?
Solved

DNS server configuration under linux that works for local domain as well

Posted on 2009-02-12
15
Medium Priority
?
1,739 Views
Last Modified: 2013-12-23
Hi every 1

We are trying to implement dns and dhcp server for our company that have 3 locations using bind ( linux ). At the moment our bind configuration ( in primary location) is working as follows:
for computers in local windows domain ( for example  'win_domain'  ) bind is reaquesting records from local domain controller ( windows 2003 server ) and then serving requests.
It means that our linux based dns server is acting as slave for domain controller receiving updated about computers in local domain from PDC ( windows 2003 server ).
We would like to use our linux based dns server as primary dns server not slave. The problem is that we have to gather information about local computers in our lan and then as primary dns serve requests. So far if we configure our dns server (bind) as master we cannot translate computer names in our LAN area to it's ip address - we don't have records about local computers names in bind configuration. While google-ing I found some solution that DHCP server can update bind server about this information.
Do you have any idea how to configure dhcp and dns server to allow update dns server dynamically about  new computers ??

Thank you in advance

Reagrds
0
Comment
Question by:admfotad
  • 9
  • 5
15 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 23620394
http://sipx-wiki.calivia.com/index.php/HowTo_Configure_DHCP_and_DNS_Servers

to give hostname from dhcp server you need to specifiy all the hostname and IP in dhcp configuration like this

# Host statements for clients with static IP addresses
group {
 use_host_dec1_names true;
host ns {
hardware ethernet 12:34:56:78:AB:CD;
 fixed_address 192.168.1.5;
}
host router {
 hardware ethernet 00:80:C7:A1:10:5C;
 fixed address 192.168.1.215;
}
}
0
 
LVL 2

Expert Comment

by:Rubén Callizo
ID: 23620535
You can setup your dhcp sever to uptade your dns records, and the DNS server to accept update. In the dns conf you have to add something like:
subnet  x.x.x.x netmask y.y.y.y {
ddns-domainname "yourdomain"
option domain-name-servers <your DNS server>
}
and in the DNS server:
zone "yourdomain" IN {
allow-update {
                    <your DHCP server>
    };
 };
0
 

Author Comment

by:admfotad
ID: 23621144
Rcallizo - this is what we are trying to accomplish. We want to serve dhcp requests and then dynamically update dns server.
Fosiu01 mentioned about statically assigned IP addresses based on MAC address and then link it to hostname but it won't work for us because some computers/servers have statically assigned IP address to MAC and we know it's hostnames and it is not problem - the problem are computers that have dynamically assigned IP address - we need to update this host names to dns server as well that's why I'm looking for a help 'cause everything in our lan changing very fast ( host names )
I'll let you know in few hours 'cause i have to move to other loction

Regards.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:admfotad
ID: 23631903
Hi again

I still have problems with configuration. What I did till now is to place debian server and host in same vlan to test it.
Computer in this vlan was connected earlier in domain 'it.local" - no changes has been made.
On debian I have configured zone called "it.local" and it's loading.
Computer is getting IP address from dhcp3 server ( debian).
From computer I can ping domain 'it.local'.

Configuration of dhcp3 server:

###############################
ddns-domainname "it.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
allow client-updates;


key DHCP_UPDATER {
algorithm hmac-md5;
secret some_secret_key;
}



subnet 172.10.8.0 netmask 255.255.248.0 {
option routers "some router IP";
option "broadcast-address "broadcast address";

zone it.local. {
primary 172.10.11.33;
key DHCP_UPDATER;
}
zone 0.8.10.172.in-addr.arpa. {
primary 172.10.11.33;
key DHCP_UPDATER;
}

};


########################################

bind configuration


#########################################

key "key_rndc" { algorithm hmac-md5; secret "some_secret";};
controls {inet 127.0.0.1 port 953 allow {127.0.0.1;} keys {"key_rndc";};};

zone "it.local" IN {
type master;
file "path_to_file";
allow-update { key "key_rndc";};
notify yes;
};

##################################


I'm getting out of ideas what's wrong ....

I even chmod-e it.local zone  file 666 to allow  update and nothing

In dhcp leases file everything seems to be good : i get all information including hostname of workstation but it doesen't go to it.local zone file ....

ANY ideas ??
0
 
LVL 2

Accepted Solution

by:
Rubén Callizo earned 900 total points
ID: 23632261
Could you try to add an entry with nsupdate?
# nsupdate
> server your_dns_server
> key DHCP_UPDATER some_secret_key
> zone it.local
> update add test.it.local 600 IN A some_ip
> send
It shouldn't return any message after the send command, then you should be able to resolve test.it.local
0
 

Author Comment

by:admfotad
ID: 23632561
What I get after your command:

nslookup
server 172.10.11.33
key DHCP_UPDATER some_secret_key
zonet it.local
update add test.it.local 600 IN A 172.10.8.3
send

was:

TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADKEY)

and what I've found in syslog:

1.[dhcpd] unable to add reverse map from 3.8.10.172.in-addr.arpa. to a-252.it.local: timed out
2.[named]client 172.10.8.3#53265 updating zone 'it.local/IN': update unsecceessful: a-252.it.local/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
3. [named]client 172.10.8.3#5003: update 'it.local/IN' denied

ps aux | grep named
output:
/usr/sbin/named -u bind

So....named is working
netstat -an | grep 53
output:
127.10.11.33:53      0.0.0.0:*       LISTEN


Procedure you gave I have repeated 3 times to make sure I'm typing correct secret_password




0
 

Author Comment

by:admfotad
ID: 23632633
I did 4-th time nsupdate and I get:
"update failed:SERVFAIL"
and in syslog:
[named]client 172.10.11.33#3278: updating zone 'it.local/IN': adding an RR at 'test.it.local' A
[named]journal file /etc/bind/it.local.jnl does not exist, creating it
[named]/etc/bind/it.local.jnl: create : permission denied
[named]client 172.10.11.33#32782: updating zone 'it.local/IN: error: journal open failed: unexpected error

maybe output form syslog can help a bit
0
 
LVL 2

Expert Comment

by:Rubén Callizo
ID: 23632671
bind creates the jnl files as temporary files, the user running the named daemon has no privileges to create the file, in your case it's in /etc/bind/
0
 

Author Comment

by:admfotad
ID: 23632751
I changed the permission to folder /etc/bind and now bind is the owner of this folder with permission to read and write. So i run nsupdate and finally there was no errors but I still can not ping my machine (a-252) from the server and I can not find any new records pointing to computer named a-252 - where should I look for this record ??

regards
0
 
LVL 2

Expert Comment

by:Rubén Callizo
ID: 23632825
You should look in the zone file, what is the output of:
nslookup a-252.it.local
0
 

Author Comment

by:admfotad
ID: 23632826
And I still have in syslog this messages:

1.[dhcpd] unable to add reverse map from 3.8.10.172.in-addr.arpa. to a-252.it.local: timed out
2.[named]client 172.10.8.3#53265 updating zone 'it.local/IN': update unsecceessful: a-252.it.local/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
3. [named]client 172.10.8.3#5003: update 'it.local/IN' denied

I need a cigarette break 'cause at the moment I remember whole secret password .........
0
 

Author Comment

by:admfotad
ID: 23632924
I'm tired and I'm realised that today is friday the 13-th. :). Neverimnd, the outpu from nslookup is:
nslookup test.it.local
Server 127.0.0.1
Address: 127.0.0.1:53

Name: test.it.local
Address: 172.10.11.23    < - the ip address I gaved to test.ip.local

So it looks that it's almost working.
 I was simply not quite clearly thinking : I can not ping test.it.local 'cause machine with this address doesen't exist/......doooug
0
 

Author Comment

by:admfotad
ID: 23632944
The only problem that remind is to add record from dhcpd3
0
 
LVL 2

Expert Comment

by:Rubén Callizo
ID: 23632991
bind is working and accepting updates so the problem should the dhcp sending the update, try to write again the secret in the key section, make sure it's without the "
Check also if there is any firewall blocking the connection.
0
 

Author Comment

by:admfotad
ID: 23641578
Couldn't answer from a officce 'cause there was proxy problem .  I found out on my private server what was probably wrong. The problem was in dhclient.conf configuration :

In /etc/dhclient.conf:

    send fqdn.fqdn "hostname.example.com.";
    send fqdn.encoded on;
    send fqdn.server-update off;


So, on my server everything works well excluding one thing that I have no idea where was record inserted with hostname and it's ip address in bind files but everything works well.

Thanks for help and quick answer.
Of course point goes to you. I'll try to add extra points if possible.

One more time thanks for help.

Regards
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question