DHCP & DNS
John Austin
ja at jaa.org.uk
Mon Oct 22 10:46:05 UTC 2007
On Sun, 2007-10-21 at 12:16 -1000, Dave Burns wrote:
> If you have 100 boxes, run DNS. Sounds like you want (?) static host
> names, might as well go for static IP too. Why not just make it all
> static if they know each other and make assumptions about each other.
>
> I just happen to know of an office with about 100 PCs in it, using NIS
> and NFS means they need a static relationship between machine and IP.
> (Well, again, it could be some other way but it is already complicated
> enough.) They have some hosts set with static IP, others get IP from
> DHCP but it is always the same (DHCP server config knows what IP
> belongs to what MAC address), and a small number of laptops share a
> pool of IPs and do not have predictable IP.
>
> Sounds to me like making everything totally dynamic is overkill in
> your current situation, and would be skull-crackingly complicated with
> 100 PCs that think they know a lot about each other. Maybe there is
> some applicable scale in between.
>
> Or just don't assume that any relationship is static, then everything
> can be dynamic.
>
> What would really make you happy? Some sort of peer-to-peer DNS
> without a server? Maybe you can use MAC addresses somehow?
> Dave
>
>
> On 10/21/07, zephod at cfl.rr.com <zephod at cfl.rr.com> wrote:
> >
> > ---- Dave Burns <tburns at hawaii.edu> wrote:
> > > My lazy ignorant suggestion is to reconfigure the router so that you
> > > know the IP of the two boxes will not change and then use /etc/hosts.
> >
> > Yes, I know I could do that. It's OK when there are only 2 boxes but what if I had a small office setup with, say, 100 PCs. It's not so practical then. I'm interested in finding out if there is another way to make this work.
> >
> > Steve
>
Hi
I have found DDNS a great advantage as I am adding machines/virtual
machines/Fx Test releases quite frequently - it is a joy to use.
It is behind a routing firewall and is hopefully reasonably secure.
I attach my hints to myself below.
Please do not ask about the IP addresses used - its too long
a story!!!!!!!!!!
I also see that dnsmasq is suitable and is used by xen virtual machines?
man dnsmasq
"dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to
provide coupled DNS and DHCP service to a LAN." .....
John
-------------- next part --------------
http://www.redhat.com/magazine/025nov06/features/dns/?sc_cid=bcm_edmsept_007
See also
http://www.brennan.id.au/08-Domain_Name_System_BIND.html
The vital bits taken from above
########################################################################
"CACHING" Name Server
########################################################################
The following RPMs need to be installed on the machine acting as the nameserver
(use rpm -q to determine if these packages are installed):
bind (includes DNS server, named)
bind-utils (utilities for querying DNS servers about host information)
bind-libs (libraries used by the bind server and utils package)
caching-nameserver (config files for a simple caching nameserver)
A caching nameserver forwards queries to an upstream nameserver
and caches the results.
Open the file /var/named/chroot/etc/named.conf and add the
following lines to the global options section:
forwarders { 212.104.130.9; 212.104.130.65; }; #IP of upstream ISP nameserver(s)
forward only; #rely completely on our upstream nameservers
chmod 644 named.conf
Modify the /etc/resolv.conf file to the following:
nameserver 127.0.0.1
Start the nameserver as root and configure to start in runlevels 2-5:
service named start
chkconfig named on
########################################################################
"PROPER" Name Server
########################################################################
Open /var/named/chroot/etc/named.conf and add the following
forward and reverse zone file directives:
# Forward Zone for jaa.org.uk domain
zone "jaa.org.uk" IN {
type master;
file "jaa.org.uk.zone";
};
# Reverse Zone for jaa.org.uk domain
zone "29.197.148.in-addr.arpa" IN {
type master;
file "148.197.29.zone";
};
We need to modify the named.conf global options to allow our internal clients to query the nameserver.
Modify the existing global options block to the following:
acl jaa-lan { 148.197.29.0/24; 127.0/8; };
options {
directory "/var/named";
allow-query { jaa-lan; };
forwarders { 212.104.130.9; 212.104.130.65; }; # ISP primary/secondary
forward-only; # Rely completely on ISP for cache misses
};
Zone Files
We are now ready to start defining our hostname mappings in the zone files referenced
in the named.conf configuration.
Zone files need to be placed in the /var/named/chroot/var/named directory,
have 644 permissions with an owner and group of named:
cd /var/named/chroot/var/named
touch jaa.org.uk.zone
chown named:named jaa.org.uk.zone
chmod 644 jaa.org.uk.zone
###################################################################
$TTL 1D
jaa.org.uk. IN SOA maui.jaa.org.uk. ja.jaa.org.uk. (
200702260 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
@ IN NS maui.jaa.org.uk.
maui IN A 148.197.29.5 ; FC5 server
;Laptop
jerry IN A 148.197.29.76 ; Windows 2000 Laptop
tom IN A 148.197.29.78 ; Fedora Laptop
;Shuttle 64
pared IN A 148.197.29.33 ; Main 80GB disk - FC5
icybox IN A 148.197.29.32 ; External USB/SATA disk, IcyI, FC5
lacie IN A 148.197.29.34 ; External USB/Firewire Lacie 20GB disk
;Kingston USB Stick
kingston IN A 148.197.29.96 ; External Kingston USB 2GB stick
;Latest Removable SATA Disk 250 MB
calma IN A 148.197.29.4 ;
avon IN A 148.197.29.3 ;
pagham IN A 148.197.29.2 ;
;Upright Machine Internal 250GB disk
centos IN A 148.197.29.210 ;
;Virtual Machines
vmaui IN A 148.197.29.10 ; win2000_ileaf_ja on maui
vwskye IN A 148.197.29.10 ; win2000_ileaf_ja on maui???
;Network devices
draytek IN A 148.197.29.254 ; Draytek ADSL router
usr IN A 148.197.29.55 ; Old Down stairs US Robotics WAP
dlinkng2 IN A 148.197.29.56 ; Down stairs D-Link WAP
dlinkng1 IN A 148.197.29.126 ; Up stairs D-Link WAP
dlink IN A 148.197.29.127 ; Old Up stairs D-Link WAP
netgear IN A 148.197.29.128 ; Netgear Print Server
###################################################################
named-checkzone jaa.org.uk jaa.org.uk.zone
###################################################################
$TTL 1D
@ IN SOA maui.jaa.org.uk. ja.jaa.org.uk. (
200701260 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
IN NS maui.jaa.org.uk.
2 IN PTR pagham.jaa.org.uk.
3 IN PTR avon.jaa.org.uk.
4 IN PTR calma.jaa.org.uk.
10 IN PTR vmaui.jaa.org.uk.
32 IN PTR icybox.jaa.org.uk.
33 IN PTR pared.jaa.org.uk.
34 IN PTR lacie.jaa.org.uk.
55 IN PTR usr.jaa.org.uk.
56 IN PTR dlinkng2.jaa.org.uk.
76 IN PTR jerry.jaa.org.uk.
78 IN PTR tom.jaa.org.uk.
96 IN PTR kingston.jaa.org.uk.
126 IN PTR dlinkng1.jaa.org.uk.
127 IN PTR dlink.jaa.org.uk.
128 IN PTR netgear.jaa.org.uk.
210 IN PTR centos.jaa.org.uk.
###################################################################
named-checkzone 29.197.148.in-addr.arpa 148.197.29.zone
###################################################################
service named restart
###################################################################
###################################################################
###################################################################
DYNAMIC DNS/DHCP configuration
###################################################################
http://voidmain.kicks-ass.net/redhat/redhat_9_dhcp_dynamic_dns.html
and
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.files/doc/aixfiles/named.conf.htm
Previously modified /etc/named.conf
//
// named.conf for Red Hat caching-nameserver
//
acl jaa-lan { 148.197.29.0/24; 127.0/8; };
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-query { jaa-lan; };
forwarders { 212.104.130.9; 212.104.130.65; }; #IP of upstream ISP nameserver(s)
// forward only; #rely completely on our upstream nameservers /////////////////////////////////
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
# Forward Zone for jaa.org.uk domain
zone "jaa.org.uk" IN {
type master;
file "jaa.org.uk.zone";
allow-update { localhost; };////////////////////////////////////////////////////
};
# Reverse Zone for jaa.org.uk domain
zone "29.197.148.in-addr.arpa" IN {
type master;
file "148.197.29.zone";
allow-update { localhost; };////////////////////////////////////////////////////
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
###################################################################
Comment out
forward only; #rely completely on our upstream nameservers
Add
allow-update { localhost; };
To both
# Forward Zone for jaa.org.uk domain
and
# Reverse Zone for jaa.org.uk domain
###################################################################
/etc/dhcp.conf
#
# Global Settings
#
# Turn on Dynamic DNS:
ddns-update-style interim;
ddns-updates on;
# Don't allow clients to update DNS, make the server do it
# based on the hostname passed by the DHCP client:
deny client-updates;
allow unknown-clients;
#
# 148.197.29.0/255.255.255.0 Scope Settings
#
subnet 148.197.29.0 netmask 255.255.255.0 {
# Range of DHCP assigned addresses for this scope
range 148.197.29.10 148.197.29.250 ;
# 1 day
default-lease-time 86400;
# 2 days
max-lease-time 172800;
# Configure the client's default Gateway:
option subnet-mask 255.255.255.0;
option broadcast-address 148.197.29.255;
option routers 148.197.29.254;
# Configure the client's DNS settings:
option domain-name "jaa.org.uk";
option domain-name-servers 148.197.29.5, 212.104.130.9;
# If you want the client to be configured to also use
# a WINS server:
option netbios-name-servers 148.197.29.5;
option netbios-node-type 8;
}
###################################################################
This needs tidying!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
cd /var/named/chroot/var/named
cat jaa.org.uk.zone
$TTL 1D
jaa.org.uk. IN SOA maui.jaa.org.uk. ja.jaa.org.uk. (
200702260 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
@ IN NS maui.jaa.org.uk.
maui IN A 148.197.29.5 ; FC5 server
;Laptop
jerry IN A 148.197.29.76 ; Windows 2000 Laptop
tom IN A 148.197.29.78 ; Fedora Laptop
;Shuttle 64
;pared IN A 148.197.29.33 ; Main 80GB disk - FC5
;icybox IN A 148.197.29.32 ; External USB/SATA disk, IcyI, FC5
;lacie IN A 148.197.29.34 ; External USB/Firewire Lacie 20GB disk
;Kingston USB Stick
kingston IN A 148.197.29.96 ; External Kingston USB 2GB stick
;Latest Removable SATA Disk 250 MB
;calma IN A 148.197.29.4 ;
;avon IN A 148.197.29.3 ;
;pagham IN A 148.197.29.2 ;
;Upright Machine Internal 250GB disk
;centos IN A 148.197.29.210 ;
;Virtual Machines
;vmaui IN A 148.197.29.10 ; win2000_ileaf_ja on maui
;vwskye IN A 148.197.29.10 ; win2000_ileaf_ja on maui???
;Network devices
draytek IN A 148.197.29.254 ; Draytek ADSL router
;usr IN A 148.197.29.55 ; Old Down stairs US Robotics WAP
dlinkng2 IN A 148.197.29.56 ; Down stairs D-Link WAP
dlinkng1 IN A 148.197.29.126 ; Up stairs D-Link WAP
;dlink IN A 148.197.29.127 ; Old Up stairs D-Link WAP
netgear IN A 148.197.29.128 ; Netgear Print Server
$TTL 600 ; 10 minutes
###################################################################
cat 148.197.29.zone
$TTL 1D
@ IN SOA maui.jaa.org.uk. ja.jaa.org.uk. (
200701260 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
IN NS maui.jaa.org.uk.
;2 IN PTR pagham.jaa.org.uk.
;3 IN PTR avon.jaa.org.uk.
;4 IN PTR calma.jaa.org.uk.
;10 IN PTR vmaui.jaa.org.uk.
;32 IN PTR icybox.jaa.org.uk.
;33 IN PTR pared.jaa.org.uk.
;34 IN PTR lacie.jaa.org.uk.
;55 IN PTR usr.jaa.org.uk.
56 IN PTR dlinkng2.jaa.org.uk.
76 IN PTR jerry.jaa.org.uk.
78 IN PTR tom.jaa.org.uk.
96 IN PTR kingston.jaa.org.uk.
126 IN PTR dlinkng1.jaa.org.uk.
127 IN PTR dlink.jaa.org.uk.
128 IN PTR netgear.jaa.org.uk.
;210 IN PTR centos.jaa.org.uk.
IN PTR avon.jaa.org.uk.
$TTL 600 ; 10 minutes
###################################################################
ifcfg-eth0 on client MUST not have FQDN just the macnine name respin say
MUST check action using
watch tail -n50 /var/log/messages
This showed permission problem with
/var/named/chroot/var
edit /etc/sysconfig/named
and uncomment
ENABLE_ZONE_WRITE=yes
[root at maui var]# ls -l
total 24
drwxr-x--- 4 root named 4096 Jan 26 15:54 named
drwxr-x--- 4 root named 4096 Jan 26 10:49 run
drwxrwx--- 2 named named 4096 Mar 13 2003 tmp
[root at maui var]# chmod 777 named
TEMP fix !!!!!!!!!!!!!! See above for proper fix of /etc/sysconfig/named
[root at maui named]# ls -l
total 96
-rw-r----- 1 named named 1013 Jan 26 18:20 148.197.29.zone
-rw-r--r-- 1 named named 768 Jan 26 20:42 148.197.29.zone.jnl
-rw-r--r-- 1 root root 895 Jan 26 15:46 148.197.29.zone_static_master
drwxrwx--- 2 named named 4096 Aug 25 2004 data
-rw-r----- 1 named named 2021 Jan 26 15:56 jaa.org.uk.zone
-rw-r--r-- 1 named named 785 Jan 26 20:42 jaa.org.uk.zone.jnl
-rw-r--r-- 1 root root 1988 Jan 26 15:46 jaa.org.uk.zone_static_master
-rw-r----- 1 root named 198 Mar 9 2006 localdomain.zone
-rw-r----- 1 root named 195 Mar 9 2006 localhost.zone
-rw-r----- 1 root named 427 Mar 9 2006 named.broadcast
-rw-r----- 1 root named 2518 Mar 9 2006 named.ca
-rw-r----- 1 root named 424 Mar 9 2006 named.ip6.local
-rw-r----- 1 root named 426 Mar 9 2006 named.local
-rw-r----- 1 root named 427 Mar 9 2006 named.zero
drwxrwx--- 2 named named 4096 Jul 27 2004 slaves
###################################################################
More information about the fedora-list
mailing list