Wiki » History » Version 2
Redmine Admin, 02/20/2026 11:01 AM
| 1 | 1 | Redmine Admin | 必要コンポーネント |
|---|---|---|---|
| 2 | • kea-dhcp4-server |
||
| 3 | • kea-dhcp-ddns |
||
| 4 | • bind9 |
||
| 5 | • tsigキー(認証用) |
||
| 6 | ① TSIGキー作成(BIND側) |
||
| 7 | tsig-keygen -a HMAC-SHA256 kea-ddns-key |
||
| 8 | key "kea-ddns-key" { |
||
| 9 | algorithm hmac-sha256; |
||
| 10 | secret "Mxq5WFbnIydGNQ7w9rWOA9CdGc48iKZcOd0c9bWl9QQ="; |
||
| 11 | }; |
||
| 12 | 2 | Redmine Admin | → このキーはKeaとBIND両方に設定 |
| 13 | ② BIND9 設定 |
||
| 14 | |||
| 15 | key "kea-ddns-key" { |
||
| 16 | algorithm hmac-sha256; |
||
| 17 | secret "XXXXXXXXXXXXXXXX"; |
||
| 18 | }; |
||
| 19 | |||
| 20 | zone "toyama.local" { |
||
| 21 | type master; |
||
| 22 | file "/var/lib/bind/db.toyama.local"; |
||
| 23 | allow-update { key "kea-ddns-key"; }; |
||
| 24 | }; |
||
| 25 | 逆引きも同様に: |
||
| 26 | zone "1.16.172.in-addr.arpa" { |
||
| 27 | type master; |
||
| 28 | file "/var/lib/bind/db.172.16.1"; |
||
| 29 | allow-update { key "kea-ddns-key"; }; |
||
| 30 | }; |
||
| 31 | ③ Kea DHCP 設定 |
||
| 32 | /etc/kea/kea-dhcp4.conf |
||
| 33 | { |
||
| 34 | "Dhcp4": { |
||
| 35 | |||
| 36 | "ddns-send-updates": true, |
||
| 37 | "ddns-override-client-update": true, |
||
| 38 | "ddns-override-no-update": true, |
||
| 39 | "ddns-replace-client-name": "when-present", |
||
| 40 | "ddns-generated-prefix": "host", |
||
| 41 | "ddns-qualifying-suffix": "toyama.local", |
||
| 42 | |||
| 43 | "dhcp-ddns": { |
||
| 44 | "enable-updates": true, |
||
| 45 | "server-ip": "127.0.0.1", |
||
| 46 | "server-port": 53001 |
||
| 47 | } |
||
| 48 | } |
||
| 49 | } |
||
| 50 | ④ kea-dhcp-ddns 設定 |
||
| 51 | /etc/kea/kea-dhcp-ddns.conf{ |
||
| 52 | "DhcpDdns": { |
||
| 53 | "ip-address": "127.0.0.1", |
||
| 54 | "port": 53001, |
||
| 55 | |||
| 56 | "forward-ddns": { |
||
| 57 | "ddns-domains": [ |
||
| 58 | { |
||
| 59 | "name": "toyama.local.", |
||
| 60 | "key-name": "kea-ddns-key", |
||
| 61 | "dns-servers": [ |
||
| 62 | { |
||
| 63 | "ip-address": "127.0.0.1", |
||
| 64 | "port": 53 |
||
| 65 | } |
||
| 66 | ] |
||
| 67 | } |
||
| 68 | ] |
||
| 69 | }, |
||
| 70 | |||
| 71 | "reverse-ddns": { |
||
| 72 | "ddns-domains": [ |
||
| 73 | { |
||
| 74 | "name": "1.16.172.in-addr.arpa.", |
||
| 75 | "key-name": "kea-ddns-key", |
||
| 76 | "dns-servers": [ |
||
| 77 | { |
||
| 78 | "ip-address": "127.0.0.1", |
||
| 79 | "port": 53 |
||
| 80 | } |
||
| 81 | ] |
||
| 82 | } |
||
| 83 | ] |
||
| 84 | }, |
||
| 85 | |||
| 86 | "tsig-keys": [ |
||
| 87 | { |
||
| 88 | "name": "kea-ddns-key", |
||
| 89 | "algorithm": "HMAC-SHA256", |
||
| 90 | "secret": "XXXXXXXXXXXXXXXX" |
||
| 91 | } |
||
| 92 | ] |
||
| 93 | } |
||
| 94 | } |
||
| 95 | |||
| 96 | ⑤ 再起動 |
||
| 97 | sudo systemctl restart bind9 |
||
| 98 | sudo systemctl restart kea-dhcp-ddns |
||
| 99 | sudo systemctl restart kea-dhcp4-server |
||
| 100 | |||
| 101 | ⑥ 動作確認 |
||
| 102 | クライアント取得後: |
||
| 103 | dig hostname.toyama.local |
||
| 104 | dig -x 172.16.1.50 |
||
| 105 | |||
| 106 | 富山DC向けおすすめ運用 |
||
| 107 | • VLAN別にサフィックス分離可 |
||
| 108 | 例: |
||
| 109 | • vlan1 → core.toyama.local |
||
| 110 | • vlan100 → iot.toyama.local |
||
| 111 | • Zabbix 自動登録と連動可能 |
||
| 112 | • Asset管理と連携可能 |
||
| 113 | • FreeRADIUS / EAP-TLS と相性良 |