我有一台多宿主服务器“dhcp1”,其网络接口为“192.168.10.151”(eth0)和“192.168.0.151”(eth1)。该机器正在尝试使用 DDNS,名称服务器“ns1”的网络接口为“192.168.10.131”(eth0)和“192.168.0.131”(eth1)。希望这些是我的 dhcpd.conf 的相关部分:
ddns-update-style interim;
key DHCP_UPDATER {
algorithm HMAC-MD5;
secret "A6...==";
};
# The 'private' network.
subnet 192.168.10.0 netmask 255.255.255.0 {
zone example.com. {
primary 192.168.10.131;
key DHCP_UPDATER;
}
zone 10.168.192.in-addr.arpa. {
primary 192.168.10.131;
key DHCP_UPDATER;
}
ddns-domainname "example.com.";
ddns-rev-domainname "in-addr.arpa.";
option domain-name "example.com";
host client-private {
hardware ethernet ...;
fixed-address 192.168.10.13;
}
...
}
# The 'public' network.
subnet 192.168.0.0 netmask 255.255.255.0 {
zone example.com. {
primary 192.168.0.131;
key DHCP_UPDATER;
}
zone 0.168.192.in-addr.arpa. {
primary 192.168.0.131;
key DHCP_UPDATER;
}
ddns-domainname "example.com.";
ddns-rev-domainname "in-addr.arpa.";
option domain-name "example.com";
host client-public {
hardware ethernet ...;
fixed-address 192.168.0.13;
}
...
}
“ns1”服务器运行两个“named”实例 - 一个监听环回和私有网络接口,而另一个实例监听公共接口。
启动第一个实例会产生:
May 10 01:24:32 ns1 named[6610]: starting BIND 9.8.1-P1 -u bind
May 10 01:24:32 ns1 named[6610]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
May 10 01:24:32 ns1 named[6610]: adjusted limit on open files from 4096 to 1048576
May 10 01:24:32 ns1 named[6610]: found 2 CPUs, using 2 worker threads
May 10 01:24:32 ns1 named[6610]: using up to 4096 sockets
May 10 01:24:32 ns1 named[6610]: loading configuration from '/etc/bind/named.conf'
May 10 01:24:32 ns1 named[6610]: reading built-in trusted keys from file '/etc/bind/bind.keys'
May 10 01:24:32 ns1 named[6610]: using default UDP/IPv4 port range: [1024, 65535]
May 10 01:24:32 ns1 named[6610]: using default UDP/IPv6 port range: [1024, 65535]
May 10 01:24:32 ns1 named[6610]: listening on IPv4 interface lo, 127.0.0.1#53
May 10 01:24:32 ns1 named[6610]: listening on IPv4 interface eth0, 192.168.10.131#53
May 10 01:24:32 ns1 named[6610]: generating session key for dynamic DNS
May 10 01:24:32 ns1 named[6610]: sizing zone task pool based on 7 zones
May 10 01:24:32 ns1 named[6610]: set up managed keys zone for view _default, file 'managed-keys.bind'
May 10 01:24:32 ns1 named[6610]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 254.169.IN-ADDR.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: D.F.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 8.E.F.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 9.E.F.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: A.E.F.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: B.E.F.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
May 10 01:24:32 ns1 named[6610]: command channel listening on 127.0.0.1#953
May 10 01:24:32 ns1 named[6610]: couldn't add command channel ::1#953: address not available
May 10 01:24:32 ns1 named[6610]: zone 0.in-addr.arpa/IN: loaded serial 1
May 10 01:24:32 ns1 named[6610]: zone 127.in-addr.arpa/IN: loaded serial 1
May 10 01:24:32 ns1 named[6610]: zone 10.168.192.in-addr.arpa/IN: loaded serial 2013092337
May 10 01:24:32 ns1 named[6610]: zone 255.in-addr.arpa/IN: loaded serial 1
May 10 01:24:32 ns1 named[6610]: zone localhost/IN: loaded serial 2
May 10 01:24:32 ns1 named[6610]: zone example.com/IN: loaded serial 2013092554
May 10 01:24:32 ns1 named[6610]: managed-keys-zone ./IN: loaded serial 59
May 10 01:24:32 ns1 named[6610]: zone example.com/IN: sending notifies (serial 2013092554)
May 10 01:24:32 ns1 named[6610]: zone 10.168.192.in-addr.arpa/IN: sending notifies (serial 2013092337)
May 10 01:24:32 ns1 named[6610]: running
启动第二个实例产生:
May 10 01:24:54 ns1 named[6635]: starting BIND 9.8.1-P1 -u bind -c /etc/bind/named-1.conf
May 10 01:24:54 ns1 named[6635]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
May 10 01:24:54 ns1 named[6635]: adjusted limit on open files from 4096 to 1048576
May 10 01:24:54 ns1 named[6635]: found 2 CPUs, using 2 worker threads
May 10 01:24:54 ns1 named[6635]: using up to 4096 sockets
May 10 01:24:54 ns1 named[6635]: loading configuration from '/etc/bind/named-1.conf'
May 10 01:24:54 ns1 named[6635]: reading built-in trusted keys from file '/etc/bind/bind.keys'
May 10 01:24:54 ns1 named[6635]: using default UDP/IPv4 port range: [1024, 65535]
May 10 01:24:54 ns1 named[6635]: using default UDP/IPv6 port range: [1024, 65535]
May 10 01:24:54 ns1 named[6635]: listening on IPv4 interface eth1, 192.168.0.131#53
May 10 01:24:54 ns1 named[6635]: generating session key for dynamic DNS
May 10 01:24:54 ns1 named[6635]: sizing zone task pool based on 7 zones
May 10 01:24:54 ns1 named[6635]: set up managed keys zone for view _default, file 'managed-keys.bind'
May 10 01:24:54 ns1 named[6635]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 254.169.IN-ADDR.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: D.F.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 8.E.F.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 9.E.F.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: A.E.F.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: B.E.F.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
May 10 01:24:54 ns1 named[6635]: command channel listening on 192.168.0.131#953
May 10 01:24:54 ns1 named[6635]: zone 0.in-addr.arpa/IN: loaded serial 1
May 10 01:24:54 ns1 named[6635]: zone 127.in-addr.arpa/IN: loaded serial 1
May 10 01:24:54 ns1 named[6635]: zone 0.168.192.in-addr.arpa/IN: loaded serial 2013092346
May 10 01:24:54 ns1 named[6635]: zone 255.in-addr.arpa/IN: loaded serial 1
May 10 01:24:54 ns1 named[6635]: zone localhost/IN: loaded serial 2
May 10 01:24:54 ns1 named[6635]: zone example.com/IN: loaded serial 2013092573
May 10 01:24:54 ns1 named[6635]: managed-keys-zone ./IN: loaded serial 59
May 10 01:24:54 ns1 named[6635]: zone example.com/IN: sending notifies (serial 2013092573)
May 10 01:24:54 ns1 named[6635]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 2013092346)
May 10 01:24:54 ns1 named[6635]: running
所有机器都是虚拟的,使用 Ubuntu Server 12.04。
问题
我的预期是,当客户端请求私有网络上的 IP 地址时,“dhcp1”将在相应的私有接口(即“192.168.10.131”)上更新“ns1”。我还预期,当客户端请求该网络上的 IP 地址时,“dhcp1”将在公共接口“192.168.0.131”上更新“ns1”。尽管反向区域更新发生在各自的接口上,但“dhcp1”始终会将两个网络的正向区域更新启动到名称服务器的公共接口(即“192.168.0.131”)。
我做错了什么吗?这是 isc-dhcp-server 中的错误,还是功能等?如果我没有提供足够具体的信息,请告诉我。关于使用 isc-dhcp-server 和 bind9 的多宿主方法的 Web 搜索没有给我带来太多结果。
如果您能提供任何信息,我们将不胜感激。谢谢。
答案1
看来区域在配置中必须是唯一的。
我在手册页中找不到这个dhcpd.conf,但通过研究代码和调整配置可以了解服务器的实现:
- “dhcpd”解析代码到达位于“dhcpd.conf”的“192.168.10.0”子网中的第一个“example.com.”区域,并使用区域名称作为密钥将信息(包括主名称服务器)添加到哈希映射中。
- 随后,解析到达位于
192.168.0.0子网中的第二个“example.com.”区域。此时,现有的“example.com.”哈希映射区域数据将被新信息(包括主名称服务器)替换。由于反向区域是唯一的,因此每个区域都会添加到映射中。 - 一旦 DHCP 服务器需要更新任一子网的正向区域信息,更新就会发送到最后解析的子网的主名称服务器 - 在本例中为 DNS 服务器
192.168.0.131。
重新排列配置文件中的子网信息似乎证实了这一点,因为所有前向区域更新随后都发送到了192.168.10.131。因此,我的设置可能需要dhcpd为每个接口设置一个单独的守护进程,就像我对所做的那样named。我仍然很好奇这种用于高可用性网络的多宿主方法是否常见,以及我是否正确地进行了操作。即使我的问题似乎已经得到解答,任何建议都欢迎。