必要コンポーネント
• kea-dhcp4-server
• kea-dhcp-ddns
• bind9
• tsigキー(認証用)
① TSIGキー作成(BIND側)
tsig-keygen -a HMAC-SHA256 kea-ddns-key
key "kea-ddns-key" {
algorithm hmac-sha256;
secret "Mxq5WFbnIydGNQ7w9rWOA9CdGc48iKZcOd0c9bWl9QQ=";
};
→ このキーはKeaとBIND両方に設定
② BIND9 設定
/etc/bind/named.conf.local
key "kea-ddns-key" {
algorithm hmac-sha256;
secret "Mxq5WFbnIydGNQ7w9rWOA9CdGc48iKZcOd0c9bWl9QQ=";
};
zone "toyama.local" {
type master;
file "/var/lib/bind/db.toyama.local";
allow-update { key "kea-ddns-key"; };
};
逆引きも同様に:
zone "1.16.172.in-addr.arpa" {
type master;
file "/var/lib/bind/db.172.16.1";
allow-update { key "kea-ddns-key"; };
};
③ Kea DHCP 設定
/etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
"ddns-send-updates": true,
"ddns-override-client-update": true,
"ddns-override-no-update": true,
"ddns-replace-client-name": "when-present",
"ddns-generated-prefix": "host",
"ddns-qualifying-suffix": "toyama.local",
"dhcp-ddns": {
"enable-updates": true,
"server-ip": "127.0.0.1",
"server-port": 53001
}
}
}
sudo nano /var/lib/bind/db.toyama.local
$TTL 3600
@ IN SOA ns1.toyama.local. admin.toyama.local. (
2026022001
3600
1800
604800
3600 )
@ IN NS ns1.toyama.local.
ns1 IN A 172.16.1.101
パーミッション修正(重要)
sudo chown bind:bind /var/lib/bind/db.toyama.local
sudo chmod 664 /var/lib/bind/db.toyama.local
sudo named-checkconf
sudo named-checkzone toyama.local /var/lib/bind/db.toyama.local
sudo systemctl restart bind9
④ kea-dhcp-ddns
設定
/etc/kea/kea-dhcp-ddns.conf
{
"DhcpDdns": {
"ip-address": "127.0.0.1",
"port": 53001,
"forward-ddns": {
"ddns-domains": [
{
"name": "toyama.local.",
"key-name": "kea-ddns-key",
"dns-servers": [
{
"ip-address": "127.0.0.1",
"port": 53
}
]
}
]
},
"reverse-ddns": {
"ddns-domains": [
{
"name": "1.16.172.in-addr.arpa.",
"key-name": "kea-ddns-key",
"dns-servers": [
{
"ip-address": "127.0.0.1",
"port": 53
}
]
}
]
},
"tsig-keys": [
{
"name": "kea-ddns-key",
"algorithm": "HMAC-SHA256",
"secret": "XXXXXXXXXXXXXXXX"
}
]
}
}
⑤ 再起動
sudo systemctl restart bind9
sudo systemctl restart kea-dhcp-ddns
sudo systemctl restart kea-dhcp4-server
DDNSパッケージを入れる
sudo apt update
sudo apt install kea-dhcp-ddns
Kea公式リポジトリを追加
sudo apt install curl gnupg -y
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash
sudo apt update
sudo apt install isc-kea
full build
sudo apt install build-essential cmake libboost-all-dev
libssl-dev liblog4cplus-dev libprotobuf-dev protobuf-compiler
libcurl4-openssl-dev libmysqlclient-dev libpq-dev -y
sudo systemctl disable --now kea-dhcp4-server || true
ビルド依存を入れる
最低限(DHCP + DDNS + BIND連携)に寄せたセットです。
sudo apt update
sudo apt install -y
build-essential autoconf automake libtool pkg-config
libboost-all-dev liblog4cplus-dev libssl-dev
libsqlite3-dev
- ソース取得(Kea 2.4.1例)
cd /usr/local/src
sudo wget https://downloads.isc.org/isc/kea/2.4.1/kea-2.4.1.tar.gz
sudo tar -xvzf kea-2.4.1.tar.gz
cd kea-2.4.1
) configure → make → install
systemd サービスを作る
kea-dhcp-ddns 用
sudo tee /etc/systemd/system/kea-dhcp-ddns.service >/dev/null <<'EOF'
[Unit]
Description=Kea DHCP-DDNS Server
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
⑥ 動作確認
クライアント取得後:
dig hostname.toyama.local
dig -x 172.16.1.50
富山DC向けおすすめ運用
• VLAN別にサフィックス分離可
例:
• vlan1 → core.toyama.local
• vlan100 → iot.toyama.local
• Zabbix 自動登録と連動可能
• Asset管理と連携可能
• FreeRADIUS / EAP-TLS と相性良
Updated by Redmine Admin 5 days ago · 4 revisions