Quick HOWTO : Ch19 : Dynamic DNS/zh:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Fei3ban留言 | 贡献
无编辑摘要
Qiii2006留言 | 贡献
 
(未显示3个用户的27个中间版本)
第3行: 第3行:
{{From|http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch19_:_Dynamic_DNS}}  
{{From|http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch19_:_Dynamic_DNS}}  


{{Translator|fei3ban}}<br>
{{Translator|fei3ban}}<br>  


{{Languages|Quick_HOWTO_:_Ch19_:_Dynamic_DNS}}<br><br>
{{Languages|Quick_HOWTO_:_Ch19_:_Dynamic_DNS}}<br><br>  


&nbsp;
= 简介<br>  =


Introduction
<br>在大多数家庭网络环境,通过DSL或者Cable Modem连接网络的主机IP地址都是通过DHCP获得并随时间经常改变,这会给DNS解析带来问题.第18章"comfigurition DNS"一节中假定的服务器地址是固定不变的。因此,产生了两大类DNS:


In many home networking environments, the DSL or cable modem IP address is provided by DHCP and therefore changes from time to time. This can cause problems with the DNS zone files explained in Chapter 18, "Configuring DNS," which assume the IP address of a server won't change continuously. It is for this reason that there are two broad types of DNS:
&nbsp;"静态DNS"<br>当ISP为你提供固定不变的静态IP地址时,你的DNS服务器作为你的站点认证信息源。你可以把静态DNS看作是DNS的"传统"或"常规"模式。


Static DNS
&nbsp;"动态DNS"<br>当你通过DHCP从您的ISP处获得动态互联网IP地址时,你就不得不使用第三方DNS提供商来为你的站点提供DNS信息服务。<br>本章将详细讲解动态DNS的配置过程。<br>


This is used when your ISP provides you with unchanging fixed or static Internet IP addresses. Your DNS server acts as the authoritative source of information for your my-site.com domain. You can consider static DNS as the "traditional" or "regular" form of DNS.
= 准备动态DNS  =


Dynamic DNS (DDNS)  
和DSL不同的是,大多数的cable modem供应商(类似有线宽频)不允许你在家开办主机站点,他们阻止入站的HTTP(TCP 端口80)和SMTP 邮件(TCP端口25)而允许其他的TCP通讯.许多动态DNS(DDNS)供应商意识到这点并提供了自动重定向让访问你主机的web客户通过一个不同的TCP端口.尽管这样也工作的很好,但是还是不方便.看起来很诱人的虚拟主机服务却要增加每月$10的费用,并且很多搜索引擎都不索引重定向的页面.<br>


Used when you get a changing dynamic Internet IP addresses via DHCP from your ISP. You will have to use the services of a third-party DNS provider to provide DNS information for your my-site.com domain.
== <br>为你的web站点测试ISP(互联网供应商)的连通性<br>  ==


This chapter will explain the details of dynamic DNS configuration.  
第一件事就是你要知道你的ISP是用DSL还是cable modem,最简单的方法就是打电话问,但是有时候答案是yes但是他们却说no.这时你就要自己做些测试.<br><br>


==简介==<br>在大多数家庭网络环境,通过DSL或者Cable Modem连接网络的主机IP地址都是通过DHCP获得并随时间经常改变,这会给DNS服务(区域文件)带来问题。第18章“配置DNS”一节假定服务器地址是固定不变的。因此,产生了两大类DNS:
=== 设置 ===
 
“静态DNS”<br>当ISP为您提供固定不变的静态IP地址时,你的DNS服务器作为您的站点域认证信息源。你可以把静态DNS看作是DNS的“传统”或“常规”模式。
 
“动态DNS”<br>当你通过DHCP从您的ISP处获得动态IP地址时,你就不得不使用第三方DNS提供商来为您的站点域提供DNS信息服务。<br>本章将详细讲解动态DNS的配置过程。<br>[编辑] Dynamic DNS Preparation
 
Unlike DSL, most cable modem providers may not allow you to host sites at home by blocking inbound HTTP (TCP port 80) and SMTP mail (TCP port 25) while allowing most other TCP traffic through. Many DDNS providers are aware of this and provide a redirect service to bypass the problem. Under the system, Web queries first hit their servers on the regular TCP ports and then these servers automatically redirect the Web clients to use the IP address of your server on a different TCP port. Although this works well, it has disadvantages. The cost of the service can make hosting with a $10 /month virtual hosting service look very attractive, and many search engines do not index redirected pages.<br>[编辑] Testing ISP Connectivity For Your Website
 
The very first thing you need to do is to determine whether your ISP allows inbound connections on your DSL or cable modem line. The easiest way to do this is to phone them and ask, but in some cases they'll say no when in fact the answer is yes. Here is how you can test it out for yourself.<br>[编辑] Setup
 
You need to do some basic setup tests before testing can begin.
 
1. Configure and start Apache on your Linux web server as described in Chapter 20, "The Apache Web Server."<br> 2. Connect your Linux server directly to your cable or DSL modem, and configure the Ethernet NIC for DHCP as described in Chapter 3, "Linux Networking.".<br> 3. Make sure you can ping your default gateway.<br> 4. Use the ipconfig command to determine the new IP address of your Web server. (This command is explained Chapter 3 also.).<br> 5. From the Linux Web server itself, try to TELNET to this IP address on port 80 as explained in Chapter 4, "Simple Network Troubleshooting."
 
If you can, then you most likely have Apache configured correctly
 
设置  


在测试开始之前你需要做一些基本调试.  
在测试开始之前你需要做一些基本调试.  
第49行: 第33行:
3.确认你可以ping到你的默认网关.  
3.确认你可以ping到你的默认网关.  


4.使用ip设置命令去设置你的web服务器的新的ip地址.(命令用法可以参考底3章).  
4.使用ipconfig命令去设置你的web服务器的新的ip地址.(命令用法可以参考第3章).  


5.在你的Linux web服务器上,尝试TELNET到新设置的ip地址,端口用80.参考第4章 ch4--"simple Network Trobleshooting".  
5.在你的Linux web服务器上,尝试TELNET到新设置的ip地址,端口用80.参考第4章 ch4--"simple Network Trobleshooting".  


如果你能完成这几步,说明你有很大的希望去正确配置Apache<br>[编辑] Testing From The Internet
如果你完成了这几步,那么你的Apache差不多就配置好了。<br>
 
You may be able to see web pages from the web server itself. Ask a friend somewhere else on the Internet to try to telnet to this IP address on port 80.
 
If port 80 works, then ask the friend to point a Web browser to the IP address and see whether a valid Web page appears. If your Linux server will eventually be placed behind a firewall, then adjust your network topology accordingly and test port 80 port forwarding to your Web server.


If the TELNET to port 80 fails, your ISP probably doesn't allow HTTP access to its networks. Configure your Web server to run on a different TCP port, preferably above 1024. The Apache httpd.conf file uses the listen directive to do this. Change it to your new value and restart httpd.
=== 从互联网测试  ===


#httpd.conf listen directive, change "80" to some other value.
这时你应该可以看到页面在你自己的网站上.请朋友在其他地方尝试去telnet(用80端口)你网站的ip地址.  


Listen 80  
&nbsp;如果80端口工作正常,再让朋友用浏览器连接你的网站看是否能看到页面.如果你的Linux服务器是在防火墙后面,那你要适当调整下你的网络结构,并且配置80端口指向你的服务器.<br>&nbsp;如果TELNET到80端口失败,很可能是的ISP不允许HTTP处理.设置你的web站点使用不同的TCP端口,尽量在1024以上.Apache 的httpd.conf文件可以管理这个.改变它为你要的数值,然后重启httpd.
<pre>#httpd.conf listen directive, 改变 "80"为其他值
Listen 80
</pre>
&nbsp;再用telnet测试这个新设置的端口.如果工作,再尝试浏览器测试.如果测试的端口是1234,要使用下面的连接:<br>
<pre>http://server-ip-address:1234</pre>
注意:如果你在运行iptable, 记住调整规则去匹配新端口,或者在测试期间停止ipstable.如果你能用非标准端口连接到页面,然后你记下来给你的DDNS供应商做重定向.


Test again with telnet on this new port. If it works, try the web browser test too. If the test port is 1234, then use the following URL:
=== 测试端口转发  ===


http://server-ip-address:1234
如果你的Linux 服务器是在防火墙的后面,应该适当调整你的网络结构,让Apache运行在端口80,然后从互联网测试端口转发,从非标准


Note: If you are running iptables, remember to adjust the rules to match this new port, or stop iptables temporarily while doing this testing.  
端口到80端口.curl-疑难排解工具的一个特点是他允许你下载页面的HTML的代码到你屏幕上.你应该靠你web服务器的日志能确定你的路由器或者防火墙的外部地址以及curl的命令发出请求到DynDNS.org的ip信息服务器.在这个情况里你只需要关于的ip的资料,用grep命令就可以得到这个部分.在这个范例中,ip地址是24.4.97.110.
<pre>[root@bigboy tmp]# curl -s http://checkip.dyndns.org/ | grep -i address
Current IP Address: 24.4.97.110[root@bigboy tmp]#
</pre>
== <br>注册DDNS  ==


If you can get a connection with correctly displayed pages on a non standard port then you can additionally sign up for a redirect service with your DDNS provider as explained earlier.<br>[编辑] Test Port Forwarding
一旦你已经决定去做DDNS,你需要选择动态DNS服务类型.  


If your Linux server will eventually be placed behind a firewall, then adjust your network topology accordingly. Let Apache run on port 80, and test port forwarding from the nonstandard port to port 80 on your Web server from the Internet.  
*免费动态DNS :你的网站名称将是一个DDNS提供网域的子网域.例如,如果DDNS供应商的网域是isp.net,那么你的网站将成为my-site.my-isp.net.你可以执行所有必要的步骤在你的DDNS服务提供商网站。请记住,如果公司要建立自己的企业形象,这类型的服务可能不合适.另一个不利之处是,你必须依赖DDNS供应商能提供服务否则你可能会失去你的网域.当你有了自己的域名,你会担心消失,因为你完全在DNS注册和续期的控制中.


One of the features of the curl troubleshooting utility is that it allows you download a Web page's HTML code to your screen without interpreting it. You can determine the external IP address of your router or firewall by logging onto your Linux Web server and issuing the curl command to query the DynDNS.org IP information server. In this case, you are interested in only the line that tells you what the server thinks your IP address is; use the grep command to extract just that part. In this example, the IP address is 24.4.97.110.  
*付费的定制DNS :你可以注册你选择的域名.


[root@bigboy tmp]# curl -s http://checkip.dyndns.org/ | grep -i address<br>Current IP Address: 24.4.97.110[root@bigboy tmp]#
如果你选择要创建你自己的域名,并使用支付DDNS服务,然后你需要按照下列步骤进行:


<br>[编辑] Registering DDNS
1. 在VeriSign和registerfree等公司登记你的网域(如my-site.com).<br>2. 到DDNS供应商创建一个帐户和注册你的网站(有时也称为主机),它是你的网域一部分(如www.my-site.com和mail.my-site.com).你的DDNS注册过程中会提供用户名和密码,你需要使用这些去设定DDNS客户端。<br>3. 更新你的网域信息给你的主DNS登记方(VeriSign和registerfree),告诉他们可以直接查询*.my-site.com到DDNS供应商的DNS名称服务器.<br>4. 安装DDNS客户端到你的网络服务器,运行,如果侦测到的ip地址的变化,它会更新DDNS供应商的DNS服务器和目前DHCP的IP地址.


Once you have decided to go ahead with DDNS you'll need to choose between the broad categories of Dynamic DNS service.  
注意:和使用静态IP和周期的DNS服务相比,你应该对你的家庭网站有思想准备:会比较慢.


*Free Dynamic DNS: Your website name will be a sub domain of the DDNS provider's domain. For example if the DDNS provider's domain is isp.net, then your site will become my-site.my-isp.net. You can perform all the necessary steps on your DDNS service provider's Web site. Remember that this type of service may be undesirable for a company that wants to establish its own corporate identity. Another disadvantage is that you must rely on your DDNS provider staying in business or else you may lose your domain. When you own your own domain this worry largely goes away as you are fully in control of the DNS registration and renewal process.
== 安装DDNS客户端到你的服务器  ==


Another disadvantage is that you must rely on your DDNS provider staying in business or else you may lose your domain. When you own your own domain this worry largely goes away as you are fully in control of the DNS registration and renewal process.  
所有的DDNS服务供应商需要在你的web服务器上有个DDNS的客户端,定期升级ip地址信息给你供应商DDNS的记录.用的最多的软件是DDclient,它是RPM格式.<br>


*Paid Customized DNS: You can register the domain name of your choice and still host your website on a DHCP line.
= 动态DNS 和NAT 路由器/防火墙  =


If you choose to create your own domain and use a paid DDNS service then you'll need to follow these steps:
在第2章讨论中 "Introduction to Networking,"为了节约有限的IP地址的数量,供互联网使用目的,大多数家用路由器/防火墙使用网络地址转换(NAT)去映射一个单节点,公开的, DHCP获得的IP地址到你网络中的私有IP地址.


1. Register your domains (such as my-site.com) with such companies as Verisign and RegisterFree.<br> 2. Create an account with the DDNS provider and register your websites (sometimes called hosts) as part of your domain (as in www.my-site.com and mail.my-site.com) with them. Your DDNS registration process will provide you with a username and password which you'll need to use when configuring your DDNS client.<br> 3. Update your domain information with your main DNS registrar (Verisign and RegisterFree) to tell them to direct queries to *.my-site.com to the DNS name servers of the DDNS provider.<br> 4. Install a DDNS client on your web servers that continuously runs, only updating the DDNS provider's DNS servers with the most current DHCP IP address of the site whenever it detects a change.  
NAT运作会欺骗一些DDNS客户端软件.在这些情况下,这些软件只报告Linux box的NIC接口的真实IP地址.如果Linux box 是被保护在NAT路由器/防火墙后面,然后NIC会报告给DDNS的供应商一个私有的IP地址,这个是不可以直接通过互联网的.该报告的值是无效的.  


Note: You should also be prepared for slower response times for your home-based site than if you were using a static IP and a regular DNS service.<br>[编辑] Install a DDNS Client On Your Server
一些DDNS供应商使用更智能的客户,如ddclient ,可配置让DDNS提供商从数据流中纪录公用IP地址.一旦这样做,您必须还要配置您的路由器/防火墙做端口转发,使所有以该路由器/防火墙IP地址为目的地的HTTP流量,通过NAT和转发给您家庭网络中的一个服务器。如果您的防火墙是基于Linux的,在第14章有范例,"Linux Firewalls Using iptables," 会有所帮助。许多基于Web的小型办公室/家庭办公室(SOHO)防火墙有很容易的界面配置端口转发,请参阅您的硬件制造商的手册有关如何执行此操作.<br>


All DDNS service providers require that you use a DDNS client on your web server that will periodically update the IP address information in your provider's DDNS record. The very popular one DDclient, for example, now comes in a RPM format.<br>[编辑] Dynamic DNS And NAT Router/Firewalls
= DDNS客户端软件- SOHO 路由器/防火墙  =


As discussed in Chapter 2, "Introduction to Networking," to conserve the limited number of IP addresses available for Internet purposes, most home router/firewalls use network address translation (NAT) to map a single, public, DHCP-obtained IP address to the many private IP addresses within your network.  
大部分较新的 SOHO路由器都已经内建一个或多个动态DNS供应商列表.DDNS的页面配置菜单通常有服务供应商名,用户名和密码.有了这个.你的服务器就不用另外安装软件了.<br><br>


NAT can fool the operation of some DDNS client software. In these cases, the software can report only the true IP address of the Linux box's NIC interface. If the Linux box is being protected behind a NAT router/firewall, then the NIC reports in its data stream to the DDNS provider a private IP address that no one can reach directly via the Internet. The reported value is therefore invalid.
= DDNS客户端软件- Linux DDclient  =


Some DDNS providers use more intelligent clients, such as DDclient, that can be configured to let the DDNS provider record the public IP address from which the data stream is originating. Once this is done, you'll have to also configure your router/firewall to do port forwarding to make all HTTP traffic destined for the IP address of the router/firewall to be exclusively address translated using NAT and forwarded to a single server on your home network. If your firewall is Linux based, then the examples in Chapter 14, "Linux Firewalls Using iptables," will be helpful. Many Web-based small office/home office (SOHO) firewalls have easy interfaces to configure port forwarding, please refer to your manufacturer's manual on how to do this<br>[编辑] DDNS Client Software - SOHO Router / Firewalls
还有一个常用的客户端是DDclient,它可以克服NAT的局限性,可有效的确定最新的ip地址信息。类似RedHat和Fedora 这些Linux软件,DDclient也是RPM的格式.(如果你需要新版本的RPMs.参考第六章ch6--"install Linux Software")你也可以从DDNS供应商那里下载,或者在rpmfind.net上面查找.RPM的文件名通常是ddclient加版本号,比如: ddclient-3.6.3-1.noarch.rpm.<br><br>  


Most new SOHO router/firewalls have built in dynamic DNS clients for one or more of the major DDNS service providers. There is usually a Dynamic DNS web menu which will prompt for the name of the service provider and your DDNS username and password. With this support, there is no need to install software on your web server.<br>[编辑] DDNS Client Software - Linux DDclient
== &nbsp; /etc/ddclient.conf 文件  ==


One of the most commonly used clients is DDclient, which can overcome the NAT limitations of DDNS by actually logging into your SOHO firewall to determine the latest IP address information. Like most RedHat and Fedora Linux software products, DDclient is available in the RPM format. (If you need a refresher on RPMs, consult Chapter 6, "Installing Linux Software.") You can usually download the software from your DDNS provider, or you can find it at rpmfind.net. The RPM name usually starts with ddclient followed by a version number, as in ddclient-3.6.3-1.noarch.rpm.<br>[编辑] The /etc/ddclient.conf file
ddclient.conf文件通常安装完全解释,并为最常用的DDNS供应商提供了配置的例子.  


The ddclient.conf file is usually installed completely commented out, but provides many configuration examples for the most popular DDNS providers.
最重要的基本参数设定如下:


The most important general parameters to configure are:
*Username:你的DDNS帐户的登录名称<br> *Password:DDNS帐户的密码<br> *Use:检定IP地址给DDNS服务器的方式


*Username: Your DDNS account's login name<br> * Password: Your DDNS account's password<br> * Use: The method used to determine the IP address to advertise to the DDNS server
一些重要的DDNS供应商的参数


Some important DDNS provider parameters are
*Server 服务器:DDNS供应商的主要DNS服务器名称<br> *Protocol 协议:DDNS客户端与ddns服务器沟通的方式<br> *Your domain你的网域:你的Web服务器属于的域


*Server: The name of the DDNS provider's main DNS server<br> * Protocol: The methodology the DDNS client should use to communicate with the DDNS server<br> * Your domain: The domain to which your web server will belong
你可以使用ddclient命令,以确定在ddclient.conf文件中要使用的最佳参数.在这个例子中,只有use=web选项提供了有效的Internet IP地址,并应被视为第一选择:  
<pre>[root@bigboy tmp]# ddclient -daemon=0 -query
use=if, if=lo address is 127.0.0.1
use=if, if=wlan0 address is 192.168.1.100
use=web, web=dyndns address is 97.158.253.26
[root@bigboy tmp]#
</pre>  
举一个配置列子。这个例子指定了一个用户名为my-account-login-name和密码是my-account-password,使用dyndns DDNS服务提供商的设置,要跟踪的网站命名为mysite-example.dnsalias.com 。


You can use the ddclient command to determine the best use parameter to use in the ddclient.conf file. In this example, only the use=web option gives a valid Internet IP address and should be considered as a first option:
一般参数段


[root@bigboy tmp]# ddclient -daemon=0 -query<br>use=if, if=lo address is 127.0.0.1<br>use=if, if=wlan0 address is 192.168.1.100<br>use=web, web=dyndns address is 97.158.253.26<br>[root@bigboy tmp]#
login=my-account-login-name<br> password=my-account-password


Take a look at a sample configuration. This example specifies a username of my-account-login-name and a password of my-account-password using the dyndns DDNS service provider's settings to track the Web site named mysite-example.dnsalias.com.
DDNS供应商参数段
 
#General Parameter Section
 
login=my-account-login-name<br>password=my-account-password
 
#DDNS Provider Parameters Section


server=members.dyndns.org, \<br>protocol=dyndns2 \<br>mysite-example.dnsalias.com  
server=members.dyndns.org, \<br>protocol=dyndns2 \<br>mysite-example.dnsalias.com  


You can add one of the following use lines to the General Parameter Section near the top of the file to define the method that will be used to determine the correct IP address:
您可以添加下列其中一种在一般参数段的上方,以设置确定IP地址的方法:


*Query A Well Known Internet Server: The web method queries two well known servers run by DynDNS.org and DNSpark to determine the public Internet IP address of the web server running the DDclient software. This method is the simplest as it requires no further information and handles NAT correctly.
*查询一个众所周知的互联网服务器: Web方法的是发送查询到二个服务器dyndns.org和dnspark,以确定公共互联网IP地址.这种方法是最简单,因为它要求没有进一步的消息.但是会受到NAT的限制.


use=web  
use=web<br>


*Use The IP Address Of A Specific Server NIC&nbsp;: You can also use this option which will query the IP address of the DDclient web server's NIC interface of your choice. This is probably most valuable for servers connected directly to the Internet, and not via NAT
*使用精确的服务器IP地址:您也可以使用这个选项,ddclient Web服务器的网卡接口的ip地址.如果服务器直接连接到互联网,而不是通过的NAT的话,这个选项很有用


use=if, if=eth0  
use=if, if=eth0  


*Login To Your SOHO Firewall For Information: The ddclient.conf file has a list of use statements for various vendor's firewalls. If your model isn't listed, you can create your own parameters as outlined in the ddclient README file. This option is good for NAT environments where the "use=web" option isn't considered a good alternative.
*登录到你的SOHO防火墙取得信息: ddclient.conf文件有一个各种防火墙供应商的清单.如果您的型号没有列出,您可以创建自己的参数在ddclient README 文件.这是的很好的方案,解决NAT环境下的问题.
 
After editing your configuration file you'll have to start ddclient as shown in the next section.<br>[编辑] How to Get DDclient Started
 
You can configure DDclient to start at boot time using the chkconfig command:
 
[root@bigboy tmp]# chkconfig ddclient on
 
You can start, stop, and restart DDclient after boot time using the DDclient initialization script as in:
 
[root@bigboy tmp]# service ddclient start<br>[root@bigboy tmp]# service ddclient stop<br>[root@bigboy tmp]# service ddclient restart
 
Remember to restart the ddclient process every time you make a change to the ddclient.conf file for the changes to take effect on the running process.
 
You can test whether the ddclient process is running with the pgrep command, you should get a response of plain old process ID numbers:
 
[root@bigboy tmp]# pgrep ddclient
 
[编辑] Finding DDclient Help
 
The DDclient read-me and ddclient.conf files are good sources of information for doing custom configurations and troubleshooting. You can find the read-me file by using DDclient RPMs or the locate command.
 
Use the rpm command to get a list of installed DDclient files, one of which is the read-me file


[root@bigboy tmp]# rpm -ql ddclient<br>...<br>/usr/doc/ddclient-3.6.3/README<br>...<br>[root@bigboy tmp]#
修改完成配置文件后,必须重新启动ddclient.


Alternately, you can use the locate command to find all the DDclient files:
== 怎样设置 DDclient 启动  ==


[root@bigboy tmp]# locate ddclient | grep READ<br>/usr/doc/ddclient-3.6.3/README<br>/usr/doc/ddclient-3.6.3/README.cisco<br>[root@bigboy tmp]#  
你可以在boot的时候用chkconfig命令配置 DDclient启动:
<pre>[root@bigboy tmp]# chkconfig ddclient on
</pre>  
你能够在boot后用下面的参数启动,停止,重启DDclient:
<pre>[root@bigboy tmp]# service ddclient start
[root@bigboy tmp]# service ddclient stop
[root@bigboy tmp]# service ddclient restart
</pre>
记住,每次在你更改了ddclient.conf文件之后要重启ddclient进程,这样才会取得效果.


If the command doesn't work, try updating your locate database with the locate -u command followed by the locate ddclient command once more:
你可以在任何时候测试,使用pgrep的命令,取得简洁的进程ID<br>
<pre>[root@bigboy tmp]# pgrep ddclient
</pre>
== 查找 DDclient 帮助  ==


[root@bigboy tmp]# locate -u
&nbsp;DDclient 的read-me文件和 ddclient.conf 文件是定制配置和问题解决的一种很好的资源.你可以使用 DDclient RPMs 或者 locate 命令行查找read-me文件.


[编辑] Testing Your Dynamic DNS
使用 rpm 命令得到 DDclient 文件列表:
<pre>[root@bigboy tmp]# rpm -ql ddclient
...
/usr/doc/ddclient-3.6.3/README
...
[root@bigboy tmp]#
</pre>
也可以替代使用 locate 命令去查找 DDclient 文件:
<pre>[root@bigboy tmp]# locate ddclient | grep READ
/usr/doc/ddclient-3.6.3/README
/usr/doc/ddclient-3.6.3/README.cisco
[root@bigboy tmp]#
</pre>
如果命令不起作用,尝试升级你的locate数据库,使用locate -u 命令:
<pre>[root@bigboy tmp]# locate -u </pre>
<br>


You can test your dynamic DNS by:
= 测试你的动态DNS  =


*Looking at the status page of your DNS provider and making sure the IP address that matches your www site is the same as your router/firewall's public IP address.<br> * Using the "host www.my-site.com" command from your Linux command prompt to determine whether you are getting a valid response. If you failed to add your host record, you will get an error message like:
你可以通过以下方式测试你的动态DNS:
 
[root@bigboy tmp]# host www.my-site.com
 
Server: 127.0.0.1<br>Address: 127.0.0.1#53


*查询你DNS供应商的状态页面,确认匹配你站点的ip地址和你的路由器/防火墙的公网ip地址一样.<br> * 在Linux命令提示符下使用 "host www.my-site.com" 命令去确认能不能得到反应.如果失败,你可以看到下面的错误信息:
<pre>[root@bigboy tmp]# host www.my-site.com
Server: 127.0.0.1Address: 127.0.0.1#53
**server can't find www.my-site.com: NXDOMAIN
**server can't find www.my-site.com: NXDOMAIN
</pre>
这个错误信息是因为你的域名没有在互联网上传递.你可强制NS直接到域名服务器以确认所有的事情是对的.下面的列子就是查询miniDNS域名服务器 ns1.minidns.net:
<pre>[root@bigboy tmp]# host www.my-site.com ns1.minidns.net
www.my-site.com has address 97.158.253.26
[root@bigboy tmp]#
</pre>


This error could be because your domain hasn't propagated fully throughout the Internet. You can test to make sure everything is okay by forcing NS lookup to query the name servers directly. The example below queries the miniDNS name server ns1.minidns.net:
= 结尾<br> =
 
[root@bigboy tmp]# host www.my-site.com ns1.minidns.net<br>www.my-site.com has address 97.158.253.26<br>[root@bigboy tmp]#
 
[编辑] Conclusion


Always remember that dynamic DNS works, but it is frequently unreliable as residential class broadband data circuits are not monitored, maintained, or managed as closely as business class lines. It is a good starting place to help you become familiar with Web hosting, but as your Web site becomes busier and more financially important to you, you may need to consider a regular data center far away from spilt coffee and the washing machine that always trips the circuit breakers.
记住动态DNS工作方式,但它通常是不可靠的,像住宅级宽带数据线路一样,没有监管,维护或管理,而商务线路会更好。但是这是一个很好的起点,可以帮助您熟悉web托管服务,如果您的网站变得繁忙和有更重要的财务数据,你应该考虑数据中心(IDC),可以远离咖啡和洗衣机,人为断电.
[[Category:服务器]]
[[Category:Quick_HOWTO]]

2010年7月23日 (五) 20:26的最新版本


{{#ifexist: :Quick HOWTO : Ch19 : Dynamic DNS/zh/zh | | {{#ifexist: Quick HOWTO : Ch19 : Dynamic DNS/zh/zh | | {{#ifeq: {{#titleparts:Quick HOWTO : Ch19 : Dynamic DNS/zh|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Quick HOWTO : Ch19 : Dynamic DNS/zh|1|-1|}} | zh | | }}

简介


在大多数家庭网络环境,通过DSL或者Cable Modem连接网络的主机IP地址都是通过DHCP获得并随时间经常改变,这会给DNS解析带来问题.第18章"comfigurition DNS"一节中假定的服务器地址是固定不变的。因此,产生了两大类DNS:

 "静态DNS"
当ISP为你提供固定不变的静态IP地址时,你的DNS服务器作为你的站点认证信息源。你可以把静态DNS看作是DNS的"传统"或"常规"模式。

 "动态DNS"
当你通过DHCP从您的ISP处获得动态互联网IP地址时,你就不得不使用第三方DNS提供商来为你的站点提供DNS信息服务。
本章将详细讲解动态DNS的配置过程。

准备动态DNS

和DSL不同的是,大多数的cable modem供应商(类似有线宽频)不允许你在家开办主机站点,他们阻止入站的HTTP(TCP 端口80)和SMTP 邮件(TCP端口25)而允许其他的TCP通讯.许多动态DNS(DDNS)供应商意识到这点并提供了自动重定向让访问你主机的web客户通过一个不同的TCP端口.尽管这样也工作的很好,但是还是不方便.看起来很诱人的虚拟主机服务却要增加每月$10的费用,并且很多搜索引擎都不索引重定向的页面.


为你的web站点测试ISP(互联网供应商)的连通性

第一件事就是你要知道你的ISP是用DSL还是cable modem,最简单的方法就是打电话问,但是有时候答案是yes但是他们却说no.这时你就要自己做些测试.

设置

在测试开始之前你需要做一些基本调试.

1.在你的Linux web 服务器上配置并且启动Apache,参考第20章 ch20--"The Apache Web Server".

2.直接连接你的linux服务器到cable或者DSL的调制解调器,配置以太网卡的DHCP参数,参考第3章 ch3--"Linux Networking".

3.确认你可以ping到你的默认网关.

4.使用ipconfig命令去设置你的web服务器的新的ip地址.(命令用法可以参考第3章).

5.在你的Linux web服务器上,尝试TELNET到新设置的ip地址,端口用80.参考第4章 ch4--"simple Network Trobleshooting".

如果你完成了这几步,那么你的Apache差不多就配置好了。

从互联网测试

这时你应该可以看到页面在你自己的网站上.请朋友在其他地方尝试去telnet(用80端口)你网站的ip地址.

 如果80端口工作正常,再让朋友用浏览器连接你的网站看是否能看到页面.如果你的Linux服务器是在防火墙后面,那你要适当调整下你的网络结构,并且配置80端口指向你的服务器.
 如果TELNET到80端口失败,很可能是的ISP不允许HTTP处理.设置你的web站点使用不同的TCP端口,尽量在1024以上.Apache 的httpd.conf文件可以管理这个.改变它为你要的数值,然后重启httpd.

#httpd.conf listen directive, 改变 "80"为其他值
Listen 80

 再用telnet测试这个新设置的端口.如果工作,再尝试浏览器测试.如果测试的端口是1234,要使用下面的连接:

http://server-ip-address:1234

注意:如果你在运行iptable, 记住调整规则去匹配新端口,或者在测试期间停止ipstable.如果你能用非标准端口连接到页面,然后你记下来给你的DDNS供应商做重定向.

测试端口转发

如果你的Linux 服务器是在防火墙的后面,应该适当调整你的网络结构,让Apache运行在端口80,然后从互联网测试端口转发,从非标准

端口到80端口.curl-疑难排解工具的一个特点是他允许你下载页面的HTML的代码到你屏幕上.你应该靠你web服务器的日志能确定你的路由器或者防火墙的外部地址以及curl的命令发出请求到DynDNS.org的ip信息服务器.在这个情况里你只需要关于的ip的资料,用grep命令就可以得到这个部分.在这个范例中,ip地址是24.4.97.110.

[root@bigboy tmp]# curl -s http://checkip.dyndns.org/ | grep -i address
Current IP Address: 24.4.97.110[root@bigboy tmp]# 


注册DDNS

一旦你已经决定去做DDNS,你需要选择动态DNS服务类型.

  • 免费动态DNS :你的网站名称将是一个DDNS提供网域的子网域.例如,如果DDNS供应商的网域是isp.net,那么你的网站将成为my-site.my-isp.net.你可以执行所有必要的步骤在你的DDNS服务提供商网站。请记住,如果公司要建立自己的企业形象,这类型的服务可能不合适.另一个不利之处是,你必须依赖DDNS供应商能提供服务否则你可能会失去你的网域.当你有了自己的域名,你会担心消失,因为你完全在DNS注册和续期的控制中.
  • 付费的定制DNS :你可以注册你选择的域名.

如果你选择要创建你自己的域名,并使用支付DDNS服务,然后你需要按照下列步骤进行:

1. 在VeriSign和registerfree等公司登记你的网域(如my-site.com).
2. 到DDNS供应商创建一个帐户和注册你的网站(有时也称为主机),它是你的网域一部分(如www.my-site.com和mail.my-site.com).你的DDNS注册过程中会提供用户名和密码,你需要使用这些去设定DDNS客户端。
3. 更新你的网域信息给你的主DNS登记方(VeriSign和registerfree),告诉他们可以直接查询*.my-site.com到DDNS供应商的DNS名称服务器.
4. 安装DDNS客户端到你的网络服务器,运行,如果侦测到的ip地址的变化,它会更新DDNS供应商的DNS服务器和目前DHCP的IP地址.

注意:和使用静态IP和周期的DNS服务相比,你应该对你的家庭网站有思想准备:会比较慢.

安装DDNS客户端到你的服务器

所有的DDNS服务供应商需要在你的web服务器上有个DDNS的客户端,定期升级ip地址信息给你供应商DDNS的记录.用的最多的软件是DDclient,它是RPM格式.

动态DNS 和NAT 路由器/防火墙

在第2章讨论中 "Introduction to Networking,"为了节约有限的IP地址的数量,供互联网使用目的,大多数家用路由器/防火墙使用网络地址转换(NAT)去映射一个单节点,公开的, DHCP获得的IP地址到你网络中的私有IP地址.

NAT运作会欺骗一些DDNS客户端软件.在这些情况下,这些软件只报告Linux box的NIC接口的真实IP地址.如果Linux box 是被保护在NAT路由器/防火墙后面,然后NIC会报告给DDNS的供应商一个私有的IP地址,这个是不可以直接通过互联网的.该报告的值是无效的.

一些DDNS供应商使用更智能的客户,如ddclient ,可配置让DDNS提供商从数据流中纪录公用IP地址.一旦这样做,您必须还要配置您的路由器/防火墙做端口转发,使所有以该路由器/防火墙IP地址为目的地的HTTP流量,通过NAT和转发给您家庭网络中的一个服务器。如果您的防火墙是基于Linux的,在第14章有范例,"Linux Firewalls Using iptables," 会有所帮助。许多基于Web的小型办公室/家庭办公室(SOHO)防火墙有很容易的界面配置端口转发,请参阅您的硬件制造商的手册有关如何执行此操作.

DDNS客户端软件- SOHO 路由器/防火墙

大部分较新的 SOHO路由器都已经内建一个或多个动态DNS供应商列表.DDNS的页面配置菜单通常有服务供应商名,用户名和密码.有了这个.你的服务器就不用另外安装软件了.

DDNS客户端软件- Linux DDclient

还有一个常用的客户端是DDclient,它可以克服NAT的局限性,可有效的确定最新的ip地址信息。类似RedHat和Fedora 这些Linux软件,DDclient也是RPM的格式.(如果你需要新版本的RPMs.参考第六章ch6--"install Linux Software")你也可以从DDNS供应商那里下载,或者在rpmfind.net上面查找.RPM的文件名通常是ddclient加版本号,比如: ddclient-3.6.3-1.noarch.rpm.

  /etc/ddclient.conf 文件

ddclient.conf文件通常安装完全解释,并为最常用的DDNS供应商提供了配置的例子.

最重要的基本参数设定如下:

  • Username:你的DDNS帐户的登录名称
    *Password:DDNS帐户的密码
    *Use:检定IP地址给DDNS服务器的方式

一些重要的DDNS供应商的参数

  • Server 服务器:DDNS供应商的主要DNS服务器名称
    *Protocol 协议:DDNS客户端与ddns服务器沟通的方式
    *Your domain你的网域:你的Web服务器属于的域

你可以使用ddclient命令,以确定在ddclient.conf文件中要使用的最佳参数.在这个例子中,只有use=web选项提供了有效的Internet IP地址,并应被视为第一选择:

[root@bigboy tmp]# ddclient -daemon=0 -query
use=if, if=lo address is 127.0.0.1
use=if, if=wlan0 address is 192.168.1.100
use=web, web=dyndns address is 97.158.253.26
[root@bigboy tmp]# 

举一个配置列子。这个例子指定了一个用户名为my-account-login-name和密码是my-account-password,使用dyndns DDNS服务提供商的设置,要跟踪的网站命名为mysite-example.dnsalias.com 。

一般参数段

login=my-account-login-name
password=my-account-password

DDNS供应商参数段

server=members.dyndns.org, \
protocol=dyndns2 \
mysite-example.dnsalias.com

您可以添加下列其中一种在一般参数段的上方,以设置确定IP地址的方法:

  • 查询一个众所周知的互联网服务器: Web方法的是发送查询到二个服务器dyndns.org和dnspark,以确定公共互联网IP地址.这种方法是最简单,因为它要求没有进一步的消息.但是会受到NAT的限制.

use=web

  • 使用精确的服务器IP地址:您也可以使用这个选项,ddclient Web服务器的网卡接口的ip地址.如果服务器直接连接到互联网,而不是通过的NAT的话,这个选项很有用

use=if, if=eth0

  • 登录到你的SOHO防火墙取得信息: ddclient.conf文件有一个各种防火墙供应商的清单.如果您的型号没有列出,您可以创建自己的参数在ddclient README 文件.这是的很好的方案,解决NAT环境下的问题.

修改完成配置文件后,必须重新启动ddclient.

怎样设置 DDclient 启动

你可以在boot的时候用chkconfig命令配置 DDclient启动:

[root@bigboy tmp]# chkconfig ddclient on 

你能够在boot后用下面的参数启动,停止,重启DDclient:

[root@bigboy tmp]# service ddclient start
[root@bigboy tmp]# service ddclient stop
[root@bigboy tmp]# service ddclient restart 

记住,每次在你更改了ddclient.conf文件之后要重启ddclient进程,这样才会取得效果.

你可以在任何时候测试,使用pgrep的命令,取得简洁的进程ID

[root@bigboy tmp]# pgrep ddclient

查找 DDclient 帮助

 DDclient 的read-me文件和 ddclient.conf 文件是定制配置和问题解决的一种很好的资源.你可以使用 DDclient RPMs 或者 locate 命令行查找read-me文件.

使用 rpm 命令得到 DDclient 文件列表:

[root@bigboy tmp]# rpm -ql ddclient
...
/usr/doc/ddclient-3.6.3/README
...
[root@bigboy tmp]# 

也可以替代使用 locate 命令去查找 DDclient 文件:

[root@bigboy tmp]# locate ddclient | grep READ
/usr/doc/ddclient-3.6.3/README
/usr/doc/ddclient-3.6.3/README.cisco
[root@bigboy tmp]# 

如果命令不起作用,尝试升级你的locate数据库,使用locate -u 命令:

[root@bigboy tmp]# locate -u 


测试你的动态DNS

你可以通过以下方式测试你的动态DNS:

  • 查询你DNS供应商的状态页面,确认匹配你站点的ip地址和你的路由器/防火墙的公网ip地址一样.
    * 在Linux命令提示符下使用 "host www.my-site.com" 命令去确认能不能得到反应.如果失败,你可以看到下面的错误信息:
[root@bigboy tmp]# host www.my-site.com
Server: 127.0.0.1Address: 127.0.0.1#53
**server can't find www.my-site.com: NXDOMAIN

这个错误信息是因为你的域名没有在互联网上传递.你可强制NS直接到域名服务器以确认所有的事情是对的.下面的列子就是查询miniDNS域名服务器 ns1.minidns.net:

[root@bigboy tmp]# host www.my-site.com ns1.minidns.net
www.my-site.com has address 97.158.253.26
[root@bigboy tmp]# 

结尾

记住动态DNS工作方式,但它通常是不可靠的,像住宅级宽带数据线路一样,没有监管,维护或管理,而商务线路会更好。但是这是一个很好的起点,可以帮助您熟悉web托管服务,如果您的网站变得繁忙和有更重要的财务数据,你应该考虑数据中心(IDC),可以远离咖啡和洗衣机,人为断电.