Professional Documents
Culture Documents
Telecommunications
Outline
DHCP
DNS
Domain Name System
Allows forward (name to IP address) and reverse (IP
address to name) resolution
Standard Hierarchical system which distributes ownership
and responsibility of network domains
DHCP
Protocol is Standard what about
implementation
ISC (Internet Software Consortium) DHCP Server
version 3
http://www.isc.org/products/DHCP
FreeBSD Install
cd /usr/ports/net/isc-dhcp3-server
make && make install
DHCP Configuration
Configuration File
/usr/local/etc/dhcpd.conf
Lease/Group Options
Ranges of IP Addresses to assign
Specific options override globals for this group of
leases
HET306 Slide Set 11 Configuring
DHCP and DNS Services
DHCP Configuration
DHCP Configuration
Assigning Static IP Addresses
host host_name {
hardware ethernet 00:01:02:03:04:05;
fixed-address a.b.c.d;
option host-name advertised name;
};
Running DHCP
TO autostart at we edit /etc/rc.conf
dhcpd_enable=YES
dhcpd_ifaces=if0 if1
Lease Database
DNS
Many products available
You already know about BIND Berkeley
Internet Name Daemon
http://www.isc.org/products/BIND/bind9.html
April 2005 figures 72.5% of all DNS servers run
BIND*
* http://mydns.bboy.net/survey/
HET306 Slide Set 11 Configuring
DHCP and DNS Services
DNS Configuration
Configuration File
/etc/named/named.conf
Zone Options
Definition of domain names AND files storing the database
Database files storing resolution information
DNS Configuration
options {
version
information;
directory
listen-on
forward
forwarders
allow-query
pid-file
};
zone domain.hello. {
type
master;
notify
no;
file
database.filename;
};
Record Types
NS Name Server
A Standard IPv4 Address for
name
CNAME This name resolves to
the same address as the provided
other name
MX This host is responsible for
handling mail for this domain.
Priority number specifies order to
use multiple mail servers
example.org. IN SOA
ns1.example.org.
admin.example.org. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
IN
NS
ns1.example.org.
host1
host2
ns1
www
IN
A
A
A
CNAME
MX 10
192.168.0.1
192.168.0.2
192.168.0.3
host1
host2
Record Types
PTR This address
resolves to the following
name
0.168.19.in-addr.arpa. IN SOA
ns1.example.org.
admin.example.org. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
IN
1
2
3
NS
ns1.example.org.
PTR
PTR
PTR
host1.example.org.
host2.example.org.
ns1.example.org.
Running DNS
TO autostart at we edit /etc/rc.conf
named_enable=YES
So how do we do it??
HET306 Slide Set 11 Configuring
DHCP and DNS Services
Encryption
Primarily for authentication of who can update
database
Not so much to protect database anyone can
query the DNS server after an update
HET306 Slide Set 11 Configuring
DHCP and DNS Services
dhcpd.conf Settings
Have to specify the key in the configuration file
key "KEY-NAME" {
algorithm HMAC-MD5;
secret AbCdEfGhIj*WhAtEvEr==";
};
Update Behaviour
DHCP Server
zone_name must match corresponding authoritative zones
in DNS server
When an address is assigned to one of the matching
zones, dhcpd will contact DNS server with information
about the hostname of the machine assigned the lease and
its corresponding IP Address
DNS Server
bind must be listening for update connections on
dns_ip_address
bind must be configured with a matching key
Via secure update, DNS server will add an entry to resolve
the specified IP Address and Name
HET306 Slide Set 11 Configuring
DHCP and DNS Services
named.conf Settings
Have to specify the key in the configuration file same format as dhcpd.conf
key "KEY-NAME" {
algorithm HMAC-MD5;
secret AbCdEfGhIj*WhAtEvEr==";
};
Configure which interfaces and which key must be used to connect to the DNS
Server control channel allows updates
controls {
inet 127.0.0.1 allow { localhost; } keys { KEY-NAME; };
}
This allows connections on localhost and only from localhost assumes DHCP and
DNS server running on same machine