I have a SOHO test network in the shop with boxes running both linux and windows. All servers are statically addressed. The connection to the Internet is via cable modem thru a dual homed, firewalled Red Hat Enterprise 4 linux server.

The same server is also running the dhcpd daemon to dish out IP addresses to laptops that occasionally connect and the Bind9 named daemon, in a non-chroot environment, setup up to run split DNS with “inside” and “outside” views.

Both dhcp and dns work fine *by them selves*, meaning a static dns service/config edited only when a new server is added to the network.

The trouble starts when I edit dhpd.conf to have dhcp modify dns on the fly and the problem is *only* with linux laptops; the windows laptops are able to find any host on any subnet by both name only and a qualified name i.e.
#ping alpha
and
#ping alpha.mycompany.net

Before trying to make dns/dhcp dynamic all linux boxes had two entries in /etc/resolv.conf
nameserver 172.16.1.1
search mycompany.net

After editing /etc/dhcpd.conf, dhcpd still assigns IP address in the proper subnets but dhclient-script clobbers /etc/resolv.conf.

Dhclient saves the original as resolv.conf.predhclient but replaces it with a file with only one entry.
Nameservers 172.16.1.1

A newly attaching "inside" linux laptop is able to ping qualified names i.e. #ping alpha.mycompany.net, but not by host name alone i.e.
#ping alpha.


My questions are (besides what did I miss)….

1) Do I not have the correct syntax in the /etc/dhcpd.conf file OR… did I mess up the original dns configuration and just got lucky that it worked at all (for more than year) ?

2) *should* I have to include the "search mycompany.net" statement in /etc/resolv.conf file for "inside" machines to ping by name only?
getting back to did I mess up the dns config.

Below are the config and zone files in question. Any input would be greatly appreciated.

I only registered and posted my intro with LQ this week and I am not familiar with site etiquette. Is this too much information, not enough, or is it okay ?

Thank you,
Steve

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

// file: dhcpd.conf
ddns-domainname "mycompany.net";
ddns-update-style interim;
option routers 172.16.1.254;
option routers 192.168.1.254;
option domain-name-servers 172.16.1.1;
option netbios-name-servers 172.16.1.1;
option netbios-node-type 8;

key "rndckey" {
algorithm hmac-md5;
secret "nFWjUHiUAs3qj5R2Yjsd92JfjvEQL7fFIcIUXLIkmdUnZoSIzet3C1mPrNNf";
};
subnet 172.16.1.0 netmask 255.255.255.0
{
ddns-domainname "mycompany.net";
option domain-name-servers 172.16.1.1;
allow client-updates;
allow unknown-clients;
ddns-update-style interim;
ddns-updates on;
authoritative;
option routers 172.16.1.254;
range dynamic-bootp 172.16.1.10 172.16.1.111;
option subnet-mask 255.255.255.0;
default-lease-time 21600;
max-lease-time 43200;
}
subnet 192.168.1.0 netmask 255.255.255.0
{
ddns-domainname "mycompany.net";
option domain-name-servers 172.16.1.1;
allow client-updates;
allow unknown-clients;
ddns-update-style interim;
ddns-updates on;
authoritative;
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.10 192.168.1.249;
default-lease-time 21600;
max-lease-time 43200;
}

zone mycompany.net
{
primary 172.16.1.1;
key "rndckey";
}

zone 1.16.172.in-addr.arpa
{
primary 172.16.1.1;
key "rndckey";
}

zone 1.168.192.in-addr.arpa
{
primary 172.16.1.1;
key "rndckey";
}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// named.conf
// last modified: 14dec07 by sjp
//
options
{
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
query-source address * port 53;
forwarders
{
123.123.123.123; //This is just fill for now
234.234.234.234; //will put real one in later
};
forward first;
listen-on { any; };
notify no;
};
key "rndckey" {
algorithm hmac-md5;
secret "nFWjUHiUAs3qj5R2Yjsd92JfjvEQL7fFIcIUXLIkmdUnZoSIzet3C1mPrNNf";
};
acl "mycompany-lan" { 127/8; 172.16.1.0/24; 192.168.1.0/24; };

controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; }; };

view "inside"
{
match-clients { "mycompany-lan"; };
recursion yes;

zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "/var/named/localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN{
type master;
file "/var/named/127.0.0.zone";
};
//*
zone "mycompany.net" {
type master;
file "mycompany.net.inside";
allow-update { key "rndckey"; };
};

zone "1.16.172.in-addr.arpa" {
type master;
file "172.16.1.zone";
allow-update { key "rndckey"; };
};

zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
allow-update { key "rndckey"; };
};

};

view "outside"
{
match-clients { any; };
recursion no;

zone "mycompany.net" {
type master;
file "mycompany.net.outside";
};

zone "." IN {
type hint;
file "named.ca";
};
};
//include "/etc/rndc.key";

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

;File: mycompany.net.inside


$TTL 86400
mycompany.net. IN SOA mycompany.net. root.mycompany.net.(
2007121003 ;serial #
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ;min
)

; Name Server for mycompany.net
mycompany.net. IN NS dns.mycompany.net.

; Private clients on LAN forward mappings (name-to-Addr)
alpha IN A 172.16.1.1
bravo IN A 172.16.1.2
;charlie IN A 192.168.1.1
;delta IN A 192.168.1.2

; Most Servers/Services are running on the same box (Alpha) but
; want each service to be referenced by a diferent name so we
; will add Canonical Name (CNAME) records here. (i.e. aliases)
dns.mycompany.net. IN CNAME alpha.mycompany.net.
www.mycompany.net. IN CNAME alpha.mycompany.net.
ftp.mycompany.net. IN CNAME alpha.mycompany.net.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

;File: mycompany.net.outside

$TTL 86400
mycompany.net. IN SOA mycompany.net. root.mycompany.net.(
2007121004 ;serial #
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ;min
)

; Name Server for mycompany.net
mycompany.net. IN NS dns.mycompany.net.

; Public servers
alpha.mycompany.net. IN A 12.34.56.78

; Most Servers/Services are running on the same box (Alpha) but
; want each service to be referenced by a diferent name so we
; will add Canonical Name (CNAME) records here. (i.e. aliases)
dns.mycompany.net. IN CNAME alpha.mycompany.net
www.mycompany.net. IN CNAME alpha.mycompany.net.
ftp.mycompany.net. IN CNAME alpha.mycompany.net.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File: 127.0.0.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File: 172.16.1.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

;File 192.168.1.zone
;//Last Modified: 12dec07

$TTL 86400
1.168.192.in-addr.arpa. IN SOA dns.mycompany.net. root.mycompany.net.(
2007120900 ;serial #
28800 ;refresh
14400 ;retry
3600000 ;expire
84600; ;min
)


IN NS dns.mycompany.net.
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 86400

You can set the Linux clients up to not allow DHCP settings to overwrite the /etc/resolv.conf file.

-OR-

In your dhcpd.conf file, use 'option domain-name "domainname";'

2) No, you don't have to use "search 'domainname'" if you go with the second option above.

By the by, I noticed you have a lot of options in your dhcpd.conf file repeated. If it's globally listed, you don't need the option in the scopes. So your DNS servers options only need listed once. Same with time servers, NetBIOS servers, domain name, etc. If you have common information between your scopes, declare it once up top in the global config section.

Just a suggestion.

Thank you.

/etc/resolv.conf is safe once again; and now that I know where to put the options in dhcpd.conf I will clean it up as well.

Thanks again.

You're welcome.

I've been in a similar position as you, and I feel your pain; the man pages for the dhcpd.conf file can be extremely cryptic and weird.

Glad to help, though.