LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Linux Answers > Networking
User Name
Password

Notices


By yenonn at 2005-12-18 19:59
Disclaimer: This is not a definitive guide but a simple how to, considering this, the methods use here may not be the best ones or the most correct.

Configuring Dynamic Domain Name System (DDNS) Server

This is a guide on how to setup Fedora Core 2 Linux system with Domain Name System (DNS) server and Dynamic Host Configuration Protocol (DHCP) server using Berkeley Internet Name Domain (BIND), and then merge them to form a single Dynamic Domain Name System (DDNS) server
This guide assumes that the user is logged in as root and the proper BIND 9 and DHCP 3 packages have been installed on the same Fedora Core 2 system.

Most Linux systems come with the BIND system – a well-known implementation of DNS. BIND includes three major components:

named – the BIND name server
Respond to queries about host names and IP addresses. Based on the configuration files and the local DNS database, named either provides answers to queries or ask other servers and caches their response.
Operate in one of three modes – primary (master), secondary (slave) and caching. The primary and secondary name servers are authoritative for their own domains while caching name server is never authoritative because all their responses come from cached information.

Resolver library
Finding an IP address for a host name (or vice-versa) is referred to as resolving the host. Depending on the settings in the /etc/hosts.conf file, the resolver library consults the /etc/hosts file or makes a DNS query to resolve a host name to its IP address. The resolver library queries the name servers listed in the /etc/resolv.conf file.

DNS utility programs
Such as dig, host and nslookup that user can use to query (forward/reverse lookup) the DNS database and debug any name server listed in /etc/resolv.conf file.

DHCP is for dynamically configuring TCP/IP network parameters on a computer. DHCP is primarily used to assign dynamic IP addresses and other networking information such as name server, default gateway and domain names that are needed to configure TCP/IP networks. The DHCP server listens on port 67.

Configuring the /etc/resolv.conf file (resolver configuration)

# Local domain name
domain eatme.com.my
# Domain on which a host name is search first (usually own domain)
search eatme.com.my
# IP address of name server
nameserver 172.16.0.30

Configuring the /etc/host.conf file (resolver configuration)

# Tells resolver to consult the /etc/hosts file first and, if that fails, to
# query the name server listed in the /etc/resolv.conf file
order hosts,bind

Generate a Remote Name Daemon Control (RNDC) key for communication and updates between DNS server and DHCP server.

rndc-confgen -b 512 > /etc/dhcp_updater.key

Get the generated key from /etc/dhcp_updater.key file, at the key "rndckey" block statement. Take note of the algorithm used to generate the key as well.

# /etc/dhcp_updater.key

key "rndckey" {
algorithm hmac-md5;
secret "hMRtKC//JSci25fhmIhm8YUpUMuFCw7WRNpnyhwPUyKcddcxH3DVwRhhwuIppYsRI32bHCMJFyewWJv+/3JkYQ==";
};

options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};

Configure the /etc/dhcpd.conf (DHCP configuration) file to enable it to give out proper settings to clients. Add a new key DHCP_UPDATER block with algorithm and secret statements.

# /etc/dhcpd.conf

authoritative;
# Turns on DDNS
ddns-updates on;
# The crucial line for successful DNS updates when DHCP lease is renewed
ddns-update-style interim;
ddns-ttl 30;
ignore client-updates;
# Used to ensure authenticity of hosts allowed to update DNS records
include "/etc/rndc.key";

key DHCP_UPDATER {
# Specifies the algorithm used
algorithm HMAC-MD5;
# The rndc key generated
secret "hMRtKC//JSci25fhmIhm8YUpUMuFCw7WRNpnyhwPUyKcddcxH3DVwRhhwuIppYsRI32bHCMJFyewWJv+/3JkYQ==";
}

# Forward DNS zone for eatme.com.my
zone eatme.com.my. {
# Primary DNS server for the zone
primary 127.0.0.1;
# Enables dynamic updates using the key above
key DHCP_UPDATER;
}

# Reverse DNS zone for 172.16.0.x
zone 0.16.172.in-addr.arpa. {
# Primary DNS server for the zone
primary 127.0.0.1;
# Enables dynamic updates using the key above
key DHCP_UPDATER;
}

# Reverse DNS zone for 172.16.1.x
zone 1.16.172.in-addr.arpa. {
# Primary DNS server for the zone
primary 127.0.0.1;
# Enables dynamic updates using the key above
key DHCP_UPDATER;
}

# Options for the listed subnet, including address range to lease out and
# gateway address
subnet 172.16.0.0 netmask 255.255.254.0 {
# IP range from which to give out leases from
range 172.16.0.128 172.16.0.254;
# Default gateway
option routers 172.16.1.254;
option subnet-mask 255.255.254.0;
# option nis-domain "domain.org";
option domain-name "eatme.com.my";
option domain-name-servers 172.16.0.30;
# Ensures that each client is given only one lease at a time
one-lease-per-client on;
# Eastern Standard Time
option time-offset -18000;
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# Selects point-to-point node (default is hybrid). Don't change this
# unless you understand Netbios very well
# option netbios-node-type 2;
# range dynamic-bootp 172.16.0.128 172.16.0.254;
default-lease-time 21600;
max-lease-time 43200;
# Ensures that only server to update records
deny-client-updates;
# we want the nameserver to appear at a fixed address
# host ns {
# next-server marvin.redhat.com;
# hardware ethernet 12:34:56:78:AB:CD;
# fixed-address 207.175.42.254;
#}
}

Before going any further, test the dhcpd setup by starting the service. A green “OK” message should appear. If not, first fix any errors before proceeding. If it started successfully, stop the dhcpd service prior to configuring BIND in the next section

/etc/init.d/dhcpd start

Configure the /var/named/chroot/etc/named.conf file (DNS cache name server configuration). Note that a link file to /var/named/chroot/etc/named.conf file must be created at /etc directory

ln -s /var/named/chroot/etc/named.conf /etc/named.conf

// /var/named/chroot/etc/named.conf

// acl DHCP_UPDATER { 172.16.0.30; };
// IP range for DHCP clients
acl clients { 172.16.0.0/23; };

options {
listen-on { 172.16.0.30; 127.0.0.1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-recursion { clients; };
allow-query { clients; };
// ISP’s DNS servers, if any
// forwarders { 202.188.1.5; 202.188.0.133; };
// If there is a firewall between you and name servers you want to talk
// to, you might need to uncomment the query-source directive below.
// Previous versions of BIND always asked questions using port 53, but
// but BIND 8.1 uses an unprivileged port by default
// query-source address * port 53;
};

// Security information – specifies that rndc can connect from localhost to
// the named service at port 953 with the key named rndc (/etc/rndc.key
// defines the key and encryption algorithm)
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

key DHCP_UPDATER {
# Specifies the algorithm used
algorithm HMAC-MD5;
# The rndc key generated
secret "hMRtKC//JSci25fhmIhm8YUpUMuFCw7WRNpnyhwPUyKcddcxH3DVwRhhwuIppYsRI32bHCMJFyewWJv+/3JkYQ==";
};

// Root zone – specifies the root name servers
zone "." IN {
type hint;
file "named.ca";
};

// Forward lookup for local domain
zone "localdomain" IN {
type master;
file "localdomain.zone";
// Enables dynamic updates using the key above
// allow-update { key DHCP_UPDATER; };
};

// Forward lookup for local host
zone "localhost" IN {
type master;
file "localhost.zone";
// Enables dynamic updates using the key above
// allow-update { DHCP_UPDATER; };
};

// Reverse lookup for local host
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
// Enables dynamic updates using the key above
// allow-update { DHCP_UPDATER; };
};

// Forward lookup for eatme.com.my
zone "eatme.com.my" IN {
type master;
file "eatme.com.my";
// Enables dynamic updates using the key above
allow-update { key DHCP_UPDATER; };
};

// Reverse lookup for 172.16.0.x
zone "0.16.172.in-addr.arpa" IN {
type master;
file "0.16.172.in-addr.arpa";
// Enables dynamic updates using the key above
allow-update { key DHCP_UPDATER; };
};

// Reverse lookup for 172.16.1.x
zone "1.16.172.in-addr.arpa" IN {
type master;
file "1.16.172.in-addr.arpa";
// Enables dynamic updates using the key above
allow-update { key DHCP_UPDATER; };
};

include "/etc/rndc.key";

Create the required forward (eatme.com.my) and reverse (0.16.172.in-addr.arpa and 1.16.172.in-addr.arpa) zone files at /var/named/chroot/var/named directory. Note that link files to all the zone files in the /var/named/chroot/var/named directory have to be created at /var/named directory

; /var/named/chroot/var/named/eatme.com.my

$TTL 86400 ; Time To Live (secs) – 1 day
; $ORIGIN localhost.

; Resource record format (optional fields are shown in square brackets)
; Class: Internet (IN)
; Type: Start Of Authority (SOA), Address (A), Pointer (PTR), Canonical Name
; (CNAME)
;[dmn] [ttl] [cls] type data [comment]
@ IN SOA trainee.eatme.com.my.
root.trainee.eatme.com.my. (
42 ; serial
3H ; refresh - 3 hrs
15M ; retry - 15 mins
1W ; expiry - 1 wk
1D ) ; min TTL - 1 day
IN NS trainee.eatme.com.my.
@ IN A 172.16.0.30
pc1 IN A 172.16.0.11
pc2 IN A 172.16.0.12
pc3 IN CNAME pc1
pc11 IN A 172.16.1.11
pc12 IN A 172.16.1.12
pc13 IN CNAME pc11
httpd1 0 IN A 172.16.1.13
httpd0 0 IN A 172.16.1.14

; /var/named/chroot/var/named/0.16.172.in-addr.arpa

$TTL 86400
; $ORIGIN localhost.

; Resource record format (optional fields are shown in square brackets)
; Class: Internet (IN)
; Type: Start Of Authority (SOA), Address (A), Pointer (PTR), Canonical Name
; (CNAME)
;[dmn] [ttl] [cls] type data [comment]
@ IN SOA trainee.eatme.com.my.
root.trainee.eatme.com.my. (
4 ; serial
10800 ; refresh - 10800 secs
2600 ; retry - 2600 secs
604800 ; expiry - 604800 secs
86400 ) ; min TTL - 86400 secs
IN NS trainee.eatme.com.my.
11 IN PTR pc1.eatme.com.my.
12 IN PTR pc2.eatme.com.my.

; /var/named/chroot/var/named/1.16.172.in-addr.arpa

$TTL 86400
; $ORIGIN localhost.

; Resource record format (optional fields are shown in square brackets)
; Class: Internet (IN)
; Type: Start Of Authority (SOA), Address (A), Pointer (PTR), Canonical Name
; (CNAME)
;[dmn] [ttl] [cls] type data [comment]
@ IN SOA trainee.eatme.com.my.
root.trainee.eatme.com.my. (
4 ; serial
10800 ; refresh - 10800 secs
2600 ; retry - 2600 secs
604800 ; expiry - 604800 secs
86400 ) ; min TTL - 86400 secs
IN NS trainee.eatme.com.my.
11 IN PTR pc11.eatme.com.my.
12 IN PTR pc12.eatme.com.my.

The named.ca, named.local and localhost.zone zone files in the /var/named/chroot/var/named directory can also be configured but most of the time these files are usable at their default settings. Note that link files to all the aforementioned zone files in the /var/named/chroot/var/named directory have to be created at /var/named directory as well
Change the owner of the files in the /var/named/chroot/var/named directory to named so that BIND can write to the zone files and create its journal files (<zone file name>.jnl)

chown -R named:named /var/named/chroot/var/named

Restart the network, DNS and DHCP services for the changes to take effect

service network restart
service named restart
service dhcpd restart

Note that the DNS and DHCP servers write diagnostic messages in the /var/log/message file

by karelvdm on Mon, 2007-02-26 09:10
Hi

Page not found?????

by XavierP on Mon, 2007-02-26 13:18
Try it now.

by baodad on Fri, 2009-07-31 11:07
Thanks so much for sharing these tips! Just what I need!


  



All times are GMT -5. The time now is 03:52 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration