³Ð©¹Ì¶¨ IP ¿ÉÒÔÏò Primary DNS ¸üÐÂÙYÁÏ£¬µ«ÊDZÈÝ^›]ÓÐ?—ÐÔ¡£ÁíÍâÒ»·N¾ÍÊÇ´ý•þÒª½é½BµÄ update-policy¡£ allow-update ¿ÉÒÔÔÊÔSÌض¨µÄ IP »ò key ?í×ö„Ó‘B¸üУ¬îAÔOÊDz»ÔÊÔSÈκΠIP ¸üС£ update-policy ÔÚ BIND 9 ²ÅÌṩ£¬²»ÓÃÖ¸¶¨Ä³Ìض¨µÄ IP ²Å¿ÉÒÔ×ö„Ó‘B¸üУ¬ ¶øÊÇÒª‘{ key ?í›Q¶¨¸üЙàÏÞ¡£Primary DNS ÓÐß@‚€ key£¬ mail server ÍùááÖ»Òª‘{ß@‚€ key ¾Í¿ÉÒÔ„Ó‘B¸üРIP ÁË¡£ ®”È»ÁË£¬mail server Åc Primary DNS µÄ key µÃÒ»˜Ó²ÅÐС£ key ¾ÍÊÇÓà dnssec-keygen ¹¤¾ß®aÉú³ö?íµÄºž×C£¬¬FÔÚì¶ Primary DNS ÉÏ£¬®aÉú key£¬?K°l½o mail server¡£ Ê×ÏÈ£¬¸ÐÉú mail server ÓÃµÄ key£º # dnssec-keygen -a HMAC-MD5 -b 128 -n HOST mail Kmail.+157+44587 # ²é¿´Ò»Ï£¬½Y¹û•þ®aÉúÁË™nÃûî?ËÆ Kmail.+157+44587.key Åc Kmail.+157+44587.private ƒÉ‚€™n°¸¡£ ÆäÖÐ Kmail.+157+44587.key ™n°¸ƒÈÈÝéLµÃî?ËÆß@˜Ó£º # less Kmail.+157+44587.key mail. IN KEY 512 3 157 BJ7y6dzxchy3u0B4hRLksQ== # ™n°¸ƒÈÈÝ BJ7y6dzxchy3u0B4hRLksQ== ß@ÊǾŽ´aß^µÄ£¬¾ÍÊÇËùÖ^µÄ key¡£ Ê×ÏÈ£¬ÄúµÃŒ¢ß@ƒÉ‚€ key Ñ}Ñuµ½ mail server ÉÏÃ棬½¨×hʹÓà sftp ‚÷Ý”£¬ ±ÜÃâ±»¸`¡£ ¬FÔÚ£¬é_ʼ Primary DNS ÉϵÄÔO¶¨ÁË¡£ ----- /etc/named.conf ---------- key "mail" { algorithm hmac-md5; secret "BJ7y6dzxchy3u0B4hRLksQ=="; }; zone "example.com" { type master; file "named.example"; update-policy { grant mail name mail.example.com. A; // mail key ƒHÔÊÔS¸üРmail.example.com µÄ A record. }; }; ----- End of File ---------- Primary DNS ÉÏÃæµÄÔO¶¨Íê³ÉáᣬՈӛµÃÖØÅÜ bind¡£ ½ÓÏÂ?í£¬ÔÚ mail server ·½Ã棬ҪÈçºÎ¸üÐÂÄØ£¿ ®”È»£¬×îÖØÒªµÄ£¬Ê×ÏÈҪȡµÃ mail server µÄ key¡£„‚„‚Òѽ›ÓÐÌáµ½£¬ ÔÚ Primary DNS ®aÉúáᣬÓà ftp ‚÷Ý”µ½ mail server ?í¡£ ʹÓà nsupdate ¹¤¾ßÏò Primary DNS ×ö¸üЄÓ×÷£º $ nsupdate -k Kmail.+157+44587.key > server ns.example.com // Ö¸¶¨ Primary DNS > update delete mail.example.com A // ÏÈ„h³ýÅfÙYÁÏ > update add mail.example.com 0 A 210.64.233.10 // ÔÙÐÂÔöÙYÁÏ > send // Ëͳöµ½ Primary DNS $ // Ctrl-C or Ctrl-D ëxé_ òž×Cһϣ¬ÊDz»ÊǸüгɹ¦£º $ host mail.example.com ns.example.com mail.example.com has address 210.64.233.10 $ ¹§Ï²Äú¸üгɹ¦ÁË£¬Èç¹ûÄú›]Óгɹ¦£¬Õˆµ½ Primary DNS ÉÏ¿´ messages ¼oä›™n¡£ ×¢Ò⣬ key ™n°¸µÄ™àÏÞ£¬‘ªÔ“Ö»ÓÐ owner ¿ÉÒÔ×xŒ‘£¬‘ªžé -rw------- ՈעÒâ¡£ ˆÌÐÐ nsupdate µÄ user£¬‘ªžé key µÄ owner£¬·ñ„t•þ°lÉú Permission denied µÄÇéÐΡ£ Èç¹ûÄúҪ׌ÄúµÄëŠÄX×Ô„Ó¸üУ¬ß@ÑeÓÐÎÒ×Ô¼ºŒ‘µÄ script ¹©…¢¿¼£º ½¨Á¢Ò»‚€ tmp.txt ƒÈÈÝÈçÏ£º ----- tmp.txt ---------- server ns.example.com update delete mail.example.com A update add mail.example.com 0 A SERVER_NEW_IP send ----- End of File ---------- ½¨Á¢¸üÐ嵀 script: newip.sh ----- newip.sh ---------- #!/bin/sh # # Written by LeoLiou. # # config the update dir. exe_path=/root/nsupdate new_IP=`/sbin/ifconfig eth0 | grep 'inet addr' | cut -d: -f 2 | cut -d' ' -f1` /bin/cat $exe_path/tmp.txt | sed s/SERVER_NEW_IP/$new_IP/g > $exe_path/update.txt # update now IP to name server. /usr/bin/nsupdate -k $exe_path/Kmail.+157+44587.key -v $exe_path/update.txt ----- End of File ---------- ÕˆŒ¢ÄúµÄ key, tmp.txt, newip.sh ·ÅÖÃì¶Í¬Ò»Ä¿ä›£¬?K½oÓè newip.sh ˆÌÐЙàÏÞ¡£ ÕˆˆÌÐÐÒ»´Î newip.sh ´_¶¨›]ÓІ–î}Ö®áᣬÔÙÀûÓà crontab ˆÌÐÐ newip.sh ¼´¿É¡£ 0 * * * * /root/nsupdate/newip.sh ß@˜Ó¾ÍÍê³ÉÕû‚€„Ó‘B IP ¸üЙCÖÆÁË¡£ êPì¶ update-policy£¬Õˆ¿´ BIND 9 Administrator Reference Manual£º http://www.isc.org/products/BIND/bind9.html dnssec-keygen Åc nsupdate µÄʹÓ÷½·¨£¬ÏàÐÅ man page Œ‘µÃÒѽ›ºÜÇå³þÁË¡£ -- Leo Liou (leo@i18n.linux.org.tw) Join i18n project: http://i18n.linux.org.tw/ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ --------------- Ña³ä by netman on October 30, 2002©s --------------- ÎÒÂÔžéÐÞ¸ÄÁË LeoÐÖ µÄ script ©o?KÖÃì¶ /root/nsupdate Ä¿ä›ÏÂÃæ¡£ ÎÒß@ÑeŒ¢½çÃæ¸Äžé ppp0 ©oͬ•rÒ²œpÉÙ²»±ØÒªµÄ‚÷ËÍ„Ó×÷¡£ (Ô]©sÔ±¾µÄ tmp.txt ÎÒÒ²¸ÄÃûžé nsupdate.scr ÁË©oÕˆÁôÒâ¡£) ƒÈÈÝÈçÏ©s #!/bin/bash # # Written by LeoLiou. # Modified by netman on 2002/09/26 # # set variables if echo $0 | grep '^/' ; then w_dir=${0%/*} else w_dir=$PWD/${0%/*} fi KEY_FILE=$w_dir/Kmail.+157+44587.key UPDATE_SCR=$w_dir/nsupdate.scr UPDATE_DATA=$w_dir/nsupdate.data HOST_NAME=mail.example.com NS_SERVER=ns.example.com IF="ppp0" # ensure key files for file in $KEY_FILE ${KEY_FILE%key}private do if [ ! -r $file ]; then echo "$(basename $0): ERROR: $file is not readable." exit 1 fi done # prepare initial script test -f $UPDATE_SCR || { cat >| $UPDATE_SCR <<-ENDSCR server NS_SERVER update delete HOST_NAME A update add HOST_NAME 0 A NEW_IP send ENDSCR # <----- ÕˆŒ¢ ENDSCR Ç°ÃæµÄ¿Õ°×“Q³É tab £¡ test "$?" = "0" || { echo "$(basename $0): ERROR: could not create $UPDATE_SCR." exit 2 } } # ensure the server is connectable host $NS_SERVER $NS_SERVER | grep "$NS_SERVER" &>/dev/null || { echo "$(basename $0): ERROR: could not contact nameserver $NS_SERVER." exit 3 } # get current ip NEW_IP=$(ifconfig | grep "$IF " -A 1 | awk '/inet/ {print $2}' | sed -e 's/.*://') # do a test then update host $HOST_NAME $NS_SERVER | grep "$NEW_IP" &>/dev/null || { /bin/cat $UPDATE_SCR | sed s/NEW_IP/$NEW_IP/ | sed s/NS_SERVER/$NS_SERVER/ | sed s/HOST_NAME/$HOST_NAME/ >| $UPDATE_DATA /usr/bin/nsupdate -k $KEY_FILE -v $UPDATE_DATA || rm -rf $UPDATE_DATA } #-- end of script --# ÉÏÃæµÄ script ¿Éì¶ß@ÑeÏÂÝd£º http://study-area.ks.edu.tw/linux/src/newip.sh.tgz Ä¿Ç°ß@‚€ script Ö»ÄÜÔÚ linux client ÉψÌÐЩo µ«ÎÒÏë©o͸ß^º††ÎµÄ cgi ¹¦ÄÜ©oÄÇüNÈÎºÎµÄ windows client Ò²ÄÜÝpó µÄßMÐиüЩo ²»ß^©oß@²¿·Ý¾ÍÐèÒªÆäËûÅóÓÑŽÍæÔO¶¨ÁË¡£ תÔØ×Ô£ºhttp://www.unlinux.com/doc/bind/20051027/3632.html ¡¾ÆÀÂÛ¡¿ ¡¾¼ÓÈëÊղؼС¿ ¡¾´ó ÖРС¡¿ ¡¾´òÓ¡¡¿ ¡¾¹Ø±Õ¡¿ ¡ù Ïà¹ØÁ´½Ó
|