Category Archives: Technical Stuff
Building a new Dynamic DNS Server “DHCP+ BIND” on Linux Ubuntu 7.10
Dynamic DNS Server
Introduction
In this howto we will learn how to build a Dynamic DNS Server. Normally when we configure DNS, we use static entries to resolve any FQDN. If we are using DHCP in our network which gives dynamic IPs to every computer that turns on or requests one, then it is not possible to configure DNS statically. For that we should configure our DNS with DHCP in a manner that whenever a computer gets a new IP, its FQDN will be automatically updated with the new IP in DNS.
Installation
let’s assume we have have a server i did my test with this network configuration server ip is “172.16.140.129 & our hostname is DDNS ..
Install DHCP3 & BIND9
apt-get install dhcp3-server bind9
We will start with the main configure file. We don’t need to make many changes to this one.
cd /etc/bind/
nano named.conf
At the bottom put…
controls {
inet 127.0.0.1 allow {127.0.0.1; 172.16.140.129; } keys { “rndc-key”; } ;
};
definition of what we just added is:
**Controls** < = This block tells the bind server, "Hey these nice people here will be allowed to update you, please let them!"
**inet 127.0.0.1** < = Who am I modifying? Myself. Here we say we are talking about the local bind server.
**allow {127.0.0.1; 172.16.140.129; } < = here I am saying who (by IP) is allowed to modify the DNS entries. I am saying I can locally modify (hence the 127.0.0.1) also through my network connection (172.16.140) modifications can take place. Feel free to add additional servers/remove servers as your needs permit.
**keys {“rndc-key”;} ; < = This is the name of a key that is generated to authorize that the process/computer is allowed to modify the DNS. We will get more into this later. The name of the key (in " " ) is what is given by the default ubuntu install you may need to change this for other systems, or feel free to rename it as your own. Just remember to carry it on through the rest of this guide.
Ok done with named.conf save it and get ready for the next bit.
nano named.conf.local
This usually starts off as a blank file with some comments at the top. The purpose of this file is to define all the user only zones (read domain names/networks). Again I will dump what I did and then work through it. Add the following to the end of the file.
include “/etc/bind/rndc.key”;
zone “ddns” {
type master;
file “/etc/bind/ddns.zone”;
allow-update { key rndc-key; };
allow-transfer {172.16.140/24; };
};
zone “172.in-addr.arpa” {
type master;
file “/etc/bind/rev.140.16.172.in-addr.arpa”;
allow-update { key rndc-key; };
allow-transfer {172.16.140/24; };
};
definition of what we just added is:
**include “/etc/bind/rndc.key”; < = This line includes the file rndc.key which was generated as a MD5 hash to be used to validate programs updating the DNS. Sort of like an include statement in programing. It dumps the contents of the file in the spot where the include is put. **zone “ddns” { < = Here we are defining a new zone whose name is ddns. It can be anything you want to make a domain or sub domain for. **type master; < = Since this is the master (Read main) DNS server we have to say so here. **file “/etc/bind/ddns.zone”; < = Here we say where the address resolution database will be located. This is the file that holds the NAME => IP information along with some information. We will talk about the contents of this file later.
**allow-update { key “rndc-key”; }; < = Here we are saying who/what can update this zone. Here we say anyone who comes to us with the rndc-key will be allowed to update the DNS.
**allow-transfer {172.16.140/24; }; < = Here we are saying who can have a copy of our zone. (In this case I am saying anyone on the 172.16.140.0-172.16.140.255 network. This can be changed to just a set of IPs or left as is.
**zone “172.in-addr.arpa” { < = Odd looking zone... This is a reverse lookup database one of these typically accompany a named zone. This file allows for reverse lookups.
On to creating the actual database files we made reference to in the two file directives above. From my research there are a few ways to make one of these files, the simplest method for me was to make a copy of one of the stock db files and modify it to my needs. So let’s do that.
cp db.empty ddns.zone
cp db.empty rev.140.16.172.in-addr.arpa
Let us edit….
nano /etc/bind/ddns.zone
Ok here I will display an example of what i added to it
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE – it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
ddns IN SOA ddns. root.ddns. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.
Here we add into the reverse lookup database!
nano rev.140.16.172.in-addr.arpa
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE – it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
172.in-addr.arpa IN SOA ddns. root.ddns. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.
Save your changes and we will go to the next bit. In the folder we are in which should be /etc/bind/ we should make sure the files we will be modifying are owned by bind. Do a simple
chgrp bind *
and that should help resolve reading/writing issues later on.
Let’s take a look at that key file. We are not going to edit it I am just putting an example so you understand its format.
cat /etc/bind/rndc.key
key “rndc-key” {
algorithm hmac-md5;
secret “79vRlHQIfZFHSfvUjWL0wQ==”;
};
Now we need to copy our key so that the dhcp server can use it.
cp /etc/bind/rndc.key /etc/dhcp3/
Head on over to the DHCP directory.
cd /etc/dhcp3
Make sure dhcp can read our key…
chown root:dhcpd rndc.key
And now we edit the files…
nano dhcpd.conf
This file comes with a lot of commented out examples we will ignore them and just modify the top, and add our own information. At the top you will see
ddns-update-type none;
change it to
ddns-update-style interim;
next in
# options definitions common to all supported networks…
option domain-name “example.com”;
option domain-name-servers ns1.example.con, ns2.example.com
i changed it to be
option domain-name “ddns”;
option domain-name-servers 172.16.140.129;
leave the default lease time, and max lease time alone, unless you want to change them.
after the lease times put:
one-lease-per-client on;
Bellow that is:
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
# authoritative;
Uncoment authoritative so it looks like…
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
now you must include our key in the conf file
include “/etc/dhcp3/rndc.key”;
put the following to the conf. we define the zones to the DHCP to let the DHCP to update it whenever a lease is given
zone ddns. {
primary 172.16.140.129;
key rndc-key;
}
zone 172.in-addr.arpa. {
primary 172.16.140.129;
key rndc-key;
}
Now let’s make our subnet section in the conf file.
subnet 172.16.140.0 netmask 255.255.255.0 {
range 172.16.140.1 172.16.140.254;
option subnet-mask 255.255.255.0;
option broadcast-address 255.255.255.254;
option routers 172.16.140.1;
}
Now my dhcpd.conf look like this.
server-identifier ddns;
authoritative;
# How to connect to the DNS server and update it.
ddns-update-style interim;
ddns-updates on;
#ignore client-updates;
ddns-domainname “ddns”;
ddns-rev-domainname “172.in-addr.arpa”;
include “/etc/dhcp3/rndc.key”;
# Use what key in what zone
zone ddns. {
primary 127.0.0.1;
key “rndc-key”;
}
# Subnet definition w/ accompanying options
subnet 172.16.140.0 netmask 255.255.255.0 {
range 172.16.140.1 172.16.140.254;
option subnet-mask 255.255.255.0;
option broadcast-address 255.255.255.254;
option domain-name “ddns”;
option domain-name-servers 172.16.140.129;
one-lease-per-client on;
default-lease-time 604800;
max-lease-time 604800;
# Gateways and DNS servers
option routers 172.16.140.1;
}
zone ddns. {
primary 172.16.140.129;
key rndc-key;
}
zone 172.in-addr.arpa. {
primary 172.16.140.129;
key rndc-key;
}
Now we are done.
/etc/init.d/bind9 restart;
/etc/init.d/dhcp3-server restart;
NOTE: in some guides they say edit the client’s /etc/dhcp3/dhcpclient.conf uncomment send host-name ” STUFF HERE “; and replace STUFF HERE with the name of the machine. i didn’t do that and everything works fine for me.
Now we check /var/log/daemon.log && /var/log/syslog I found this very helpful in tracking down problems.