Here are my configuration file that are currently working. There are a couple of chages from my previous note due to differences between the current software and the book.
Bind 9.2.1 named.conf
options {
directory "/var/named";
};
// DHCP Server Keyfile
// I shortened the key for clarity, you should use the full key.
// Note: This key MUST be enclosed by quotes
key sedona.bell.home. {
algorithm hmac-md5;
secret "OKW4+iyG4Vjy0YYiopBlxtlfAoeE1g==";
};
// This statement associates the key to a server.
server 127.0.0.1 {
keys { sedona.bell.home.; };
};
//
// a master nameserver config
//
// Hints file. Pretty standard.
zone "." IN {
type hint;
file "named.ca";
};
// Again a pretty standard localhost zone
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
// The forward zone I want to be able to update.
// Note the change in the grant statement. I replaced the *.nxdomain.com with *.bell.home.
// This only allows A and TXT record updates.
zone "bell.home" IN {
type master;
file "master/bell.home";
update-policy {
grant sedona.bell.home. wildcard *.bell.home. A TXT;
};
};
// The reverse domain to be updated.
zone "1.168.192.in-addr.arpa" IN {
type master;
file "master/192.168.1.rev";
update-policy {
grant sedona.bell.home. wildcard *.1.168.192.in-addr.arpa. PTR;
};
ISC DHCPD 3.0p1 dhcpd.conf
# dhcpd.conf
#
# option definitions common to all supported networks...
option domain-name "bell.home";
option domain-name-servers sedona.bell.home;
default-lease-time 600;
max-lease-time 7200;
# DDNS configurations
ddns-domainname "bell.home";
ddns-rev-domainname "in-addr.arpa";
ddns-update-style interim;
ignore client-updates;
# This defines the key to use
# Note this key must NOT be enclosed by quotes
key sedona.bell.home. {
algorithm hmac-md5;
secret OKW4+iyG4Vjy0YYiopBlxtlfAoeE1g==;
}
# Which zone do I want to update?
# Where is the primary DNS server?
# Which key should I use to authenticate the update?
zone bell.home. {
primary 127.0.0.1;
key sedona.bell.home.;
}
zone 0.1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key sedona.bell.home.;
}
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.30;
option routers bell-gw.bell.home;
}
This should do it If the Linux Gods are smiling
As I said, I am currently using these files successfully. If you still have problems, please post the errors.
Taking a look at your earlier error message, it looks like you didn't put a space between secret and the key. Even if you had; however, the quotes would still have nailed you (they did me ;( )
The shared keys are a means of ensuring that the server making the update request is really who you think it is. If all you use is an IP Address, anyone with the ability to spoof an IP will be able to update your DNS tables. Generally, a bad thing
Hopefully we got it now.
-Glenn