Networking

Hardware

Software

Consultation

 

Update Bind With Your DHCP Server

 
 
Some portions of this page are currently not functioning as expected. Please use caution when copying and pasting information to ensure that the data is correct. It will be corrected as soon as posible.
We apologize for any inconvenience.

If you'd like to be able access a computer or network appliance without having to remember it's IP or manually add it to your DNS server, this tutorial is for you. This tutorial was written while configuring an Ubuntu 11.04 server, and utilizes the isc-dhcp-server DHCP Server and the bind9 Internet Domain Name Server. It functioned for me as is and hopefully will do the same for you, BUT... I don't guaranty it.

This entire tutorial requires that you be logged on as root, or a healthy use of the sudo command. I prefer the former.

If you plug in the values for your local network, you should be able to cut and paste.

Assumptions
Local Network:
Address:
Start here.
Netmask ← Here next. Network: ← Calculated. Broadcast: ← Calculated. Local Domain:
Domain Name Server:
Dynamic Address Range: Min: Max:
There should NOT be any static addresses within the Dynamic Address Range of your DHCP Server, and that includes the 'Address' parameter above. Adjust the range up or down to exclude any equipment that may have a static IP assigned.
DHCP Server Install

This is added just in case you haven't installed your DHCP Server yet. The newest incarnation is called isc-dhcp-server but can also be called dhcp3-server. The following snippet will use the former but could just as easily use the later.

aptitude install isc-dhcp-server

The server will try to start... and fail. This is normal behavior, and since the server isn't configured yet, probably what you want.

DHCP Server Setup

The default file is /etc/dhcp/dhcpd.conf and looks like:

#
# Sample configuration file for ISC dhcpd for Debian
#
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.
#
#

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {
#  range 10.254.239.10 10.254.239.20;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers ns1.internal.example.org;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.fugue.com";
#}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.fugue.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}

You have likely already changed your config file to add functionality, but we will be working for this base.

Change

ddns-update-style none;

to

ddns-update-style interim;

Then add the following just under:

include "/etc/bind/rndc.key";

zone example.org. {
    primary 127.0.0.1;
    key "rndc-key";
}

zone 100.168.192.in-addr.arpa. {
    primary 127.0.0.1;
    key "rndc-key";
}

ddns-domainname "example.org";

In order of your name server and your dhcp server to update these records you may have to adjust your apparmor settings. I added:

/etc/bind/zones/** rw,

to the /etc/apparmor.d/usr.sbin.named file to enable bind to update the zone file.

I have placed all of my zone files under /etc/bind/zones and have adjusted my configuration to make that possible. If your zone files are under /etc/bind then the line would be /etc/bind/** rw,.

I also added:

# Bind update key
/etc/bind/rndc.key* r,

to the /etc/apparmor/usr.sbin.dhcpd3 file.

and executed the command

chmod guo+r /etc/bind/rndc.key

to enable the DHCP server to read the key.

Next we'll edit the subnet statement in your /etc/dhcp/dhcpd.conf file> Like so:

subnet 192.168.100.0 netmask 255.255.255.0 {
    range 192.168.100.50 192.168.100.254;
    # DNS zones to update
    zone 100.168.192.in-addr.arpa. {
        primary 192.168.100.1;
        key "rndc-key";
    }

    zone example.org. {
        primary 192.168.100.1;
        key "rndc-key";
    }
}

When you finish your /etc/dhcp/dhcpd.conf file should look something like:

/etc/dhcp/dhcpd.conf
#
# Sample configuration file for ISC dhcpd for Debian
#
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.
#
#

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
#ddns-update-style none;
ddns-update-style interim;

include "/etc/bind/rndc.key";

zone example.org. {
    primary 127.0.0.1;
    key "rndc-key";
}

zone 100.168.192.in-addr.arpa. {
    primary 127.0.0.1;
    key "rndc-key";
}

ddns-domainname "example.org";

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

subnet 192.168.100.0 netmask 255.255.255.0 {
    option broadcast-address 192.168.100.255;
    option routers 192.168.100.1;
    range 192.168.100.50 192.168.100.254;
    # DNS zones to update
    zone 100.168.192.in-addr.arpa. {
        primary 192.168.100.1;
        key "rndc-key";
    }

    zone example.org. {
        primary 192.168.100.1;
        key "rndc-key";
    }
}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {
#  range 10.254.239.10 10.254.239.20;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers ns1.internal.example.org;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.fugue.com";
#}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.fugue.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}
I have also un-commented the authoritative; parameter as I'm assuming that this will be the primary DNS server on the network.

Lastly, if you haven't already done so, we need to declare which interface your DHCP Server should listen on. This is done by editing the file /etc/default/isc-dhcp-server. Find the line:

INTERFACES=""

and add whatever interface you would like the server to listen on (eth1 in many cases), like so:

INTERFACES="eth1"

then try and start the server.

/etc/init.d/isc-dhcp-server start

If that fails look in /var/log/syslog for the answers. It usually will become clear what went wrong.

DNS Server

Let's start by installing the bind9 DNS Server. There are a few ways of going about this task, let's use tasksel:

tasksel install dns-server

Nice, no fuss... The packages installed by that command are bind9-doc bind9utils bind9. So you could easily just install them yourself using whatever package manager you like

I have many, many zone files and like to keep them organized as best I can. To that end I usually create a zone directory to keep my zone files. I'm going to do that now:

mkdir /etc/bind/zones
chown bind:bind /etc/bind/zones
cd /etc/bind/zones

Now we create the forward and reverse zone files. They can be called whatever you like but convention says they should be db.<Domain> so ours will be:

db.example.org

So here are your basic zone files:

/etc/bind/zones/db.100.168.192.in-addr.arpa
$ORIGIN .
$TTL 3h	; 3Hours
100.168.192.in-addr.arpa	IN SOA	ns.example.org. postmaster.example.org. (
			1 	; serial
			3h	; refresh (3 hours)
			1h	; retry (1 hour)
			1w	; expire (1 week)
			1h	; minimum (1 hour)
)
			NS	ns.example.org.
$ORIGIN 100.168.192.in-addr.arpa.
1			IN PTR	server.example.org.
The last line above 1 IN PTR server.example.org. is not changed auto-magically, so if your server's address does not end in 1, please change it yourself.
/etc/bind/zones/db.example.org
$ORIGIN .
$TTL 3h	; 3Hours
example.org	IN SOA	ns.example.org. postmaster.example.org. (
			1 	; serial
			3h	; refresh (3 hours)
			1h	; retry (1 hour)
			1w	; expire (1 week)
			1h	; minimum (1 hour)
)
			NS	ns.example.org.
$ORIGIN example.org.
server			A	192.168.100.1
ns			A	192.168.100.1

Now we edit our /etc/bind/named.conf.local file and add our zone files.

To start off the file is pretty much empty:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

After we add the required statements it should look like:

/etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

include "/etc/bind/rndc.key";

zone "example.org" {
        type master;
        file "/etc/bind/zones/db.example.org";
        allow-update { key "rndc-key"; };
};

zone "100.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/zones/db.100.168.192.in-addr.arpa";
        allow-update { key "rndc-key"; };
};
Putting your name server to work

If your external interface utilizes dhcp to obtain it's IP address there are a few things that you need to do. This is because the dhcp client will over wright the /etc/resolv.conf file, which is responsible for which name server to use, what search domains are used, and what your domain is for the purpose of name searches. First lets adjust the /etc/resolv.conf file for our local domain.

It should look like the following:

/etc/resolv.conf
domain example.org
search example.org
nameserver 192.168.100.1

Next we need to stop the dhcp client from changing it back. We do that by adjusting /etc/dhcp/dhclient.conf.

Find the statement that looks like:

request subnet-mask, broadcast-address, time-offset, routers,
        domain-name, domain-name-servers, domain-search, host-name,
        netbios-name-servers, netbios-scope, interface-mtu,
        rfc3442-classless-static-routes, ntp-servers;

And remove domain-name, domain-name-servers and domain-search. It should look like:

request subnet-mask, broadcast-address, time-offset, routers,
        host-name, netbios-name-servers, netbios-scope,
        interface-mtu, rfc3442-classless-static-routes,
        ntp-servers;

You could also use the supersede or prepend parameters but this just seems easier to me...

So, It should be working, BUT... Lets test it to make sure.

nslookup server
nslookup 192.168.100.1

That should let you know if the name server is running and if your zone files are being read. If they are not look at your /var/log/syslog file.

Testing

To test the updating we need to plug a computer into the local network, and see if it gets an IP address. Again, if it doesn't look to the /var/log/syslog file.

There are a few ways to determine if the zone files are being updated:

1) Check in the file, actually if you look in /etc/bind/zones and there are .jnl files for your forward and reverse zones it's likely working.

2) Check the /var/log/syslog file for the zone file updates (I like this way, if it doesn't work your going here anyway.)

3) After the computer is plugged in, search for it's hostname and IP address with nslookup. If that works "--BAM--" your done...


DONE