LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   bind and DHCP - DDNS (https://www.linuxquestions.org/questions/linux-networking-3/bind-and-dhcp-ddns-649237/)

kudos 06-14-2008 06:33 AM
bind and DHCP - DDNS
 
Hi all,

OS:Centos 5.1

im trying to setup a DNS server with DHCP to give out the ip address, so that DNS server can serve the local LAN domain names but pass any exsternal requests out onto the net while caching them.

i have DHCP setup which is giving out IPs and setting the DNS on machine but not inputting any DNNS info into the liease file.

heres the config file

Code:
#
# DHCP Server Configuration file.
#  see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
include "/etc/rndc.key";

ddns-domainname "dpsmn.sch.uk.";
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa.";
ddns-updates on; #allow dynamic dns

authoritative;
#master server for this domain

# Allow only the DHCP server to update DNS
        ignore client-updates;
        allow unknown-clients;

#
# Fixed IP addresses - will not be entered in the leases file.
#
host pdc {
  # you can find the mac address of the machine by doing an ifconfig on the machine
  hardware ethernet 00:0B:2B:17:2F:00;
  fixed-address 192.168.0.2;
}

#
# Subnet entries for 192.168.0.X

subnet 192.168.0.0 netmask 255.255.255.0 {

# Range of DHCP IP Addresses for this scope
        range                          192.168.0.20 192.168.0.126;

# Lease assignments Default = 1 day, Max = 2 days
        default-lease-time              86400;
        max-lease-time                  172800;

# Configure Clients Default Gateway
        option subnet-mask              255.255.255.0;
        option broadcast-address        192.168.0.255;
        option routers                  192.168.0.1;

# Configure the clients DNS Settings
        option domain-name              "dpsmn.sch.uk.";
        option domain-name-servers      192.168.0.2;
which fills the liease file with follow from a windows client

Code:

lease 192.168.0.125 {
  starts 6 2008/06/14 12:00:48;
  ends 0 2008/06/15 12:00:48;
  tstp 0 2008/06/15 12:00:48;
  binding state active;
  next binding state free;
  hardware ethernet 00:c0:9f:20:4a:e1;
  uid "\001\000\300\237 J\341";
  client-hostname "laptoprobb";
}
lease 192.168.0.126 {
  starts 6 2008/06/14 12:04:39;
  ends 0 2008/06/15 12:04:39;
  tstp 0 2008/06/15 12:04:39;
  binding state active;
  next binding state free;
  hardware ethernet 00:08:a1:8a:fd:ec;
  uid "\001\000\010\241\212\375\354";
  client-hostname "laptoprobb";
}
lease 192.168.0.126 {
  starts 6 2008/06/14 12:12:07;
  ends 0 2008/06/15 12:12:07;
  binding state active;
  next binding state free;
  hardware ethernet 00:08:a1:8a:fd:ec;
  uid "\001\000\010\241\212\375\354";
  client-hostname "laptoprobb";
}
i dont seem to be getting any DNNS settings inputted here
set ddns-rev-name =
set ddns-txt =
set ddns-fwd-name =

so im not sure why not maybe someone can see why?
in /var/log/messages i get
Code:
Jun 14 13:12:04 pdc dhcpd: dhcpd startup succeeded
Jun 14 13:12:08 pdc dhcpd: Unable to add forward map from laptoprobb.dpsmn.sch.uk. to 192.168.0.126: timed out
Jun 14 13:12:08 pdc dhcpd: DHCPREQUEST for 192.168.0.126 from 00:08:a1:8a:fd:ec (laptoprobb) via eth0
Jun 14 13:12:08 pdc dhcpd: DHCPACK on 192.168.0.126 to 00:08:a1:8a:fd:ec (laptoprobb) via eth0

my named.conf file is as follows


Code:
acl trusted {
192.168.0.0/24;
127.0.0.0/8;
};


options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory      "/var/named";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        query-source    port 53;
        query-source-v6 port 53;
        allow-query    { trusted; };
        allow-transfer { trusted;};
        //internet dns
        forwarders {208.67.22.222; 208.67.220.220;};
};

controls {
inet 127.0.0.1 port 953
        allow {127.0.0.1;} keys {"rndckey";};
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
//view localhost_resolver {
//      match-clients      { trusted; };
//      match-destinations { trusted; };
//      recursion yes;
        include "/etc/named.rfc1912.zones";
//};
include file named.rfc1912.zones
Code:
include "/etc/rndc.key";
zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};
zone "dpsmn.sch.uk" IN {
        type master;
        file "dpsmn.sch.uk.zone";
        allow-update { key "rndckey"; };
};

//This zone is for reverse lookups.
zone "0.168.192.in-addr.arpa" {
    type master;
    file "reverse.zone";//this file resides in /var/named/chroot/var/named
    allow-update { key "rndckey"; };  //allow this machine to update the DNS table
};
zone files

dpsmn.sch.uk.zone
Code:
$ORIGIN .
$TTL 86400      ; 1 day
dpsmn.sch.uk            IN SOA  pdc.dpsmn.sch.uk. admin.dpsmn.norfolk.sch.uk. (
                                12062010  ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800    ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      pdc.dpsmn.sch.uk.
                        MX      10 pdc.dpsmn.sch.uk.
$ORIGIN dpsmn.sch.uk.
pdc                    A      192.168.0.2
reverse.zone
Code:
$TTL 86400
@    IN SOA    pdc.dpsmn.sch.uk.  admin.dpsmn.norfolk.sch.uk.(
                        0306190719      ; serial
                        21600          ; refresh after 6 hours
                        3600            ; retry in 1 hour
                        604800          ; expire after a week
                        86400 )        ; minimum TTL of one day

        IN      NS      pdc.dpsmn.sch.uk.

2      IN      PTR    pdc.dpsmn.sch.uk.
Many thanks for your time
Robert

kudos 06-14-2008 07:18 AM
iv added some zone sections into DHCP and now im getting some better resolts but not quite there

dhcp.conf now looks like this

Code:
#
# DHCP Server Configuration file.
#  see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
include "/etc/rndc.key";

ddns-domainname "dpsmn.sch.uk.";
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa.";
ddns-updates on;  #allow dynamic dns

authoritative;
#master server for this domain

# Allow only the DHCP server to update DNS
        ignore client-updates;
        allow unknown-clients;

zone  0.168.192.in-addr.arpa {
                primary 192.168.0.2;
                key rndckey;
}

zone dpsmn.sch.uk {
              primary 192.168.0.2;
              key rndckey;
      }
zone localhost {
primary 127.0.0.1;
key rndckey;
}

zone 0.0.127.in-addr.arpa {
primary 127.0.0.1;
key rndckey;
}



#
# Fixed IP addresses - will not be entered in the leases file.
#
host pdc {
  # you can find the mac address of the machine by doing an ifconfig on the machine
  hardware ethernet 00:0B:2B:17:2F:00;
  fixed-address 192.168.0.2;
  ddns-hostname pdc;
#  dnns-rev-domainname "2.0.168.192";
}

#
# Subnet entries for 192.168.0.X
#

subnet 192.168.0.0 netmask 255.255.255.0 {

# Range of DHCP IP Addresses for this scope
        range                          192.168.0.20 192.168.0.126;

# Lease assignments Default = 1 day, Max = 2 days
        default-lease-time              86400;
        max-lease-time                  172800;

# Configure Clients Default Gateway
        option subnet-mask              255.255.255.0;
        option broadcast-address        192.168.0.255;
        option routers                  192.168.0.1;

# Configure the clients DNS Settings
        option domain-name              "dpsmn.sch.uk.";
        option domain-name-servers      192.168.0.2;

}
nowon the lease file im getting

Code:

lease 192.168.0.126 {
  starts 6 2008/06/14 13:10:12;
  ends 0 2008/06/15 13:10:12;
  binding state active;
  next binding state free;
  hardware ethernet 00:08:a1:8a:fd:ec;
  uid "\001\000\010\241\212\375\354";
  set ddns-fwd-name = "laptoprobb.dpsmn.sch.uk.";
  set ddns-txt = "31909dae4b1592ac7f542a85687844e5a7";
  client-hostname "laptoprobb";
}
still no reverse DNS address is being given

in var/log/messages
Jun 14 14:10:12 pdc dhcpd: DHCPREQUEST for 192.168.0.126 from 00:08:a1:8a:fd:ec (laptoprobb) via eth0
Jun 14 14:10:12 pdc dhcpd: DHCPACK on 192.168.0.126 to 00:08:a1:8a:fd:ec (laptoprobb) via eth0

and my dpsmn.sch.uk.zone file is being updated by DHCP and bind

as i get
Code:
$ORIGIN .
$TTL 86400      ; 1 day
dpsmn.sch.uk            IN SOA  pdc.dpsmn.sch.uk. admin.dpsmn.norfolk.sch.uk. (
                                12062011  ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800    ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      pdc.dpsmn.sch.uk.
                        MX      10 pdc.dpsmn.sch.uk.
$ORIGIN dpsmn.sch.uk.
$TTL 43200      ; 12 hours
laptoprobb              A      192.168.0.126
                        TXT    "31909dae4b1592ac7f542a85687844e5a7"
$TTL 86400      ; 1 day
pdc                    A      192.168.0.2
but the reverse.zone file stays untuched!! so to me something is not updating the reverse file?

as i can access google.com if i put the IP address in a browser from a client but it does not NSlookup resolve or ping google.com only if i use the IP address.
but the DNS server (192.168.0.2) will look up google.com and ping it just fine

windows tells me
Code:
nslookup google.com

DNS request timed out.
can't find server name for address 192.168.0.2: timed out
default servers are not available
server:unknown
address: 192.168.0.2
DNS server returns
Code:
# nslookup google.com
Server:        208.67.222.222
Address:        208.67.222.222#53

Non-authoritative answer:
Name:  google.com
Address: 64.233.187.99
Name:  google.com
Address: 64.233.167.99
Name:  google.com
Address: 72.14.207.99

ARC1450 06-14-2008 09:59 AM
When I did this, I had a problem with the reverse zone using the key properly.

I just ended up commenting out the key line and it worked. Give it a try, see what happens.

kudos 06-14-2008 01:18 PM
hi ARC, thanks for the input, iv now got DHCP updating as it should now i need to get the DNS server to resolve domains for me.



did a bit more playing i now have DHCP updating the forward and reverse DNS fine now, i cant seem to get the DNS server to resolve out side domains to IPs
if i do a nslookup www.google.com from dhcp client i get


Code:
can't find server name for address 192.168.0.2: timed out
default servers are not available
server:unknown
address: 192.168.0.2

unknown cant find www.googel.com: no responce from server
the DNS server will resolve fine

Code:
nslookup www.google.com
Server:        127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
www.google.com  canonical name = www.l.google.com.
Name:  www.l.google.com
Address: 64.233.183.99
Name:  www.l.google.com
Address: 64.233.183.104
Name:  www.l.google.com
Address: 64.233.183.147
if i put in a google IP all is ok google page will come up i cant ping it search on it.


here are my final config files as they stand

DHCPD.conf
Code:
#
# DHCP Server Configuration file.
#  see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
include "/etc/rndc.key";

ddns-domainname "dpsmn.sch.uk";
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa";
ddns-updates on;  #allow dynamic dns
authoritative;
#master server for this domain

# Allow only the DHCP server to update DNS
  #ignore client-updates;
        allow client-updates;
        allow unknown-clients;

zone  0.168.192.in-addr.arpa. {
                primary 127.0.0.1;
                key "rndckey";
}

zone dpsmn.sch.uk. {
              primary 127.0.0.1;
              key "rndckey";
      }

#
# Fixed IP addresses - will not be entered in the leases file.
#
host pdc {
  # you can find the mac address of the machine by doing an ifconfig on the machine
  hardware ethernet 00:0B:2B:17:2F:00;
  fixed-address 192.168.0.2;
  ddns-hostname pdc;
#  dnns-rev-domainname "2.0.168.192";
}

# Subnet entries for 192.168.0.X

subnet 192.168.0.0 netmask 255.255.255.0 {

# Range of DHCP IP Addresses for this scope
        range                          192.168.0.20 192.168.0.126;

# Lease assignments Default = 1 day, Max = 2 days
        default-lease-time              86400;
        max-lease-time                  172800;

# Configure Clients Default Gateway
        option subnet-mask              255.255.255.0;
        option broadcast-address        192.168.0.255;
        option routers                  192.168.0.1;

# Configure the clients DNS Settings
        option domain-name              "dpsmn.sch.uk.";
        option domain-name-servers      192.168.0.2;

}

named.caching-nameserver.conf
Code:
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//

acl trusted {
192.168.0.0/24;
127.0.0.0/8;
};


options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory      "/var/named";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      query-source    port 53;
        query-source-v6 port 53;
        allow-query    { trusted; };
        allow-transfer { trusted;};
        //internet dns
//      forwarders {208.67.22.222; 208.67.220.220;};
};

controls {
inet 127.0.0.1 port 953
        allow {127.0.0.1;} keys {"rndckey";};
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
//view localhost_resolver {
//      match-clients      { trusted; };
//      match-destinations { trusted; };
//      recursion yes;
        include "/etc/named.rfc1912.zones";
//};
named.rfc1912.zones
Code:
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

include "/etc/rndc.key";

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

//forward zone for internal domain
zone "dpsmn.sch.uk" {
        type master;
        file "dpsmn.sch.uk.zone";
        allow-update { key "rndckey"; };
};

//This zone is for reverse lookups.
zone "0.168.192.in-addr.arpa"  {
    type master;
    file "reverse.zone";//this file resides in /var/named/chroot/var/named
        allow-update {key "rndckey";};
};
dpsmn.sch.uk.zone
Code:
$ORIGIN .
$TTL 86400      ; 1 day
dpsmn.sch.uk            IN SOA  pdc.dpsmn.sch.uk. admin.dpsmn.norfolk.sch.uk. (
                                14062013  ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800    ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      pdc.dpsmn.sch.uk.
                        A      192.168.0.2
$ORIGIN dpsmn.sch.uk.

pdc                    A      192.168.0.2
reverse.zone
Code:
$ORIGIN .
$TTL 86400      ; 1 day
0.168.192.in-addr.arpa  IN SOA  pdc.dpsmn.sch.uk. admin.dpsmn.norfolk.sch.uk. (
                                1406190721 ; serial
                                21600      ; refresh (6 hours)
                                3600      ; retry (1 hour)
                                604800    ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      pdc.dpsmn.sch.uk.
$ORIGIN 0.168.192.in-addr.arpa.
2                      PTR    pdc.dpsmn.sch.uk.

any one looking over this problem with above scripts are missing " on the keys, missing . with in the zone reverse file few minor tweaks on dhcp file almade allow client-update in dhcpd.conf.

if any one can help me getting the clients to retrive domain info from the DNS this would be grate.

thanks for any help

robert

Au_Squirrel 06-14-2008 04:05 PM
Try uncommenting the forwarders line in the named.conf.

// forwarders {208.67.22.222; 208.67.220.220;};

to

forwarders {208.67.22.222; 208.67.220.220;};

Your DNS server will not forward the DNS lookups with the line commented out.

If not, in the dhcpd.conf file change:

option domain-name-servers 192.168.0.2;

to

option domain-name-servers 192.168.0.2; 208.67.22.222;

This will fail over the DNS request to your (I presume) ISP DNS server. The first is the "recommended" way.

kudos 06-14-2008 06:24 PM
Hi there, thanks for the tip,

i uncommented the above all is now working from the looks of things

reverse and forward zones are being updated by DHCP
clients can now browse and nslookup exsternal domains (also internel)

here is my final name.conf for any one intrested.

also here is alink ifound with some good info on bind and dhcp

bind
http://www.linuxhomenetworking.com/w...onfiguring_DNS

dhcp
http://www.linuxhomenetworking.com/w...he_DHCP_Server


Code:
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//

acl trusted {
192.168.0.0/24;
127.0/8;
localnets;
localhost;
};

options {
        listen-on port 53 { trusted; };
        listen-on-v6 port 53 { ::1; };
        directory      "/var/named";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        query-source    port 53;
        query-source-v6 port 53;
        allow-query    { trusted; };
        allow-transfer { trusted;};
        //internet dns
        forwarders {208.67.22.222; 208.67.220.220;};
};

controls {
inet 127.0.0.1 port 953
        allow {127.0.0.1;} keys {"rndckey";};
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { trusted; };
        match-destinations { trusted; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};

include "/etc/rndc.key";

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};
zone "dpsmn.sch.uk" {
        type master;
        file "dpsmn.sch.uk.zone";
        allow-update { key "rndckey"; };
};

//This zone is for reverse lookups.
zone "0.168.192.in-addr.arpa"  {
    type master;
    file "reverse.zone";//this file resides in /var/named/chroot/var/named
        allow-update {key "rndckey";};
};

hope this helps any one out who runs into the same problem as i have
if you do follow this make sure you have a RNDC.key file in etc setup and configured ;)

thanks every one for your help, robert

billymayday 06-14-2008 07:07 PM
Quote:
clients can not browse and nslookup exsternal domains (also internel)
Did you mean not browse or now browse?

kudos 06-15-2008 04:12 AM
sorry now browse yea what a typo sorry, all is working fine thanks,


All times are GMT -5. The time now is 08:24 PM.