Configuring Dynamic DNS & DHCP on Debian Stable
For the average home user there is no need to install a complex package such as the Internet Software Consortium’s BIND DNS or DHCP server. There are far simpler lower resource tools to use such as dnsmasq. However if you wish to learn how to use ISC BIND and DHCP, this is what I did to get it all working on Debian Sarge, the current stable version of Debian GNU/Linux.
This short article was prompted by my question on the Debian-Administration forum site, where I was able to get some answers to the problem and I did promise to post a solution if I got one.
Installation of Packages
By default if you install the default ISC BIND DNS and DHCP servers in Debian stable you will get the older versions which won’t actually work together. You therefore need to remove them and upgrade to the newer packages versions of each package if they are already installed. The newer versions are available in the Debian stable archive so you don’t need a back-port from testing.
[[user@box|~]]$ sudo aptitude remove bind dhcp [[user@box|~]]$ sudo aptitude install bind9 dhcp3-server
Let aptitude or apt-get figure out any dependencies and resolve them. You should get your basic but empty configuration files and start scripts all created for you in the usual Debian way.
You need to set your domain rules as per normal BIND9 format. BIND9 does have a reputation for being complex but the man page is complete if very long and there are good books to help you get through. Setting up the DHCP server is by comparison much simpler, set that us as you need. The hard bit is getting the two to talk to each other, as this is less well documented and the documentation that does exist does contradict. Getting the DHCP server to automatically update the DNS server was my problem that lead to my question on the D-A.org web site.
Configuring BIND9
/etc/bind/named.conf
You need to tell BIND that it’s okay to allow other applications to update it. I added the following to my BIND9 configuration, everything else was left as stock Debian. My DHCP server and DNS server are on the box, so here I’m only allowing local host to perform the update. The file rndc-key is a file containing a shared secret, so that BIND9 knows that it’s an approved application sending it instructions.
controls { {{{ inet 127.0.0.1 allow {localhost; } keys { "rndc-key"; }; };
}}}
/etc/bind/named.conf.local
Here is my local zone details, suitably modified. Here I let BIND know which domains it can update, in my case I only have one domain to deal with. I’m also loading in the shared secret key in at this stage. You can see I’m using a private IP address range.
// Add local zone definitions here. zone "network.athome" { {{{ type master; file "/etc/bind/db.network"; allow-update { key "rndc-key"; }; notify yes; };
zone “0.168.192.in-addr.arpa” {
type master; file "/etc/bind/db.192.168.0"; allow-update { key "rndc-key"; }; notify yes; };
include “/etc/bind/rndc.key”;
}}}
/etc/bind/rndc.key
The secret key is created with a tool. If your DHCP and DNS servers are on separate machines you need to copy the file between them or arrange for one machine to remotely access the file system of the other.
key "rndc-key" { {{{ algorithm hmac-md5; secret "lgkbhjhtthgtlghtl6567=="; };
db files
}}}
Set up your zone databases as normal. You don’t need to do anything fancy.
Configuring DHCP3 Server
By default the ISC DHCP3 server as shipped in default Debian does not do dynamic DNS update. You simply need to enable it. Below are the options I selected for my system.
/etc/dhcp3/dhcpd.conf
You have to turn on the updating with the ddns-update-style interim command. I have client-updates ignore as Windows machines try to set their FQDN, not just their hostname which causes problems. I’ve included the key so the two server daemons can trust each other.
# Basic stuff to name the server and swicth on updating server-identifier server; ddns-updates on; ddns-update-style interim; ddns-domainname "network.athome."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; 1. This is the key so that DHCP can authenticate it's self to BIND9 include "/etc/bind/rndc.key"; 1. This is the communication zone zone network.athome. { {{{ primary 127.0.0.1; key rndc-key; }
- Normal DNS stuff
option domain-name “network.athome.”; option domain-name-servers 192.168.0.60, 192.168.0.1; option ntp-servers 192.168.0.60; option ip-forwarding off;
default-lease-time 600; max-lease-time 7200; authoritative;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200; option broadcast-address 192.168.0.255; option routers 192.168.0.1; allow unknown-clients;
zone 0.168.192.in-addr.arpa. { primary 192.168.0.60; key "rndc-key"; }
zone localdomain. { primary 192.168.0.60; key "rndc-key"; } }
}}}
References
Return to LinuxHints
Leave a Reply
You must be logged in to post a comment.