Home » Debian, Featured, Headline, How-to, Linux, Shell, Ubuntu

Linux ISC DHCP Server and Dynamic DNS updates under Debian and Ubuntu

8 April 2009 2 Comments

Dynamic DNS and DHCP

Dynamic DNS and DHCP


This article will cover the DNS dynamic updates and DHCP DNS updates. I assume you already followed my last 2 articles “Linux ISC DHCP Server under Debian and Ubuntu” and “Linux ISC DHCP Server failover under Debian and Ubuntu” and I assume you have minimum skills in configuring ISC BIND dns server.
Why Dynamic DNS with DHCP ? Beacuse is hard to remeber IP’s for all type of devices. Managing a Dynamic DNS is more simple than learn everytime new ip’s from your network. Also this configuration in big networks is a bless when you should find the IP printer or whatever.

We will start from the simple ISC DHCP configuration from first article “Linux ISC DHCP Server under Debian and Ubuntu“.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

authoritative;
 
ddns-update-style none;
 
option domain-name "domain.com";
option broadcast-address 10.1.0.255;
 
default-lease-time 86400;
max-lease-time 86400;
 
log-facility local7;
 
subnet 10.1.0.0 netmask 255.255.255.0 {
  option domain-name-servers 10.1.0.12;
  range 10.1.0.16 10.1.0.254;       
  option routers 10.1.0.1;             
 
    host hostname {
      hardware ethernet 00:01:13:e1:d1:11;
      fixed-address 10.1.0.17;         
    }
 
    host print_server {
      hardware ethernet 00:01:23:e2:d1:22;
      fixed-address 10.1.0.18;         
    }                  
}

To secure update the ISC BIND DNS from DHCP we need to create a key what should used by both programs.

[root@randombugs]# dnssec-keygen -a HMAC-MD5 -b 512 -r /dev/urandom -n USER dhcpupdate
Kdhcpupdate.+157+49467

Now look in *.key file (in my case was Kdhcpupdate.+157+49467.key) and get the key what should end with == (base 64 encoded)

Now create file “/etc/bind/dns-dhcp.key” with the following content:

1
2
3
4

key updatekey {
  algorithm hmac-md5;
  secret "key";
};

(“key” is the string from *.key file generated with dnssec-keygen)

You also can use

[root@randombugs]# /usr/sbin/rndc-confgen -a

to generate this file directly but you should update the key name and file name of the generated file (rndc.key). Also if you have 2 different servers for DHCP and DNS don’t forget to copy the file on both servers and if you modify the path of the key file don’t forget to modify the paths in configuration files.

Bind should be configured to accept the DNS update from the DHCP, so you should create or modify your zones for that. In my case I have 2 zones one for reverse DNS and one for DNS. To do that just open named.conf.local and add or edit your zones

1
2
3
4
5
6
7
8
9
10
11
12
13

include "/etc/bind/dns-dhcp.key"
 
zone "0.1.10.in-addr.arpa" {
    type master;
    file "/etc/bind/0.1.10.in-addr.arpa";
    allow-update { key updatekey; };
};
 
zone "random-bugs.com" {
    type master;
    file "/etc/bind/named.random-bugs.com.conf";
    allow-update { key updatekey; };
};

Create your reverse dns configuration file /etc/bind/0.1.10.in-addr.arpa

1
2
3
4
5
6
7
8
9
10
11
12

$ORIGIN .
$TTL 604800     ; 1 week
random-bugs.com                  IN SOA  ns.random-bugs.com. root.random-bugs.com. (
                                2009010702 ; serial
                                86400      ; refresh (1 day)
                                14400      ; retry (4 hours)
                                1204800    ; expire (1 week 6 days 22 hours 40 minutes)
                                604800     ; minimum (1 week)
                                )
                        NS      ns.random-bugs.com.
 
1              PTR     router.random-bugs.com

Create your zone file for dns configuration /etc/bind/named.random-bugs.com.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

$ORIGIN .
$TTL 604800	; 1 week
random-bugs.com		IN SOA ns.random-bugs.com. root.random-bugs.com. (
				2003071701 ; serial
				86400      ; refresh (1 day)
				14400      ; retry (4 hours)
				1204800    ; expire (1 week 6 days 22 hours 40 minutes)
				604800     ; minimum (1 week)
				)
			NS	beer.random-bugs.com.
			A	10.1.0.12
			MX	10 mail.random-bugs.com
 
$ORIGIN random-bugs.com.
mail		A	10.1.0.1
www		A	10.1.0.1
ns		A	10.1.0.12

Now you are ready to restart your bind to reload the new configuration:

[root@randombugs]# /etc/init.d/bind9 restart

Check if your new configuration was correctly accepted by your DNS and let’s do a test to see if DNS update working:

[root@randombugs]# nsupdate
> server ns.random-bugs.com
> key dhcpupdate “key”
> zone random-bugs.com
> update add 17.0.1.10.in-addr.arpa 600 IN PTR bugs.random-bugs.com.
> send
> update add bugs.random-bugs.com. 600 IN A 10.1.0.17
> send

To check if the configuration was updated just run from the command prompt:

[root@randombugs]# host bugs.random-bugs.com
bugs.random-bugs.com has address 10.1.0.17

To check if reverse DNS was updated run:

[root@randombugs]# host 10.1.0.17
17.0.1.10.in-addr.arpa domain name pointer bugs.random-bugs.com

After a successful response of this commands we can move on the next step: DHCP configuration.
DHCP configuration for Dynamic DNS is simple. Just add in /etc/dhcp3/dhcpd.conf the zone for DNS update:

1
2
3
4
5
6
7
8
9
10
11

include "/etc/bind/dns-dhcp.key"
 
zone random-bugs.com. {
	primary 10.1.0.12;
	key updatekey;
}
 
zone 0.1.10.in-addr.arpa. {
	primary 10.1.0.12;
	key updatekey;
}

Also in your “host” configuration you can add

1
2
3
4

  option host-name "bugs";
  option domain-name "random-bugs.com";
  ddns-hostname "bugs";
  ddns-domain-name "random-bugs.com";

To force a specific name for a specific host and ignore the hostname what it comes from dhcp client.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

authoritative;
 
ddns-update-style none;
 
option domain-name "domain.com";
option broadcast-address 10.1.0.255;
 
default-lease-time 86400;
max-lease-time 86400;
 
log-facility local7;
 
include "/etc/bind/dns-dhcp.key"
 
zone random-bugs.com. {
	primary 10.1.0.12;
	key updatekey;
}
 
zone 0.1.10.in-addr.arpa. {
	primary 10.1.0.12;
	key updatekey;
}
 
subnet 10.1.0.0 netmask 255.255.255.0 {
  option domain-name-servers 10.1.0.12;
  range 10.1.0.16 10.1.0.254;       
  option routers 10.1.0.1;             
 
    host hostname {
      hardware ethernet 00:01:13:e1:d1:11;
      fixed-address 10.1.0.17;         
      option host-name "bugs";
      option domain-name "random-bugs.com";
      ddns-hostname "bugs";
      ddns-domain-name "random-bugs.com";
    }
 
    host print_server {
      hardware ethernet 00:01:23:e2:d1:22;
      fixed-address 10.1.0.18;         
    }                  
}

Restart the DHCP server and monitor your clients and your DNS server.

Good luck!


2 Comments »

  • Ivan said:

    When creating the dhcp-dns.key file and you noted to replace the key we generated in the “key” part:

    1) do we include the quation marks ” in the file
    2) the key created on my machines is

    dhcpupdate. IN KEY 0 3 157 Gm7lJ54Po2L156N3mNFyx1i9U24tfPPnMjEb/xx4iFmqGSW9mikhcRwg 1aTVz59UdxscCBrfpJZi/yx4MC5cLA==

    What part of this key do i use?

    Thanks

    # 12 August 2009 at 1:57 am
  • admin (author) said:

    Use this part 1aTVz59UdxscCBrfpJZi/yx4MC5cLA==

    Regards

    # 12 August 2009 at 3:55 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.