• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1575
  • Last Modified:

Dynamic DNS on a SUSE Linux box

Hi,

We are currently configuring a SUSE Linux box to act as a DNS & DHCP server in our company.  We can get the server to correctly assign an IP to clients and we have succesfully set up a records list of printer & server names and their relevant  static IP Addresses.  

What we want to do now is to configure ddns so that we can VPN onto clients machines to resolve issues etc, however, I can't seem to get this to work and I was wondering if anyone could point out what I may be doing wrong.

Currently our named.conf has the following information


# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9.  It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

options {
                                                                                                                                                                                                                                                     
        # The directory statement defines the name server's working directory

        directory "/var/lib/named";



        # Write dump and statistics file to the log subdirectory.  The
        # pathenames are relative to the chroot jail.

        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";

                                                                                                                           
        # The forwarders record contains a list of servers to which queries
        # should be forwarded.  Enable this line and modify the IP address to
        # your provider's name server.  Up to three servers may be listed.

        #forwarders { 192.0.2.1; 192.0.2.2; };

        # Enable the next entry to prefer usage of the name server declared in
        # the forwarders section.

        #forward first;

        # The listen-on record contains a list of local network interfaces to
        # listen on.  Optionally the port can be specified.  Default is to
        # listen on all interfaces found on your system.  The default port is
        # 53.

        #listen-on port 53 { 127.0.0.1; };

        # The listen-on-v6 record enables or disables listening on IPv6
        # interfaces.  Allowed values are 'any' and 'none' or a list of
        # addresses.

        listen-on-v6 { any; };



        # The next three statements may be needed if a firewall stands between
        # the local server and the internet.

        #query-source address * port 53;
        #transfer-source * port 53;
        #notify-source * port 53;

        # The allow-query record contains a list of networks or IP addresses
        # to accept and deny queries from. The default is to allow queries
        # from all hosts.

        #allow-query { 127.0.0.1; };

        # If notify is set to yes (default), notify messages are sent to other
        # name servers when the the zone data is changed.  Instead of setting
        # a global 'notify' statement in the 'options' section, a separate
        # 'notify' can be added to each zone definition.

        notify no;
        include "/etc/named.d/forwarders.conf";
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
#       # Log queries to a file limited to a size of 100 MB.
#       channel query_logging {
#               file "/var/log/named_querylog"
#                       versions 3 size 100M;
#               print-time yes;                 // timestamp log entries
#       };
#       category queries {
#               query_logging;
#       };
#
#       # Or log this kind alternatively to syslog.
#       channel syslog_queries {
#               syslog user;
#               severity info;
#       };
#       category queries { syslog_queries; };
#
#       # Log general name server errors to syslog.
#       channel syslog_errors {
#               syslog user;
#               severity error;
#       };
#       category default { syslog_errors;  };
#
#       # Don't log lame server messages.
#       category lame-servers { null; };
#};

# The following zone definitions don't need any modification.  The first one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
        type hint;
        file "root.hint";
};

zone "localhost" in {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

# Include the meta include file generated by createNamedConfInclude.  This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";
logging {
        category queries { log_file; };
        channel log_file { file "/root/Colin/cm.txt" size 20M; };
        category xfer-in { log_file; };
        category xfer-out { log_file; };
        category default { log_file; };
};
zone "companydns.com" in {
        file "master/companydns.com";
        type master;
};

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.


And the DHCPD.conf file is:


option domain-name "compdns.com";
option domain-name-servers 89.0.100.1;
ddns-domainname "companydns.com";
ddns-update-style interim;
ddns-updates on;
default-lease-time 28800;
subnet 89.0.0.0 netmask 255.255.0.0 {
  authoritative ;
  range 89.0.80.1 89.0.90.1;
  default-lease-time 28800;
  max-lease-time 172800;
  ddns-domainname "companydns.com";
  ddns-update-style interim;
  ddns-updates-on ;
}

This is an internal network with approximately 500 users.

Any help or advice would be appreciated.

Thanks in advance.
0
CM7
Asked:
CM7
  • 2
  • 2
1 Solution
 
Gabriel OrozcoSolution ArchitectCommented:
Hello

I'll try to help. I use ddns in my own network.

First, in order to allow dynamic dns updates, you need to add a dns-sec key to your named.conf, and then tell your domain it can be updated when transaction is signed with such key.

ho, I would want to see your /etc/named.conf.include file (where your domain really resides. all other info is sntandard and I would try to not move anything on it)

okay, let's continue with our bussiness here. You need to create a key (substitute "mydomain" with a short name for your domain, like "internals"):

dnssec-keygen -a hmac-md5 -b 128 -n HOST mydomain

This will create a key in two formats, living in /etc/Kmydomain* (the "*" is for more chars calculated at the time, like.. the time itself).

Now go and read the Kmydomain*.private. you should see a key in the form of
Key: f4BWYlmMmALru/q7SQkxRA==

now go to your /etc/named.conf.include and include the key (I put my keys at the top of the file) like this:
key DHCP_UPDATER {
  algorithm hmac-md5;
  secret f4BWYlmMmALru/q7SQkxRA==;
};

next go to your domain and reverse zone definition, say it is "mydomain" (I do not add .com or .net o full domain since it's internal) and add this:
zone "0.168.192.in-addr.arpa" {
        type master;
        allow-update { key DHCP_UPDATER; };
        file "192.168.0";
};
zone "mydomain" {
        type master;
        allow-update   { key DHCP_UPDATER; };
        file "mydomain";
};
note I used network 192.168.0.0/24 for this example. Since you also want to know who as some ip, you will take care to update also reverse zones, in order to enable reverse queries using dig -x =)

ok. this is all we need to do with /etc/named.conf.include. now we need to tell dhcp to use the key to update named, and we are almost set.
edit /etc/dhcpd.conf and add the zone files and the key (I use to put this at the top again):
key DHCP_UPDATER {
  algorithm hmac-md5;
  secret f4BWYlmMmALru/q7SQkxRA==;
};
zone "mydomain" {
  key DHCP_UPDATER;
}
zone "0.168.192.in-addr.arpa" {
  key DHCP_UPDATER;
}

allow client-updates;
ddns-domainname "mydomain";
#ddns-update-style interim;
ddns-updates on;
authoritative;
# this is the most important line. It specifies the method
# to use to connect to the DNS server and update it.
ddns-update-style interim;
... and the rest of the stuff you already have.

--------------------
now restart your named and dhcpd services. check they are responding to everything, and monitor named logs, since you will begin to receive a lot of messages about some records you need to fix. maybe you want to delete any entry in the "mydomain" zone file in order to allow dhcpd to add the entries by itself.

you will note also some new files in the zone file directory (I think it's /var/lib/named for SuSE) ending in .jnl (journal) these files hold the updated status of the zone file (they are database files). these are needed in a dynamic dns server normal operation. don't mess with them. you can only delete them when you shutdown named in a normal way, since all the updates they hold are written to the zone file when named stops.

This is all. Hope I made a good explanation.
0
 
CM7Author Commented:
Hi,

Thanks for your  help with this problem, I have changed the dhcpd.conf and named.conf files as per your suggestions and our server seems to be updating the dns correctly, we are still having a problem with the reverse lookups however.  

We've checked the messages file and there are no logs or errors being produced but we can't dig back to the assigned IP address.  

Aside from changing the named.conf and dhcpd.conf is there anything else we need to do?

Thanks
0
 
Gabriel OrozcoSolution ArchitectCommented:
per your named.conf file:

logging {
        category queries { log_file; };
        channel log_file { file "/root/Colin/cm.txt" size 20M; };
        category xfer-in { log_file; };
        category xfer-out { log_file; };
        category default { log_file; };
};


so, please check on /root/Colin/cm.txt so you can find any problem that can be happening. but then this is why I asked to read your named.conf.local file. To view if you had a reverse zone file or things like that.

=)
0
 
CM7Author Commented:
Hi,

Thanks for your help, everything seems to be working as expected now.

Thanks again
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now