named + dhcpd -> ddns configuration ?

Suhy · 02-01-2007, 05:12 PM

I'm trying to make a "good" linux server

. At this point i wanted to install and config DDNS.
i am using CentOS 4.4 Server edition..
I have small network, server "mango" with ip 10.10.10.1, and some other computers getting ip's from dhcpd.
I made configuration that works, well it does:
-i get ip address on client machines
-with nslookup or dig i get responses from server and client
machines, also i get response from internet requests..
-after while i connect a client to network, a line is added in both zone files ..
So, i think i did ok with config files.

1) Now, i am asking: Is this configuration that i made any good? Are there some big mistakes, anything to correct or change?

dhcpd.conf

Code:

authoritative;
include "/etc/rndc.key";

#Konfiguracija strežnika
#server-identifier    server;
ddns-domainname         "sadovnjak.local";
ddns-rev-domainname     "in-addr.arpa.";
ddns-update-style       interim;
ddns-updates            on;
ignore                  client-updates;

# This is the communication zone

zone sadovnjak.local. {
    primary 127.0.0.1;
    key rndckey;
}

zone  10.10.10.in-addr.arpa. {
                primary 127.0.0.1;
                key rndckey;
        }

default-lease-time      21600;  # 6 hours
max-lease-time          43200;  # 12 hours


option routers 10.10.10.1;
option domain-name "sadovnjak.local";
option domain-name-servers 10.10.10.1;
option ip-forwarding    off;

# Domaci_bazencek
subnet 10.10.10.0 netmask 255.255.255.0 {
	range 10.10.10.20 10.10.10.100;
	option subnet-mask              255.255.255.0;
       option broadcast-address        10.10.10.255;
	}

named.conf

Code:

acl sadovnjak-local { 10.10.10.0/24; 127.0/8; }; 

controls {
        inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        allow-query { sadovnjak-local; }; 
        forwarders { 193.2.1.66; 193.2.1.72; }; 
#	forward-only; 
};

include "/etc/rndc.key";

# Forward Zone for sadovnjak.local domain
zone "sadovnjak.local" IN {
        type master; 
        file "sadovnjak.local.zone"; 
	 allow-update { key "rndckey"; };
        notify yes;
};

# Reverse Zone for sadovnjak.local domain
zone "10.10.10.in-addr.arpa" IN {
        type master;
        file "10.10.10.in-addr.arpa.zone"; 
	 allow-update { key "rndckey"; };
        notify yes;
};

sadovnjak.local.zone

Code:

$TTL 1D

sadovnjak.local.        IN      SOA     mango.sadovnjak.local. root.mango.sadovnjak.local. (
                                200612060                 ; serial
                                2H                        ; refresh slaves
                                5M                        ; retry
                                1W                        ; expire
                                1M                        ; Negative TTL
                                )

@                       IN      NS      mango.sadovnjak.local.

mango.sadovnjak.local.  IN      A       10.10.10.1        ; RHEL server

10.10.10.in-addr.arpa

Code:

$TTL 1D

@       IN      SOA     mango.sadovnjak.local. root.mango.sadovnjak.local. (
200612060       ; serial
2H              ; refresh slaves
5M              ; retry
1W              ; expire
1M              ; Negative TTL
)

        IN      NS      mango.sadovnjak.local.
1       IN      PTR     mango.sadovnjak.local.

2)additional: after i added a line in fw zone

Code:

binar.sadovnjak.local.  IN      A       10.10.10.80

and in rew zone

Code:

80       IN      PTR     binar.sadovnjak.local.

everything stoped working, dhcp and ddns.. any clues??

by this i wanted to give static ip to one client machine (also i manualy entered numbers at tcp/ip on "binar")

fur · 02-01-2007, 10:58 PM

Quote:

everything stoped working, dhcp and ddns.. any clues??

Please explain this.

Do the processes even start?

What do the log files say, any errors?

Suhy · 02-02-2007, 05:46 AM

Well on first good configuration, i made changes in zones, and in my client computer i entered static values, including dns server..

I could start both services named and dhcp with no error or any problem, but, client computers didn't get ip address from dhcpd, and in nslookup there was no response(tried from computer binar with static ip), even from server.

What about my config files, are they any good?

fur · 02-02-2007, 08:51 AM

Looks mostly OK.

In your dhcpd.conf

Code:

option routers 10.10.10.1;
option domain-name "sadovnjak.local";
option domain-name-servers 10.10.10.1;
option ip-forwarding    off;

# Domaci_bazencek
subnet 10.10.10.0 netmask 255.255.255.0 {
	range 10.10.10.20 10.10.10.100;
	option subnet-mask              255.255.255.0;
       option broadcast-address        10.10.10.255;
	}

The subnet-specific parameters should be listed with the rest,

Code:


# Domaci_bazencek
subnet 10.10.10.0 netmask 255.255.255.0 {
	option routers 10.10.10.1;
	option domain-name "sadovnjak.local";
	option domain-name-servers 10.10.10.1;
	range 10.10.10.20 10.10.10.100;
	option subnet-mask              255.255.255.0;
       option broadcast-address        10.10.10.255;
	}

Also should not need to state

Code:

	option ip-forwarding    off;

Because that is not on by default, so you can leave it out.

I ran named-checkconf on you named.conf, and didn't get any errors, and both of the zone records look ok.

Suhy · 02-02-2007, 10:03 AM

fur, big thanx on help.

btw, this ddns rules! Before that, i had ISP dns, and i had Torrentflux(web-based torrent application). Many times when i wanted access page http://mango/tf i had to wait up to 20 seconds. Since i started local dns server there are no delays.

fur · 02-02-2007, 10:26 AM

So is it working now, or are you still having problems?

Suhy · 02-02-2007, 10:35 AM

I would have problem with named and dhcpd, if i returned bottom lines(from first post) in fw and rew zone for static ip for workstation "binar". but since i rely on good linux ddns i think i will not need static ip's for clients. And saying that, there is NO problem anymore

Mostly i wanted to know how good is my configuration of ddns.

JimBass · 02-02-2007, 01:56 PM

I would rip this line out of your named.conf - forwarders { 193.2.1.66; 193.2.1.72; };

That forces you to depend on your ISP's nameservers. It is possible, but unlikely, that they will have some problem where their nameservers will have a problem. BIND by itself will resolve any names by looking to the correct root/top domain servers. Having forwarders basically adds an unnecessary second step. You ask their nameservers, then their nameservers ask the root/top domain. You can go direct to the root/top, and bypass them.

Other than that, your BIND config looks fine.

Peace,
JimBass

MQMan · 02-02-2007, 06:27 PM

Quote:

Originally Posted by JimBass

I would rip this line out of your named.conf - forwarders { 193.2.1.66; 193.2.1.72; };

But if the OP does that, won't they need an entry for root hints. Or whatever it's called.

Cheers.

JimBass · 02-02-2007, 06:33 PM

Yes, but the file is usually db.root, and it is included in every bind package.

Peace,
JimBass

Suhy · 02-04-2007, 05:49 AM

in centos, there is file in /var/named/chroot/var/named/named.ca with root servers..

Is adding line like this in named.conf correct?

Code:

zone "." IN {
        type hint;
        file "named.ca";
};

additional, i found this in original named.conf file:

Code:

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone localdomain is like mine sadovnjak.local, right?
what is localhost for??

p.s. mine forwarders 193.2.1.66 and 193.2.1.72, they are like best dns servers in our country, they do the work "perfect" for a long time.. Isn't faster to resolve some dns request(requests that are already in their cahce, and i think most of them i am surfing, are in cache ) through them since i have less than 10ms ping time to them, but more than 60ms response time to root servers??

JimBass · 02-04-2007, 10:06 AM

Yes, localdomain.zone is the same as your sadovnjak.local. Localhost.zone is just the generic IP for every computer, localhost=home=127.0.0.1. The localhost file just states that.

If you feel comfortable using the DNS servers in your country, that's fine. It still is an unnecessary step, but if they have most of the zones you surf to in their cache, it probably will be faster. Still, if you ask for a zone that those servers don't know, or the cache on them has expired, then they go to the root/toplevel domain and look it up, making it slower in this case (again, 1 extra step).

I would never use a forwarder in DNS, and I very highly doubt as a human you notice the difference between 10 ms and 60 ms, but if you want to trust those DNS servers you certainly can.

Peace,
JimBass

Suhy · 02-04-2007, 02:42 PM

Ok, you made your point... I'll give forwarders out.
but, do i need to add root(".")zone in named.conf?
like this?

Code:

zone "." IN {
        type hint;
        file "named.ca";
};

About localhost.zone: for what purpose is this zone(computer can ping himself withouth this, right, and it has no purpose for lan, right? Is it for nslookup and dig function?), and is this zone needed or not?

JimBass · 02-04-2007, 03:19 PM

Yes, you will need the "." zone, as provided by named.ca in your distro's package.

You can ping localhost regardless, but BIND spits some errors if you don't have the localhost zone explicitly defined. That file should be listed in named.conf, and so should the root/hint zone.

You can use your forwarders if you feel comfortable with them. I didn't mean your config was evil or anything, I just don't see the point in having a nameserver that can't get all the way to the top of the chain itself.

Peace,
JimBass

Suhy · 02-05-2007, 02:15 PM

no no, you're the man

respect !!

well this is updated named.conf

Code:

acl sadovnjak-local { 10.10.10.0/24; 127.0/8; }; # nekako, da je to obseg ip-jev, ki jih lahko navajamo v tej datoteki

controls {
        inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        allow-query { sadovnjak-local; }; # doloci ip naslove, ki lahko delajo poizvedbe na imenskem strezniku
};

include "/etc/rndc.key";

#where BIND can get a list of TLD servers for the particular TLD
zone "." IN {
	type hint;
	file "named.ca";
};

#allows resolution of the name 'localhost' to the loopback address 127.0.0.1
zone "localhost" IN {
	type master;
	file "localhost.zone";
	allow-update { none; };
};

#allows reverse mapping of the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "named.local";
	allow-update { none; };
};

#to prevent really stupid queries from going past this server (The zero and broadcast stuff)
zone "255.in-addr.arpa" IN {
	type master;
	file "named.broadcast";
	allow-update { none; };
};

zone "0.in-addr.arpa" IN {
	type master;
	file "named.zero";
	allow-update { none; };
};

# Forward Zone for sadovnjak.local domain
zone "sadovnjak.local" IN {
        type master; # pove, da je tale primarni imenski strežnik
        file "sadovnjak.local.zone"; # v kateri datoteki so zapisi za to cono
	 allow-update { key "rndckey"; };
        notify yes;
};

# Reverse Zone for sadovnjak.local domain
zone "10.10.10.in-addr.arpa" IN {
        type master;
        file "10.10.10.in-addr.arpa.zone"; # v kateri datoteki so zapisi za to cono
	 allow-update { key "rndckey"; };
        notify yes;
};

i added root zone, localhost zone and additional

- 0.0.127.in-addr.arpa (reverse localhost) and
255.in-addr.arpa and
255.in-addr.arpa

Is now everything by pro standards?
Are this three additional zones ok? I found them in original conf file and did little google search.

content of this three zones is:

named.local

Code:

$TTL	86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.

1       IN      PTR     localhost.

named.broadcast

Code:

$TTL    86400
@               IN SOA  localhost       root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
	IN	NS	localhost

named.zero

Code:

$TTL    86400
@               IN SOA  localhost       root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
	IN	NS	localhost

are definitions in SOA ok in zone files?
everything else ok here?