• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 614
  • Last Modified:

How to create static IP in Samba4/DNS?

I am running Slacware64 14.1, Samba 4.1.11 and bind 9.9.5-P1. I am running this host as an AD/DC. I have provisioned the Samba DC specifying BIND9_FLATFILE backend, which basically means using the normal bind config files. This setup has been running fine for around 9 months.

Now, I have a couple of devices, e.g. printer, DVR, for which I want to add static IPs. I've done this in a pre-Samba DNS by adding the following line the to the zone file:

$TTL 14400      ; 4 hours
ricoh                   A       192.168.0.20

and similarly to the reverse zone file:

$TTL 14400
20     PTR    ricoh.hprs.local.

I did this yesterday, but after some period of time, the A record entry from the zone file had disappeared altogether. Samba does update these files, but why would the A record go away? Or, maybe I configured it wrong.

Can someone help me out with getting this IP set correctly?

Below is the zonefile in question (lots of Samba added stuff)
$ORIGIN .
$TTL 14400      ; 4 hours
hprs.local              IN SOA  mail.hprs.local. hostmaster.hprs.local. (
                                2014094808 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                28800      ; expire (8 hours)
                                3600       ; minimum (1 hour)
                                )
                        NS      mail.hprs.local.
                        A       192.168.0.2
$ORIGIN hprs.local.
_kerberos               TXT     "HPRS.LOCAL"
$ORIGIN _msdcs.hprs.local.
48c0208f-0646-42f6-89bf-dc9b81b3442c CNAME mail.hprs.local.
$ORIGIN _tcp.Default-First-Site-Name._sites.dc._msdcs.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _tcp.dc._msdcs.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _msdcs.hprs.local.
_ldap._tcp.e261d59e-e2f2-4202-9caa-b0ebf8d106a5.domains SRV 0 100 389 mail.hprs.local.
gc                      A       192.168.0.2
$ORIGIN gc._msdcs.hprs.local.
_ldap._tcp.Default-First-Site-Name._sites SRV 0 100 3268 mail.hprs.local.
_ldap._tcp              SRV     0 100 3268 mail.hprs.local.
$ORIGIN _msdcs.hprs.local.
_ldap._tcp.pdc          SRV     0 100 389 mail.hprs.local.
$ORIGIN _tcp.Default-First-Site-Name._sites.hprs.local.
_gc                     SRV     0 100 3268 mail.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _tcp.hprs.local.
_gc                     SRV     0 100 3268 mail.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_kerberos-master        SRV     0 100 88 mail.hprs.local.
_kpasswd                SRV     0 100 464 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _udp.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_kerberos-master        SRV     0 100 88 mail.hprs.local.
_kpasswd                SRV     0 100 464 mail.hprs.local.
$ORIGIN hprs.local.
$TTL 1200       ; 20 minutes
BETH                    A       192.168.0.53
$TTL 3600       ; 1 hour
                        TXT     "31fb00b7a77fdc7f6ba1e7a3a8efaeb764"
$TTL 1200       ; 20 minutes
CHARMAINE               A       192.168.0.52
$TTL 3600       ; 1 hour
                        TXT     "31e495ab9beab3bba63ae1165feab6d82f"
$TTL 1200       ; 20 minutes
COMMON                  A       192.168.0.58
$TTL 3600       ; 1 hour
                        TXT     "31d43f065d80a9e1d8507c919ea920a677"
$TTL 1200       ; 20 minutes
DENNIS                  A       192.168.0.57
$TTL 3600       ; 1 hour
                        TXT     "31616d4148a7bea9e6aba53e934e9a3766"
DOMAS1286P12141         A       192.168.0.114
                        TXT     "31692eef51b0eaa0d31d250455d1c2c625"
$TTL 1200       ; 20 minutes
DORIS                   A       192.168.0.51
$TTL 3600       ; 1 hour
                        TXT     "318d9a2029644a1b54e80551bba7682954"
$TTL 1200       ; 20 minutes
HOLLY                   A       192.168.0.56
$TTL 3600       ; 1 hour
                        TXT     "3125e48aa8400fcddf72791dc5bb93bca7"
LocalHost               A       192.168.0.24
                        TXT     "31d0ef7b30ac56944e0d01b8d43a43123a"
$TTL 14400      ; 4 hours
mail                    A       192.168.0.2
$TTL 1200       ; 20 minutes
MARK                    A       192.168.0.55
$TTL 3600       ; 1 hour
                        TXT     "312e7db07ef48b5b5c1c74dca37fc455d0"
MCNEA1953C11141         A       192.168.0.112
                        TXT     "3133784f6dadce841246963acdf6ffa25c"
$TTL 1200       ; 20 minutes
MIKE                    A       192.168.0.54
$TTL 3600       ; 1 hour
                        TXT     "3123e28f0b7a5150ca7bf29e91967928c2"
OHPRSstorage            A       192.168.0.5
                        TXT     "00809cfa69f150af1ca3924d33b7dbd20e"
$TTL 1200       ; 20 minutes
RENEE                   A       192.168.0.50
$TTL 3600       ; 1 hour
                        TXT     "31a3fe008f43cb09a0b5e55cf7a3322f26"
$TTL 1200       ; 20 minutes
server                  A       192.168.0.4
$TTL 3600       ; 1 hour
                        TXT     "3142f0ea1580f4cfde5bfb712dc2dc8482"
$TTL 1200       ; 20 minutes
TRAVERSE                A       192.168.0.59
$TTL 3600       ; 1 hour
                        TXT     "31d1e2072b79d455b24818ec52267dc0b6"
viao                    A       192.168.0.102
                        TXT     "319fa2220f0f1c778d2667ee0e19bbb60d"
webserver               A       192.168.0.3
                        TXT     "00a72c84d5da5a7047247078f738268ec3"

Open in new window

0
jmarkfoley
Asked:
jmarkfoley
  • 4
  • 2
1 Solution
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK, this is very explainable.

First, DNS does not control the ASSIGNMENT of an IP address to a machine (copier, computer, or mobile device)... DNS only gives addresses for names (or vice-versa: names to addresses):
 - An A record gives a name an IP address
 - A PTR record gives an IP address a name

By creating both A & PTR records for your printer & DVR, all you did is say that ANYTHING at IP address A has a name ANAME, and that ANYTHING at IP address B has a name BNAME.

So enter the service you DIDN'T configure: DHCP
DHCP is the service that actually assigns IP addresses to devices on your LAN.
These addresses can be STATIC (based on the MAC [hardware 6-byte code] address), or can be dynamically assigned from a pool of addresses you claim to be available.

DHCP is designed to manage the dynamic pool of addresses so that duplicates never appear.
However, one FEATURE of DHCP is the ability to "register" an assigned IP address into DNS so that windows systems are no longer dependent upon WINS, and non-Windows systems can get the same functionality as WINS.

SO, your problem is arising out of the fact that, even though you created an A record for "DVD" at IP address 102, that address is in "the pool" for your DHCP server... and along comes a device called "VAIO" and DHCP gives *IT* address 102 -- now, when DHCP registers the name "vaio" in DNS, it REPLACES the name "dvd" -- and then, when the "vaio" computer goes away for too long, the entry is simply removed altogether.

Your solution (imho for virtually everything that is nearly always on your LAN) is to give it a DHCP reservation -- that is, a "saved" address out of the pool, so that whenever that device comes online, the DHCP server ALWAYS gives it the same address (because it has been reserved for that device).

I hope this helps

Dan
IT4SOHO
0
 
jmarkfoleyAuthor Commented:
Dan:
So enter the service you DIDN'T configure: DHCP
I do have lots of things configured in DHCP, but the particular device I am messing with is a printer configured with a static IP internally. It does not request DHCP. Therefore, all I really need is to tell DNS the match-up between the printer's IP and the name I want to give it. I've always done that via the zone tables putting the A record in the main zone file  and the PTR record in the by-IP zone file.

Bottom line: I'm configuring the static IP without DHCP and without the 'client' host requesting DHCP.
0
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
I get what you're saying, and I guess since I made my response more broad, I think you missed my salient point...

 -- if your "static" (self-assigned) IP address is in your DHCP address pool, and DHCP attempts to assign that address to some device (new and dynamic), it will instruct the DNS server to "change" the entry for that IP address.

So, EVEN IF the printer has an internally assigned IP address, you STILL want to make the reservation entry in DHCP -- to prevent it from assigning that address dynamically AND to prevent it from changing the entry in your DNS server.

The reason this likely never happened to you before is (I'm guessing) that your DHCP service previously wasn't making DNS updates based on address leases.

Good Luck

Dan McAllister
IT4SOHO
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
jmarkfoleyAuthor Commented:
if your "static" (self-assigned) IP address is in your DHCP address pool, and DHCP attempts to assign that address to some device (new and dynamic), it will instruct the DNS server to "change" the entry for that IP address.
The dhcpd.conf assigns "range 192.168.0.100 192.168.0.254" for DHCP'able addresses. The static IP I'm choosing is 192.168.0.20, so DHCP should not attempt to assign that address to a DHCP client.
you STILL want to make the reservation entry in DHCP
I added the following to my dhcpd.conf:

host ricoh {
    hardware ethernet 00:26:73:55:63:AB;
    fixed-address 192.168.0.20;
}

I restarted dhcpd and named. This did not work. I cannot resolve host ricoh. I'm skeptical anyway. Would not the client device (ricoh) have to request an IP address from the DHCP server in order for dhcpd to assign 192.168.0.20 and update the DNS zone files? I can't image dhcpd would update DNS simply based on creating the host entry if no client with that MAC ever requested an IP. I have 14 other hosts assigned static IP in dhcpd.conf, which all are set to use DHCP and all of them work perfectly. The only difference between those 14 hosts and this ricoh device is that the ricoh is not set to get its IP via DHCP.
The reason this likely never happened to you before is (I'm guessing) that your DHCP service previously wasn't making DNS updates based on address leases.
Actually, this did work before with DHCP and DNS, but that configuration did not include Samba4.

It doesn't make sense to me that I can't simply add A and PTR records the the forward and reverse zone files respectively. That is what I've done in the past, including on SBS 2008. I did not have to mess with DHCPD configurations. That's pretty much what all DNS "how to's" I've come across on the web say you're suppose to do.

I guess I'll have to stage a test system with DHCP and DNS, but no Samaba4 and see if that does or does not work. MIght as well eliminate one variable from the problem.
0
 
jmarkfoleyAuthor Commented:
Not getting very far on this. I'm going to simplify and remove DHCP and Samba from the equation and re-post something cleaner.
0
 
jmarkfoleyAuthor Commented:
I figured out the problem. Adding the A and PTR records to the zone files was correct as I did in my initial posting. However, I needed to stop named, dhcp, samba and for good measure ntpd. Then add the A and PTR records, then restart those program. That worked. Added the A and PTR records while all those are running does not work. The A records get clobbered for some reason.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now