Wiki » History » Revision 2
Revision 1 (Redmine Admin, 02/20/2026 10:16 AM) → Revision 2/4 (Redmine Admin, 02/20/2026 11:01 AM)
必要コンポーネント
• kea-dhcp4-server
• kea-dhcp-ddns
• bind9
• tsigキー(認証用)
① TSIGキー作成(BIND側)
tsig-keygen -a HMAC-SHA256 kea-ddns-key
key "kea-ddns-key" {
algorithm hmac-sha256;
secret "Mxq5WFbnIydGNQ7w9rWOA9CdGc48iKZcOd0c9bWl9QQ=";
};
→ このキーはKeaとBIND両方に設定
② BIND9 設定
key "kea-ddns-key" {
algorithm hmac-sha256;
secret "XXXXXXXXXXXXXXXX";
};
zone "toyama.local" {
type master;
file "/var/lib/bind/db.toyama.local";
allow-update { key "kea-ddns-key"; };
};
逆引きも同様に:
zone "1.16.172.in-addr.arpa" {
type master;
file "/var/lib/bind/db.172.16.1";
allow-update { key "kea-ddns-key"; };
};
③ Kea DHCP 設定
/etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
"ddns-send-updates": true,
"ddns-override-client-update": true,
"ddns-override-no-update": true,
"ddns-replace-client-name": "when-present",
"ddns-generated-prefix": "host",
"ddns-qualifying-suffix": "toyama.local",
"dhcp-ddns": {
"enable-updates": true,
"server-ip": "127.0.0.1",
"server-port": 53001
}
}
}
④ kea-dhcp-ddns 設定
/etc/kea/kea-dhcp-ddns.conf{
"DhcpDdns": {
"ip-address": "127.0.0.1",
"port": 53001,
"forward-ddns": {
"ddns-domains": [
{
"name": "toyama.local.",
"key-name": "kea-ddns-key",
"dns-servers": [
{
"ip-address": "127.0.0.1",
"port": 53
}
]
}
]
},
"reverse-ddns": {
"ddns-domains": [
{
"name": "1.16.172.in-addr.arpa.",
"key-name": "kea-ddns-key",
"dns-servers": [
{
"ip-address": "127.0.0.1",
"port": 53
}
]
}
]
},
"tsig-keys": [
{
"name": "kea-ddns-key",
"algorithm": "HMAC-SHA256",
"secret": "XXXXXXXXXXXXXXXX"
}
]
}
}
⑤ 再起動
sudo systemctl restart bind9
sudo systemctl restart kea-dhcp-ddns
sudo systemctl restart kea-dhcp4-server
⑥ 動作確認
クライアント取得後:
dig hostname.toyama.local
dig -x 172.16.1.50
富山DC向けおすすめ運用
• VLAN別にサフィックス分離可
例:
• vlan1 → core.toyama.local
• vlan100 → iot.toyama.local
• Zabbix 自動登録と連動可能
• Asset管理と連携可能
• FreeRADIUS / EAP-TLS と相性良