Thursday, December 16, 2010

Dynamic DNS update with DHCP on Debian

If you have many dhcp clients it is much convenient to find them by name than remember ip addresses. This is what dynamic dns update with dhcp is for. I assume you followed few previous posts on dns and dhcp topic.

Configure DNS server

  1. We would like to accept only authorized secure updates, so let generate a secure key:
    dnssec-keygen -r /dev/urandom -a hmac-md5 -b 256 -n host key
    cat Kkey.*.private
    rm Kkey*
    
    Here is sample output:
    Private-key-format: v1.3
    Algorithm: 157 (HMAC_MD5)
    Key: 9rHjOgEuZ8O8LpsoJcl4zORqbeOCaPc3WfYDd5Mq3FHI=
    ...
    
  2. Add the following (replace md5 key with the one you generated) to a new file /etc/bind/dynamic-dns.key
    key DYNAMICDNS {
            algorithm hmac-md5;
            secret "9rHjOgEuZ8O8LpsoJcl4zORqbeOCaPc3WfYDd5Mq3FHI=";
    };
    
  3. Secure key:
    chmod o-r /etc/bind/dynamic-dns.key
    
  4. Ensure bind is the owner of the configucation directory, since it save some files there during dynamic updates:
    chmod -R g+w /etc/bind/
    
  5. Update zone registration file to allow dynamic updates (file /etc/bind/named.conf.local):
    include "/etc/bind/dynamic-dns.key";
    
    zone "dev.local" IN {
           type master;
           file "/etc/bind/db.dev.local";
           allow-update { key DYNAMICDNS; };
    };
    
    zone "10.168.192.IN-ADDR.ARPA" IN {
           type master;
           file "/etc/bind/db.10.168.192";
           allow-update { key DYNAMICDNS; };
    };
    
  6. Restart bind9

Test DNS Settings

  1. Let configure DNS for a new host test with ip 192.168.10.7:
    root@ns1:/etc/bind# nsupdate 
    > server 127.0.0.1
    > key DYNAMICDNS 9rHjOgEuZ8O8LpsoJcl4zORqbeOCaPc3WfYDd5Mq3FHI=
    > zone dev.local
    > update add test.dev.local. 600 IN A 192.168.10.7
    > send
    > zone 10.168.192.IN-ADDR.ARPA
    > update add 7.10.168.192.in-addr.arpa 600 IN PTR test.dev.local.
    > send
    
  2. And now verify:
    user1@deby01:~$ host test
    test.dev.local has address 192.168.10.7
    
    user1@deby01:~$ host 192.168.10.7
    7.10.168.192.in-addr.arpa domain name pointer test.dev.local.
    

Configure DHCP server

  1. Add the following (replace md5 key with the one you generated) to a new file /etc/dhcp/dynamic-dns.key
    key DYNAMICDNS {
            algorithm hmac-md5;
            secret "9rHjOgEuZ8O8LpsoJcl4zORqbeOCaPc3WfYDd5Mq3FHI=";
    };
    
  2. Create a new file /etc/dhcp/dhcpd.conf.local with the following content:
    include "/etc/dhcp/dynamic-dns.key";
    
    zone dev.local. {
            primary ns1.dev.local;
            key DYNAMICDNS;
    }
    
    zone 10.168.192.IN-ADDR.ARPA. {
            primary ns1.dev.local;
            key DYNAMICDNS;
    }
    
  3. Open file /etc/dhcp/dhcpd.conf and ensure:
    ddns-update-style interim;
    include "/etc/dhcp/dhcpd.conf.local";
    
  4. Restart dhcp server so our change take effect.
    /etc/init.d/isc-dhcp-server restart
    

Test DHCP server with Debian client

  1. First of all in order to identify your debian client by name you must ensure it send host name to dhcp server. You can check this in file /etc/dhcp/dhclient.conf:
    send host-name "deby01";
    
  2. Assuming the dhcp client interface is configured for eth1, here is a command to re-new ip address from server:
    dhclient -v eth1
    

No comments :

Post a Comment