The following text describes the way to make DHCPd create DNS records of dhcp clients. This scenario is usually called a DDNS server.
We will first setup up BIND and then DHCPd.
1) We need to create a “key”. A key is a password that allows dhcpd to update bind… imagine something like an authentication scheme. In order to create such a key file to the following:
# rndc-confgen -a
A key file will be created. On Gentoo Linux this file is put inside /etc/bind/ and is called “rndc.key”.
Now open up your named.conf file and put these line inside:
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
If you already have a controls section just modify it to include the keys { } directive.
Now, in your zones that you want to be dynamically updated modify them to look like this:
zone "0.168.192.in-addr.arpa" {
type master;
file "pri/192.168.0.zone";
allow-update { key "rndc-key"; };
notify yes;
};
zone "home-sweet-home.gr" {
type master;
file "pri/home-sweet-home.gr.zone";
allow-update { key "rndc-key"; };
notify yes;
};
The “allow-update” is the crucial part here.
If you’ve done that changes we are finished from the BIND configuration. Restart the service and you are done.
2)Time for DHCPd configuration.
Remember your rndc-key file ? Open it and paste it contents inside your dhcpd.conf file so it looks a bit like this:
key "rndc-key" {
algorithm hmac-md5;
secret "goa6aw7a9WwapCyai0naZQ==";
};
Among others you have to put the zone files that you want to be updated. Following my previous zone declaration in named.conf and supposing that the primary nameserver is 192.168.0.50, that should be:
zone home-sweet-home.gr {
primary 192.168.0.50;
key rndc-key;
}
zone 0.168.192.in-addr.arpa. {
primary 192.168.0.50;
key rndc-key;
}
Now some generic configuration stuff to allow dynamic dns updates:
ddns-update-style interim;
ddns-domainname "home-sweet-home.gr.";
use-host-decl-names on;
allow client-updates;
option oe-key code 159 = string;
option oe-gateway code 160 = ip-address;
on commit {
if (not static and
((config-option server.ddns-updates = null) or
(config-option server.ddns-updates != 0))) {
if exists oe-key {
set ddns-rev-name =
concat (binary-to-ascii (10, 8, ".",
reverse (1, leased-address)), ".",
pick (config-option server.ddns-rev-domainname,
"in-addr.arpa."));
set full-oe-key = option oe-key;
switch (ns-update (delete (IN, 25, ddns-rev-name, null),
add (IN, 25, ddns-rev-name, full-oe-key,
lease-time / 2)))
{
default:
unset ddns-rev-name;
break;
case NOERROR:
on release or expiry {
switch (ns-update (delete (IN, 25, ddns-rev-name, null))) {
case NOERROR:
unset ddns-rev-name;
break;
}
}
}
}
}
}
(weird huh ? Nope that’s not mine … I just copied it from someplace on the web)
I will now show you my subnet configuration. Change it to fit your needs:
subnet 192.168.0.1 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option domain-name-servers 192.168.0.50;
option domain-name "home-sweet-home.gr";
option routers 192.168.0.10;
default-lease-time 600;
max-lease-time 7200;
update-static-leases on;
host PC1 {
hardware ethernet 00:12:34:56:78:ab;
fixed-address 192.168.0.21;
option host-name "PC1";
DDNS-hostname "PC1";
}
}
With this configuration, all clients on the subnet will be given IP addresses in the range 192.168.0.100 – 192.168.0.200, except from the PC with MAC address 00:12:34:56:78:ab that will be given IP 192.168.0.21. The ” update-static-leases on;” is very important for PC1. Unless it is defined no updates to DNS records would be created for it.
Now restart DHCPd, make a client DHCP request and check your log file (/var/log/messages probably) for the results.
You can read more about the ddns server subject at the following places:
http://kristijan.org/?q=node/69
http://alex.kruijff.org/FreeBSD/Dynamic_DNS.html
http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html
http://www.southwestern.edu/pipermail/netreg/2005-October/001074.html
It’s quite usefull if you have a need for it 🙂
Filed by kargig at 04:19 under Linux
4 Comments