Ok, I put together a configuration guide for dhcp and ddns, I'm hoping you would like to review it and let me know what you think. The guide is meant to be straight forward and help a person get the services running, even though they may not understand all of the configuration right away (that is what man pages are for
.
------Begin Guide------
DHCP and DDNS Setup Guide
(This guide assumes you already have named, dhcp, and bind installed on your system. This setup was tested on Fedora Core 2
with DHCP version "isc-dhcpd-V3.0.1rc14")
DHCP Setup:
First you must modify the /etc/dhcpd.conf file to meet your needs.
Here is a sample dhcpd.conf file (simple configuration without dynamic dns updates, that will be added later):
#This example sets up a subnet of 192.168.1.0 with a netmask of 255.255.255.0 and assigns IP addresses from the range 192.168.1.100 to 192.168.1.150
#Always put authoritative before anything else you add to the file
authoritative;
#These options can go here to affect all DHCP subnets, or they can be put in a subnet block for more specific configuration
#The lease times define how long a dynamically assigned IP address is good for. The times are in seconds.
max-lease-time 604800; #604800 is a week
default-lease-time 86400; #86400 is a day
#The subnet section is where the ip address range, domain name, and servers are set up
#The subnet IP address, netmask, and server IP addresses below should be changed to match your particular setup.
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option domain-name "mydomain.com";
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;
range 192.168.1.100 192.168.1.150;
#These netbios options are for Windows dhcp clients that require a WINS server.
# option netbios-scope "";
# option netbios-node-type 8;
# option netbios-name-servers 192.168.1.1;
# option netbios-dd-server 192.168.1.1;
}
#End Configuration
Once your dhcpd.conf file is modified, you can start the dhcp service with "/usr/sbin/dhcpd" (or wherever the dhcpd binary file is)
Then just set the client computers to automatically obtain an IP and DNS server address.
If you want dhcpd to automatically update your DNS records, continue on....
DDNS Setup (dynamic dns allows dhcpd to update dns records on the server any time a new IP address is assigned. The benefit of
this is that you can access a computer by its name, rather than only by the IP address it was given, for example if a computer with
the name "Gamer" is dynamically assigned the IP address 192.168.1.124, you will only be able to access it with its IP address
if you don't use DDNS. If you use DDNS, you will be able to access the computer by its name, "Gamer". DDNS updates the
forward map and reverse look-up map for the client computer.)
First create a key that will be used between named and dhcpd for dynamic dns updates:
command: dnssec-keygen -a HMAC-MD5 -b 512 -n HOST <keyname> where keyname is
whatever you want (it will be used in the dhcpd.conf and named.conf files).
That command will create two key files in /root/ that look something like: K<keyname>.+157+00138 (one has a .private extension and one has a .key extension)
Open up the .private file and copy the value after "Key:" This key value will be used in the dhcpd.conf and named.conf files.
Add these lines to the dhcpd.conf file:
#ddns options affect dynamic dns. here they are turned on with an update style of interim (the only available style that is not deprecated)
#These options can also be used in a subnet for more specific configurations.
ddns-updates on;
#The domain name and reverse domain name must have a trailing period
ddns-domainname "mydomain.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
allow client-updates;
#The key section is used for dns updates. Again, the keyname is what you used in the command to create the key.
key <keyname> {
algorithm hmac-md5; #The algorithm may be different, this depends on what you used with the dnssec-keygen command earlier.
secret "----key goes here----";
};
#The zone information must be added for each domain that is going to be updated. Note that there are no qoutes around the zone name.
#There should be at least two zone sections, one for the forward map and one for the reverse look-up map.
zone mydomain.com. {
primary 127.0.0.1;
key <keyname>;
}
#This zone section is for the reverse look-up map.
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key <keyname>;
}
#End of dhcpd.conf modification
The next thing you have to modify for DDNS to work is the named.conf file. This can be in a couple of places, either /etc/ or /var/named/chroot/etc/ if you are running named in a chroot environment.
I will not describe all parts of the named.conf file, only the parts necessary for DDNS, but I will provide the entire file so you can see the big picture.
#Example named.conf file. Look below for the parts necessary for DDNS.
options {
directory "/var/named";
forwarders{
<name server1>;
<name server2>;
};
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
zone "." {
type hint;
file "named.ca";
};
#Add the key section, this will be the same as the key section added to the dhcpd.conf file.
key <keyname> {
algorithm hmac-md5;
secret "----key goes here----";
};
#Note the qoutes around the zone name this time
zone "mydomain.com"{
type master;
file "mydomain.db"; #This file will be somewhat explained later
#Add the next two lines for DDNS
notify yes;
allow-update { key <keyname>; };
};
#This is the reverse look-up zone
zone "1.168.192.in-addr.arpa"{
type master;
file "1.168.192.in-addr.arpa"; #This file will also be somewhat explained later
#Add the following two lines for DDNS
notify yes;
allow-update { key <keyname>; };
};
#The logging section is optional and is useful for debugging purposes. If you use this section you will need to create the files listed below (the location of the files is up to you)
logging {
channel update_debug {
file "/var/log/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
};
include "/etc/rndc.key";
#End named configuration
Note: named will attempt to automatically create a journal file for each domain it updates dns records for. The files will be created
in either /var/named/ or /var/named/chroot/var/named/. You will get an error in the named log if named doesn't have permissions on
those directories, so make sure named owns the directories and has the proper permissions.
I will briefly explain the mydomain.db and 1.168.192.in-addr.arpa files here. (these files should be located in /var/named/ or /var/named/chroot/var/named/, you may need to create them from scratch if you don't have named set up already)
The mydomain.db file holds the DNS records for that domain, you can have static names and IP addresses listed in the file and still
be able to use DHCP for some clients. Below is an example file, I will use the 192.168.1.1 to 192.168.1.99 IP address range
for static IP assignments, and keep the 192.168.1.100 to 192.168.1.150 range open for DHCP assigned IP addresses.
#Example mydomain.db file
;
; mydomain.db - Authoritative data for mydomain.com
;
@ IN SOA mydomain.com. root.mydomain.com. (
96010405 ; serial
3600 ; refresh
300 ; retry
604800 ; expire
3600 ; default_ttl
)
@ IN NS server.mydomain.com.
mydomain.com. IN MX 10 smtp.mydomain.com.
host1 IN A 192.168.1.5
host2 IN A 192.168.1.79
host3 IN A 192.168.1.34
host4 IN A 192.168.1.99
#End mydomain.db
Note that once DDNS is working, this file will look different.
#Example 1.168.192.in-addr.arpa file (Reverse Look-up map)
;
; 1.168.192.in-addr.arpa.dns - reverse mapping for network 192.168.1.
;
@ IN SOA server.mydomain.com. root.mydomain.com (
2000052401 ; serial
3600 ; refresh
300 ; retry
604800 ; expire
3600 ; default_ttl
)
;name servers
@ IN NS server.mydomain.com.
;Addresses mapped to canonical names
5 IN PTR host1.mydomain.com.
79 IN PTR host2.mydomain.com.
34 IN PTR host3.mydomain.com.
99 IN PTR host4.mydomain.com.
#End 1.168.192.in-addr.arpa
Note that there is nothing specified in the IP range of 192.168.1.100 to 192.168.1.150 for either file, this range must be left open
for DHCP assigned IP addresses
That completes the DDNS configuration. You can restart named with "service named restart" and if dhcpd was already running, stop
it with "killall dhcpd" and start it again with "/usr/sbin/dhcpd" or where ever the dhcpd binary is located.
The log files and man pages are your friends. Check the man pages for detailed descriptions of the dhcpd.conf configuration
options and if anything isn't working, check the /var/log/messages file, or the log files you set up under the logging section in named.conf.
Written by PlorkZ (a.k.a. AK47) with help from scowles, akshatyadav, and n3tw0rk (
http://www.linuxquestions.org/questi...31#post1272431)
November, 2004
------End Guide------
Thanks