Howto setup dynamic DNS

Howto setup dynamic DNS

Howto setup dynamic DNS 150 150 Roderick Derks

Setup the config files for dhcp and Named. Clients (pc's, laptops) will get an ip address from a range you specified. You can also reserve specific ip address for static devices like serves or printers. The dhcp server daemon registers them to the Named server.

I used Fedore 6, dhcpd and Named running in chroot mode.

Sometimes you get stuck because of problems with rights on the file system or a configuration error in one of your config files. Don't let this bring you down. Stand up straight, keep you head up and hold on till you got what you wanted 😉 

Software Packages 

Install the following packages (or update them):

  • dhcp.i386
  • bind-libs.i386
  • bind-utils.i386
  • bind-chroot.i386
  • caching-nameserver.i386
  • bind.i386

Configure DHCP

Extract from vi /etc/dhcpd.conf

## dhcp.conf RRD 11-02-2007

## Server configuration:

authoritative;
include "/etc/rndc.key";

server-identifier       server;
ddns-domainname         "r71.nl.";
ddns-rev-domainname     "in-addr.arpa.";
ddns-update-style       interim;
ddns-updates            on;
ignore                  client-updates;

# If you have fixed-address entries you want to use dynamic dns
update-static-leases on;

# Wins server setting, not used at this time cause I have none
#option netbios-name-servers 10.0.2.11;
#option netbios-dd-server 10.0.2.11;
#option netbios-node-type 8;

# This is the communication zone

zone r71.nl. {
    primary 127.0.0.1; # force dhcpd to send the update to this server
    key rndckey;
}

zone  10.in-addr.arpa. {
    primary 127.0.0.1; # force dhcpd to send the update to this server
    key rndckey;
}

## Client configuration:

subnet 10.0.0.0 netmask 255.0.0.0 {

    option routers                  10.0.1.254;
    option subnet-mask              255.0.0.0;
    option domain-name              "r71.nl";
    option domain-name-servers      10.0.2.11, 10.0.2.10;

    range dynamic-bootp 10.0.5.1 10.0.5.9;
    default-lease-time 21600;
    max-lease-time 43200;

}

# ip address reservations:
# they who have ddns-hostname set will
# register themselves to named

group {

    ddns-domainname "r71.nl.";

    host ns {
         hardware ethernet 00:0C:29:B8:4F:68;
         fixed-address 10.0.2.11;
    }

    host rainier {
         # rainier.r71.nl 2nd lan adapter
         hardware ethernet 00:0C:29:4D:26:0C;
         fixed-address 10.0.2.21;
         ddns-hostname = host-decl-name;
         #ddns-hostname rainier;
         #ddns-domainname "r71.nl.";
    }

    host laptop_lan {
         ddns-hostname laptop_lan;
         hardware ethernet 00:14:22:D7:7C:41;
         fixed-address 10.0.4.1;
    }

    host laptop_wan {
         ddns-hostname laptop_wan;
         hardware ethernet 00:16:6F:5D:76:24;
         fixed-address 10.0.4.2;
    }
}

If you want to automaticaly register the reservated addresses in DNS (named) then you must specify ddns-hostname and ddns-domainame. The dhcpd will not "figure it out" if you just specify host-name and domain-name.

# service dhcpd start (or reload)

Try a dhcp request from a computersystem. If you use VMware you can easily add a virtual NIC to a VM and use this for testing.

Watch the logfile:
# tail -f /var/log/messages 

Configure Named 

Named master server:

Extract from /etc/named.conf

//
// named.conf for Red Hat caching-nameserver
//

include "/etc/rndc.key";

acl internal { 10.0.0.0/8; };
#acl slaves { 10.0.2.10; 10.0.2.5; 10.0.2.6; };
acl slaves { 10.0.2.10; };

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";

//      allow-query { internal; };

        forwarders {
                10.0.1.254;
        };
};

zone "r71.nl" {
        type master;
        file "r71.nl.zone";
        allow-update { key "rndckey"; };
        allow-transfer { slaves; };
        notify yes ;
};

zone "10.in-addr.arpa" {
        type master;
        file "r71.nl.rev";
        allow-update { key "rndckey"; };
        allow-transfer { slaves; };
        notify yes ;
};

Set the rights to the files and directories

# chown named:named /var/named/chroot
# chown named:named /var/named/chroot/var
# chown named:named /var/named/chroot/var/named
# chmod 770 /var/named/chroot
# chmod 770 /var/named/chroot/var
# chmod 770 /var/named/chroot/var/named

# chown named:named /var/named/chroot/var/named/r71.nl.zone
# chown named:named /var/named/chroot/var/named/r71.nl.rev
# chmod 666 /var/named/chroot/var/named/slaves/r71.nl.zone
# chmod 666 /var/named/chroot/var/named/r71.nl.rev

# cd /var/named
# ln -s /var/named/chroot/var/named/slaves/r71.nl.zone
# ln -s /var/named/chroot/var/named/slaves/r71.nl.rev

# service named start

Watch the logfile:
# tail -f /var/log/messages

Named slave server:

Extract from /etc/named.conf

//
// named.conf for Red Hat caching-nameserver
// named configured as slave server (RRD 26-01-2006)
//

include "/etc/rndc.key";

// acl internal { 10.0.0.0/8; };
// acl slaves { 10.0.2.5; 10.0.2.6; };

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";

//      allow-query { internal; };

        forwarders {
                10.0.1.254;
        };
};

zone "r71.nl" {
        type slave;
        file "r71.nl.zone";
        masters { 10.0.2.11; };
};

zone "10.in-addr.arpa" {
        type slave;
        file "r71.nl.rev";
        masters { 10.0.2.11; };
};

Set the rights to the files and directories

# chown named:named /var/named/chroot
# chown named:named /var/named/chroot/var
# chown named:named /var/named/chroot/var/named
# chmod 770 /var/named/chroot
# chmod 770 /var/named/chroot/var
# chmod 770 /var/named/chroot/var/named
# chmod 770 /var/named/chroot/var/named/slaves

# chown named:named /var/named/chroot/var/named/slaves/r71.nl.zone
# chown named:named /var/named/chroot/var/named/slaves/r71.nl.rev
# chmod 666 /var/named/chroot/var/named/slaves/r71.nl.zone
# chmod 666 /var/named/chroot/var/named/r71.nl.rev

# cd /var/named
# ln -s /var/named/chroot/var/named/slaves/r71.nl.zone
# ln -s /var/named/chroot/var/named/slaves/r71.nl.rev

# service named start

Watch the logfile:
# tail -f /var/log/messages

Configure iptables

Add these rules to the database:
# iptables -A INPUT -p tcp –sport 53 -j ACCEPT
# iptables -A INPUT -p udp –sport 53 -j ACCEPT
# iptables -A INPUT -p tcp –sport 953 -j ACCEPT

Or do this:
# system-config-securitylevel-tui
Add these three entries seperated by spaces to the free editable space: domain:tcp domain:udp rndc:tcp

Result: cat /ets/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 953 -j ACCEPT

Roderick Derks

Liefhebber van fietsen, van het oplossen van IT puzzels, en van het delen van informatie om anderen te helpen.

All stories by:Roderick Derks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Your Name (required)

    Your Email (required)

    Subject

    Your Message

      Your Name (required)

      Your Email (required)

      Subject

      Your Message