March 2012
S	M	T	W	T	F	S
	1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

DHCP & DNS

Written by chrislyw at March 12, 2012

Setting up a LAN with a DHCP server with dynamic DNS update.

OS: Slackware 13.37

Secret key generation

A shared secret key is required to allow DHCP server updating zones file in DNS. To create the shared secret key, following command could be use:

dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER

After executing the command, a pair of key & private file will be created, you could get the shared secret in the key field of the private file.

Then you should, include the key in both /etc/dhcpd.conf & /etc/named.conf, e.g.,

key DHCP_UPDATER {
         algorithm HMAC-MD5;
         secret vUz0B3SSCPYfWTczJnW4Sw==;
};

DNS configuation

Suppose your domain in well setup in the DNS, you should allow DHCP to update the zone files, forward and reverse, if the request is send with the above keys.
/etc/named.conf

zone "int.q-station.net" IN {
  type master;
  file "domain/int.q-station.net";
  allow-update { key DHCP_UPDATER; };
};
        
zone "55.168.192.in-addr.arpa" IN {
  type master;
  file "in-addr/55.168.192.in-addr.arpa";
  allow-update { key DHCP_UPDATER; };
};

DHCP server configuration

You should setup your DHCP server to update the DNS, too.
/etc/named.conf

ddns-updates                on;    # required
ddns-update-style           interim; # required
ddns-domainname             "int.q-station.net."; # put your domain here
ddns-rev-domainname         "in-addr.arpa."; # this value should be fine for all ppl
# optional options below
one-lease-per-client    on;
deny                    client-updates;
update-optimization     false;
use-host-decl-names     on;
ddns-ttl 60;

# tell DHCP server where & what should be update
zone int.q-station.net. {
         primary 192.168.1.1;
         key DHCP_UPDATER;
}

zone 55.168.192.in-addr.arpa. {
         primary 192.168.1.1;
         key DHCP_UPDATER;
}

When any dhcp client register itself by providing the hostname, the dhcp server will use the provided hostname to update the record in DNS.

Testing the DNS update

You may using nsupdate to test DNS update operation, e.g.,

% nsupdate -v -k /tmp/Kdhcp_updater.+157+19919.key    
> update add testhost.int.q-station.net 120 A 192.168.55.31
> send

Or

> update delete testhost.int.q-station.net A
> send

Note for MacOS X client

The last note for MacOS X client: It seem MacOS won’t send out DHCPREQUEST with hostname instead MacOS X seem to accept the hostname from DHCP server and use it as hostname. So, you may include a host configuration for Mac machine, e.g.,

host macosx1 {
    hardware ethernet 08:00:27:05:00:00;
    option host-name "macosx1";
    ddns-hostname "macosx1";
}

Delete DNS record on release or expiry

As the default installation, DHCP server won’t remove the records in DNS if the host release the IP or the registration is expired. In order to implement the removal of expired or released record, I suggest you may study the on event reference in dhcpd.conf man page.

on release or expiry {
  log(debug,ddns-fwd-name);
  # execute some nsupdate script to remove the corresponding record
}

Updating dynamic update zone file

You may not directly update the zone file which dynamic update enabled, since the *.jnl file of the zone may overwritten your modification. The correct procedure to update dynamic update zone, should,

% rndc freeze <zone>
(The journal file will be committed and get remove.)
update the zone file now
% rndc thaw <zone>

q-station.net KB

Knowledge base for q-station.net

Recent Posts

Archives

Categories

Tags

Meta