Adeptus-Mechanicus

Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


DHCP AND DNS FOR DDNS

DDNS stands for Dynamic Domain Name Service. What is means is that a machine can have a DNS record even as the IP address changes as it uses DHCP. This is very useful for people who have Internet connections which do not have static IP addresses, but it is also useful in a LAN. If each of your network machines has a DNS name, then it makes sharing printers easier, it makes tracking them easier, it makes name lookups more useful and easier. There are other reasons, but I am suer you get the point - it is a good thing. In this paper I will be going through a simple Linux based setup for two reasons;
  1. Usage of BIND for DNS and the Internet Software Consortium DHCP server is quite common
  2. It is easier (and cheaper) then using the Windows DNS and DHCP software
What do you need?
Well obviously, you will need the software mentioned above (BIND DNS and ISC DHCP), and you will need to check if your DNS and DHCP servers are on separate machines. In the following setup I am staying simple, there is no update key needed, and the servers are on separate machines.
Setup BIND DNS
Starting with the DNS server is easiest as the changes only come into play as DHCP uses them, otherwise DNS functions as normal. So edit your main configuration file (/etc/named.conf by default) as follows..
#place near top of file as is referenced lower down
acl lan {
    10.0.0/24;
    127.0.0.1;
        };

then in each zone definition (remember to do it for each domain name and each domain name's reverse lookup zone) put the allow-update option, something like this..
zone "example.com" {
     type master;
     file "/var/named/example.com";
     allow-update { lan; };
     };


What this does is it will allow any DHCP client in the IP address ranges specified in the lan acl to be able to update the zone files. If you put the options into both the name lookup and the reverse lookup zone definitions, then each client will be able to have a DNS name which can be found with a reverse lookup. As always, once you have made the changes do a restart (/etc/init.d/named restart) and check your log file (normally /var/log/messages) for status messages.

Setup the DHCP server
This is where the majority of the configuration takes place, in the DHCP configuration file (generally it's /etc/dhcpd.conf).  The first of the changes is added to your normal global option settings (you will also have to delete the ddns-update-style ad-hoc; line)..
ddns-update-style interim;
ddns-ttl 7200;

Then the rest of the changes occur in the subnet section of the configuration file..
# don't let clients modify their own records
 ignore client-updates;
 # dynamic DNS updates
 ddns-updates on;
 ddns-domainname "example.com.";
 ddns-rev-domainname "in-addr.arpa.";
option domain-name "example.com";

zone example.com {
        primary 10.0.0.10;
  }

zone 0.0.10.in-addr.arpa {
        primary 10.0.0.10;
  }

The settings here are very important. There are some common gotchas to watch for;
Final Words
There are some other odd settings around to help you make full usage of this setup..
This setup is very useful, and can also help you understand your network a little better. As always have fun and learn.