LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 08-06-2006, 09:34 PM   #1
tnine9
Member
 
Registered: Jan 2003
Posts: 39

Rep: Reputation: 15
Dynamic update of linux clients via DHCP/DNS (Windows currently works)


Hi all,
I have a networking question I canít seem to find a solution for in previous posts. I have a box that is both my DNS and a DHCP server on my LAN, Iím running Bind 9 on a Fedora 4 box. This works great for Windows clients, they get their leases and the hostname is added to my DNS. However, I canít get my Linux clients to send their hostnames. When I ping my Windows machines from another Windows machine by hostname I can find the host. When I try to ping a windows machine from a Linux client, it canít find any windows machines, nor can I find any other Linux clients. It seems that Linux is not resolving from the DNS server correctly, as well as not sending the hostname when DHCP acquires a lease. All my
/etc/resolv.conf files contain only

search nine.homelinux.com
nameserver 10.0.0.1

and my DHCP domain is ďnine.homelinux.comĒ and Iíve set up all my clients to have hostnames like ďfoo.nine.homelinux.comĒ.

Can anyone advise me on how to correct this? My DNS/DHCP serverís IP is 10.0.0.1, if I manually set my IP and DNS hostname, I still donít get any other hosts on Linux clients.

This is a more general question than an OS specific, but Iím currently running Cent OS on my clients. I acquired 3 used boxes from work, and Iíve installed VMWare Server so I can use my finite number of boxes to satisfy my curiosity with a numerous number of distributions. . I would like to get my Linux DHCP clients to automatically update. This way I can just install any new distro in VMWare, and I donít have to manually keep track of the IPs and add them to my Bind configuration.

Thanks,
Todd
 
Old 08-09-2006, 03:04 AM   #2
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora 16
Posts: 160

Rep: Reputation: 43
It may well be that the Windows boxes are not getting the DNS information from the DNS server but from WINS. If that is the case you have two options: Have all machines use WINS (Samba and nsswitch) or configure DHCP and DNS for dynamic updates. I'd suggest trying the dynamic update first - there's a lot to read for both dhcpd and bind, but once it's working it's rock solid and there are management benefits to a good DHCP setup. Start with the dhcpd man page. In a mixed environment you may well be planning to use Samba anyway.
 
Old 08-09-2006, 09:49 AM   #3
tnine9
Member
 
Registered: Jan 2003
Posts: 39

Original Poster
Rep: Reputation: 15
I thought that Windows may be using a WINS lookup as well, so I shut down samba once I had my DNS/DHCP setup. If I browse through my network on windows I don't see any of the PCs. If WINS were providing the host information, wouldn't I see the other hosts when I browse the network?

Thanks,
Todd
 
Old 08-10-2006, 08:51 AM   #4
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora 16
Posts: 160

Rep: Reputation: 43
Windows boxes will construct their own WINS map using the SMB protocol without needing a server - they will elect one of thier number to act as the WINS server. The Samba client can act as an intermediary between the Linux boxes and the SMB/WINS workgroup, making the Linux box look and act like a Windows box, so long as it is configured with (or can access) the correct information, i.e. a host name and IP address. So, with Samba running correctly on _all_ Linux boxes in a Windows network, all machines should be visible to all other machines. An alternative is to use one Linux box running Samba to act as a WINS server and DNS bridge ("wins support = yes" and "dns proxy = yes").

If a Windows box cannot find a host name using WINS it should fall back to DNS. If DHCP is used to dynamically update DNS then any IP host can access the information.

Samba can be configured to update DNS from the WINS information (new feature) and can serve DNS information over WINS through the name service switch (nsswitch.conf "hosts: files dns wins").

There are a lot of choices here, but I'd reccommend setting up DHCP for dynamic DNS updates as this method should work with the widest selection of systems and provide a central DNS facility for caching Internet name lookups. I believe there is a HOWTO in the Tutorials section of this site.
 
Old 08-11-2006, 04:44 AM   #5
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 15
DNS Updates from Windows Boxes only

I too have a similar problem. I am using DHCP with secure DNS updates on my network. The updates are working fine on the Windows into the DNS (Bind 9) from both my dhcp servers, but my linux boxes are failing to complete the updates.

Is this similar to the problem you are talking about?

I will post the solution when I solve it as it is this weekends task. I suspect that it is something in my linux boxes dhclient settings as the fact the windows boxes are doing it rules out the secure DNS updates.

Regards
 
Old 08-11-2006, 10:10 AM   #6
tnine9
Member
 
Registered: Jan 2003
Posts: 39

Original Poster
Rep: Reputation: 15
Agreed, I have double checked my settings from the instructions listed above. Aside from that, none of my windows boxes could effectively communicate until I finished my BIND9 DHCP integration. I believe itís because Iím not sending the hostname in my dhclient.conf files. I found a decent example here http://www.bind9.net/dhclient.conf. If this solves the issue Iíll let you know.
 
Old 08-12-2006, 07:59 PM   #7
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 15
Ok, I have got it working.

Here is an edited copy of the dhclient.conf

# The DHClient conf file
#
send fqdn.fqdn "my.domain.id.";
send fqdn.encoded on;
send fqdn.server-update off;

key rndckey {
algorithm hmac-md5;
secret "<your_rndc_key>";
};


key DYNAMIC_DNS_KEY {
algorithm hmac-md5;
secret "<your_dynamic_dns_key>";
};

zone my.domain.id {
key DYNAMIC_DNS_KEY;
};

zone 1.168.192.in-addr.arpa {
key DYNAMIC_DNS_KEY;
};

Here is the dhcpd.conf file

#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
# Neil's DHCP config file for the my network
authoritative;

ddns-updates on;
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa.";
ddns-domainname "<your_domain.name>.";
allow client-updates;
#
lease-file-name "/var/lib/dhcp/dhcpd.leases";

# include "/etc/rndc.key";
#

key DYNAMIC_DNS_KEY {
algorithm hmac-md5;
secret <your_key_here>;
};

option domain-name "<your_domain.name>";
option domain-name-servers 192.168.1.2;

default-lease-time 86400; # 1 Day
max-lease-time 172800; # 2 Days


#Subnet definitions

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-MASK 255.255.255.0;
option domain-name-servers 192.168.1.2;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.2;
option netbios-name-servers 192.168.1.2;
option netbios-node-type 8;
range 192.168.1.128 192.168.1.250;
}

zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DYNAMIC_DNS_KEY;
}

zone <your_domain_name>. {
primary 127.0.0.1;
key DYNAMIC_DNS_KEY;
}

And my named.conf

//
// named.conf for Red Hat caching-nameserver
//
// include "/etc/rndc.key";


key "rndckey" {
algorithm hmac-md5;
secret "<your_rndc_key>";
};

key DYNAMIC_DNS_KEY {
algorithm hmac-md5;
secret <your_key>;
};

acl "dhcpd" { 192.168.1.0/30; };

controls {
inet 192.168.1.2 port 953 //not as secure as 127.0.0.1 but it works
allow { localhost; dhcpd; } keys { "rndckey"; };
};



options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
listen-on { 127.0.0.1; 192.168.1.2; };
allow-query {127.0.0.1; 192.168.1.0/24; };
forward first;
forwarders {<your_isp_dns_server1>; <your_isp_dns_server2>; };
};

//
// a caching only nameserver config
//

zone "<your_domain>" IN {
type master;
file "<your_domain>.zone";
allow-update { key DYNAMIC_DNS_KEY; };
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.zone";
allow-update { key DYNAMIC_DNS_KEY; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

This is working now. The problem seemed to have been the dhclient update as I did not have the keys in it. That gave me a different error message when changed and I then changed the named.conf to allow the updates to come in on the internal network interface. Then it all worked.

I am interested to know if anyone has got this working using the 127.0.0.1 loopback with the client doing the updates. From what I read it should not be possible. The other question I had was how do the MS boxes perform their updates with no key? The just send the DHCP server their name.

Last edited by Au_Squirrel; 08-15-2006 at 07:14 PM.
 
Old 08-13-2006, 07:13 AM   #8
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora 16
Posts: 160

Rep: Reputation: 43
I find it more reliable for the DHCP server to update the DNS server and not allow clients to do the updates. In theory, it should be more secure since the update key is only needed on the server and a full transaction log is possible. If the DHCP and DNS services are run on the same machine (small network, no fail-over) then the update channel can be over the loopback net (127.0.0.1) to avoid snooping.

In /etc/dhcpd.conf, add:
+++
subnet 192.168.0.0 netmask 255.255.255.0 {
...
option subnet-mask 255.255.255.0;
option routers <DSL box>, <fail-over dial-up>;
option domain-name-servers <caching DNS server>;
option domain-name "example.com.";
option netbios-name-servers <Samba PDC>, <Samba PDC>; # Old Win boxes need 2!
option netbios-node-type 2;
...
}
ddns-update-style interim;
key "dhcpd.example.com." {
algorithm hmac-md5;
secret "whatever";
}
# Forward zone (A and TXT records)
zone example.com. {
primary 127.0.0.1;
key "dhcpd.example.com.";
}
# Reverse zone (PTR records)
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1;
key "dhcpd.example.com.";
}
---

The DNS configuration is more complicated, but boils down to adding an update policy to each dynamic zone declaration, e.g.:
+++
zone "0.168.192.in-addr.arpa" in {
type master;
file "slaves/example.com.rdb"; # must have read/write access to files and directoy for updates and journal
update-policy {
grant dhcpd.example.com. subdomain 0.168.192.in-addr.arpa. PTR;
# ^TSIG key ^access ^root ^record types
};
};
---

All I add to dhclient.conf is:
+++
interface "eth0" {
send host-name "whatever";
send dhcp-client-identifier 1:xx:xx:xx:xx:xx:x; # "1:<client MAC>"
}
---
Sending the client identifier in this format will allow a dual-boot machine to pick up the same IP lease in Linux and Windows.

My server is running Fedora FC5 and clients are FC5, Windows 98 and Windows XP Home. All names and addresses have been altered (excuse any typos). See the DHCP and DNS docs for more detail, but I think I have included the important bits and a few hints.

Hope this is of some help.

--DaveG.
 
Old 08-13-2006, 08:13 AM   #9
tnine9
Member
 
Registered: Jan 2003
Posts: 39

Original Poster
Rep: Reputation: 15
Thanks for the updates Au_Squirrel and DaveG. I'm still having some issues; this is a relatively basic question. I have my zone file for my internal domain, where does BIND 9 write the hostname and IP when DHCP updates it? I would like to actually look at the file to make sure that my windows clients are getting updated. When I look at my DHCP leases, all of the leases have sent a hostname. I'm working on my configuration, but re-configuring from scratch with the tutorial still didn't help.

Thanks,
Todd
 
Old 08-15-2006, 07:24 PM   #10
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 15
Bind 9 File Details

tnine9,
The files you are looking for are should be the /var/named directory. If you have a chrooted named service there will be a heap of links there pointing to the /var/named/chroot/var/named directory. Now the files as specified in my configs are <my_domain_name>.zone (the forward look up) and 1.168.192.zone (the reverse DNS lookup). There will also be some associated .jnl files that are a binary file. DON'T cat or more the .jnl files, you have been warned. All the info is in the .zone files.

In the named.conf you specify the files you will be using. Ensure that they are chown'd by named:named and do exist.

If you cat/more the zone files you should see the DNS entries for your machines. If you have no entries then post the output of grep named /var/log/messages and grep dhcpd /var/log/messages.

Hope this helps

Regards
 
Old 05-06-2007, 12:43 PM   #11
yassir4sri
LQ Newbie
 
Registered: May 2007
Posts: 1

Rep: Reputation: 0
ddnsv6

hi all

in fact i have a school project about the ip6 i've done the simple dns 4 and 6 and also dhcp4
but the problems i have are the dhcp6 and the ddns6
i would be very thankful if help you resolving these problems
thanks in advance
 
Old 05-10-2007, 05:18 AM   #12
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 15
Sorry yassir4sri I have not yet started to play with IP6 dns and dhcp6. I hope that someone else will be able to help
 
  


Reply

Tags
ddns, dns


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dynamic DNS update clients kwickcut Mandriva 3 11-03-2005 06:48 AM
Dynamic DNS update clients kwickcut Linux - Newbie 0 01-06-2005 11:46 PM
How to Update dynamic DNS with DHCP router? longblock454 Linux - Networking 4 05-18-2004 07:21 AM
Linux DNS - Windows clients problem tommynet Linux - Networking 4 08-13-2003 01:33 PM
Have problems with DNS(Linux)- only on windows clients... Senta Linux - Networking 4 07-02-2003 03:06 AM


All times are GMT -5. The time now is 04:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration