This documentation provides the necessary configuration files in order to set-up automatic, dynamic DNS
via DHCP
. Both the DNS
server bind9
and the ISC DHCP
will have to be configured. The distribution used is Debian Linux but the configuration should be pretty much the same on other distributions.
The following configuration will set-up automatic and dynamic DNS
for both forward and reverse maps for a zone with TLD internal
. Clients will receive addresses in the range 172.16.1.10-172.16.1.20
. The server is called spark
and is statically assigned at 172.16.1.2
and will serve DNS. The router is called launch
and is statically assigned at 172.16.1.1
and will route the network traffic.
aptitude install bind9 isc-dhcp-server
On Debian, we have to move db.internal
to db.localhost
.
cd /etc/bind/ mv db.internal db.localhost
And then we have to edit /etc/bind/named.conf.default-zones
to referenced the moved file:
zone "localhost" { type master; file "/etc/bind/db.localhost"; };
Now we can add our own zone configuration, by editing /etc/bind/named.conf.internal
and add the following directives:
include "/etc/bind/rndc.key"; zone "internal" { type master; notify no; file "/etc/bind/db.internal"; allow-update { key "rndc-key"; }; journal "/var/cache/bind/db.internal.jnl"; }; zone "1.16.172.in-addr.arpa" { type master; notify no; file "/etc/bind/db.172.16.1"; allow-update { key "rndc-key"; }; journal "/var/cache/bind/db.172.16.1.jnl"; };
Next, we add both forward and reverse zones.
We edit the forward-zone file referenced above:
; ; Zone file for internal ; $ORIGIN . $TTL 259200 ; 3 days internal IN SOA spark.internal. dns.spark.internal. ( 200516555 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 2419200 ; expire (4 weeks) 86400 ; minimum (1 day) ) NS spark.internal. $ORIGIN internal. spark A 172.16.1.1
and save it to /etc/bind/db.internal
.
Symmetrically, we edit the reverse zone file:
; ; Reverse zone file for internal ; $ORIGIN . $TTL 259200 ; 3 days 1.16.172.in-addr.arpa IN SOA spark.internal. dns.spark.internal. ( 200512768 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 2419200 ; expire (4 weeks) 86400 ; minimum (1 day) ) NS spark.internal. $ORIGIN 1.16.172.in-addr.arpa. 1 PTR spark.internal.
and save it to /etc/bind/db.172.16.1
.
The first thing to do is to copy the rndc.key
, the key that is used by rndc
to remotely control the nameserver, from /etc/bind/rndc.key
to /etc/dhcp/rndc.key
and change the owner to root (since the original file is owned by the user and group bind
).
cp /etc/bind/rndc.key /etc/dhcp/rndc.key chown root:root /etc/dhcp/rndc.key
Next, we edit the DHCP configuration file /etc/dhcp/dhcpd.conf
:
# Basic stuff to name the server and switch on updating ddns-updates on; ddns-update-style standard; ddns-domainname "internal."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; # Forwarding off, to not contaminate other interfaces. option ip-forwarding off; # This will update any static host declarations we may add later on. update-static-leases on; # This is the key so that DHCP can authenticate its self to BIND9 include "/etc/dhcp/rndc.key"; # This is the communication zone zone internal. { primary 127.0.0.1; key rndc-key; } zone 1.16.172.in-addr.arpa. { primary 127.0.0.1; key rndc-key; } # Lease times. default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # Subnet declaration. subnet 172.16.1.0 netmask 255.255.255.0 { range 172.16.1.10 172.16.1.20; option subnet-mask 255.255.255.0; option broadcast-address 172.16.1.255; option domain-name "internal"; option domain-name-servers 172.16.1.1; option routers 172.16.1.1; }
After all the files are in-place, restart both DNS and DHCP services:
/etc/init.d/bind9 restart /etc/init.d/isc-dhcp-server
and make a client renew its DHCP address while looking at /var/log/messages
and /var/log/daemon
for results.