This tutorial will explain Howto setup DHCP Server and Dynamic DNS with BIND in Debian.
Preparing you system
First you need to install DHCP,BIND servers using the following command
#aptitude install dhcp3-server bind9
This will complete the installation.
This is the network configuration of our DHCP/DNS server we are using for our tutorial
Hostname : router.static.example.org
WAN interface (eth0) : 192.168.99.254 mask 255.255.255.0
LAN interface (eth1) : 172.30.200.254 mask 255.255.0.0
Default gateway : 192.168.99.1
First, we need to tell the DHCP server to only run on eth1 you need to edit the /etc/default/dhcp3-server file using the following command
#vi /etc/default/dhcp3-server
enter the following line save and exit file.
INTERFACES="eth1"
Configuring DHCP Server Configuration
/etc/dhcp3/dhcpd.conf :
This is the DHCP server configuration.
When a computer requests network information from the DHCP server, the DHCP will update the DNS zones
– dyn.example.org : the zone that will map hostnames to IP address
– 201.30.172.in-addr.arpa : the zone in charge of reverse lookups
ddns-domainname is the domain name that the DHCP server will try to update in the zone. For example if my computer is named mycomputer, it will try to upload the dyn.example.org zone with mycomputer.dyn.example.org.
That option is absolutely needed if you have several domains in the “option domain-name” field (the “search” domains that will be in /etc/resolv.conf), or it could try to add the hostname mycomputer.static.example.org to the dyn.example.org zone.
If you only have one domain in the “option domain-name” field, you can go without ddns-domainname as it will upload the zone with the domain specified there.
ddns-update-style interim;
include "/etc/bind/rndc.key";
zone dyn.example.org. {
primary 127.0.0.1;
key "rndc-key";
}
ddns-domainname "dyn.example.org";
option domain-name "static.example.org dyn.example.org";
option domain-name-servers 172.30.200.254;
option routers 172.30.200.254;
option broadcast-address 172.30.255.255;
option ntp-servers 172.30.200.254;
default-lease-time 86400;
max-lease-time 86400;
authoritative;
log-facility local7;
subnet 172.30.0.0 netmask 255.255.0.0 {
range 172.30.201.10 172.30.201.200;
# DNS zones to update
zone 201.30.172.in-addr.arpa. {
primary 172.30.200.254;
key "rndc-key";
}
zone dyn.example.org. {
primary 172.30.200.254;
key "rndc-key";
}
}
Bind Server Configuration
/etc/bind9/named.conf :
Make sure the file contains the following :
include "/etc/bind/named.conf.local";
You should not change that file, as you will specify your options in two other files.
/etc/bind9/named.conf.options :
Your options.
The zone files will be stored under /var/cache/bind/
The queries for unauthoritative domains will be forwarded to 192.168.99.1. You can put the DNS provided by your ISP there (or put the DNS from opendns.com)
options {
directory "/var/cache/bind";
query-source address * ;
forwarders {
192.168.99.1;
};
recursion yes;
version "REFUSED";
allow-recursion {
127.0.0.1;
192.168.99.0/24;
172.30.0.0/16;
};
allow-query {
127.0.0.1;
192.168.99.0/24;
172.30.0.0/16;
};
};
/etc/bind9/named.conf.local :
This will contain your zone declarations
### options #########
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
### "static" zones #########
zone "static.example.org" {
type master;
file "db.static.example.org";
};
zone "200.30.172.in-addr.arpa" {
type master;
notify no;
file "db.172.30.200";
};
### dynamic zones (updated by DDNS) #########
zone "dyn.example.org" {
type master;
file "db.dyn.example.org";
allow-update { key "rndc-key"; };
};
zone "201.30.172.in-addr.arpa" {
type master;
notify no;
file "db.172.30.201";
allow-update { key "rndc-key"; };
};
Now let’s focus on DNS zones.
In this example we have several zones :
– static.example.org : static zone (like servers with static IP’s)
– dyn.example.org : dynamic zone, updated by DHCP when a computer gets an IP from it
– 172.30.200 : static zone (servers, etc.), which is not updated by DDNS
– 172.30.201 : dynamic zone, will contain information about machines using DHCP
My advise to split the static zones from the dynamic zones, DDNS has a tendency to mess up the zone files, which make them barely readable and manageable.
/var/cache/bind/db.172.30.200 :
$ORIGIN .
$TTL 86400 ; 1 day
200.30.172.in-addr.arpa IN SOA static.example.org. postmaster.example.org. (
200806299 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns.static.example.org.
$ORIGIN 200.30.172.in-addr.arpa.
253 IN PTR server.static.example.org.
254 IN PTR router.static.example.org.
/var/cache/bind/db.172.30.201 :
$ORIGIN .
$TTL 86400 ; 1 day
201.30.172.in-addr.arpa IN SOA static.example.org. postmaster.example.org. (
200806327 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns.static.example.org.
$ORIGIN 201.30.172.in-addr.arpa.
/var/cache/bind/db.static.example.org :
$ORIGIN .
$TTL 86400 ; 1 day
static.example.org IN SOA ns.static.example.org. postmaster.example.org. (
200806327 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns.static.example.org.
A 172.30.200.254
$ORIGIN static.example.org.
server A 172.30.200.253
router A 172.30.200.254
ns A 172.30.200.254
ntp CNAME router.static.example.org.
smtp CNAME router.static.example.org.
/var/cache/bind/db.dyn.example.org
$ORIGIN .
$TTL 86400 ; 1 day
dyn.example.org IN SOA ns.static.example.org. admin.example.org. (
200806341 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns.dyn.example.org.
A 172.30.200.254
$ORIGIN dyn.example.org.
Now, make sure the zones will be writable by the user “bind” and restart the services :
# chown bind. /var/cache/bind/*
# /etc/init.d/bind restart
# /etc/init.d/dhcp3-server restart
On a computer on the network :
As root :
Edit /etc/dhcp3/dhclient.conf and set :
send host-name "mycomputer";
Now request an IP :
# dhclient eth0
Let’s imagine the computer has received the IP 172.30.201.200
You should see on the server’s syslog that the DNS zones have been updated.
– mycomputer.dyn.example.org is now bound to 172.30.201.200
– 172.30.201.200 will return mycomputer.dyn.example.org
From your computer, you should be able to verify the zones have been updated properly :
$ nslookup mycomputer
Server: 172.30.200.254
Address: 172.30.200.254#53
Name: mycomputer.dyn.example.org
Address: 172.30.201.200
$ nslookup 172.30.201.200
Server: 172.30.200.254
Address: 172.30.200.254#53
200.201.30.172.in-addr.arpa name = mycomputer.dyn.example.org.
You don’t need to type the whole mycomputer.dyn.example.org thing since it will lookup for either :
– mycomputer.dyn.example.org
– mycomputer.static.example.org if the previous wasn’t found
– mycomputer if the previous two were not found
This actually means that if you lookup www.google.com, it would try to resolve www.google.com.dyn.example.org first, then www.google.com.static.example.org, and finally www.google.com
You can avoid those unnecessary lookups by adding a dot to the end of the hostname you are trying to resolve :
# nslookup www.google.com.
This is the purpose of the search domains in /etc/resolv.conf
query-source address * port 53;
you should edit the article ASAP and add that they should remove this line…
http://www.google.com/search?q=dns+poisoning+kaminsky&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
or edit it, so it gets:
query-source address *;
@gp
updated article
dnsmasq is a much simpler solution for admins with small networks. It’s a combined DHCP/DNS server which automatically resolves queries for the hostnames of DHCP clients, has static DHCP/DNS entry support, etc.
That said, I do have a large network with 2nd and 3rd-level domains and multiple offices, and we use BIND/DHCPD. Thanks for writing this!
No mention of the fact that you need to have DHCP3-Server, not just plain old DHCPD, for this to work.
hi, newbie here. i just installed ubuntu desktop in vmware and i am wondering if this tutorial will work with what i have. pls let me know so i can try it. thanks.
nice tutorial, but i have a problem:
sudo /etc/init.d/dhcp3-server restart
sudo /etc/init.d/bind9 restart
sudo rndc reload
can’t open /etc/bind/rndc.key: Permission denied
@Pastor_Ni, try logging in as root with
su
and then run
rndc reload.
Nice article. Helps a lot to someone who tries to integrate DHCP and DNS for getting hostnames to dynamic IP addresses
in named.conf.local :
include “/etc/bind/rndc.key”;
should be :
include “/etc/bind/rndc-key”;
And also /etc/bind9 doesn’t exist, whether you need to create a smylink or use /etc/bind
However, nice article.
@pastor_ni: you have to make one last minor change to /etc/apparmor.d/usr.sbin.dhcpd3:
/etc/bind/ rw,
/etc/bind/** rw,
This allows access to the rndc-key files.
http://ubuntuforums.org/showthread.php?t=1198162
Alex Dong
I change a appamor profile and the error persist after reload apparmor profile, rndc.
Sugestions?
People
After make a Alex dong talks, a change de onwer to dhcpd of rndc.key file and dhcp server start.
tks a lot
Hi buddy, also you can change the file permission with sudo chmod 644 rndc.key
By yummy man!
Hey all, i’ve been trying to get this working for several weeks without success. I do not know why it’s not working and haven’t found any log information about it. It has occurred to me that this whole process seems redundant to have the dpcp server tell the client to inform the dns server of it’s name. It would seem that it would be simpler to have the dhcp server inform the DNS server of the client hostname and the IP it just assigned. I understand dnsmasq preforms this in it’s function as dpcp/dns server, however I already have a full implementation of Bind9 and dhcp3-server. Is there anyway to configure dhcp3-server to inform Bind9 directly of name/ip assignments?
I’d also to confirm that the dynamic DNS described in the article should work with windows clients set to “Register this connection’s address in DNS” and not just linux clients.
thanks for the tutorial and any additional information will be appreciated.
-Ryan
I finally figured out what was wrong. you need the set the journal file for each of your dns zones in named.conf.local. add the line:
journal “/var/lib/bind/example.com.jnl”; and it will start working.
you also need to add the line:
ddns-rev-domainname “in-addr.arpa.”;
to your dhcpd.conf in order for it to update your reverse zones
-Ryan
Great Post, been looking for this for awhile!!
Why, in the dhcpd.conf, you repeat the zone “dyn.example.com” two times (one with the 127.0.0.1 and another with 172.30.200.254)?
The name of the file for telling the DHCP server to only run on eth1 you need to edit is the /etc/default/isc-dhcp-server file using the following command
#vi /etc/default/isc-dhcp-server
enter the following line save and exit file.
INTERFACES=”eth1″
Hi Guys,
Is it possible to have windows base OS client? And how to add those windows client to the DDNS Server??
thanks for your time and effort helping Newbies like me 🙂