HET306 UNIX for

Telecommunications

Configuring DHCP and

DNS Services with Unix

Outline
DHCP

Dynamic Host Configuration Protocol

Allows hosts to request (via broadcast) host information
Server will respond with network configuration information
Primarily for IP address/gateway/subnet mask AND DNS
server information
Also can provide other information eg. Time Server Proxy

DNS
Domain Name System
Allows forward (name to IP address) and reverse (IP
address to name) resolution
Standard Hierarchical system which distributes ownership
and responsibility of network domains

Combining DHCP and DNS

Why would we do this?
HET306 Slide Set 11 Configuring
DHCP and DNS Services

DHCP
Protocol is Standard what about
implementation
ISC (Internet Software Consortium) DHCP Server
version 3
http://www.isc.org/products/DHCP

FreeBSD Install
cd /usr/ports/net/isc-dhcp3-server
make && make install

Configuration File Location

/usr/local/etc/dhcpd.conf
HET306 Slide Set 11 Configuring
DHCP and DNS Services

DHCP Configuration
Configuration File
/usr/local/etc/dhcpd.conf

Two Sections Global and Lease/Group

Configuration Options
Global Options
Options/Settings common to all leases
Default lease timeout values
Details of DNS Server to communicate with

Lease/Group Options
Ranges of IP Addresses to assign
Specific options override globals for this group of
leases
HET306 Slide Set 11 Configuring
DHCP and DNS Services

DHCP Configuration

Common Global Options

option domain-name company.com;
option domain-name-servers list of dns servers;
option routers default gateway;
default-lease-time seconds;
max-lease-time seconds;
authoritative;

Many other options are available DHCP is flexible

Common Lease/Group Options

subnet a.b.c.d netmask e.f.g.h {
range a.b.c.x1 a.b.c.x2;
option any_local_options;
};

Assigns a free IP address in the specified range to a querying

host
Assigns the specified subnet mask
HET306 Slide Set 11 Configuring
DHCP and DNS Services

DHCP Configuration
Assigning Static IP Addresses
host host_name {
hardware ethernet 00:01:02:03:04:05;
fixed-address a.b.c.d;
option host-name advertised name;
};

host_name for labelling purposes

A host with the specified MAC address is always assigned
fixed-address IP address
A host requesting a lease and advertising itself as
advertised name is always assigned fixed-address IP
address
Advertised names must be configured in the OS of the
requesting workstation
HET306 Slide Set 11 Configuring
DHCP and DNS Services

Running DHCP
TO autostart at we edit /etc/rc.conf
dhcpd_enable=YES
dhcpd_ifaces=if0 if1

Will ensure that at system boot

dhcpd will be started
Listening for DHCP Lease request on the specified network
interfaces

Daemon started by /usr/local/etc/rc.d/isc-dhcpd.sh

Only if dhcpd_enable is set

Lease Database

Assigned leases are stored in a simple text file

/var/db/dhcpd.leases
This allows dhcpd to remember what leases have been assigned
after a restart
Database stores when leases expire
Periodically file will be re-created to remove expired leases and
ensure it doesnt get too big

HET306 Slide Set 11 Configuring

DHCP and DNS Services

DNS
Many products available
You already know about BIND Berkeley
Internet Name Daemon
http://www.isc.org/products/BIND/bind9.html
April 2005 figures 72.5% of all DNS servers run
BIND*

Free BSD Install

/usr/ports/net/bind9

* http://mydns.bboy.net/survey/
HET306 Slide Set 11 Configuring
DHCP and DNS Services

DNS Configuration
Configuration File
/etc/named/named.conf

Two Sections Global and Zone Configuration

Options
Global Options
Specify system behaviour
Upstream DNS Servers
Location of other database files

Zone Options
Definition of domain names AND files storing the database
Database files storing resolution information

HET306 Slide Set 11 Configuring

DHCP and DNS Services

DNS Configuration

Common Global Options

options {
version
information;
directory
listen-on
forward
forwarders
allow-query
pid-file
};

Response string for Version

/location/of/database/files;
{ a.b.c.d; 127.0.0.1; };
only;
{ a.b.c.d; e.f.g.h; };
{ a.b.c.d/24; localhost; };
/var/run/named/named.pid;

Many other options are available

Common Zone Options

zone domain.hello. {
type
master;
notify
no;
file
database.filename;
};

Specifies which database file contains either the forward or reverse

resolution information for the specified zone
Reverse zone names always 0.168.192.in-addr.arpa (means 192.168.0.*)

HET306 Slide Set 11 Configuring

DHCP and DNS Services

Forward Zone Files

Specifies forward (name -> IP

Address) resolutions for a domain
Trailing periods important
Fields

Domain Name example.org.

Email of administrator (replace @
with .) admin.example.org.
Name Server for Domain
ns1.example.org
Serial Number Used for
versioning
Timeouts specified in seconds

Record Types

NS Name Server
A Standard IPv4 Address for
name
CNAME This name resolves to
the same address as the provided
other name
MX This host is responsible for
handling mail for this domain.
Priority number specifies order to
use multiple mail servers

example.org. IN SOA
ns1.example.org.
admin.example.org. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
IN

NS
ns1.example.org.

host1
host2
ns1
www
IN

A
A
A
CNAME
MX 10

HET306 Slide Set 11 Configuring

DHCP and DNS Services

192.168.0.1
192.168.0.2
192.168.0.3
host1
host2

Reverse Zone Files

Specifies reverse (IP
Address -> name)
resolutions for a
domain
Trailing periods
important
Fields
Same as for forward
resolution

Record Types
PTR This address
resolves to the following
name

0.168.19.in-addr.arpa. IN SOA
ns1.example.org.
admin.example.org. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
IN
1
2
3

NS
ns1.example.org.
PTR
PTR
PTR

host1.example.org.
host2.example.org.
ns1.example.org.

HET306 Slide Set 11 Configuring

DHCP and DNS Services

Running DNS
TO autostart at we edit /etc/rc.conf
named_enable=YES

Will ensure that at system boot

named will be started

Daemon started by /etc/rc.d/named.sh

Only if named_enable is set

HET306 Slide Set 11 Configuring

DHCP and DNS Services

Dynamic DNS Updates

DHCP allocates IP addresses to hosts
As a new IP address is allocated
We would like to update the DNS server such
that the new host resolves to that IP address

We need to configure dhcpd and bind to

work together
dhcpd must be able to (securely) connect to the
bind server
bind must be able to accept changes to
database from remote dhcpd server

So how do we do it??
HET306 Slide Set 11 Configuring
DHCP and DNS Services

Dynamic DNS Updates

To enable communications
named.conf must be configured to allow
connections for update purposes
Want to only allow connections from the system
running dhcpd
Want to only allow connections from a user who
knows a secret key to encrypt communications

Encryption
Primarily for authentication of who can update
database
Not so much to protect database anyone can
query the DNS server after an update
HET306 Slide Set 11 Configuring
DHCP and DNS Services

Dynamic DNS Updates Key

Generating the update key
dnssec-keygen a HMAC-MD5 b 128 n USER DDNS-KEY

This will generate two files

The portion of the key you need is within both files

The key is used to

Secure communications between dhcpd and named
Ensure that only a registered dhcpd application can affect
changes to the DNS database

For more info on generating keys see:

man dhcpd.conf

HET306 Slide Set 11 Configuring

DHCP and DNS Services

dhcpd.conf Settings
Have to specify the key in the configuration file
key "KEY-NAME" {
algorithm HMAC-MD5;
secret AbCdEfGhIj*WhAtEvEr==";
};

Then tell dhcpd which zones it should try to

dynamically update
zone zone_name
primary dns_ip_address;
key KEY-NAME;
}

HET306 Slide Set 11 Configuring

DHCP and DNS Services

Update Behaviour
DHCP Server
zone_name must match corresponding authoritative zones
in DNS server
When an address is assigned to one of the matching
zones, dhcpd will contact DNS server with information
about the hostname of the machine assigned the lease and
its corresponding IP Address

DNS Server
bind must be listening for update connections on
dns_ip_address
bind must be configured with a matching key
Via secure update, DNS server will add an entry to resolve
the specified IP Address and Name
HET306 Slide Set 11 Configuring
DHCP and DNS Services

named.conf Settings

Have to specify the key in the configuration file same format as dhcpd.conf
key "KEY-NAME" {
algorithm HMAC-MD5;
secret AbCdEfGhIj*WhAtEvEr==";
};

Configure which interfaces and which key must be used to connect to the DNS
Server control channel allows updates
controls {
inet 127.0.0.1 allow { localhost; } keys { KEY-NAME; };
}
This allows connections on localhost and only from localhost assumes DHCP and
DNS server running on same machine

Configure zone information to allow updates given a correct key

zone domain.hello. {
type
master;
notify
no;
file
database.filename;
allow-update { key KEY-NAME; };
};

Should specify both forward and reverse zones as updateable

HET306 Slide Set 11 Configuring

DHCP and DNS Services

Dynamic DNS Updates

End results
A workstation/PC is turned on
Sends its hostname and requests an IP address from the
DHCP server
DHCP server sends back an IP lease
DHCP server contacts the DNS server with the hostname
and allocated IP address
DNS server updates the mapping between the specified
hostname and IP address

Any requests to the DNS server for that particular

hostname will result in the correct IP address being
resolved
Any reverse resolution requests for the IP address
will resolve to the machine that currently holds that
lease
HET306 Slide Set 11 Configuring
DHCP and DNS Services