# ite :::info address: 192.168.1.193 path: /home/swae/workspace/ITE/ python3 ite.py ::: ## installation ``` sudo apt install -y avahi-daemon avahi-utils # network-manager ``` # ags :::info address: 192.168.1.192 path: /home/swae/splite-ags/ python3 ags.py ::: * 動態主機組態協定 (DHCP) 服務 --- DHCPv4 / DHCPv6 (原則: 同一設備取得相同 IP 位址) * 域名查詢服務 (DNS) * 多播域名服務 (mDNS) * 網路校時協定服務 (NTP) --- 代理伺服器本身應使用公開校時伺服器 * 引導登錄服務(bootstrapping)。 (create self signed cert) ``` openssl req -x509 -nodes -newkey rsa:2048 -keyout iiotlab_key.pem -out iiotlab_crt.pem -days 365 -subj "/CN=localhost" cp iiotlab_crt.pem ca-bundle.pem ``` ## installation ``` sudo apt install chrony sudo apt install avahi-daemon avahi-utils sudo apt install bind9 sudo apt install chrony # sudo apt install network-manager # sudo apt install isc-dhcp-server # kea curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea/setup.deb.sh' | sudo -E bash sudo apt install kea ``` #### mDNS Server - Avahi, 便於查詢區網裝置和服務。 (OK) :::spoiler /etc/avahi/services/bootstrap.service ``` <?xml version="1.0" standalone='no'?> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="no">ags-bootstrap</name> <service> <type>_http._tcp</type> <subtype>_bootstrap._sub._http._tcp</subtype> <host-name>ags.5giotlead.com.</host-name> <port>443</port> <txt-record>PATH=/bootstrap</txt-record> </service> </service-group> ``` ::: #### DNS Server - Bind9 :::spoiler /etc/bind/named.conf.local ``` // // Do any local configuration here // zone "5giotlead.com" IN { type master; file "/etc/bind/zones/5giotlead.com.zone"; }; zone "${IPv4Rev}.in-addr.arpa" IN { type master; file "/etc/bind/zones/5giotlead.com.rzone"; }; zone "${IPv6Rev}.ip6.arpa" IN { type master; file "/etc/bind/zones/5giotlead.com.rzone"; }; // Consider adding the 1918 zones here, if they are not used in your // organization // include "/etc/bind/zones.rfc1918"; ``` ::: ::: spoiler /etc/bind/zones/5giotlead.com.zone ``` $TTL 1D @ IN SOA ns9.5giotlead.com. root. ( ${SN} 10000 2400 604800 3600 ) ; NS @ IN NS ns9.5giotlead.com. ns9 IN A ${IPv4} ns9 IN AAAA ${IPv6} ; ags, cfs subject IN A ${IPv4} subject IN AAAA ${IPv6} ; CNAME ntp IN CNAME subject ; CAA 5giotlead.com. IN CAA 0 issuewild "sectigo.com" ``` ::: ::: spoiler /etc/bind/zones/5giotlead.com.rzone ``` $TTL 1D @ IN SOA 5giotlead.com. subject.5giotlead.com. ( ${SN} 14400 7200 604800 300 ) @ IN NS ns9.5giotlead.com. @ IN PTR ns9.5giotlead.com. ns9 IN A ${IPv4} ns9 IN AAAA ${IPv6} ${IPv4Rev}.in-addr.arpa. IN PTR ns9.5giotlead.com. ${IPv6Rev}.ip6.arpa. IN PTR ns9.5giotlead.com. ``` ::: ::: spoiler kea dhcp4 conf ``` { "Dhcp4": { "interfaces-config": { "interfaces": ["ens18"] }, "authoritative": true, "lease-database": { "type": "memfile", "persist": true, "name": "/var/lib/kea/kea-leases4.csv", "lfc-interval": 3600 }, "renew-timer": 15840, "rebind-timer": 27720, "valid-lifetime": 31680, "subnet4": [ { "id":1, "subnet": "192.168.1.0/24", "pools": [ { "pool": "192.168.1.193 - 192.168.1.194" } ], "option-data": [ { "name": "routers", "data": "192.168.1.1" } ] } ] } } ``` ::: ### /etc/resolv.conf DNS Server IP = AGS IP ``` nameserver 2001:b030:20d:d101::140 search 5giotlead.com ``` ### issues - 解析時 SERVFAIL ``` swae@ags:~/workspace$ nslookup ags.5giotlead.com ;; Got SERVFAIL reply from 2001:b030:20d:d101::140 Server: 2001:b030:20d:d101::140 Address: 2001:b030:20d:d101::140#53 ** server can't find ags.5giotlead.com: SERVFAIL ```