问题描述
我已在 http://no-ip.org/ 帐户中创建了帐户和主机名,这是迄今为止我的服务器类型最常用的服务。有人可以引导我完成使用 ddclient 和 no-ip 的配置过程吗,因为我是命令行菜鸟?
最佳答案
为 No-IP 设置 ddclient
ddclient 是动态更新客户端 (DUC),可用于更新动态 DNS 条目。它定期检查当前的 IP 地址,并在检测到更改时更新 DNS 信息。以下是如何为 No-IP (noip.com/no-ip.com) 服务安装和配置它。
首先,安装 ddclient 软件包。我们稍后将手动配置它,因此只需按 Enter 键即可解决所有配置问题。
sudo apt-get install ddclient
停止 ddclient 守护程序。由于错误,sudo service ddclient stop 命令在 Ubuntu 12.04 上不起作用,因此我们使用 pkill 代替。
sudo pkill ddclient
编辑配置文件。要关闭 gedit 默认创建的备份文件(例如 /etc/ddclient.conf~ ),并且在您认为已删除它们后可能包含密码,请关闭设置\n Edit -> Preferences -> Editor -> Create a backup copy of files before saving 。
sudo gedit /etc/ddclient.conf /etc/default/ddclient
删除/etc/ddclient.conf的旧内容并粘贴到如下所示的模板中。
仔细阅读模板的注释并根据您的需要自定义文件。
使用 noip.com sub-account 可能是个好主意,即带有密码的组(此功能是 pay-service)。这样,密码仅授予更新指定主机的权限,而不能完全访问您的整个 No-IP 帐户,其中可能包括 MX 记录(获取您密码的攻击者可能会更改 MX 记录以拦截您的 e-mails)或其他服务例如 IMAP 帐户。
您可能应该设置 daemon_interval=3600 (请参阅模板注释)。
使用以下命令测试您的配置:
sudo ddclient -daemon=0 -debug -verbose -noquiet -force
您应该收到 good(IP 地址已更新)或 nochg(IP 地址已设置为该值)响应。此时收到以下警告是可以的(但在正常操作期间持续收到警告是不行的):
WARNING: updating <hostname>: nochg: No update required; unnecessary attempts to change to the current address are considered abusive
注意:No-IP 服务器上似乎正在进行一些缓存,因此如果您从服务器获得的响应不是您所期望的,那么稍等片刻可能会有所帮助。
完成配置后,启动 ddclient 守护进程:
sudo service ddclient start
每次启动计算机时,该守护程序也会自动启动。
现在,每次检测到 IP 地址更改时,都会更新 DNS 条目。
Troubleshooting
再次运行包配置:
sudo dpkg-reconfigure ddclient
删除包和配置文件:
sudo apt-get purge ddclient
守护进程控制:
sudo service ddclient status
sudo service ddclient start
sudo service ddclient stop
# The stop command above does not work on Ubuntu 12.04 due to a bug, but
# it works on 14.04. Here are alternative ways to control the daemon:
ps -A f | grep -i ddclient
sudo pkill ddclient
删除缓存以欺骗守护进程更新 DNS 条目以进行调试(在正常操作期间,仅当当前 IP 地址与缓存中存储的 IP 地址不同时,才会更新 DNS 条目):
sudo pkill ddclient
sudo rm /var/cache/ddclient/ddclient.cache
sudo service ddclient start
# See the result:
tail /var/log/syslog
# If you have set up mail=..., you should also receive an e-mail.
# The syslog and e-mail should show a "good" or "nochg" response.
通过将 DNS 条目 IP 地址设置为 1.2.3.4,然后启动守护进程,测试当 IP 地址更改时守护进程是否真正更新 DNS 条目:
sudo pkill ddclient
sudo ddclient -daemon=0 -debug -verbose -noquiet -force -use ip -ip 1.2.3.4
sleep 30 # ddclient will not perform updates less than 30 seconds apart
sudo service ddclient start
调试运行(从不/根据需要/始终更新 DNS 条目):
sudo ddclient -daemon=0 -debug -verbose -noquiet -noexec
sudo ddclient -daemon=0 -debug -verbose -noquiet
sudo ddclient -daemon=0 -debug -verbose -noquiet -force
尝试使用各种方法检测当前IP地址:
sudo ddclient -query
感兴趣的文件:
/etc/ddclient.conf
/etc/default/ddclient
/var/cache/ddclient/ddclient.cache
来自守护进程的消息将出现在此处(如果设置为这样,也将由 e-mail 发送):
/var/log/syslog
文档:
-
ddclient -help -
/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf.gz
/etc/ddclient.conf 的模板
################################################################################
# Configuration file for ddclient
################################################################################
################################################################################
# Misc. configurations
# To choose between ipup mode (for dial-on-demand) and daemon mode, please edit
# /etc/default/ddclient.
#mail=root # E-mail messages to this address
#mail-failure=root # E-mail messages about failed updates to this address
################################################################################
# How to obtain current IP address
# Methods:
# use=ip, ip=ADDRESS # Set the IP address to ADDRESS
# use=if, if=INTERFACE, if-skip=PATTERN # Obtain IP address by calling 'ifconfig INTERFACE'
# use=web, web=PROVIDER|URL, web-skip=PATTERN # Obtain IP address from IP discovery web page
# use=cmd, cmd=PROGRAM, cmd-skip=PATTERN # Obtain IP address by calling PROGRAM
# use=fw|FWMODEL, fw=ADDRESS|URL, fw-skip=PATTERN # Obtain IP address from firewall web page
# fw-login=LOGIN, fw-password=SECRET
#
# The *-skip options can be used to skip IP addresses found before PATTERN.
#
# NOTE: The ddclient IP detection routines do not respect the HTTPS prefix in
# URLs, and instead fall back to HTTP (this is fixed in version 3.8.1). The
# option ssl=yes does not apply to the IP detection either (this is at least
# how versions 3.8.0 to 3.8.2 behave).
#
# The default time between each IP address change check is daemon_interval=300
# (5 minutes), which may be a bit too frequent when using an external IP
# discovery service. To set the checking interval to e.g. one hour instead,
# please edit /etc/default/ddclient and set daemon_interval=3600.
# Obtain IP address from network interface
#use=if, if=eth0
# Obtain IP address from no-ip.com IP discovery web page (unencrypted connection)
use=web, web='http://ip1.dynupdate.no-ip.com:8245/'
# Obtain IP address from no-ip.com IP discovery web page (encrypted connection)
# Encryption does not offer any real protection since a man-in-the-middle
# attack could route the HTTPS connection through a host belonging to the
# attacker, thus causing an incorrect IP address to be reported.
#use=cmd, cmd='bash -c "set -o pipefail; timeout 120 wget -qO- \
# --header=Host:ip1.dynupdate.no-ip.com https://dynupdate.no-ip.com/ | head -c 1000"'
################################################################################
# Dynamic DNS service setup
protocol=noip
#server= # Defaults to dynupdate.no-ip.com for noip protocol
ssl=yes # NOTE: Does not apply when obtaining IP address, just when updating the DNS entry!
login='[email protected]' # Username. For No-IP sub-accounts (groups with passwords), use '<groupname>%3A<username>'.
password='1234'
################################################################################
# Hosts to update, with optional per-host options
# Examples:
# protocol=hammernode1, \
# login='my-hn-login', password='my-hn-password' \
# myhost.hn.org,myhost2.hn.org
#
# login='group2%[email protected]', password='1234' myhost3.no-ip.biz,myhost4.no-ip.biz
#
# myhost.no-ip.biz,myhost2.no-ip.biz
my.full.hostname
更新:与 IP 检测服务的加密连接毫无意义。现在 ddclient.conf 模板对此进行了解释,并且现在默认使用未加密的连接进行 IP 检测。