For the average home computer user there is no need to install a complex package such as the Internet Software Consortium's BIND DNS or DHCP server, since there are far simpler lower resource tools to use, for example dnsmasq. For those who you wish to learn how to use ISC's BIND and DHCP, for example as a learning exercise, this is how I got it all to work in Debian Sarge, the current stable version of Debian GNU/Linux.
This short article was prompted by my question on the Debian-Administration forum site, where I was able to get some answers to the issues I faced and I did promise to post a solution if I got one.
Installation of Packages
The version of ISC BIND DNS and DHCP servers installed by default in Debian stable are the older versions, which will not actually work together. If you have either server installed you need to remove it and upgrade to the newer version of each package. The newer versions are available in the Debian stable archive so you do not need a back-port from testing.
[user@box ~]$ sudo aptitude remove bind dhcp [user@box ~]$ sudo aptitude install bind9 dhcp3-server
Let aptitude
or apt-get
figure out and resolve any dependencies. You will get a set of basic configuration files and start scripts all created for you in the usual Debian way.
To set-up DNS you need to set your domain rules as per normal BIND9 format. BIND9 does have a reputation for being complex but you can find help in the man
pages which are complete, if very long, and there are good books to help you get through (see below). Setting up the DHCP server is by comparison much simpler; set that up as you need.
The hard bit is getting the two to talk to each other, as this is less well documented and the documentation that does exist does contradict itself. It was my difficulties with getting the DHCP server to automatically update the DNS server that lead me ask a question on the D-A.org web site. Though I got no perfect answer, I was able to piece together enough to generate this working solution.
Configuring BIND9
/etc/bind/named.conf
You need to tell BIND that it is okay to allow other applications to update it. I added the following to my BIND9 configuration, everything else was left as stock Debian. My DHCP server and DNS server are on the box, so here I am only allowing localhost
to perform the update. The file rndc-key
is a file containing a shared secret, so that BIND9 knows that it is an approved application sending instructions.
controls { inet 127.0.0.1 allow {localhost; } keys { "rndc-key"; }; };
/etc/bind/named.conf.local
Here is my local zone details, suitably modified. Here I let BIND know which domains it can update; in my case I only have one domain to deal with. I am also loading in the shared secret key in at this stage. You can see I am using a private IP address range.
// Add local zone definitions here. zone "network.athome" { type master; file "/etc/bind/db.network"; allow-update { key "rndc-key"; }; notify yes; }; zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.0"; allow-update { key "rndc-key"; }; notify yes; }; include "/etc/bind/rndc.key";
/etc/bind/rndc.key
The secret key is created with a tool. If your DHCP and DNS servers are on separate machines you need to copy the file between them or arrange for one machine to remotely access the file system of the other.
key "rndc-key" { algorithm hmac-md5; secret "lgkbhjhtthgtlghtl6567=="; };
db files
Set up your zone databases as normal. You do not need to do anything fancy.
Configuring DHCP3 Server
By default the ISC DHCP3 server shipped in Debian Sarge does not do dynamic DNS update. You simply need to enable it. Below are the options I selected for my system.
/etc/dhcp3/dhcpd.conf
You have to turn on the updating with the ddns-update-style interim
command. I have client-updates ignore
as Windows machines try to set their FQDN, not just their hostname, which causes problems. I have included the key so the two server daemons can trust each other.
# Basic stuff to name the server and switch on updating server-identifier server; ddns-updates on; ddns-update-style interim; ddns-domainname "network.athome."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; # This is the key so that DHCP can authenticate it's self to BIND9 include "/etc/bind/rndc.key"; # This is the communication zone zone network.athome. { primary 127.0.0.1; key rndc-key; } # Normal DHCP stuff option domain-name "network.athome."; option domain-name-servers 192.168.0.60, 192.168.0.1; option ntp-servers 192.168.0.60; option ip-forwarding off; default-lease-time 600; max-lease-time 7200; authoritative; log-facility local7; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.100 192.168.0.200; option broadcast-address 192.168.0.255; option routers 192.168.0.1; allow unknown-clients; zone 0.168.192.in-addr.arpa. { primary 192.168.0.60; key "rndc-key"; } zone localdomain. { primary 192.168.0.60; key "rndc-key"; } }
- Version 1.00 / January 2006
- See the following:
- As ever, many thanks to the many people who have helped, in particular V. E. Kerguelen
Original Post: http://www.debian-administration.org/articles/343
2 comments:
cost of viagra viagra prescription uk viagra over the counter free viagra samples before buying viagra soft tabs generic name of viagra buying viagra in uk viagra without a prescription viagra and alcohol viagra rrp australia non prescription viagra viagra rrp australia cost viagra and hearing loss how long does viagra last
In every tom's time, at some dated, our inner pep goes out. It is then break asunder into passion by an encounter with another magnanimous being. We should all be under obligation for the duration of those people who rekindle the inner transport
Post a Comment