Do you use let's encrypt?
|
Configuring Dynamic DNS & DHCP on Debian StablePosted by ajt on Tue 31 Jan 2006 at 08:37 For the average home computer user there is no need to install a complex package such as the Internet Software Consortium's BIND DNS or DHCP server, since there are far simpler lower resource tools to use, for example dnsmasq. For those who you wish to learn how to use ISC's BIND and DHCP, for example as a learning exercise, this is how I got it all to work in Debian Sarge, the current stable version of Debian GNU/Linux. This short article was prompted by my question on the Debian-Administration forum site, where I was able to get some answers to the issues I faced and I did promise to post a solution if I got one. Installation of PackagesThe version of ISC BIND DNS and DHCP servers installed by default in Debian stable are the older versions, which will not actually work together. If you have either server installed you need to remove it and upgrade to the newer version of each package. The newer versions are available in the Debian stable archive so you do not need a back-port from testing. [user@box ~]$ sudo aptitude remove bind dhcp [user@box ~]$ sudo aptitude install bind9 dhcp3-server Let To set-up DNS you need to set your domain rules as per normal BIND9 format. BIND9 does have a reputation for being complex but you can find help in the The hard bit is getting the two to talk to each other, as this is less well documented and the documentation that does exist does contradict itself. It was my difficulties with getting the DHCP server to automatically update the DNS server that lead me ask a question on the D-A.org web site. Though I got no perfect answer, I was able to piece together enough to generate this working solution. Configuring BIND9/etc/bind/named.confYou need to tell BIND that it is okay to allow other applications to update it. I added the following to my BIND9 configuration, everything else was left as stock Debian. My DHCP server and DNS server are on the box, so here I am only allowing controls { inet 127.0.0.1 allow {localhost; } keys { "rndc-key"; }; }; /etc/bind/named.conf.localHere is my local zone details, suitably modified. Here I let BIND know which domains it can update; in my case I only have one domain to deal with. I am also loading in the shared secret key in at this stage. You can see I am using a private IP address range. // Add local zone definitions here. zone "network.athome" { type master; file "/etc/bind/db.network"; allow-update { key "rndc-key"; }; notify yes; }; zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.0"; allow-update { key "rndc-key"; }; notify yes; }; include "/etc/bind/rndc.key"; /etc/bind/rndc.keyThe secret key is created with a tool. If your DHCP and DNS servers are on separate machines you need to copy the file between them or arrange for one machine to remotely access the file system of the other. key "rndc-key" { algorithm hmac-md5; secret "lgkbhjhtthgtlghtl6567=="; }; db filesSet up your zone databases as normal. You do not need to do anything fancy. Configuring DHCP3 ServerBy default the ISC DHCP3 server shipped in Debian Sarge does not do dynamic DNS update. You simply need to enable it. Below are the options I selected for my system. /etc/dhcp3/dhcpd.confYou have to turn on the updating with the # Basic stuff to name the server and switch on updating server-identifier server; ddns-updates on; ddns-update-style interim; ddns-domainname "network.athome."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; # This is the key so that DHCP can authenticate it's self to BIND9 include "/etc/bind/rndc.key"; # This is the communication zone zone network.athome. { primary 127.0.0.1; key rndc-key; } # Normal DHCP stuff option domain-name "network.athome."; option domain-name-servers 192.168.0.60, 192.168.0.1; option ntp-servers 192.168.0.60; option ip-forwarding off; default-lease-time 600; max-lease-time 7200; authoritative; log-facility local7; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.100 192.168.0.200; option broadcast-address 192.168.0.255; option routers 192.168.0.1; allow unknown-clients; zone 0.168.192.in-addr.arpa. { primary 192.168.0.60; key "rndc-key"; } zone localdomain. { primary 192.168.0.60; key "rndc-key"; } }
Re: Configuring Dynamic DNS & DHCP on Debian Stable
ok, rtfm 1st :)
so I'll guess it's rndc-confgen, then. [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian etch
Posted by Anonymous (200.87.xx.xx) on Tue 8 Apr 2008 at 20:46
a litle tutorial how to configure DHCP
[ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Fair comment...
-- "It's Not Magic, It's Work" Adam [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
This is a very good article, i've been wanting to set this up as a learning experience in my home network for some time.
I'm sure this question is answered once I get this set up. But what happens with a static ip address i'm assigning through dhcp? Does it get the hostname from the dhcp config and then use that to update dns? Or am I missing the point? aaron Through correctness comes ease -Chiun -The Destroyer series [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Static though DHCP? Do you mean a DHCP Reservation?
My static machines retain their hostname and fully qualified domain name as they ignore DHCP totally. They have static enteries in my DNS. My work machine has a work hostname and FQDN. Work's machine is not in my DNS, so it uses DHCP and it retains it's hostname, but is placed in the domain of the DHCP server, not work's. Once it's in my domain, DNS know where it is and I can access it via it's hostname or FQDN. Does this help? -- "It's Not Magic, It's Work" Adam [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
yes, i mean a static reservation
what i do is i have all my machines set to get their info thorugh dhcp. Some of these machines i want on fixed ip addresses (various reasons) but I want them getting their information from dhcp, but i want to make sure that it won't hurt anything. The more I think about it, the more it seems like I would just leave my static configurations the way they are, and just new machines (laptops) that come in and out of my network would possibly change ip address. But where does the hostname come from? I'd assume the hostname configured on the client. For example machine with a hostname of foo contacts dhcp for the athome.network domain, this then gives it ip address ...100 and then there is a dynamic dns entry for foo.athome.network aaron Through correctness comes ease -Chiun -The Destroyer series [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
So, i finally got around to doing this
I had a few issues that were eventually resolved simply, but were a bit tedious to track down, since "no one is having this problem but me!" I had setup everything like the article says (i made some typos, but we don't have to cover that) but things weren't working and i couldn't find what I didn't do right. to debug the problem I edited /etc/default/bind9 so that options read OPTIONS="-u bind -g -d 20" and then restarted bind9 in a window and in another window i stopped the /etc/init.d/dhcpd3-server and ran the command dhcpd3 -d -f 2>&1 | tee dhcp3.log and in another window, i did a tail -f /var/log/daemon.log this way, from a test machine, i could renew my lease, and see what happened between the daemons But everytime i'd try and renew a lease on a test machine, i'd get the message named[30593]: client 127.0.0.1#49087: request has invalid signature: TSIG rndc-key: tsig verify failure (BADKEY) so, i looked around for rndc information and came across the rndc-confgen program running it, it gave me a config for a /etc/rndc.conf file and a new /etc/bind/rndc.key file i made sure that the /etc/rndc.conf file's key and what was in /etc/bind/rndc.key matched so, that took care of that message, but then i started getting the messages named[30901]: db.rdu90.com.jnl: create: permission denied <mistake> Ok, so i'm about to make my big mistake here. What happened was, I saw that my /etc/bind directory was owned by smmsp, which had to have been done by the package management system, and so i didn't want to mess with that. So, I figured i'd provde a couple of 0 length .jnl files and chown them to bind. Then it could do what it needed...right? </mistake> so, i execute touch db.mydomain.com.nl touch db.192.168.1.jnl and chown them both to bind at this point i begin seeing the following messages client 127.0.0.1#49097: updating zone 'your.domain/IN': error: journal open failed: no more dhcpd dhcpd: Unable to add forward map from host.yourdomain.com to ##.##.##.##: timed out /etc/bind/named.conf:59: couldn't install keys for command channel 127.0.0.1#953: permission denied /etc/bind/named.conf:59: couldn't add command channel 127.0.0.1#953: permission denied at this point, i figured since the /etc/bind directory was group 'bind', i'd just give the group write permissions (i am loathe to change perms on directories apt controls since this might get changed back during an upgrade) and everything started working perfectly this site helped a lot http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html that explained to me what the log messages meant what i'd like to know is if there's someplace else i should have these journal files being written as i don't know if bind should be able to write to that directory i'm very happy with having this done overall, i've wanted to do it for years actually. thank you for this article. aaron Through correctness comes ease -Chiun -The Destroyer series [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (187.101.xx.xx) on Wed 14 Mar 2012 at 15:47
I think the best method is include the line "journal" in your zone config:
zone "db.rdu90.com"IN { ... //others zone options journal "/var/cache/bind/db.rdu90.com.jnl"; }; [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (94.240.xx.xx) on Mon 24 May 2010 at 10:39
Try
update-static-leases on; in your dhcpd.conf Tomek [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (213.146.xx.xx) on Thu 2 Feb 2006 at 16:34
Dude, you have no idea how much this helps, after struggling for two days this is a great help!
Not for sounding too lazy, but you wouldn't have a simple Bind9 setup article too? I am writing a script to install a domain controller with Samba, bind, dhcp and squid. Got most of the rest figured out but this bind thingy is giving me the runaround :-( [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
I slogged through the O'Reilly book on DNS and BIND to get mine working back in the days of version 4. I then upgraded to 8, which took some messing, and most recently to 9 - which was painless.
BIND is dead easy for a simple network, I've got 6 machines with static addresses, a work notebook on DHCP and a variable number of guests also on DHCP. I have only one server and a handful of aliases for Apache and that's it. It all starts to get messy when you several domains/sub-domains and email routing can make it all awfully complex. For a simple home network the O'Reilly book and the man page should be all you need. I could write up a noddy BIND9, but I suspect that there are several out there already. However I'll see if I can get round to a BIND9 how-to... -- "It's Not Magic, It's Work" Adam [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (196.25.xx.xx) on Thu 2 Feb 2006 at 19:46
You mention at the start that it was a learning exercise. With that in mind, why in your zone definitions did you opt for the (slightly deprecated) "allow-update" rather than the newer and finer grained "update-policy"?
Just wondering really... [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
I tried several things, which didn't work. This does work which why I'm using it, I am however willing to accept that it may be improved.
I've already exchanged emails with the a few people and I plan to improve the article if I can. Any helpful input will be accepted - "patches are welcome". -- "It's Not Magic, It's Work" Adam [ Parent | Reply to this comment ] For Red Hat based distributions
Posted by pgquiles (62.15.xx.xx) on Sat 4 Feb 2006 at 18:14
I'm a Debian guy but today I was configuring a CentOS machine and I went crazy about this line in dhcpd.conf:
allow-update { key "rndc-key"; }; It's worth to note in RedHat-based distributions you must write: allow-update { key "rndckey"; }; (notice the lack of the hyphen) [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (82.70.xx.xx) on Wed 22 Feb 2006 at 11:26
Hey thanks... that was a great article. I've been wondering how to do that for a while now.
One thing I noticed on both debian and Ubuntu: Ensure that your /etc/bind directory is writable for bind (chown bind:bind /etc/bind). Otherwise you will get an error in your logs telling you that bind is unable to create a journal file. By default the /etc/bind directory is owned by root and is not writable by bind. Thanks again. [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS &amp; DHCP on Debian Stable
Posted by Anonymous (84.42.xx.xx) on Sun 23 Apr 2006 at 21:13
[ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (88.2.xx.xx) on Tue 15 Apr 2008 at 14:48
"Ensure that your /etc/bind directory is writable for bind"
Don't do that; point instead the dinamically updatable zone files within /var/cache/bind/ which already is writable by bind. On a side note I'd prefer all dynamic updates going into a subdomain (like dyn.example.com) in order to "sandbox" mistakes or hack attempts from the "main server's" domains. [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (201.248.xx.xx) on Thu 24 Aug 2006 at 03:49
Who is 192.168.0.60? I understand that all is in the box 192.168.1.1
Thanks for your paper. Later, MS [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS &amp; DHCP on Debian Stable
In this case 192.168.0.1 is my router and 192.168.0.60 is the DNS, NTP DHCP server.
-- "It's Not Magic, It's Work" Adam [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (82.240.xx.xx) on Tue 29 May 2007 at 10:37
Be sure to "chmod g+w /etc/bind", otherwise bind will not be able to write the journal files.
[ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (207.27.xx.xx) on Tue 7 Aug 2007 at 06:14
Ditto to the above. I spend hours trying to get DDNS to work on a FreeBSD system; finally I did a 'chown bind /etc/namedb' AND 'chown bind /etc/namedb/master' (FreeBSD uses /etc/namedb instead of /etc/bind, and stores all the zone info in /etc/namedb/master.)
Moral of the story: if things don't seem to be working, make sure bind can write to BOTH the main bind/namedb folder, and to any folders within it. [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (159.162.xx.xx) on Mon 8 Oct 2007 at 09:32
Great article.
I wanted this problem solved the other way around, wich means have the client in dns, and use dhcp for giving the ip. With a record in dns, all you need is the client mac, and this in dchp server conf: host hostname { hardware ethernet XX:XX:XX:XX:XX:XX; fixed-address hostname.homedomain; } This can be mixed with ordinary dhcp setup wich you describe. Why use this setup? Well, you don't allow unknown mac's on your LAN and you don't risk having two clients using the same name (which has happen on a windows system at my work). If you want to move your LAN to another IP - say from 192.168.X.X to 10.10.X.X - you just have a zone file to adjust. I use this on my linux wlan AP as well, using the mac in firewalls rules and in dchpd. Regards, Hans Einar Gautun [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by razametal (200.93.xx.xx) on Fri 27 Jun 2008 at 01:19
I want the same configuration.
How can I update the dns for the fixed address declared under "host machinename" ? [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (194.106.xx.xx) on Sat 3 Nov 2007 at 00:11
Great article! I just did the same on Ubuntu Gutsy Gibbon and it worked like a charm. Thanks a lot for this!
[ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (194.106.xx.xx) on Sat 3 Nov 2007 at 16:25
If anybody is interested, I just finished writing a step by step procedure of how to set up the DNS and DHCP servers on Ubuntu Gutsy server edition. The DNS stuff was taken from the O'Reilly book and the DHCP stuff from this article. Don't hesitate to comment and point out mistakes. Here is the link:
http://brunogirin.blogspot.com/2007/11/dhcp-and-dynamic-dns-on-ub untu-server.html Bruno [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (84.87.xx.xx) on Mon 7 Jan 2008 at 23:49
I took me some time to find out why ddns was not working on my system. Ultimately I found that "ddns-update-style interim" must be declared GLOBALLY in dhcpd.conf. Initially, I had declared it locally within the subnet declaration, but this is NOT adequate: a global definition is required.
[ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (82.240.xx.xx) on Tue 8 Jan 2008 at 16:24
In dhcpd.conf, you must not enclose the secret key with " ", otherwise you will get weird base64 error messages.
So you have to do like this: key "mykey" { algorithm hmac-md5; secret XXXXXXXXXXX...; }; [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (83.125.xx.xx) on Wed 16 Jul 2008 at 15:25
Thanks for all comments. This helped us a lot, even on OpenBSD (which brought up the same problems :-)
[ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (201.210.xx.xx) on Wed 23 Nov 2011 at 02:42
hello friends,
i have a problem. I have a server DNS BIND and DHCP. The records are updated dynamically. When i create a static record for example mihost.dominio.com and a workstation get an ip address through DHCP and the machine has the same fqdn (mihost.dominio.com) the new record is updated and the old static record is rewrited. CAN I PROTECT MY STATICS RECORDS???? I DONT WANT THAT MY STATICS RECORDS WERE REWRITED. [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
If you have your ranges set correctly: non-overlapping, there is no reason why dynamic records should update your static records. -- [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by deb (82.157.xx.xx) on Sat 24 Nov 2012 at 17:35
Nice tutorial.
I've noticed there are tons of examples on this but none of them seem to work on my environment. Maybe anyone can enlighten my problem. What I've got: Squeeze with dhcp3 (stable) and bind9 on static ip 192.168.2.1. All work well, other debian servers (having the same domain) in the lan get an ip. On the dns server i can add A records using nsupdate (also visible in syslog). However, the dhcp deamon does not issue requests to update my zone (at least I don't see any in syslog, and nslookup on their hostnames fail). This is my dhcpd.conf configuration: server-identifier dns.home.i; ddns-updates on; ddns-update-style interim; ddns-domainname "home.i."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; # This is the key so that DHCP can authenticate it's self to BIND9 include "/etc/bind/rndc.key"; # This is the communication zone zone home.i. { primary 127.0.0.1; key rndc-key; } # Normal DHCP stuff option domain-name "home.i."; option domain-name-servers 192.168.2.1; option ntp-servers 192.168.2.1; option ip-forwarding off; default-lease-time 600; max-lease-time 7200; authoritative; log-facility local7; subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.100 192.168.2.200; option broadcast-address 192.168.2.255; option routers 192.168.2.1; allow unknown-clients; zone 2.168.192.in-addr.arpa. { primary 192.168.2.1; key "rndc-key"; } zone home.i. { primary 192.168.2.1; key "rndc-key"; } } Been at for days no and it is breaking my head. Anyone? [ Parent | Reply to this comment ] Re: Configuring Dynamic DNS & DHCP on Debian Stable
Posted by Anonymous (31.55.xx.xx) on Mon 19 Jan 2015 at 17:59
I don't serve dhcp, my ADSL router does, so no dhcp server here :-(. I don't mind doing a bit of nsupdate magic with the dhcp _client_ if you let me know how. Should I just mess with some of the if-up scripts? (debian, probably old-stable).
Trouble with that idea is it looks like nsupdate from dnsutils 1:9.6.ESV.R4+d does not work. Every command at the prompt (eg "server foo") gives an error ("incorrect section name: server"). Is there something built-in to DHCPD to do the trick instead? [And that dnsupdate requires keyfiles with names of the format K<keyname>.146.00000.{private,key} if I recall right, not "rndc.key", and would need a .private file to go with the .key file; one can debug it with the help of strace] [ Parent | Reply to this comment ] |
Recent Weblogs
|
[ View Weblogs ]
One question though:
you write:
Sorry for missing the obvious part: which tool?
[ Parent | Reply to this comment ]