The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
Success Stories
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 bind, dhcp, and ddns
Author: halber_mensch 
Date:   15-11-05 20:36

I recently endeavored to expand the flexibility of my home network by not only assigning dhcp leases to clients, but to also have those clients use ddns to register own hostnames. This wasn't easy, but I figured out what to do and some pitfalls to avoid.

My dhcp/dns server is tracking FreeBSD-CURRENT, but this should all apply to FreeBSD 5.x and 6.0 as well.

1. Named configuration

Pitfall #1:
Tracking -CURRENT since 5.3-ish, my /etc was a little borken. It's my understanding that /etc/namedb should be a symlink to the corresponding location in bind chroot at /var/named/etc/namedb. Well, mine wasn't.. so fiddling with /etc/namedb/named.conf never actually altered named's behavior. After tracking this down and creating the symlink, things started to fall in line.

Here are the files I needed to create/edit to make things work. Keep in minf that <NOTSHOWN> should be replaced by the contents of the .private key generated by 'dnssec-keygen -a hmac-md5' . You can man dnssec-keygen for more information.

/etc/named/named.conf
-------------------------------------------------------
acl dynamicnet { 192.168.1/24; };

key dynamickey {
algorithm hmac-md5;
secret "<NOTSHOWN>";
};

options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
version "protect yourself";
listen-on { 192.168.1.1; 127.0.0.1; };
};

controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; 192.168.1.1; };
inet 192.168.1.1 port 953 allow { 127.0.0.1; 192.168.1.1; };
};

zone "." {
type hint;
file "named.root";

zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};

zone "dynamicdomain"
{
notify yes;
type master;
allow-update { key dynamickey; };
file "dynamic/dynamicdomain.db";
};

zone "1.168.192.in-addr.arpa"
{
notify yes;
type master;
allow-update { key dynamickey; };
file "dynamic/dynamicdomain.rev";
};

You also need zone files dynamic/dynamicdomain.db and dynamic/dynamicdomain.rev. Here are some examples, remember to feel free to tune for your own setup.

/etc/namedb/dynamic/dynamicdomain.db
-------------------------------------------------------
$ORIGIN .
$TTL 3600 ; 1 hour
dynamicdomain IN SOA nsserver.dynamicdomain root.nsserver.dynamicdomain. (
200511223 ; serial
172800 ; refresh (2 days)
900 ; retry (15 minutes)
1209600 ; expire (2 weeks)
3600 ; minimum (1 hour)
)
NS nsserver.dynamicdomain.
$ORIGIN dynamicdomain.
$TTL 3600 ; 1 hour
nsserver A 192.168.1.1

/etc/namedb/dynamic/dynamicdomain.rev
-------------------------------------------------------
$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
1.168.192.in-addr.arpa IN SOA nsserver.dynamicdomain. nsserver.dynamicdomain. (
2005110405 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
3600000 ; expire (5 weeks 6 days 16 hours)
38400 ; minimum (10 hours 40 minutes)
)
NS nsserver.dynamicdomain.
$ORIGIN 1.168.192.in-addr.arpa.
1 PTR nsserver.dynamicdomain.


Later, when named is running, you will see .jnl files pop up for each of these zone files. These journal files keep up with dynamic changes, and periodically they are flushed to the zonefiles. If you wish to edit your zone files later, either shut down named or (as of bind 9.3) issue rndc commands to freeze and unfreeze your zones:

#rndc freeze dynamicdomain
#vi dynamicdomain.db
...
#rndc thaw dynamicdomain

2. dhcpd configuration

I installed the isc-dhcp server from /usr/ports/net/isc-dhcp-server.

/usr/local/etc/dhcpd.conf
-------------------------------------------------------
option domain-name "dynamicdomain.";
option domain-name-servers 192.168.1.1;

default-lease-time 600;
max-lease-time 7200;

authoritative;

ddns-updates on;
ddns-update-style interim;
ddns-domainname "dynamicdomain.";
allow client-updates;

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.101 192.168.1.201;
option routers 192.168.1.1;
}

key dynamickey {
algorithm hmac-md5;
secret <NOTSHOWN>;
}

zone dynamiczone. {
primary 192.168.1.1;
key dynamickey;
}

zone 1.168.192.in-addr.arpa. {
primary 192.168.1.1;
key dynamickey;
}

Start up dhcpd and named with this configuration and you should be on your way. Windows dhcp clients will automagically send the necessary dhcp information to do a dynamic update, but other clients (isc-dhclient, etc.) need to be instructed to send more information than they typically do.

3. dhclient configuration

With the OpenBSD dhclient imported, client configuration is a breeze. you simply send your host-name to the destination.

/etc/dhclient.conf
-------------------------------------------------------
interface "if0" {
send host-name "myname";
}

If you are not using the OpenBSD dhclient, the setup may be a little more complex. On NetBSD, for example, I had to use the following client config:

/etc/dhclient.conf
-------------------------------------------------------
interface "if0" {
send fqdn.fqdn "myname";
send fqdn.encoded on;
send fqdn.server-update on;
}

Dynamic update information is enclosed in the fqdn options. The fqdn.encoded option is necessary to ensure that the fqdn is encoded in wire format expected by dhcpd.

That's it. Make sure to force your dhclients to release their current leases or they will not actually rebind and complete a ddns update until their leases expire. FreeBSD's dhclient doesn't currently support a -r switch to release the lease. You may just shut down dhclient and blow away your /var/db/dhclient.leases file on the client.

-=halber_mensch=-

Post Edited (07-12-05 08:37)

 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 bind, dhcp, and ddns   new
halber_mensch 15-11-05 20:36 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org