21/12/2006
dynamic hostname updates with DHCPd + BIND
The following text describes the way to make DHCPd create DNS records of dhcp clients. This scenario is usually called a DDNS server.
We will first setup up BIND and then DHCPd.
1) We need to create a “key”. A key is a password that allows dhcpd to update bind… imagine something like an authentication scheme. In order to create such a key file to the following:
# rndc-confgen -a
A key file will be created. On Gentoo Linux this file is put inside /etc/bind/ and is called “rndc.key”.
Now open up your named.conf file and put these line inside:
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
If you already have a controls section just modify it to include the keys { } directive.
Now, in your zones that you want to be dynamically updated modify them to look like this:
zone "0.168.192.in-addr.arpa" {
type master;
file "pri/192.168.0.zone";
allow-update { key "rndc-key"; };
notify yes;
};
zone "home-sweet-home.gr" {
type master;
file "pri/home-sweet-home.gr.zone";
allow-update { key "rndc-key"; };
notify yes;
};
The “allow-update” is the crucial part here.
If you’ve done that changes we are finished from the BIND configuration. Restart the service and you are done.
2)Time for DHCPd configuration.
Remember your rndc-key file ? Open it and paste it contents inside your dhcpd.conf file so it looks a bit like this:
key "rndc-key" {
algorithm hmac-md5;
secret "goa6aw7a9WwapCyai0naZQ==";
};
Among others you have to put the zone files that you want to be updated. Following my previous zone declaration in named.conf and supposing that the primary nameserver is 192.168.0.50, that should be:
zone home-sweet-home.gr {
primary 192.168.0.50;
key rndc-key;
}
zone 0.168.192.in-addr.arpa. {
primary 192.168.0.50;
key rndc-key;
}
Now some generic configuration stuff to allow dynamic dns updates:
ddns-update-style interim;
ddns-domainname "home-sweet-home.gr.";
use-host-decl-names on;
allow client-updates;
option oe-key code 159 = string;
option oe-gateway code 160 = ip-address;
on commit {
if (not static and
((config-option server.ddns-updates = null) or
(config-option server.ddns-updates != 0))) {
if exists oe-key {
set ddns-rev-name =
concat (binary-to-ascii (10, 8, ".",
reverse (1, leased-address)), ".",
pick (config-option server.ddns-rev-domainname,
"in-addr.arpa."));
set full-oe-key = option oe-key;
switch (ns-update (delete (IN, 25, ddns-rev-name, null),
add (IN, 25, ddns-rev-name, full-oe-key,
lease-time / 2)))
{
default:
unset ddns-rev-name;
break;
case NOERROR:
on release or expiry {
switch (ns-update (delete (IN, 25, ddns-rev-name, null))) {
case NOERROR:
unset ddns-rev-name;
break;
}
}
}
}
}
}
(weird huh ? Nope that’s not mine … I just copied it from someplace on the web)
I will now show you my subnet configuration. Change it to fit your needs:
subnet 192.168.0.1 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option domain-name-servers 192.168.0.50;
option domain-name "home-sweet-home.gr";
option routers 192.168.0.10;
default-lease-time 600;
max-lease-time 7200;
update-static-leases on;
host PC1 {
hardware ethernet 00:12:34:56:78:ab;
fixed-address 192.168.0.21;
option host-name "PC1";
DDNS-hostname "PC1";
}
}
With this configuration, all clients on the subnet will be given IP addresses in the range 192.168.0.100 – 192.168.0.200, except from the PC with MAC address 00:12:34:56:78:ab that will be given IP 192.168.0.21. The ” update-static-leases on;” is very important for PC1. Unless it is defined no updates to DNS records would be created for it.
Now restart DHCPd, make a client DHCP request and check your log file (/var/log/messages probably) for the results.
You can read more about the ddns server subject at the following places:
http://kristijan.org/?q=node/69
http://alex.kruijff.org/FreeBSD/Dynamic_DNS.html
http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html
http://www.southwestern.edu/pipermail/netreg/2005-October/001074.html
It’s quite usefull if you have a need for it 🙂
Filed by kargig at 03:41 under Gentoo,Linux,Networking
4 Comments | 35,992 views
I extend to you my sincerest thanks for compiling this howto. I cannot believe how many ‘simple’ howtos I have needed to follow to get dhcpd+bind+ddns working. Yours finally showed me exactly what I needed.
Thanks, a whole ton.
Well, I’m going down this route of following various “simple” instructions to get this working, and even this one doesn’t work. Named wants zone files, so I tried creating some blanks but it still doesn’t update.
This has been a very helpful article! Using this article and the stock distributions of both bind9 and dhcpd3 from debian it was easy to configure.
One piece of the puzzle was missing though: The contents of the zone files! I’ve included them here:
For home-sweet-home.gr.zone:
$TTL 86400
@ IN SOA @ root (
50 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; retire (1 week)
86400 ; ttl (1 day)
)
IN NS server
server IN A 192.168.0.1
And for 192.168.0.zone:
$TTL 86400
@ IN SOA @ root (
50 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; retire (1 week)
86400 ; ttl (1 day)
)
IN NS server
1 IN PTR server.example.com.
I had initially left those files blank, thinking they would just be filled by dhcpd. This caused a mysterious log message for dhcpd:
dhcpd: Unable to add forward map from PC1.home-sweet-home.gr. to 192.168.0.21: timed out
Another piece of advice: check twice if you’ve placed the right amount of dots behind a domain name. A FQDN sometimes needs the extra dot at the end to mark it as such.
Thanks again Kargig!
In my previous comment the layout of the zone files was messed up. Take a look at the place I copied it from to see it in correct layout:
http://www.howtoforge.com/fedora_dynamic_dns