DHCP setup

I've done a lot of research on DHCP and have tried a number of things, but haven't been able to get DHCP to work on my fedora core 2 server. Here is what I'm trying to do: I have a FC2 server running as dns, gateway, email and web server, etc. and all the client computers are versions of windows (98, 2000, XP) and I want to have FC2 run dhcp to make the setup of the Windows clients easier. Does anyone have a good step-by-step description of how to set up DHCP? I've played around with the dhcpd.conf file in /etc/log.d/conf/services/ but nothing seems to work when I try to have a windows client automatically obtain ip address and dns information.

Thanks for any help with this!!

visit http://www.tldp.org/HOWTO/mini/DHCP/ for some related info. A better way would be to google for "DHCP howto" that would give you lots of related info. I hope it helps!

@PlorkZ

First of all u should tell us that what step u had taken till now to configure DHCP server , and where u get stuck. So, that I can try to help u out. I think body will give u a spoon fieding step by step.

Anway the doc provided by n3tw0rk is good one. Read it carefull, u will be able to run u r server.



-Akshat

All the information I've been able to find so far points to modifying the dhcpd.conf file in /etc/log.d/conf/services/ , that's all. Is that really all that needs to be done? Here is what I have in the dhcpd.conf file right now (I have tried other configurations, also to no avail):

Title = "dhcpd"

LogFile = messages

*OnlyService = dhcpd
*RemoveHeaders

authoritative;

max-lease-time 86400;
default-lease-time 14400;

subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;

option domain-name "[server.something.com]";
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;

range 192.168.1.10 192.168.1.200;

option netbios-scope "";
option netbios-node-type 8;
option netbios-name-servers 192.168.1.1;
option netbios-dd-server 192.168.1.1;

}

Then I just set a windows xp machine on the network to obtain IP and DNS automatically, but it doesn't work. I know I'm missing something important, but I don't know where to look.
This configuration was based on a tutorial I found while searching through google results. Keep in mind that my FC2 server is running everything except domain controller, which is handled by a winnt server (if that makes a difference).

Thanks

UPDATE:
Thanks to the link by n3tw0rk I have been able to get my DHCP to work properly!! Now I have a new problem, for some reason the dns is not updating, for example, my old, static IP was 192.168.1.18, which is present in the named file, but my new DHCP address is 192.168.1.150 and that is not being updated in the dns records, so I wouldn't be able to ping/telnet/otherwise connect to my computer by its name, rather only by ip address. Any ideas? Here is my up-to-date dhcpd.conf file, located in /etc/:

Title = "dhcpd";

LogFile = messages

*OnlyService = dhcpd
*RemoveHeaders;

authoritative;

max-lease-time 604800;
default-lease-time 86400;
ddns-update-style interim;

subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option domain-name "rapco";
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;

range 192.168.1.100 192.168.1.150;
}

Thanks for the help!

If you are referring to DDNS, then you are missing a few parameters...

1) You have not turned on ddns-updates. See: man dhcpd.conf
2) You have not specifed the ddns-domainname to use. See: man dhcpd.conf
3) You have not specified the dns key to use between dhcpd and named. i.e. dnssec-keygen and nsupdate
4) You have not specified the zones names to be updated in dhcpd.conf. See: man dhcpd.conf

Also, allow-updates needs to be enabled in the DNS zones you want dynamically updated (named.conf) along with the inclusion of the key generated in step 3 above so nsupdate will work. Again, man dhcpd.conf has some good examples of both files in the DDNS section of the man page.

DDNS is what I meant. I found the part of the dhcpd.conf man page you were talking about and followed the procedures outlined there. I added the necessary lines to my dhcpd.conf file and to the named.conf file and restarted both. I also set up the log files, although I noticed that when I restarted named, there were errors saying that the log files couldn't be found:
portion of /var/log/messages:
logging channel 'update_debug' file '/var/log/update-debug.log': file not found
logging channel 'security_info' file '/var/log/named-auth.info': file not found
The files are there and they have permissions: rw-r--r-- owned by root.root. Should ownership be different?
I'm not sure yet that ddns is actually working because the lease has not yet expired for my computer, how do I manually remove the lease, forcing a new lease and hopefully a dns update?

UPDATE:
I took care of the log file problem, it seems I forgot the files have to be in the chroot directory used by named. I restarted named again and this time I noticed something new in the messages log file.
portion of messages file:
Nov 2 15:40:42 pma dhcpd: DHCPRELEASE of 192.168.1.150 from 00:01:03:e4:1b:6c (it-manage) via eth0 (found)
Nov 2 15:40:46 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 2 15:40:46 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 2 15:40:46 pma dhcpd: DHCPDISCOVER from 00:01:03:e4:1b:6c via eth0
Nov 2 15:40:47 pma dhcpd: DHCPOFFER on 192.168.1.150 to 00:01:03:e4:1b:6c (host) via eth0
Nov 2 15:40:47 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 2 15:40:47 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 2 21:40:47 pma named[30497]: isc_log_open '/var/log/update-debug.log' failed: file not found
Nov 2 15:40:47 pma dhcpd: Can't update forward map host.domain.com. to 192.168.1.150: no such RRset
Nov 2 15:40:47 pma dhcpd: DHCPREQUEST for 192.168.1.150 (192.168.1.1) from 00:01:03:e4:1b:6c (host) via eth0
Nov 2 15:40:47 pma dhcpd: DHCPACK on 192.168.1.150 to 00:01:03:e4:1b:6c (host) via eth0

It looks like DDNS tried to update the DNS records, but failed with the error in red above.
Any ideas? Would it be helpful to see my latest dhcpd.conf and named.conf files?

Copy/Paste from relevant sections of dhcpd.conf

Code:

authoritative;
 
#################################################
# GLOBAL: DDNS Options
#################################################
# Turn on Dynamic DNS Updates
ddns-updates on;
 
# Specify the style for DDNS updates. see man dhcpd.conf
ddns-update-style interim;
 
# Specify the domain name to append to hostname
# announcement from dhcp client
ddns-domainname "mydomain.com";
 
# Specify the auth key to use for nsupdate. Use the 
# following command to generate the key:
# dnssec-keygen -a HMAC-MD5 -b 256 -n USER dhcp_updater
key dhcp_updater {
     algorithm HMAC-MD5.SIG-ALG.REG.INT;
     secret "TIWko--- rest of key";
};
 
# Specify the DNS zones to be updated by dhcpd. Note:
# zones must match the way they are specifed in named.conf
zone mydomain.com. {
       primary 127.0.0.1;
       key dhcp_updater;
};
 
zone 8.168.192.in-addr.arpa. {
         primary 127.0.0.1;
         key dhcp_updater;
       };

Copy/Paste from relevant sections of named.conf

Code:

# Specify the auth key to use for nsupdate. Use the 
# following command to generate the key:
# dnssec-keygen -a HMAC-MD5 -b 256 -n USER dhcp_updater
key dhcp_updater {
     algorithm HMAC-MD5.SIG-ALG.REG.INT;
     secret "TIWko--- rest of key";
};

// Load the internal mydomain.com zone
        zone "mydomain.com" in {
                type master;                            // Zone is a master
                notify yes;                             // Send notifies?
                allow-update { dhcp-updater; };         // DDNS Updates? 
                file "int/db.mydomain";                 // Load zone file
};

// Load the internal reverse zone for 192.168.8/24
        zone "8.168.192.in-addr.arpa" in {
                type master;                            // Zone is a master
                notify yes;                             // Send notifies?
                allow-update { dhcp-updater; };         // DDNS Updates? 
                file "int/db.192.168.8";                // Load zone file
};

Thanks, that helped! I do have a new problem now though, see the files below.

Portion of my Messages log:
Nov 3 09:12:36 pma dhcpd: DHCPRELEASE of 192.168.1.150 from 00:01:03:e4:1b:6c (host) via eth0 (found)
Nov 3 09:12:43 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 3 09:12:43 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 3 09:12:43 pma dhcpd: DHCPDISCOVER from 00:01:03:e4:1b:6c via eth0
Nov 3 09:12:44 pma dhcpd: DHCPOFFER on 192.168.1.150 to 00:01:03:e4:1b:6c (host) via eth0
Nov 3 09:12:44 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 3 09:12:44 pma dhcpd: Boolean opcode in evaluate_numeric_expression: 3
Nov 3 15:12:44 pma named[10322]: journal file mydomain.db.jnl does not exist, creating it
Nov 3 15:12:44 pma named[10322]: mydomain.db.jnl: create: permission denied
Nov 3 09:12:44 pma dhcpd: Unable to add forward map from host.mydomain.com. to 192.168.1.150: timed out
Nov 3 09:12:44 pma dhcpd: DHCPREQUEST for 192.168.1.150 (192.168.1.1) from 00:01:03:e4:1b:6c (host) via eth0
Nov 3 09:12:44 pma dhcpd: DHCPACK on 192.168.1.150 to 00:01:03:e4:1b:6c (host) via eth0

dhcpd.conf file:
Title = "dhcpd";

LogFile = messages

*OnlyService = dhcpd
*RemoveHeaders;

authoritative;

max-lease-time 604800;
default-lease-time 86400;
allow client-updates;

ddns-updates on;
ddns-domainname "mydomain.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;

key DHCP_UPDATER {
algorithm hmac-md5;
secret "secret key";
};

zone mydomain.com. {
primary 127.0.0.1;
key DHCP_UPDATER;
};

zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
};

subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;

option domain-name "mydomain.com";
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;

range 192.168.1.100 192.168.1.150;

};

And last but not least, named.conf file:
logging {
channel update_debug {
file "/var/log/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};

category update { update_debug; };
category security { security_info; };
};

zone "." {
type hint;
file "named.ca";
};

key DHCP_UPDATER {
algorithm hmac-md5;
secret "secret key";
};

zone "mydomain.com"{
type master;
file "mydomain.db";
notify yes;
allow-update { key DHCP_UPDATER; };
};

zone "1.168.192.in-addr.arpa"{
type master;
file "1.168.192.in-addr.arpa";
notify yes;
allow-update { key DHCP_UPDATER; };

I have a number of static records in my mydomain.db file and reverse mapping db file, but I have the range open for DHCP-assigned addresses so the two don't overlap. Why would I be getting a "timed out" error and what is that .jnl file for, where should I create it and with what ownership and permissions?

Thanksa again for all the help

The journal files are used for the dynamic updates. It's normal for bind to create them.

The permission denied error is easily fixed. If named is started as user named, then something like:

# cd /var
# chown -R named.named named

...should fix the permission problem.

If named is also configured to start in a chroot'd environment, then the same permissions would need to be set for the chroot'd directory structure.

named is running in the chroot environment. I tired creating the journal file myself, which got rid of the missing file error, so I assumed that was working, but I still got the "timed out" error.
I removed the journal files I created manually and changed ownership as you said, restarted named and renewed the lease and voila!! it worked!! I checked the message log and sure enough, named created the file and updated the DNS records, now I can access the computer by its name making my job a lot easier!

Thanks to all those who helped me out on this issue!! The help is much appreciated. I would like to compile a complete walkthrough for setup of dhcp and ddns and will refer to this thread and those who helped me when I finish it.

Ok, I put together a configuration guide for dhcp and ddns, I'm hoping you would like to review it and let me know what you think. The guide is meant to be straight forward and help a person get the services running, even though they may not understand all of the configuration right away (that is what man pages are for .
------Begin Guide------
DHCP and DDNS Setup Guide
(This guide assumes you already have named, dhcp, and bind installed on your system. This setup was tested on Fedora Core 2
with DHCP version "isc-dhcpd-V3.0.1rc14")

DHCP Setup:
First you must modify the /etc/dhcpd.conf file to meet your needs.
Here is a sample dhcpd.conf file (simple configuration without dynamic dns updates, that will be added later):

#This example sets up a subnet of 192.168.1.0 with a netmask of 255.255.255.0 and assigns IP addresses from the range 192.168.1.100 to 192.168.1.150

#Always put authoritative before anything else you add to the file
authoritative;

#These options can go here to affect all DHCP subnets, or they can be put in a subnet block for more specific configuration
#The lease times define how long a dynamically assigned IP address is good for. The times are in seconds.
max-lease-time 604800; #604800 is a week
default-lease-time 86400; #86400 is a day

#The subnet section is where the ip address range, domain name, and servers are set up
#The subnet IP address, netmask, and server IP addresses below should be changed to match your particular setup.
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;

option domain-name "mydomain.com";
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;

range 192.168.1.100 192.168.1.150;

#These netbios options are for Windows dhcp clients that require a WINS server.
# option netbios-scope "";
# option netbios-node-type 8;
# option netbios-name-servers 192.168.1.1;
# option netbios-dd-server 192.168.1.1;

}
#End Configuration

Once your dhcpd.conf file is modified, you can start the dhcp service with "/usr/sbin/dhcpd" (or wherever the dhcpd binary file is)
Then just set the client computers to automatically obtain an IP and DNS server address.

If you want dhcpd to automatically update your DNS records, continue on....


DDNS Setup (dynamic dns allows dhcpd to update dns records on the server any time a new IP address is assigned. The benefit of
this is that you can access a computer by its name, rather than only by the IP address it was given, for example if a computer with
the name "Gamer" is dynamically assigned the IP address 192.168.1.124, you will only be able to access it with its IP address
if you don't use DDNS. If you use DDNS, you will be able to access the computer by its name, "Gamer". DDNS updates the
forward map and reverse look-up map for the client computer.)

First create a key that will be used between named and dhcpd for dynamic dns updates:
command: dnssec-keygen -a HMAC-MD5 -b 512 -n HOST <keyname> where keyname is
whatever you want (it will be used in the dhcpd.conf and named.conf files).
That command will create two key files in /root/ that look something like: K<keyname>.+157+00138 (one has a .private extension and one has a .key extension)
Open up the .private file and copy the value after "Key:" This key value will be used in the dhcpd.conf and named.conf files.

Add these lines to the dhcpd.conf file:

#ddns options affect dynamic dns. here they are turned on with an update style of interim (the only available style that is not deprecated)
#These options can also be used in a subnet for more specific configurations.
ddns-updates on;
#The domain name and reverse domain name must have a trailing period
ddns-domainname "mydomain.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
allow client-updates;

#The key section is used for dns updates. Again, the keyname is what you used in the command to create the key.
key <keyname> {
algorithm hmac-md5; #The algorithm may be different, this depends on what you used with the dnssec-keygen command earlier.
secret "----key goes here----";
};

#The zone information must be added for each domain that is going to be updated. Note that there are no qoutes around the zone name.
#There should be at least two zone sections, one for the forward map and one for the reverse look-up map.
zone mydomain.com. {
primary 127.0.0.1;
key <keyname>;
}

#This zone section is for the reverse look-up map.
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key <keyname>;
}
#End of dhcpd.conf modification

The next thing you have to modify for DDNS to work is the named.conf file. This can be in a couple of places, either /etc/ or /var/named/chroot/etc/ if you are running named in a chroot environment.
I will not describe all parts of the named.conf file, only the parts necessary for DDNS, but I will provide the entire file so you can see the big picture.

#Example named.conf file. Look below for the parts necessary for DDNS.
options {
directory "/var/named";
forwarders{
<name server1>;
<name server2>;
};
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};

zone "." {
type hint;
file "named.ca";
};

#Add the key section, this will be the same as the key section added to the dhcpd.conf file.
key <keyname> {
algorithm hmac-md5;
secret "----key goes here----";
};

#Note the qoutes around the zone name this time
zone "mydomain.com"{
type master;
file "mydomain.db"; #This file will be somewhat explained later
#Add the next two lines for DDNS
notify yes;
allow-update { key <keyname>; };
};

#This is the reverse look-up zone
zone "1.168.192.in-addr.arpa"{
type master;
file "1.168.192.in-addr.arpa"; #This file will also be somewhat explained later
#Add the following two lines for DDNS
notify yes;
allow-update { key <keyname>; };
};

#The logging section is optional and is useful for debugging purposes. If you use this section you will need to create the files listed below (the location of the files is up to you)
logging {
channel update_debug {
file "/var/log/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};

category update { update_debug; };
category security { security_info; };
};

include "/etc/rndc.key";

#End named configuration

Note: named will attempt to automatically create a journal file for each domain it updates dns records for. The files will be created
in either /var/named/ or /var/named/chroot/var/named/. You will get an error in the named log if named doesn't have permissions on
those directories, so make sure named owns the directories and has the proper permissions.

I will briefly explain the mydomain.db and 1.168.192.in-addr.arpa files here. (these files should be located in /var/named/ or /var/named/chroot/var/named/, you may need to create them from scratch if you don't have named set up already)
The mydomain.db file holds the DNS records for that domain, you can have static names and IP addresses listed in the file and still
be able to use DHCP for some clients. Below is an example file, I will use the 192.168.1.1 to 192.168.1.99 IP address range
for static IP assignments, and keep the 192.168.1.100 to 192.168.1.150 range open for DHCP assigned IP addresses.

#Example mydomain.db file
;
; mydomain.db - Authoritative data for mydomain.com
;
@ IN SOA mydomain.com. root.mydomain.com. (
96010405 ; serial
3600 ; refresh
300 ; retry
604800 ; expire
3600 ; default_ttl
)
@ IN NS server.mydomain.com.
mydomain.com. IN MX 10 smtp.mydomain.com.
host1 IN A 192.168.1.5
host2 IN A 192.168.1.79
host3 IN A 192.168.1.34
host4 IN A 192.168.1.99
#End mydomain.db

Note that once DDNS is working, this file will look different.

#Example 1.168.192.in-addr.arpa file (Reverse Look-up map)
;
; 1.168.192.in-addr.arpa.dns - reverse mapping for network 192.168.1.
;
@ IN SOA server.mydomain.com. root.mydomain.com (
2000052401 ; serial
3600 ; refresh
300 ; retry
604800 ; expire
3600 ; default_ttl
)
;name servers
@ IN NS server.mydomain.com.
;Addresses mapped to canonical names
5 IN PTR host1.mydomain.com.
79 IN PTR host2.mydomain.com.
34 IN PTR host3.mydomain.com.
99 IN PTR host4.mydomain.com.
#End 1.168.192.in-addr.arpa

Note that there is nothing specified in the IP range of 192.168.1.100 to 192.168.1.150 for either file, this range must be left open
for DHCP assigned IP addresses

That completes the DDNS configuration. You can restart named with "service named restart" and if dhcpd was already running, stop
it with "killall dhcpd" and start it again with "/usr/sbin/dhcpd" or where ever the dhcpd binary is located.

The log files and man pages are your friends. Check the man pages for detailed descriptions of the dhcpd.conf configuration
options and if anything isn't working, check the /var/log/messages file, or the log files you set up under the logging section in named.conf.

Written by PlorkZ (a.k.a. AK47) with help from scowles, akshatyadav, and n3tw0rk (http://www.linuxquestions.org/questi...31#post1272431)
November, 2004
------End Guide------

Thanks

I've been following the 'DHCP Server How-to' to setup my dhcp server in lab. Now I'm able to setup the static DHCP server using the methods provided. However, I'm more concerning about the dynamic IP that I configure, it still doesn't work. My network has 3 dhcp servers. Despite the pcs that I appointed as host (thru mac address and static IP), the rest pcs that logon thru the access point I setup still get its IP from other dhcp server. Any idea why is this happening?

I didn't account for multiple dhcp servers when I wrote the HowTo so I can't say for sure, but I'd guess that one of those dhcp servers is a master browser on the network, and that's where the clients are getting their IP addresses from. I would think that manually specifying the dns server in your client's network configuration would tell it exactly what server to use for a dhcp-assigned IP address. If you don't manually specify a dns server, your clients will find a server automatically for dhcp settings, and the server that is a master browser is the one that will be used. Hope that helps.