首頁 » Juniper

Juniper DNS & DHCP

由 datahunter 在 四, 14/12/2023 - 11:15 發表

 

 

Set System DNS

 

root@fw# set system name-server 8.8.8.8

root@fw# set system name-server 8.8.4.4

root@fw# show system name-server

8.8.8.8;
8.8.4.4;

Checking

root@fw> show host hk.yahoo.com            # ping 以外的另一選擇

 

DNS Proxy

 

找出 NIC

show interfaces [irb.0] brief

  Logical interface irb.0
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Security: Zone: Internal
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp
    ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp
    ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin
    rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping
    ntp sip r2cp webapi-clear-text webapi-ssl
    inet  192.168.80.1/24

設定 DNS Proxy

set system services dns dns-proxy interface irb.0

set system services dns forwarders 8.8.8.8

set system services dns forwarders 1.1.1.1

commit

Checking

root@fw# show system services dns dns-proxy

interface {
    irb.0;
}

root@fw# show system services dns forwarders

8.8.8.8;
1.1.1.1;

Static Domain2IP mapping

# cache: Configure DNS proxy static cache entries

show system services dns dns-proxy cache

Restart Service

root@fw> restart named-service

 

DHCP

 

查看 DHCP 在那 NIC

root@fw# show system services dhcp-local-server

group jweb-default-group {
    interface irb.0;
}

查看 DHCP Pool 的名稱

root@fw> show configuration access

address-assignment {
    pool jweb-default-pool {
        ...
    }
}

更改 DHCP Pool 內的 dhcp-attributes (lease-time, name-server)

set access address-assignment pool jweb-default-pool family inet dhcp-attributes maximum-lease-time 7200

set access address-assignment pool jweb-default-pool family inet dhcp-attributes name-server 192.168.80.1

delete access address-assignment pool jweb-default-pool family inet dhcp-attributes name-server 192.168.10.100

Checking

root@fw# show access address-assignment

pool jweb-default-pool {
    family inet {
        ...
        dhcp-attributes {
            name-server {
                192.168.10.100;
            }
            router {
                192.168.80.1;
            }
            propagate-settings ge-0/0/0;
        }
    }
}

Check IP <-> MAC 的對應

root@fw> show dhcp server binding 78:45:58:?:?:?

root@fw> show dhcp server binding 192.168.80.131

IP address        Session Id  Hardware address   Expires     State      Interface
192.168.80.131    1169        78:45:58:?:?:?     59086       BOUND      irb.0

Client Detail Info.

user@host> show dhcp server binding 192.168.80.223 detail

Client IP Address:  192.168.80.223
     Hardware Address:             0a:f0:7d:?:?:?
     State:                        BOUND(LOCAL_SERVER_STATE_BOUND)
     Protocol-Used:                DHCP
     Lease Expires:                2023-12-15 09:22:16 GMT+8
     Lease Expires in:             83683 seconds
     Lease Start:                  2023-12-13 14:44:49 GMT+8
     Last Packet Received:         2023-12-14 09:22:16 GMT+8
     Incoming Client Interface:    irb.0:ge-0/0/1.0
     Server Identifier:            192.168.80.1
     Session Id:                   3393
     Client Pool Name:             jweb-default-pool

DHCP Static IP binding

# MAC address 獲得 IP 192.168.80.131
# jweb-default-pool 是自定義的 Pool 來

set access address-assignment pool jweb-default-pool family inet host AP1 hardware-address 78:45:58:?:?:? ip-address 192.168.80.131

# 查看 Config

show access address-assignment pool jweb-default-pool

family inet {
    ...
    host AP1 {
        hardware-address 78:45:58:?:?:?;
        ip-address 192.168.80.131;
    }
}

 

 

 

 

 

 

 

 

 

 

»
  • 瀏覽次數: 241

Creative Commons license icon Creative Commons license icon