Wiki » History » Version 4
Redmine Admin, 02/20/2026 01:30 PM
| 1 | 1 | Redmine Admin | 必要コンポーネント |
|---|---|---|---|
| 2 | • kea-dhcp4-server |
||
| 3 | • kea-dhcp-ddns |
||
| 4 | • bind9 |
||
| 5 | • tsigキー(認証用) |
||
| 6 | ① TSIGキー作成(BIND側) |
||
| 7 | tsig-keygen -a HMAC-SHA256 kea-ddns-key |
||
| 8 | key "kea-ddns-key" { |
||
| 9 | algorithm hmac-sha256; |
||
| 10 | secret "Mxq5WFbnIydGNQ7w9rWOA9CdGc48iKZcOd0c9bWl9QQ="; |
||
| 11 | }; |
||
| 12 | 2 | Redmine Admin | → このキーはKeaとBIND両方に設定 |
| 13 | ② BIND9 設定 |
||
| 14 | 3 | Redmine Admin | /etc/bind/named.conf.local |
| 15 | 2 | Redmine Admin | |
| 16 | key "kea-ddns-key" { |
||
| 17 | 1 | Redmine Admin | algorithm hmac-sha256; |
| 18 | 3 | Redmine Admin | secret "Mxq5WFbnIydGNQ7w9rWOA9CdGc48iKZcOd0c9bWl9QQ="; |
| 19 | 2 | Redmine Admin | }; |
| 20 | zone "toyama.local" { |
||
| 21 | type master; |
||
| 22 | file "/var/lib/bind/db.toyama.local"; |
||
| 23 | allow-update { key "kea-ddns-key"; }; |
||
| 24 | }; |
||
| 25 | 逆引きも同様に: |
||
| 26 | zone "1.16.172.in-addr.arpa" { |
||
| 27 | type master; |
||
| 28 | file "/var/lib/bind/db.172.16.1"; |
||
| 29 | allow-update { key "kea-ddns-key"; }; |
||
| 30 | }; |
||
| 31 | ③ Kea DHCP 設定 |
||
| 32 | /etc/kea/kea-dhcp4.conf |
||
| 33 | { |
||
| 34 | "Dhcp4": { |
||
| 35 | |||
| 36 | "ddns-send-updates": true, |
||
| 37 | "ddns-override-client-update": true, |
||
| 38 | "ddns-override-no-update": true, |
||
| 39 | "ddns-replace-client-name": "when-present", |
||
| 40 | "ddns-generated-prefix": "host", |
||
| 41 | "ddns-qualifying-suffix": "toyama.local", |
||
| 42 | |||
| 43 | "dhcp-ddns": { |
||
| 44 | "enable-updates": true, |
||
| 45 | "server-ip": "127.0.0.1", |
||
| 46 | "server-port": 53001 |
||
| 47 | } |
||
| 48 | 1 | Redmine Admin | } |
| 49 | } |
||
| 50 | 3 | Redmine Admin | sudo nano /var/lib/bind/db.toyama.local |
| 51 | |||
| 52 | $TTL 3600 |
||
| 53 | @ IN SOA ns1.toyama.local. admin.toyama.local. ( |
||
| 54 | 2026022001 |
||
| 55 | 3600 |
||
| 56 | 1800 |
||
| 57 | 604800 |
||
| 58 | 3600 ) |
||
| 59 | |||
| 60 | @ IN NS ns1.toyama.local. |
||
| 61 | ns1 IN A 172.16.1.101 |
||
| 62 | パーミッション修正(重要) |
||
| 63 | sudo chown bind:bind /var/lib/bind/db.toyama.local |
||
| 64 | sudo chmod 664 /var/lib/bind/db.toyama.local |
||
| 65 | |||
| 66 | sudo named-checkconf |
||
| 67 | sudo named-checkzone toyama.local /var/lib/bind/db.toyama.local |
||
| 68 | sudo systemctl restart bind9 |
||
| 69 | |||
| 70 | ④ kea-dhcp-ddns |
||
| 71 | |||
| 72 | 設定 |
||
| 73 | /etc/kea/kea-dhcp-ddns.conf |
||
| 74 | { |
||
| 75 | 2 | Redmine Admin | "DhcpDdns": { |
| 76 | "ip-address": "127.0.0.1", |
||
| 77 | "port": 53001, |
||
| 78 | |||
| 79 | "forward-ddns": { |
||
| 80 | "ddns-domains": [ |
||
| 81 | { |
||
| 82 | "name": "toyama.local.", |
||
| 83 | "key-name": "kea-ddns-key", |
||
| 84 | "dns-servers": [ |
||
| 85 | { |
||
| 86 | "ip-address": "127.0.0.1", |
||
| 87 | "port": 53 |
||
| 88 | } |
||
| 89 | ] |
||
| 90 | } |
||
| 91 | ] |
||
| 92 | }, |
||
| 93 | |||
| 94 | "reverse-ddns": { |
||
| 95 | "ddns-domains": [ |
||
| 96 | { |
||
| 97 | "name": "1.16.172.in-addr.arpa.", |
||
| 98 | "key-name": "kea-ddns-key", |
||
| 99 | "dns-servers": [ |
||
| 100 | { |
||
| 101 | "ip-address": "127.0.0.1", |
||
| 102 | "port": 53 |
||
| 103 | } |
||
| 104 | ] |
||
| 105 | } |
||
| 106 | ] |
||
| 107 | }, |
||
| 108 | |||
| 109 | "tsig-keys": [ |
||
| 110 | { |
||
| 111 | "name": "kea-ddns-key", |
||
| 112 | "algorithm": "HMAC-SHA256", |
||
| 113 | "secret": "XXXXXXXXXXXXXXXX" |
||
| 114 | } |
||
| 115 | ] |
||
| 116 | } |
||
| 117 | } |
||
| 118 | |||
| 119 | 1 | Redmine Admin | ⑤ 再起動 |
| 120 | sudo systemctl restart bind9 |
||
| 121 | sudo systemctl restart kea-dhcp-ddns |
||
| 122 | sudo systemctl restart kea-dhcp4-server |
||
| 123 | 3 | Redmine Admin | DDNSパッケージを入れる |
| 124 | sudo apt update |
||
| 125 | sudo apt install kea-dhcp-ddns |
||
| 126 | Kea公式リポジトリを追加 |
||
| 127 | sudo apt install curl gnupg -y |
||
| 128 | |||
| 129 | curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash |
||
| 130 | sudo apt update |
||
| 131 | sudo apt install isc-kea |
||
| 132 | |||
| 133 | full build |
||
| 134 | sudo apt install build-essential cmake libboost-all-dev \ |
||
| 135 | libssl-dev liblog4cplus-dev libprotobuf-dev protobuf-compiler \ |
||
| 136 | libcurl4-openssl-dev libmysqlclient-dev libpq-dev -y |
||
| 137 | |||
| 138 | sudo systemctl disable --now kea-dhcp4-server || true |
||
| 139 | |||
| 140 | ビルド依存を入れる |
||
| 141 | 最低限(DHCP + DDNS + BIND連携)に寄せたセットです。 |
||
| 142 | |||
| 143 | sudo apt update |
||
| 144 | sudo apt install -y \ |
||
| 145 | build-essential autoconf automake libtool pkg-config \ |
||
| 146 | libboost-all-dev liblog4cplus-dev libssl-dev \ |
||
| 147 | libsqlite3-dev |
||
| 148 | |||
| 149 | 2) ソース取得(Kea 2.4.1例) |
||
| 150 | cd /usr/local/src |
||
| 151 | sudo wget https://downloads.isc.org/isc/kea/2.4.1/kea-2.4.1.tar.gz |
||
| 152 | sudo tar -xvzf kea-2.4.1.tar.gz |
||
| 153 | cd kea-2.4.1 |
||
| 154 | |||
| 155 | ) configure → make → install |
||
| 156 | 2 | Redmine Admin | |
| 157 | 4 | Redmine Admin | systemd サービスを作る |
| 158 | kea-dhcp-ddns 用 |
||
| 159 | |||
| 160 | sudo tee /etc/systemd/system/kea-dhcp-ddns.service >/dev/null <<'EOF' |
||
| 161 | [Unit] |
||
| 162 | Description=Kea DHCP-DDNS Server |
||
| 163 | After=network.target |
||
| 164 | |||
| 165 | [Service] |
||
| 166 | Type=simple |
||
| 167 | ExecStart=/usr/local/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf |
||
| 168 | Restart=on-failure |
||
| 169 | |||
| 170 | [Install] |
||
| 171 | WantedBy=multi-user.target |
||
| 172 | EOF |
||
| 173 | |||
| 174 | 2 | Redmine Admin | ⑥ 動作確認 |
| 175 | クライアント取得後: |
||
| 176 | dig hostname.toyama.local |
||
| 177 | dig -x 172.16.1.50 |
||
| 178 | |||
| 179 | 富山DC向けおすすめ運用 |
||
| 180 | • VLAN別にサフィックス分離可 |
||
| 181 | 例: |
||
| 182 | • vlan1 → core.toyama.local |
||
| 183 | • vlan100 → iot.toyama.local |
||
| 184 | • Zabbix 自動登録と連動可能 |
||
| 185 | • Asset管理と連携可能 |
||
| 186 | • FreeRADIUS / EAP-TLS と相性良 |