Daniele Duca
BOFH excuse for today:  tachyon emissions overloading the system
Server date is: 30/11/2023

This site best viewed with eyes

Say NO to software patents!

07/06/04 - Release 0.1

This setup is very useful to deploy a DHCP server that automatically updates the local DNS zone when a new computer joins the LAN.
Let's start, you will need two software, ISC BIND (version 9 or older) and ISC DHCP (version 3 or older), once you downloaded them:

# tar xvfz dhcp-3.x.x.tar.gz
# cd dhcp-3.x.x
# ./configure
# make
# make install


# tar xvfz bind-9.x.x.tar.gz
# cd bind-9.x.x
# ./configure --prefix=/usr --sysconfdir=/etc
# make
# make install
# useradd -s /bin/false -d /var/named named
# mkdir /var/run/named
# chown named.named /var/run/named

now, create the dhcpd lease file:

# mkdir /var/state/dhcp (if not exists yet)
# touch /var/state/dhcp/dhcpd.leases


Generate the TSIG keys:

# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST keyname

You will find the key in a file called Kkeyname+157+keyid.private in your current work directory
Next, create the /etc/dhcpd.conf file, here follows mine, with comments:

authoritative;   #this is the main DHCP server in this LAN
ddns-update-style interim;
   #do not use ad-hoc mode
ddns-updates on;
   #do the dynamic dns updates
deny client-updates;
   #specifies that clients could not modify the DNS records by themselves, in example trough rndc

key yourkey {
algorithm hmac-md5;
secret 9NjdVvZL.....Oc+y6fdFu;
   #the key itself

zone domain.com. {
   #the domain you want to update dynamically
   #since we have DHCP and BIND in the same machine, we can use the loopback IP
key yourkey;
zone 5.168.192.in-addr.arpa. {
   #the reverse zone
key yourkey;
subnet netmask {
   #the network subnet we are listening to
   #ip range
option subnet-mask;
   #subnet of our network
option broadcast-address;
   #the broadcast address
option domain-name "domain.com";
   #our domain
one-lease-per-client on;
   #specifies that when a client request a new address, the server should free any lease related to that client
default-lease-time 14400;
   #lease validity in seconds
max-lease-time 14401;
   #maximum length in seconds that will be assigned to a lease
option routers;
   #the gateway(s)
option domain-name-servers;
   #the dns server(s)

Here is my commented /etc/named.conf file;

key yourkey {
algorithm "hmac-md5";
secret 9NjdVvZL.....Oc+y6fdFu;
#this must be the same key you used in dhcpd.conf

options {
directory "/var/named/";
#the directory in which we store zone files
pid-file "/var/run/named/named.pid";
#the location of the pidfile

controls {
#you will need this section to make DHCP able to communicate with NAMED
inet port 953
allow {; } keys { yourkey; };

zone "domain.com" {
type master;
notify no;
file "/var/named/named.domain.com";
allow-update { key yourkey; };
#this allows the dynamic zone updates
zone "50.168.192.in-addr.arpa"{
type master;
notify no;
file "/var/named/named.domain.com.rev";
allow-update { key yourkey; };

Remember that this is only the skeleton of the named.conf, you will also need some more option to fine tune the security of your server (it's not mandatory unless you decide to go in production state with this setup)

Now setup rndc, to do that create a /etc/rndc.conf file;

key "yourkey" {
algorithm hmac-md5;
secret "9NjdVvZL.....Oc+y6fdFu";

options {
default-key "yourkey";
default-port 953;

Start your daemons:

# named -u named
# dhcpd

It's time to test your work, from a PC in the lan try to do a dhcp request. I use dhclient as dhcp client, here you will see my /etc/dhclient.conf and the output of a normal dhcp session:

sh-2.05b# cat /etc/dhclient.conf
interface "eth0" { }
send fqdn.fqdn "mobilep4.home.";#fully qualified domain name of the machine
send fqdn.encoded on;
send fqdn.server-update off;#don't update the dns (it will be updated by dhcpd)

sh-2.05b# dhclient eth0
Internet Software Consortium DHCP Client V3.0pl2
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP

Listening on LPF/eth0/00:08:02:67:1e:6b
Sending on LPF/eth0/00:08:02:67:1e:6b
Sending on Socket/fallback
DHCPREQUEST on eth0 to port 67
bound to -- renewal in 5519 seconds.

sh-2.05b# ping mobilep4.home
PING mobilep4.home ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.103 ms
64 bytes from icmp_seq=1 ttl=64 time=0.088 ms
--- mobilep4.home ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.088/0.096/0.103/0.008 ms

sh-2.05b# host domain name pointer mobilep4.home.


Now you (hopefully :) have a nice DHCP server that does dynamic updates to the DNS :) . Remember that your DHCP client must send the machine hostname when asking for an address or the DNS would not be updated. When working with dhclient you can use the "send fqdn.fqdn" option, with pump you can use "pump -h", with windows you have to go to LAN->Properties->Protocol->TCP/IP->Advanced->DNS and check if the "Register with DNS" box is checked.

If you have any comments or want to add something, feel free to contact me


No liability for the contents of this document can be accepted. Use the concepts, examples and other content at your own risk. There may be errors and inaccuracies that may damage your system. Proceed with caution, and although this is highly unlikely, the author does not and can not take any responsibility for any damage to your system that may occur as a direct or indirect result of information that is contained within this document. You are strongly recommended to make a backup of your system before proceed and adhere to the practice of backing up at regular intervals.

Informations on this page are released under the GNU FDL License
This page last updated: 08/12/05