DHCP3 + Bind9 + DDNS

Fra SemarkIT
Skift til: Navigation, Søgning

Indholdsfortegnelse

What is Dynamic DNS

This tutorial will explain Howto setup DHCP Server and Dynamic DNS with BIND in Debian Lenny. Dynamic DNS means that when a devices asked for an IP-address from the DHCP-server will update you DNS-server (bind9) with the name of the requesting devices name

Install

apt-get install dhcp3-server bind9

Info

This is the network configuration of our DHCP/DNS server we are using for this tutorial In my example will this be an internal server with one NIC and a firewall server between this server and the internet.

Hostname : server.static.<domain>.<country>

LAN interface (eth0) : 192.168.1.11 mask 255.255.254.0

Default gateway : 192.168.1.2

DDNS-server: 192.168.1.11

PXE-DNS: 192.168.1.6

Configuring DHCP Server Configuration

Every information the DHCP-server needs is placed in this file /etc/dhcp3/dhcpd.conf

This is the DHCP server configuration.

When a computer requests network information from the DHCP server, the DHCP will update the DNS zones

  • dyn.<domain>.<country> : the zone that will map hostnames to IP address
  • 0.168.192.in-addr.arpa : the zone in charge of reverse lookups

ddns-domainname is the domain name that the DHCP server will try to update in the zone. For example if my computer is named mycomputer, it will try to upload the dyn.<domain>.<country> zone with mycomputer.dyn.<domain>.<country>.


That option is absolutely needed if you have several domains in the “option domain-name” field (the “search” domains that will be in /etc/resolv.conf), or it could try to add the hostname mycomputer.static.<domain>.<country> to the dyn.<domain>.<country> zone.


If you only have one domain in the “option domain-name” field, you can go without ddns-domainname as it will upload the zone with the domain specified there.

nano /etc/dhcp3/dhcpd.conf
# Auth and Log
authoritative;
log-facility local7;

include "/etc/bind/rndc.key";

# DDNS-settings
ddns-updates on;
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa";
#allow client-updates;
ignore client-updates;

# Global DHCP-settings
option domain-name "<domain>.<country>";
option domain-search "static.<domain>.<country>", "dyn.<domain>.<country>", "<domain>.<country>";
option domain-name-servers ns1.static.<domain>.<country>,ns2.static.<domain>.<country>;
option netbios-name-servers 192.168.1.11;
option routers 192.168.1.2;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.2,192.168.1.6;

default-lease-time 86400; # 24 hour
max-lease-time 172800;    # 48 hour

# Subnet(s)
subnet 192.168.0.0 netmask 255.255.254.0 {
#$ DHCP-range of subnet

 range 192.168.0.1 192.168.0.254;
 default-lease-time 14400; #  4 hour
 max-lease-time 172800;    # 48 hour

 # PXE
 filename "pxelinux.0";
 next-server 192.168.1.6;
 option root-path "192.168.1.6:/var/lib/tftpboot/live/debain/";

 # DDNS
 ddns-domainname "dyn.<domain>.<country>";

 # DNS zones to update
 zone 0.168.192.in-addr.arpa. {
	primary localhost; # IP-address or hostname for the primery DNS server
	key rndc-key;
 }
 
 zone dyn.<domain>.<country>. {
	primary localhost; # IP-address or hostname for the primery DNS server
	key rndc-key;
 }
}
subnet 192.168.2.0 netmask 255.255.255.0 {
#$ DHCP-range of subnet

 range 192.168.2.100 192.168.2.200;
 default-lease-time 14400; #  4 hour
 max-lease-time 172800;    # 48 hour

 # DDNS
 ddns-domainname "guest.<domain>.<country>";

 # DNS zones to update
 zone 2.168.192.in-addr.arpa. {
	primary localhost; # IP-address or hostname for the primery DNS server
	key rndc-key;
 }
 
 zone guest.<domain>.<country>. {
	primary localhost; # IP-address or hostname for the primery DNS server
	key rndc-key;
 }
}

# Static Hosts
host <hostname> {
       hardware ethernet <someMacAddress>;
       fixed-address 192.168.1.101;
}

Bind Server Configuration

nano /etc/bind/named.conf

Make sure the file contains the following line:

include "/etc/bind/named.conf.local";

You should not change that file, as you will specify your options in two other files later.

nano /etc/bind/named.conf.options

Your options.

The zone files will be stored under /var/cache/bind/

The queries for unauthoritative domains will be forwarded to 192.168.1.2. You can put the DNS provided by your ISP there (or put the DNS from opendns.com)

acl mynetworks {
        localhost;
        192.168.0.0/23;         // Static+Dyn LAN via IPv4

        2001:X:Y:Z::/64;        // tunnel IPv6 /64
        2001:X:Y:Z:W:/64;       // Static routed IPv6 /64
        // 2001:X:Y::/48;       // routed IPv6 /48
        fe80::/16;              // Link-Local IPv6
};
acl guestnetwork {
        192.168.2.0/24;         // Guest LAN via IPv4
        2001:X:Y:Z::/64;        // Guest routed IPv6 /64
};
acl blocked {
        // Put blocked addresses here

};

options {
       directory               "/var/cache/bind";
       statistics-file         "/var/bind/data/bind_stats.txt";
       memstatistics-file      "/var/bind/data/bind_mem_stats.txt";

       forwarders {
         // Google Inc. DNS
         8.8.8.8;
         8.8.4.4;
         2001:4860:4860::8888;
         2001:4860:4860::8844;
       };

       dnssec-enable no;
       dnssec-validation auto;
       dnssec-lookaside auto;

       auth-nxdomain no;    # conform to RFC1035

       listen-on { any; };
       listen-on-v6 { any; };

       query-source address *;
       query-source-v6 address *;

       recursion yes;
       version "REFUSED";

       allow-query-cache { 
               mynetworks;
               guestnetwork;
       };
       allow-query {
               mynetworks;
               guestnetwork;
       };
       allow-transfer {
               mynetworks;
               guestnetwork;
       };
       allow-recursion {
               mynetworks;
               guestnetwork;
       };

       blackhole { 
               blocked;
       };

       tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

logging {
	category lame-servers { null; };
};

Now we have to change the local-file

nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
controls {
	inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

### "static" zones #########

zone "static.<domain>.<country>" {
	type master;
	file "/etc/bind/master/db.static.<domain>.<country>";
};

zone "1.168.192.in-addr.arpa" {
	type master;
	notify no;
	file "/etc/bind/master/db.192.168.1";
};

### dynamic zones (updated by DDNS) #########

zone "dyn.<domain>.<country>" {
	type master;
	file "/etc/bind/master/db.dyn.<domain>.<country>";
	allow-update { key "rndc-key"; };
};

zone "0.168.192.in-addr.arpa" {
	type master;
	notify no;
	file "/etc/bind/master/db.192.168.0";
	allow-update { key "rndc-key"; };
};
zone "guest.<domain>.<country>" {
	type master;
	file "/etc/bind/master/db.guest.<domain>.<country>";
	allow-update { key "rndc-key"; };
};

zone "2.168.192.in-addr.arpa" {
	type master;
	notify no;
	file "/etc/bind/master/db.192.168.2";
	allow-update { key "rndc-key"; };
};

In this example we have several zones :

  • static.<domain>.<country>: static zone (like servers and network equipment with static IP’s)
  • dyn.<domain>.<country>: dynamic zone, updated by DHCP when a computer gets an IP from it
  • 192.168.1 : static zone (servers, etc.), which is not updated by DDNS
  • 192.168.0 : dynamic zone, will contain information about machines using DHCP

My advise to split the static zones from the dynamic zones, DDNS has a tendency to mess up the zone files, which make them barely readable and manageable.

nano /etc/bind/master/hosts-soa
$TTL            86400           ; 1 day
@        IN      SOA     ns.static.<domain>.<country>. postmaster.<domain>.<country>. (
                                200806327  ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
)
nano /etc/bind/master/hosts-dns
@       IN      NS      ns1.static.<domain>.<country>.
@       IN      NS      ns2.static.<domain>.<country>.
nano /etc/bind/master/hosts-mx
@       IN      MX              10      mail.<domain>.<country>.
@       IN      MX              20      mail.backup.<domain>.<country>.
nano /etc/bind/master/db.192.168.1
$INCLUDE                /etc/bind/master/hosts-soa
$INCLUDE                /etc/bind/master/hosts-dns
$INCLUDE                /etc/bind/master/hosts-mx

$ORIGIN 1.168.192.in-addr.arpa.
2			IN	PTR	www.static.<domain>.<country>.
11			IN	PTR	server.static.<domain>.<country>.
nano /etc/bind/master/db.static.<domain>.<country>
$INCLUDE                /etc/bind/master/hosts-soa
$INCLUDE                /etc/bind/master/hosts-dns
$INCLUDE                /etc/bind/master/hosts-mx

$ORIGIN static.<domain>.<country>.
router                 A	192.168.1.2
router                 AAAA	2001:X:Y:Z::2

ns1                    A	192.168.1.6
ns1                    AAAA	2001:X:Y:Z::6
ns2                    A	192.168.1.11
ns2                    AAAA	2001:X:Y:Z::11

www                    CNAME   router.static.<domain>.<country>.
ntp                    CNAME   router.static.<domain>.<country>.
nano /etc/bind/master/db.192.168.0
$INCLUDE                /etc/bind/master/hosts-soa
$INCLUDE                /etc/bind/master/hosts-dns
$INCLUDE                /etc/bind/master/hosts-mx

$ORIGIN 0.168.192.in-addr.arpa.
nano /etc/bind/master/db.dyn.<domain>.<country>
$INCLUDE                /etc/bind/master/hosts-soa
$INCLUDE                /etc/bind/master/hosts-dns
$INCLUDE                /etc/bind/master/hosts-mx

$ORIGIN dyn.<domain>.<country>.
nano /etc/bind/master/db.192.168.2
$INCLUDE                /etc/bind/master/hosts-soa
$INCLUDE                /etc/bind/master/hosts-dns

$ORIGIN 2.168.192.in-addr.arpa.
nano /etc/bind/master/db.guest.<domain>.<country>
$INCLUDE                /etc/bind/master/hosts-soa
$INCLUDE                /etc/bind/master/hosts-dns

$ORIGIN guest.<domain>.<country>.

Now, make sure the zones will be writable by the user “bind” and restart the services:

chown bind:bind -R /var/cache/bind/ && chown bind:bind -R /etc/bind/
/etc/init.d/bind restart && /etc/init.d/dhcp3-server restart
Personlige værktøjer
Navnerum

Varianter
Handlinger
Navigation
Værktøjer