如何使用 bind 和 isc-dhcp-server 为 IPv6 配置动态 DNS

Question

我找到了一些网站，并从中整合了信息，尝试解决同样的问题： https://blog.marquis.co/configuring-a-dual-stacked-dhcp-server/

https://subatomicsolutions.org/8-freebsd/17-ipv4-ipv6-isc-dhcp-server-on-a-dual-stack-network

https://blog.netpro.be/dhcpv6-configuration-isc-dhcp-server/

我也在 Ubuntu 20.04 上执行了此操作，其中仅运行 DHCPv4。

复制/etc/init.d/isc-dhcp-server到/etc/init.d/isc-dhcp-server6。
复制/etc/default/isc-dhcp-server到/etc/default/isc-dhcp-server6。
- 在中/etc/default/isc-dhcp-server，取消注释DHCPDv4_CONF和DHCPDv4_PID行并留空OPTIONS。将您的 IPv4 接口添加到INTERFACESv4。
- 在中/etc/default/isc-dhcp-server6，取消注释DHCPDv6_CONF和DHCPDv6_PID行并添加"-6"。OPTIONS将您的 IPv6 接口添加到INTERFACESv6。

我在现有/etc/dhcp/dhcpd.conf文件中添加或删除了动态 DNS 选项：

#ddns-update-style standard; # removed for dual stack
dns-update-style interim; # added for dual stack
ddns-dual-stack-mixed-mode true; # added for dual stack
update-conflict-detection true; # added for dual stack
update-optimization true; # added for dual stack
allow client-updates; # added for dual stack
ddns-domainname "exampledomain.local"; # added for dual stack

以下是示例/etc/dhcp/dhcpd6.conf文件：

# Server configuration file example for DHCPv6
# Global options
option domain-name "exampledomain.local";
# Global definitions for name server address(es)
option dhcp6.name-servers fde3:abcd:1234:5678::30;
# IPv6 address valid lifetime
#  (at the end the address is no longer usable by the client)
#  (set to 30 days, the usual IPv6 default)
# changed to 1/2 hour for testing
default-lease-time 1800;
# IPv6 address preferred lifetime
#  (at the end the address is deprecated, i.e., the client should use
#   other addresses for new connections)
#  (set to 7 days, the  usual IPv6 default)
preferred-lifetime 450;
# T1, the delay before Renew
#  (default is 1/2 preferred lifetime)
#  (set to 1 hour)
option dhcp-renewal-time 225;
# T2, the delay before Rebind (if Renews failed)
#  (default is 3/4 preferred lifetime)
#  (set to 2 hours)
option dhcp-rebinding-time 335;
# Enable RFC 5007 support (same than for DHCPv4)
allow leasequery;
# Set preference to 255 (maximum) in order to avoid waiting for
# additional servers when there is only one
option dhcp6.preference 255;
# The delay before information-request refresh
#  (minimum is 10 minutes, maximum one day, default is to not refresh)
#  (set to 6 hours)
option dhcp6.info-refresh-time 3600;
#DDNS config
ddns-update-style standard;
ddns-dual-stack-mixed-mode true;
update-conflict-detection true;
ddns-domainname "exampledomain.local";
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# keys so DHCP can dynamicaly update dns
include "/etc/dhcp/rndc-keys/rndc.key";
# zones to dynamically update
zone exampledomain.local. {  
  primary6 fde3:abcd:1234:5678::30;  
  key rndc-key;  
}  
zone 8.7.6.5.4.3.2.1.d.c.b.a.3.e.d.f.ip6.arpa. {  
  primary6 fde3:abcd:1234:5678::30;  
  key rndc-key;  
}  
# The subnet where the server is attached
#  (i.e., the server has an address in this subnet)
subnet6 fde3:abcd:1234:5678::/64 {
    range6 fde3:abcd:1234:5678::31 fde3:abcd:1234:5678::50;
    option dhcp6.name-servers fde3:abcd:1234:5678::30;
    option domain-name "exampledomain.local";

}

对于现有的/etc/bind/named.conf.options，我将 IPv6 环回和接口地址添加到我的acl条目中，并取消注释listen-on-v6 { <ipv6 dhcp server address>; ::1; };。
对于现有的/etc/bind/named.conf.local，我添加了 IPv6 的反向查找区域。
我为 IPv6 反向查找区域创建了 db 文件。还可以根据需求编辑现有 db 文件。为避免因区域不同步而导致的错误，请从中删除.jnl文件/var/lib/bind并重新启动绑定。（感谢https://serverfault.com/questions/874175/unable-to-add-forward-map-servfail获得该提示）
完成上述步骤后，运行sudo service --status-all命令时输出应包括[ - ] isc-dhcp-server6。重新启动 DHCP（sudo systemctl restart isc-dhcp-server.service）和 DNS（sudo systemctl restart bind9.service）。启动 DHCPv6（sudo systemctl start isc-dhcp-server6.service）。

这为我的 DHCP 和 DHCPv6 提供了两个独立的服务。我还不确定它的效果如何，因为我正在使用它来测试 IPv6 设备。也许有一种更简洁的方法来做到这一点，但我希望它能有所帮助。

我注意到 IPv6 DNS 查询中出现了 ICMP 端口不可访问消息，因此我运行了sudo ufw allow Bind9。目前我的 DHCPv6 服务器正在发出租约，但并未动态更新 DNS。此外，/etc/bind/named.conf.options我必须删除特定的 IPv6 地址并将listen-on-v6主机恢复为 { any; }。

Answer 1