alix - bind9 & dhcpdv3

The plan is to use dynamic dns updates with dhcp3 and bind9. We keep lan & wlan seperate, so we can assign domain names based on the medium, if the host got not static-lease assigned based on his mac. Dynamic dhcp hosts get a dns entry like 192-168-5(2|3)-128.dyn.(wifi|wired).example.prv, based on the medium, static dhcp clients can either specify their entry themselves (usually the hostname), or you can set it as part of the config. We use the example.prv domain for our private network.

dhcpdv3

aptitude install dhcp3-server

/etc/dhcp3/dhcpd.conf

ddns-update-style interim;
include "/etc/bind/rndc.key";

option domain-name "example.prv dyn.wired.example.prv dyn.wifi.example.prv";

default-lease-time 3600;
max-lease-time 3600;

authoritative;

log-facility local7;

update-static-leases on;
use-host-decl-names on;


subnet 192.168.53.0 netmask 255.255.255.0 {
	option routers 192.168.53.1;
	option domain-name-servers 192.168.53.1;
	option ntp-servers 192.168.53.1;
	option broadcast-address 192.168.0.255;
	option domain-name "example.prv dyn.wired.example.prv dyn.wifi.example.prv";

	pool { # wired dynamic
		range 192.168.53.128 192.168.53.254;
		deny known clients;
		ddns-hostname = concat(binary-to-ascii(10, 8, "-", leased-address), "");
		ddns-domainname = "dyn.wired.example.prv";
	}

	# DNS zones to update
	zone 53.168.192.in-addr.arpa. {
		primary 192.168.53.1;
		key "rndc-key";
	}

	zone dyn.wired.example.prv. {
		primary 192.168.53.1;
		key "rndc-key";
	}
}

subnet 192.168.52.0 netmask 255.255.255.0 {
	option routers 192.168.52.1;
	option domain-name-servers 192.168.52.1;
	option ntp-servers 192.168.52.1;
	option broadcast-address 192.168.52.255;
	option domain-name "example.prv dyn.wired.example.prv dyn.wifi.example.prv";

	pool { # wifi dynamic
	        range 192.168.52.128 192.168.52.254;
	        deny known clients;
	        ddns-hostname = concat(binary-to-ascii(10, 8, "-", leased-address), "");
	        ddns-domainname = "dyn.wifi.example.prv";
	}

	# DNS zones to update
	zone 52.168.192.in-addr.arpa. {
	        primary 192.168.52.1;
	        key "rndc-key";
	}

	zone dyn.wifi.example.prv. {
	        primary 192.168.52.1;
	        key "rndc-key";
	}
}

group { # wired static
	option domain-name-servers 192.168.53.1;
	option ntp-servers 192.168.53.1;
	option broadcast-address 192.168.53.255;
	option domain-name "example.prv dyn.wired.example.prv dyn.wifi.example.prv";

	ddns-domainname "example.prv";
	zone 53.168.192.in-addr.arpa. {
	        primary 192.168.53.1;
	        key "rndc-key";
	}
	zone example.prv. {
	        primary 192.168.53.1;
	        key "rndc-key";
	}

        host playstation 
        {
		hardware ethernet 00:1d:0d:e5:88:67;
		fixed-address 192.168.53.60;
		ddns-hostname "ps3";
	}
}

group { # wifi static
	option domain-name-servers 192.168.53.1;
	option ntp-servers 192.168.53.1;
	option broadcast-address 192.168.52.255;
	option domain-name "example.prv dyn.wired.example.prv dyn.wifi.example.prv";

	ddns-domainname "example.prv";
	zone 1.168.192.in-addr.arpa. {
	        primary 192.168.53.1;
	        key "rndc-key";
	}
	zone example.prv. {
	        primary 192.168.53.1;
	        key "rndc-key";
	}

	host test
	{
	        hardware ethernet 00:1a:4d:fe:23:11;
	        fixed-address 192.168.52.27;
	        ddns-hostname "test";
	}
}

bind9

/etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "example.prv" {
        type master;
        file "db.example.prv";
        allow-update { key "rndc-key"; };
};

zone "dyn.wired.example.prv" {
        type master;
        file "db.dyn.wired.example.prv";
	allow-update { key "rndc-key"; };
};

zone "dyn.wifi.example.prv" {
        type master;
        file "db.dyn.wifi.example.prv";
        allow-update { key "rndc-key"; };
};

zone "52.168.192.in-addr.arpa" {
	type master;
	file "52.168.192.in-addr.arpa";
        allow-update { key "rndc-key"; };
};

zone "53.168.192.in-addr.arpa" {
        type master;
        file "53.168.192.in-addr.arpa";
	allow-update { key "rndc-key"; };
};

/etc/bind/named.conf.options

include "/etc/bind/rndc.key";

options {
	directory "/var/cache/bind";

	auth-nxdomain no;    # conform to RFC1035

	allow-query { 192.168.52.0/23; 127.0.0.1/8; } ; # network(s) which are allowed DNS queries
	allow-transfer { none; } ;
	allow-recursion { 192.168.52.0/23; 127.0.0.1/8; } ; # restrict which clients resolve DNS queries
	listen-on { 192.168.52.1; 192.168.53.1; 127.0.0.1; } ; # interface BIND 9 listens on
//	listen-on-v6 { any; };

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

	forward only;
	forwarders {
		212.202.215.1; # 192.168.53.1; # specify your ISP name servers
		212.202.215.5;
		
	};
#	default-key "rndc-key";
};

controls {
	inet 127.0.0.1 port 953
	allow {127.0.0.1;} keys { "rndc-key"; };
};

zone files

/var/cache/bind/db.example.prv

$ORIGIN .
$TTL 3600	; 1 hour
example.prv		IN SOA	ns1.example.prv. hostmaster.example.prv. (
				11         ; serial
				3600       ; refresh (1 hour)
				900        ; retry (15 minutes)
				1209600    ; expire (2 weeks)
				3600       ; minimum (1 hour)
				)
			NS	ns1.example.prv.
			NS	ns2.example.prv.
			A	192.168.0.1
$ORIGIN example.prv.
$TTL 1800	; 30 minutes
alix			A	192.168.53.1

/var/cache/bind/db.dyn.wifi.example.prv

$ORIGIN .
$TTL 3600	; 1 hour
dyn.wifi.example.prv	IN SOA	ns1.dyn.wifi.example.prv. hostmaster.dyn.wifi.example.prv. (
				281        ; serial
				3600       ; refresh (1 hour)
				900        ; retry (15 minutes)
				1209600    ; expire (2 weeks)
				3600       ; minimum (1 hour)
				)
			NS	ns1.dyn.wifi.example.prv.
			NS	ns2.dyn.wifi.example.prv.
			A	192.168.53.1
$ORIGIN dyn.wifi.example.prv.
$TTL 3600	; 1 hour
ns1			A	192.168.53.1
ns2			A	192.168.53.1

/var/cache/bind/db.dyn.wired.example.prv

$ORIGIN .
$TTL 3600	; 1 hour
dyn.wired.example.prv	IN SOA	ns1.dyn.wired.example.prv. hostmaster.dyn.wired.example.prv. (
				29         ; serial
				3600       ; refresh (1 hour)
				900        ; retry (15 minutes)
				1209600    ; expire (2 weeks)
				3600       ; minimum (1 hour)
				)
			NS	ns1.dyn.wired.example.prv.
			NS	ns2.dyn.wired.example.prv.
			A	192.168.53.1
$ORIGIN dyn.wired.example.prv.
$TTL 3600	; 1 hour
ns1			A	192.168.53.1
ns2			A	192.168.53.1

/var/cache/bind/52.168.192.in-addr.arpa

$ORIGIN .
$TTL 86400	; 1 day
52.168.192.in-addr.arpa	IN SOA	ns1.example.prv. ns2.example.prv. (
				20100395   ; serial
				28800      ; refresh (8 hours)
				604800     ; retry (1 week)
				604800     ; expire (1 week)
				86400      ; minimum (1 day)
				)
			NS	ns1.example.prv.
			NS	ns2.example.prv.

/var/cache/bind/53.168.192.in-addr.arpa

$ORIGIN .
$TTL 86400	; 1 day
53.168.192.in-addr.arpa	IN SOA	ns1.example.prv. ns2.example.prv. (
				20100240   ; serial
				28800      ; refresh (8 hours)
				604800     ; retry (1 week)
				604800     ; expire (1 week)
				86400      ; minimum (1 day)
				)
			NS	ns1.example.prv.
			NS	ns2.example.prv.
$ORIGIN 53.168.192.in-addr.arpa.
$TTL 1800	; 30 minutes
1                       PTR     alix.example.prv.

This blog post was created on 2010-05-13 at 03:20 and last modified on 2010-06-15 at 14:16 by Markus. It is tagged with

Comments

2010/05/13/alix_-_bind9_dhcpdv3.txt · Last modified: 2010/06/15 14:16 by common

alix - bind9 & dhcpdv3

dhcpdv3

bind9

zone files

Comments

Related

Recent Posts

Tags

Comments