DNS server configuration under linux that works for local domain as well
Hi every 1
We are trying to implement dns and dhcp server for our company that have 3 locations using bind ( linux ). At the moment our bind configuration ( in primary location) is working as follows:
for computers in local windows domain ( for example 'win_domain' ) bind is reaquesting records from local domain controller ( windows 2003 server ) and then serving requests.
It means that our linux based dns server is acting as slave for domain controller receiving updated about computers in local domain from PDC ( windows 2003 server ).
We would like to use our linux based dns server as primary dns server not slave. The problem is that we have to gather information about local computers in our lan and then as primary dns serve requests. So far if we configure our dns server (bind) as master we cannot translate computer names in our LAN area to it's ip address - we don't have records about local computers names in bind configuration. While google-ing I found some solution that DHCP server can update bind server about this information.
Do you have any idea how to configure dhcp and dns server to allow update dns server dynamically about new computers ??
Thank you in advance
Reagrds
We are trying to implement dns and dhcp server for our company that have 3 locations using bind ( linux ). At the moment our bind configuration ( in primary location) is working as follows:
for computers in local windows domain ( for example 'win_domain' ) bind is reaquesting records from local domain controller ( windows 2003 server ) and then serving requests.
It means that our linux based dns server is acting as slave for domain controller receiving updated about computers in local domain from PDC ( windows 2003 server ).
We would like to use our linux based dns server as primary dns server not slave. The problem is that we have to gather information about local computers in our lan and then as primary dns serve requests. So far if we configure our dns server (bind) as master we cannot translate computer names in our LAN area to it's ip address - we don't have records about local computers names in bind configuration. While google-ing I found some solution that DHCP server can update bind server about this information.
Do you have any idea how to configure dhcp and dns server to allow update dns server dynamically about new computers ??
Thank you in advance
Reagrds
You can setup your dhcp sever to uptade your dns records, and the DNS server to accept update. In the dns conf you have to add something like:
subnet x.x.x.x netmask y.y.y.y {
ddns-domainname "yourdomain"
option domain-name-servers <your DNS server>
}
and in the DNS server:
zone "yourdomain" IN {
allow-update {
<your DHCP server>
};
};
subnet x.x.x.x netmask y.y.y.y {
ddns-domainname "yourdomain"
option domain-name-servers <your DNS server>
}
and in the DNS server:
zone "yourdomain" IN {
allow-update {
<your DHCP server>
};
};
ASKER
Rcallizo - this is what we are trying to accomplish. We want to serve dhcp requests and then dynamically update dns server.
Fosiu01 mentioned about statically assigned IP addresses based on MAC address and then link it to hostname but it won't work for us because some computers/servers have statically assigned IP address to MAC and we know it's hostnames and it is not problem - the problem are computers that have dynamically assigned IP address - we need to update this host names to dns server as well that's why I'm looking for a help 'cause everything in our lan changing very fast ( host names )
I'll let you know in few hours 'cause i have to move to other loction
Regards.
Fosiu01 mentioned about statically assigned IP addresses based on MAC address and then link it to hostname but it won't work for us because some computers/servers have statically assigned IP address to MAC and we know it's hostnames and it is not problem - the problem are computers that have dynamically assigned IP address - we need to update this host names to dns server as well that's why I'm looking for a help 'cause everything in our lan changing very fast ( host names )
I'll let you know in few hours 'cause i have to move to other loction
Regards.
ASKER
Hi again
I still have problems with configuration. What I did till now is to place debian server and host in same vlan to test it.
Computer in this vlan was connected earlier in domain 'it.local" - no changes has been made.
On debian I have configured zone called "it.local" and it's loading.
Computer is getting IP address from dhcp3 server ( debian).
From computer I can ping domain 'it.local'.
Configuration of dhcp3 server:
##########################
ddns-domainname "it.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
allow client-updates;
key DHCP_UPDATER {
algorithm hmac-md5;
secret some_secret_key;
}
subnet 172.10.8.0 netmask 255.255.248.0 {
option routers "some router IP";
option "broadcast-address "broadcast address";
zone it.local. {
primary 172.10.11.33;
key DHCP_UPDATER;
}
zone 0.8.10.172.in-addr.arpa. {
primary 172.10.11.33;
key DHCP_UPDATER;
}
};
##########################
bind configuration
##########################
key "key_rndc" { algorithm hmac-md5; secret "some_secret";};
controls {inet 127.0.0.1 port 953 allow {127.0.0.1;} keys {"key_rndc";};};
zone "it.local" IN {
type master;
file "path_to_file";
allow-update { key "key_rndc";};
notify yes;
};
##########################
I'm getting out of ideas what's wrong ....
I even chmod-e it.local zone file 666 to allow update and nothing
In dhcp leases file everything seems to be good : i get all information including hostname of workstation but it doesen't go to it.local zone file ....
ANY ideas ??
I still have problems with configuration. What I did till now is to place debian server and host in same vlan to test it.
Computer in this vlan was connected earlier in domain 'it.local" - no changes has been made.
On debian I have configured zone called "it.local" and it's loading.
Computer is getting IP address from dhcp3 server ( debian).
From computer I can ping domain 'it.local'.
Configuration of dhcp3 server:
##########################
ddns-domainname "it.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
allow client-updates;
key DHCP_UPDATER {
algorithm hmac-md5;
secret some_secret_key;
}
subnet 172.10.8.0 netmask 255.255.248.0 {
option routers "some router IP";
option "broadcast-address "broadcast address";
zone it.local. {
primary 172.10.11.33;
key DHCP_UPDATER;
}
zone 0.8.10.172.in-addr.arpa. {
primary 172.10.11.33;
key DHCP_UPDATER;
}
};
##########################
bind configuration
##########################
key "key_rndc" { algorithm hmac-md5; secret "some_secret";};
controls {inet 127.0.0.1 port 953 allow {127.0.0.1;} keys {"key_rndc";};};
zone "it.local" IN {
type master;
file "path_to_file";
allow-update { key "key_rndc";};
notify yes;
};
##########################
I'm getting out of ideas what's wrong ....
I even chmod-e it.local zone file 666 to allow update and nothing
In dhcp leases file everything seems to be good : i get all information including hostname of workstation but it doesen't go to it.local zone file ....
ANY ideas ??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What I get after your command:
nslookup
server 172.10.11.33
key DHCP_UPDATER some_secret_key
zonet it.local
update add test.it.local 600 IN A 172.10.8.3
send
was:
TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADKEY)
and what I've found in syslog:
1.[dhcpd] unable to add reverse map from 3.8.10.172.in-addr.arpa. to a-252.it.local: timed out
2.[named]client 172.10.8.3#53265 updating zone 'it.local/IN': update unsecceessful: a-252.it.local/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
3. [named]client 172.10.8.3#5003: update 'it.local/IN' denied
ps aux | grep named
output:
/usr/sbin/named -u bind
So....named is working
netstat -an | grep 53
output:
127.10.11.33:53 0.0.0.0:* LISTEN
Procedure you gave I have repeated 3 times to make sure I'm typing correct secret_password
nslookup
server 172.10.11.33
key DHCP_UPDATER some_secret_key
zonet it.local
update add test.it.local 600 IN A 172.10.8.3
send
was:
TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADKEY)
and what I've found in syslog:
1.[dhcpd] unable to add reverse map from 3.8.10.172.in-addr.arpa. to a-252.it.local: timed out
2.[named]client 172.10.8.3#53265 updating zone 'it.local/IN': update unsecceessful: a-252.it.local/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
3. [named]client 172.10.8.3#5003: update 'it.local/IN' denied
ps aux | grep named
output:
/usr/sbin/named -u bind
So....named is working
netstat -an | grep 53
output:
127.10.11.33:53 0.0.0.0:* LISTEN
Procedure you gave I have repeated 3 times to make sure I'm typing correct secret_password
ASKER
I did 4-th time nsupdate and I get:
"update failed:SERVFAIL"
and in syslog:
[named]client 172.10.11.33#3278: updating zone 'it.local/IN': adding an RR at 'test.it.local' A
[named]journal file /etc/bind/it.local.jnl does not exist, creating it
[named]/etc/bind/it.local.
[named]client 172.10.11.33#32782: updating zone 'it.local/IN: error: journal open failed: unexpected error
maybe output form syslog can help a bit
"update failed:SERVFAIL"
and in syslog:
[named]client 172.10.11.33#3278: updating zone 'it.local/IN': adding an RR at 'test.it.local' A
[named]journal file /etc/bind/it.local.jnl does not exist, creating it
[named]/etc/bind/it.local.
[named]client 172.10.11.33#32782: updating zone 'it.local/IN: error: journal open failed: unexpected error
maybe output form syslog can help a bit
bind creates the jnl files as temporary files, the user running the named daemon has no privileges to create the file, in your case it's in /etc/bind/
ASKER
I changed the permission to folder /etc/bind and now bind is the owner of this folder with permission to read and write. So i run nsupdate and finally there was no errors but I still can not ping my machine (a-252) from the server and I can not find any new records pointing to computer named a-252 - where should I look for this record ??
regards
regards
You should look in the zone file, what is the output of:
nslookup a-252.it.local
nslookup a-252.it.local
ASKER
And I still have in syslog this messages:
1.[dhcpd] unable to add reverse map from 3.8.10.172.in-addr.arpa. to a-252.it.local: timed out
2.[named]client 172.10.8.3#53265 updating zone 'it.local/IN': update unsecceessful: a-252.it.local/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
3. [named]client 172.10.8.3#5003: update 'it.local/IN' denied
I need a cigarette break 'cause at the moment I remember whole secret password .........
1.[dhcpd] unable to add reverse map from 3.8.10.172.in-addr.arpa. to a-252.it.local: timed out
2.[named]client 172.10.8.3#53265 updating zone 'it.local/IN': update unsecceessful: a-252.it.local/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
3. [named]client 172.10.8.3#5003: update 'it.local/IN' denied
I need a cigarette break 'cause at the moment I remember whole secret password .........
ASKER
I'm tired and I'm realised that today is friday the 13-th. :). Neverimnd, the outpu from nslookup is:
nslookup test.it.local
Server 127.0.0.1
Address: 127.0.0.1:53
Name: test.it.local
Address: 172.10.11.23 < - the ip address I gaved to test.ip.local
So it looks that it's almost working.
I was simply not quite clearly thinking : I can not ping test.it.local 'cause machine with this address doesen't exist/......doooug
nslookup test.it.local
Server 127.0.0.1
Address: 127.0.0.1:53
Name: test.it.local
Address: 172.10.11.23 < - the ip address I gaved to test.ip.local
So it looks that it's almost working.
I was simply not quite clearly thinking : I can not ping test.it.local 'cause machine with this address doesen't exist/......doooug
ASKER
The only problem that remind is to add record from dhcpd3
bind is working and accepting updates so the problem should the dhcp sending the update, try to write again the secret in the key section, make sure it's without the "
Check also if there is any firewall blocking the connection.
Check also if there is any firewall blocking the connection.
ASKER
Couldn't answer from a officce 'cause there was proxy problem . I found out on my private server what was probably wrong. The problem was in dhclient.conf configuration :
In /etc/dhclient.conf:
send fqdn.fqdn "hostname.example.com.";
send fqdn.encoded on;
send fqdn.server-update off;
So, on my server everything works well excluding one thing that I have no idea where was record inserted with hostname and it's ip address in bind files but everything works well.
Thanks for help and quick answer.
Of course point goes to you. I'll try to add extra points if possible.
One more time thanks for help.
Regards
In /etc/dhclient.conf:
send fqdn.fqdn "hostname.example.com.";
send fqdn.encoded on;
send fqdn.server-update off;
So, on my server everything works well excluding one thing that I have no idea where was record inserted with hostname and it's ip address in bind files but everything works well.
Thanks for help and quick answer.
Of course point goes to you. I'll try to add extra points if possible.
One more time thanks for help.
Regards
to give hostname from dhcp server you need to specifiy all the hostname and IP in dhcp configuration like this
# Host statements for clients with static IP addresses
group {
use_host_dec1_names true;
host ns {
hardware ethernet 12:34:56:78:AB:CD;
fixed_address 192.168.1.5;
}
host router {
hardware ethernet 00:80:C7:A1:10:5C;
fixed address 192.168.1.215;
}
}