LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-01-2007, 05:12 PM   #1
Suhy
LQ Newbie
 
Registered: Aug 2005
Distribution: CentOS, Fedora
Posts: 25

Rep: Reputation: 15
named + dhcpd -> ddns configuration ?


I'm trying to make a "good" linux server . At this point i wanted to install and config DDNS.
i am using CentOS 4.4 Server edition..
I have small network, server "mango" with ip 10.10.10.1, and some other computers getting ip's from dhcpd.
I made configuration that works, well it does:
-i get ip address on client machines
-with nslookup or dig i get responses from server and client
machines, also i get response from internet requests..
-after while i connect a client to network, a line is added in both zone files ..
So, i think i did ok with config files.

1) Now, i am asking: Is this configuration that i made any good? Are there some big mistakes, anything to correct or change?

dhcpd.conf
Code:
authoritative;
include "/etc/rndc.key";

#Konfiguracija strežnika
#server-identifier    server;
ddns-domainname         "sadovnjak.local";
ddns-rev-domainname     "in-addr.arpa.";
ddns-update-style       interim;
ddns-updates            on;
ignore                  client-updates;

# This is the communication zone

zone sadovnjak.local. {
    primary 127.0.0.1;
    key rndckey;
}

zone  10.10.10.in-addr.arpa. {
                primary 127.0.0.1;
                key rndckey;
        }

default-lease-time      21600;  # 6 hours
max-lease-time          43200;  # 12 hours


option routers 10.10.10.1;
option domain-name "sadovnjak.local";
option domain-name-servers 10.10.10.1;
option ip-forwarding    off;

# Domaci_bazencek
subnet 10.10.10.0 netmask 255.255.255.0 {
	range 10.10.10.20 10.10.10.100;
	option subnet-mask              255.255.255.0;
       option broadcast-address        10.10.10.255;
	}
named.conf
Code:
acl sadovnjak-local { 10.10.10.0/24; 127.0/8; }; 

controls {
        inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        allow-query { sadovnjak-local; }; 
        forwarders { 193.2.1.66; 193.2.1.72; }; 
#	forward-only; 
};

include "/etc/rndc.key";

# Forward Zone for sadovnjak.local domain
zone "sadovnjak.local" IN {
        type master; 
        file "sadovnjak.local.zone"; 
	 allow-update { key "rndckey"; };
        notify yes;
};

# Reverse Zone for sadovnjak.local domain
zone "10.10.10.in-addr.arpa" IN {
        type master;
        file "10.10.10.in-addr.arpa.zone"; 
	 allow-update { key "rndckey"; };
        notify yes;
};
sadovnjak.local.zone
Code:
$TTL 1D

sadovnjak.local.        IN      SOA     mango.sadovnjak.local. root.mango.sadovnjak.local. (
                                200612060                 ; serial
                                2H                        ; refresh slaves
                                5M                        ; retry
                                1W                        ; expire
                                1M                        ; Negative TTL
                                )

@                       IN      NS      mango.sadovnjak.local.

mango.sadovnjak.local.  IN      A       10.10.10.1        ; RHEL server
10.10.10.in-addr.arpa
Code:
$TTL 1D

@       IN      SOA     mango.sadovnjak.local. root.mango.sadovnjak.local. (
200612060       ; serial
2H              ; refresh slaves
5M              ; retry
1W              ; expire
1M              ; Negative TTL
)

        IN      NS      mango.sadovnjak.local.
1       IN      PTR     mango.sadovnjak.local.

2)additional: after i added a line in fw zone

Code:
binar.sadovnjak.local.  IN      A       10.10.10.80
and in rew zone

Code:
80       IN      PTR     binar.sadovnjak.local.
everything stoped working, dhcp and ddns.. any clues??

by this i wanted to give static ip to one client machine (also i manualy entered numbers at tcp/ip on "binar")

Last edited by Suhy; 02-01-2007 at 05:14 PM.
 
Old 02-01-2007, 10:58 PM   #2
fur
Member
 
Registered: Dec 2003
Distribution: Debian, FreeBSD
Posts: 310

Rep: Reputation: 35
Quote:
everything stoped working, dhcp and ddns.. any clues??
Please explain this.

Do the processes even start?

What do the log files say, any errors?
 
Old 02-02-2007, 05:46 AM   #3
Suhy
LQ Newbie
 
Registered: Aug 2005
Distribution: CentOS, Fedora
Posts: 25

Original Poster
Rep: Reputation: 15
Well on first good configuration, i made changes in zones, and in my client computer i entered static values, including dns server..

I could start both services named and dhcp with no error or any problem, but, client computers didn't get ip address from dhcpd, and in nslookup there was no response(tried from computer binar with static ip), even from server.

What about my config files, are they any good?
 
Old 02-02-2007, 08:51 AM   #4
fur
Member
 
Registered: Dec 2003
Distribution: Debian, FreeBSD
Posts: 310

Rep: Reputation: 35
Looks mostly OK.

In your dhcpd.conf

Code:
option routers 10.10.10.1;
option domain-name "sadovnjak.local";
option domain-name-servers 10.10.10.1;
option ip-forwarding    off;

# Domaci_bazencek
subnet 10.10.10.0 netmask 255.255.255.0 {
	range 10.10.10.20 10.10.10.100;
	option subnet-mask              255.255.255.0;
       option broadcast-address        10.10.10.255;
	}
The subnet-specific parameters should be listed with the rest,

Code:

# Domaci_bazencek
subnet 10.10.10.0 netmask 255.255.255.0 {
	option routers 10.10.10.1;
	option domain-name "sadovnjak.local";
	option domain-name-servers 10.10.10.1;
	range 10.10.10.20 10.10.10.100;
	option subnet-mask              255.255.255.0;
       option broadcast-address        10.10.10.255;
	}

Also should not need to state

Code:
	option ip-forwarding    off;

Because that is not on by default, so you can leave it out.


I ran named-checkconf on you named.conf, and didn't get any errors, and both of the zone records look ok.
 
Old 02-02-2007, 10:03 AM   #5
Suhy
LQ Newbie
 
Registered: Aug 2005
Distribution: CentOS, Fedora
Posts: 25

Original Poster
Rep: Reputation: 15
fur, big thanx on help.


btw, this ddns rules! Before that, i had ISP dns, and i had Torrentflux(web-based torrent application). Many times when i wanted access page http://mango/tf i had to wait up to 20 seconds. Since i started local dns server there are no delays.
 
Old 02-02-2007, 10:26 AM   #6
fur
Member
 
Registered: Dec 2003
Distribution: Debian, FreeBSD
Posts: 310

Rep: Reputation: 35
So is it working now, or are you still having problems?
 
Old 02-02-2007, 10:35 AM   #7
Suhy
LQ Newbie
 
Registered: Aug 2005
Distribution: CentOS, Fedora
Posts: 25

Original Poster
Rep: Reputation: 15
I would have problem with named and dhcpd, if i returned bottom lines(from first post) in fw and rew zone for static ip for workstation "binar". but since i rely on good linux ddns i think i will not need static ip's for clients. And saying that, there is NO problem anymore

Mostly i wanted to know how good is my configuration of ddns.
 
Old 02-02-2007, 01:56 PM   #8
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
I would rip this line out of your named.conf - forwarders { 193.2.1.66; 193.2.1.72; };

That forces you to depend on your ISP's nameservers. It is possible, but unlikely, that they will have some problem where their nameservers will have a problem. BIND by itself will resolve any names by looking to the correct root/top domain servers. Having forwarders basically adds an unnecessary second step. You ask their nameservers, then their nameservers ask the root/top domain. You can go direct to the root/top, and bypass them.

Other than that, your BIND config looks fine.

Peace,
JimBass
 
Old 02-02-2007, 06:27 PM   #9
MQMan
Member
 
Registered: Jan 2004
Location: Los Angeles
Distribution: Slack64 13.37
Posts: 535

Rep: Reputation: 36
Quote:
Originally Posted by JimBass
I would rip this line out of your named.conf - forwarders { 193.2.1.66; 193.2.1.72; };
But if the OP does that, won't they need an entry for root hints. Or whatever it's called.

Cheers.
 
Old 02-02-2007, 06:33 PM   #10
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
Yes, but the file is usually db.root, and it is included in every bind package.

Peace,
JimBass
 
Old 02-04-2007, 05:49 AM   #11
Suhy
LQ Newbie
 
Registered: Aug 2005
Distribution: CentOS, Fedora
Posts: 25

Original Poster
Rep: Reputation: 15
in centos, there is file in /var/named/chroot/var/named/named.ca with root servers..

Is adding line like this in named.conf correct?

Code:
zone "." IN {
        type hint;
        file "named.ca";
};

additional, i found this in original named.conf file:
Code:
zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};
zone localdomain is like mine sadovnjak.local, right?
what is localhost for??

p.s. mine forwarders 193.2.1.66 and 193.2.1.72, they are like best dns servers in our country, they do the work "perfect" for a long time.. Isn't faster to resolve some dns request(requests that are already in their cahce, and i think most of them i am surfing, are in cache ) through them since i have less than 10ms ping time to them, but more than 60ms response time to root servers??

Last edited by Suhy; 02-04-2007 at 05:55 AM.
 
Old 02-04-2007, 10:06 AM   #12
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
Yes, localdomain.zone is the same as your sadovnjak.local. Localhost.zone is just the generic IP for every computer, localhost=home=127.0.0.1. The localhost file just states that.

If you feel comfortable using the DNS servers in your country, that's fine. It still is an unnecessary step, but if they have most of the zones you surf to in their cache, it probably will be faster. Still, if you ask for a zone that those servers don't know, or the cache on them has expired, then they go to the root/toplevel domain and look it up, making it slower in this case (again, 1 extra step).

I would never use a forwarder in DNS, and I very highly doubt as a human you notice the difference between 10 ms and 60 ms, but if you want to trust those DNS servers you certainly can.

Peace,
JimBass
 
Old 02-04-2007, 02:42 PM   #13
Suhy
LQ Newbie
 
Registered: Aug 2005
Distribution: CentOS, Fedora
Posts: 25

Original Poster
Rep: Reputation: 15
Ok, you made your point... I'll give forwarders out.
but, do i need to add root(".")zone in named.conf?
like this?
Code:
zone "." IN {
        type hint;
        file "named.ca";
};
About localhost.zone: for what purpose is this zone(computer can ping himself withouth this, right, and it has no purpose for lan, right? Is it for nslookup and dig function?), and is this zone needed or not?
 
Old 02-04-2007, 03:19 PM   #14
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
Yes, you will need the "." zone, as provided by named.ca in your distro's package.

You can ping localhost regardless, but BIND spits some errors if you don't have the localhost zone explicitly defined. That file should be listed in named.conf, and so should the root/hint zone.

You can use your forwarders if you feel comfortable with them. I didn't mean your config was evil or anything, I just don't see the point in having a nameserver that can't get all the way to the top of the chain itself.

Peace,
JimBass
 
Old 02-05-2007, 02:15 PM   #15
Suhy
LQ Newbie
 
Registered: Aug 2005
Distribution: CentOS, Fedora
Posts: 25

Original Poster
Rep: Reputation: 15
Thumbs up

no no, you're the man
respect !!

well this is updated named.conf

Code:
acl sadovnjak-local { 10.10.10.0/24; 127.0/8; }; # nekako, da je to obseg ip-jev, ki jih lahko navajamo v tej datoteki

controls {
        inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        allow-query { sadovnjak-local; }; # doloci ip naslove, ki lahko delajo poizvedbe na imenskem strezniku
};

include "/etc/rndc.key";

#where BIND can get a list of TLD servers for the particular TLD
zone "." IN {
	type hint;
	file "named.ca";
};

#allows resolution of the name 'localhost' to the loopback address 127.0.0.1
zone "localhost" IN {
	type master;
	file "localhost.zone";
	allow-update { none; };
};

#allows reverse mapping of the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "named.local";
	allow-update { none; };
};

#to prevent really stupid queries from going past this server (The zero and broadcast stuff)
zone "255.in-addr.arpa" IN {
	type master;
	file "named.broadcast";
	allow-update { none; };
};

zone "0.in-addr.arpa" IN {
	type master;
	file "named.zero";
	allow-update { none; };
};

# Forward Zone for sadovnjak.local domain
zone "sadovnjak.local" IN {
        type master; # pove, da je tale primarni imenski strežnik
        file "sadovnjak.local.zone"; # v kateri datoteki so zapisi za to cono
	 allow-update { key "rndckey"; };
        notify yes;
};

# Reverse Zone for sadovnjak.local domain
zone "10.10.10.in-addr.arpa" IN {
        type master;
        file "10.10.10.in-addr.arpa.zone"; # v kateri datoteki so zapisi za to cono
	 allow-update { key "rndckey"; };
        notify yes;
};
i added root zone, localhost zone and additional

- 0.0.127.in-addr.arpa (reverse localhost) and
255.in-addr.arpa and
255.in-addr.arpa

Is now everything by pro standards?
Are this three additional zones ok? I found them in original conf file and did little google search.

content of this three zones is:

named.local
Code:
$TTL	86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.

1       IN      PTR     localhost.
named.broadcast
Code:
$TTL    86400
@               IN SOA  localhost       root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
	IN	NS	localhost
named.zero
Code:
$TTL    86400
@               IN SOA  localhost       root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
	IN	NS	localhost
are definitions in SOA ok in zone files?
everything else ok here?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DDNS with BIND and ISC-DHCPD joel112 Linux - Software 1 05-25-2006 11:06 AM
DHCPD configuration help sleepisforwimps Linux - Networking 2 08-22-2005 07:05 PM
BIND 9/DHCPD DDNS Not Functioning Corxscrew Linux - Networking 2 02-07-2005 05:43 AM
dhcpd and/or BIND (named) problem sneumyer Linux - Networking 2 09-06-2004 04:33 PM
dhcpd configuration peok Linux - Networking 4 10-31-2003 01:53 PM


All times are GMT -5. The time now is 05:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration