Daniele Duca
BOFH excuse for today:  Melting hard drives
Server date is: 28/3/2024
 

This site best viewed with eyes

Say NO to software patents!

07/06/04 - Release 0.1

This setup is very useful to deploy a DHCP server that automatically updates the local DNS zone when a new computer joins the LAN.
Let's start, you will need two software, ISC BIND (version 9 or older) and ISC DHCP (version 3 or older), once you downloaded them:

# tar xvfz dhcp-3.x.x.tar.gz
# cd dhcp-3.x.x
# ./configure
# make
# make install
 

and

# tar xvfz bind-9.x.x.tar.gz
# cd bind-9.x.x
# ./configure --prefix=/usr --sysconfdir=/etc
# make
# make install
# useradd -s /bin/false -d /var/named named
# mkdir /var/run/named
# chown named.named /var/run/named
 

now, create the dhcpd lease file:

# mkdir /var/state/dhcp (if not exists yet)
# touch /var/state/dhcp/dhcpd.leases

 

Generate the TSIG keys:

# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST keyname

You will find the key in a file called Kkeyname+157+keyid.private in your current work directory
Next, create the /etc/dhcpd.conf file, here follows mine, with comments:

authoritative;   #this is the main DHCP server in this LAN
ddns-update-style interim;
   #do not use ad-hoc mode
ddns-updates on;
   #do the dynamic dns updates
deny client-updates;
   #specifies that clients could not modify the DNS records by themselves, in example trough rndc



key yourkey {
algorithm hmac-md5;
secret 9NjdVvZL.....Oc+y6fdFu;
   #the key itself
};

zone domain.com. {
   #the domain you want to update dynamically
primary 127.0.0.1;
   #since we have DHCP and BIND in the same machine, we can use the loopback IP
key yourkey;
}
zone 5.168.192.in-addr.arpa. {
   #the reverse zone
primary 127.0.0.1;
key yourkey;
}
subnet 192.168.5.0 netmask 255.255.255.0 {
   #the network subnet we are listening to
range 192.168.5.10 192.168.5.20;
   #ip range
option subnet-mask 255.255.255.0;
   #subnet of our network
option broadcast-address 192.168.5.255;
   #the broadcast address
option domain-name "domain.com";
   #our domain
one-lease-per-client on;
   #specifies that when a client request a new address, the server should free any lease related to that client
default-lease-time 14400;
   #lease validity in seconds
max-lease-time 14401;
   #maximum length in seconds that will be assigned to a lease
option routers 192.168.5.1;
   #the gateway(s)
option domain-name-servers 192.168.5.1;
   #the dns server(s)
}


Here is my commented /etc/named.conf file;

key yourkey {
algorithm "hmac-md5";
secret 9NjdVvZL.....Oc+y6fdFu;
#this must be the same key you used in dhcpd.conf

};
options {
directory "/var/named/";
#the directory in which we store zone files
pid-file "/var/run/named/named.pid";
#the location of the pidfile
};

controls {
#you will need this section to make DHCP able to communicate with NAMED
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { yourkey; };
};

zone "domain.com" {
type master;
notify no;
file "/var/named/named.domain.com";
allow-update { key yourkey; };
#this allows the dynamic zone updates
};
zone "50.168.192.in-addr.arpa"{
type master;
notify no;
file "/var/named/named.domain.com.rev";
allow-update { key yourkey; };
};




Remember that this is only the skeleton of the named.conf, you will also need some more option to fine tune the security of your server (it's not mandatory unless you decide to go in production state with this setup)

Now setup rndc, to do that create a /etc/rndc.conf file;

key "yourkey" {
algorithm hmac-md5;
secret "9NjdVvZL.....Oc+y6fdFu";
};

options {
default-key "yourkey";
default-server 127.0.0.1;
default-port 953;
};

Start your daemons:

# named -u named
# dhcpd

It's time to test your work, from a PC in the lan try to do a dhcp request. I use dhclient as dhcp client, here you will see my /etc/dhclient.conf and the output of a normal dhcp session:

sh-2.05b# cat /etc/dhclient.conf
interface "eth0" { }
send fqdn.fqdn "mobilep4.home.";#fully qualified domain name of the machine
send fqdn.encoded on;
send fqdn.server-update off;#don't update the dns (it will be updated by dhcpd)

sh-2.05b# dhclient eth0
Internet Software Consortium DHCP Client V3.0pl2
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP

Listening on LPF/eth0/00:08:02:67:1e:6b
Sending on LPF/eth0/00:08:02:67:1e:6b
Sending on Socket/fallback
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.5.1
bound to 192.168.5.20 -- renewal in 5519 seconds.

sh-2.05b# ping mobilep4.home
PING mobilep4.home (192.168.5.20): 56 data bytes
64 bytes from 192.168.5.20: icmp_seq=0 ttl=64 time=0.103 ms
64 bytes from 192.168.5.20: icmp_seq=1 ttl=64 time=0.088 ms
--- mobilep4.home ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.088/0.096/0.103/0.008 ms

sh-2.05b# host 192.168.5.20
20.50.168.192.in-addr.arpa domain name pointer mobilep4.home.

sh-2.05b#

Now you (hopefully :) have a nice DHCP server that does dynamic updates to the DNS :) . Remember that your DHCP client must send the machine hostname when asking for an address or the DNS would not be updated. When working with dhclient you can use the "send fqdn.fqdn" option, with pump you can use "pump -h", with windows you have to go to LAN->Properties->Protocol->TCP/IP->Advanced->DNS and check if the "Register with DNS" box is checked.

If you have any comments or want to add something, feel free to contact me



DISCLAIMER

No liability for the contents of this document can be accepted. Use the concepts, examples and other content at your own risk. There may be errors and inaccuracies that may damage your system. Proceed with caution, and although this is highly unlikely, the author does not and can not take any responsibility for any damage to your system that may occur as a direct or indirect result of information that is contained within this document. You are strongly recommended to make a backup of your system before proceed and adhere to the practice of backing up at regular intervals.

Informations on this page are released under the GNU FDL License
This page last updated: 08/12/05