Slackware 13.37 - Dynamic DNS using Bind and ISC DHCP server ============================================================ Public domain ******************************************************************************** ### Create a dnssec key # dnssec-keygen -a hmac-md5 -b 128 -n USER dhcpupdate Kdhcpupdate.+157+30215 # ls Kdhcpupdate.+157+30215.key Kdhcpupdate.+157+30215.private # cat Kdhcpupdate.+157+30215.key dhcpupdate. IN KEY 0 3 157 EFRHY4Vd4rOqbwphd5yGNA== # cat Kdhcpupdate.+157+30215.private Private-key-format: v1.2 Algorithm: 157 (HMAC_MD5) Key: EFRHY4Vd4rOqbwphd5yGNA== Bits: AAA= _if you run dnssec-keygen on virtual machines and it hangs for a while, add '-r /dev/urandom' option to dnssec-keygen command line._ ******************************************************************************** ### /etc/named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "caching-example/named.root"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; key dhcpupdate { algorithm hmac-md5; secret "EFRHY4Vd4rOqbwphd5yGNA=="; }; zone "example.com" { type master; file "example.com.fwd"; allow-update { key dhcpupdate; }; }; zone "1.16.172.in-addr.arpa" { type master; file "example.com.rev"; allow-update { key dhcpupdate; }; }; ******************************************************************************** ### /var/named/example.com.fwd $TTL 1D $ORIGIN example.com. @ SOA ns hostmaster ( 2012150700 ; sn 1H ; ref 10M ; ret 1W ; exp 3H ) ; min NS ns ns A 172.16.1.2 ******************************************************************************** ### /var/named/example.com.rev $TTL 1D $ORIGIN 1.16.172.in-addr.arpa. @ SOA ns.example.com. hostmaster.example.com. ( 2012071500 ; sn 1H ; ref 10M ; ret 1W ; exp 3H ) ; min NS ns1.example.com. 2 PTR ns1.example.com. ******************************************************************************** ### Restart bind chmod +x /etc/rc.d/rc.bind /etc/rc.d/rc.bind restart ******************************************************************************** ### Test with nsupdate # nsupdate > server 172.16.1.2 > key dhcpupdate EFRHY4Vd4rOqbwphd5yGNA== > zone example.com > update add laptop.example.com. 600 IN A 172.16.1.50 > send > zone 1.16.172.in-addr.arpa > update add 50.1.16.172.in-addr.arpa 600 IN PTR laptop.example.com. > send > quit # dig +short @172.16.1.2 laptop.example.com 172.16.1.50 # dig +short @172.16.1.2 -x 172.16.1.50 laptop.example.com. # nsupdate > server 172.16.1.2 > key dhcpupdate EFRHY4Vd4rOqbwphd5yGNA== > zone example.com > update delete laptop.example.com. > send > zone 1.16.172.in-addr.arpa > update delete 50.1.16.172.in-addr.arpa > send > quit ******************************************************************************** ### Note if your named server refused to start with the following warning logs: journal rollforward failed: journal out of sync with zone delete .jnl files and restart bind: cd /var/named rm *.jnl /etc/rc.d/rc.bind restart ******************************************************************************** ### /etc/dhcpd.conf ddns-update-style interim; update-static-leases on; default-lease-time 300; max-lease-time 3600; key dhcpupdate { algorithm hmac-md5; secret EFRHY4Vd4rOqbwphd5yGNA==; } zone example.com. { primary 172.16.1.2; key dhcpupdate; } zone 1.16.172.in-addr.arpa. { primary 172.16.1.2; key dhcpupdate; } subnet 172.16.1.0 netmask 255.255.255.0 { option routers 172.16.1.2; option subnet-mask 255.255.255.0; option domain-name-servers 37.152.160.18, 8.8.8.8; range 172.16.1.100 172.16.1.200; ddns-domainname "example.com"; ddns-hostname = concat(binary-to-ascii(10, 8, "-", leased-address), ".dynamic"); #ddns-hostname = binary-to-ascii (16, 8, "-", substring (hardware, 1, 6)); host webserver { hardware ethernet 3e:4b:37:00:82:00; fixed-address 172.16.1.50; ddns-hostname "www"; ddns-domainname "example.com"; } } ******************************************************************************** ### Start dhcp server touch /var/state/dhcp/dhcpd.leases dhcpd ******************************************************************************** ### Test dynamic lease # dig +short @172.16.1.2 172-16-1-100.dynamic.example.com 172.16.1.100 # dig +short @172.16.1.2 -x 172.16.1.100 172-16-1-100.dynamic.example.com. ******************************************************************************** ### Test static lease # dig +short @172.16.1.2 www.example.com 172.16.1.50 # dig +short @172.16.1.2 -x 172.16.1.50 www.example.com. ******************************************************************************** ### Dump journal files to zone files (freeze/unfreeze) - dynamic update temporarily disabled rndc freeze example.com rndc freeze 1.16.172.in-addr.arpa rndc thaw example.com rndc thaw 1.16.172.in-addr.arpa ******************************************************************************** ### Important manuals man dhcpd.conf man dhcp-eval ******************************************************************************** _BY: Pejman Moghadam_ _TAG: dhcpd, bind, ddns, dns_ _DATE: 2012-07-15 14:04:49_