DHCP server with Dynamic DNS
Jan Stocker <Jan.Stocker@t-online.de>
Abstract
This article contains instructions for setting up DNS and DHCP services, building a Dynamic DNS FreeBSD server for home use.
Introduction
Everyone using mobile machines, like notebooks and PDAs, knows the problem of changing network configuration for each network (s)he wants to connect to. DHCP gives you the ability to receive the needed IP address, network mask, DNS server addresses and so on in a dynamic way.
You can use a local DNS server for name resolving of your internal servers and desktop clients. But what about connecting from a client to your notebook, which has now a dynamic IP and therefore no DNS entry?
You have to make DHCP add an entry for each leased IP in your local DNS server automatically. This is what we call Dynamic DNS (DDNS). With this solution you have a complete map of all connected computers, and it's quite easy to setup.
DNS
BIND 8 is a DNS implementation that is already installed with the base system. You only need to configure it. To start the DNS daemon named at startup, you must enter a line in /etc/rc.conf:
named_enable="YES"
I think most of you, like me, do not have an official domain for home use, and also do not use official IPs. So first we need a domain space which is not used in the outer wourld. I recommend using a top level domain for this, so you make sure nobody is using it in the internet. For my home net I use "ourhome" and my router has the name "dslgw.ourhome".
If you have never setup DNS on your server before, please create a configuration file for the localhost stuff:
# cd /etc/namedb # chmod a+x make-localhost # ./make-localhost
The main configuration is written in /etc/namedb/named.conf. You can edit the sample file or create a new one only containing the needed entries. My home net for this example only uses the IP range 10.1.1.0 to 10.1.1.255. The configuration file first defines some common stuff, then creates an access list named "ourhome". This is used later in the zones for the action "allow-update". The key gives the DHCP daemon the ability to alter the DNS directory automatically.
options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; }; acl ourhome { 10.1.1.0/24; 127.0.0.1; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; zone "ourhome" { type master; file "ourhome"; allow-update { ourhome; }; }; zone "1.1.10.in-addr.arpa" { type master; file "ourhome.rev"; allow-update { ourhome; }; };
Inside this file I made two zones linking to the files ourhome and ourhome.rev. The first is for normal name lookup and the other for the reverse lookup. These are very simple and understandable. First, they only contain the entry for the servers with static IP addresses. (In this example there is only one server.) Create a file /etc/namedb/ourhome:
;BIND DUMP V8 $ORIGIN . ourhome 3600 IN NS dslgw.ourhome. ;Cl=1 3600 IN SOA dslgw.ourhome. root.dslgw.ourhome. ( 20011195 3600 900 3600000 3600 ) ;Cl=1 $ORIGIN ourhome. dslgw 3600 IN A 10.1.1.1 ;Cl=1
Also create a file /etc/namedb/ourhome.rev:
;BIND DUMP V8 $ORIGIN 10.in-addr.arpa. 1 3600 IN NS dslgw.ourhome. ;Cl=4 3600 IN SOA dslgw.ourhome. root.dslgw.ourhome. ( 20011183 3600 900 3600000 3600 ) ;Cl=4 $ORIGIN 1.1.10.IN-ADDR.ARPA. 1 3600 IN PTR dslgw.ourhome. ;Cl=4
For dynamic updates, we need to have two more files, but these can be empty:
# touch /etc/named/ourhome.rev.log # touch /etc/named/ourhome.log
Because the name service needs to update our configuration for the dynamic IPs itself, all files must have write permission for the user bind:
# chown bind:bind /etc/namedb/ourhome* # chmod u+w /etc/namedb/ourhome*
No you can restart the computer, or enter:
# /local/sbin/named -u bind
to start the DNS daemon manually. If you want your local server to use its own DNS service, you have to alter the /etc/resolv.conf file. It must contain the line:
search ourhome nameserver 127.0.0.1
The following command gives a list of all computers in the ourhome namespace:
> nslookup Default Server: localhost Address: 127.0.0.1 > ls ourhome
DHCP
The standard DHCP server is made available from the Internet Systems Consortium (ISC). In the last weeks, there were some security holes found in this software, so please make sure you are using the latest patched version. First, you must install the software from the ports tree:
# cd usr/ports/net/isc-dhcp3-server && make install clean
The newer port versions can be started automatically by editing the /etc/rc.conf file. Older ones need editing of local rc files.
dhcpd_enable="YES" dhcpd_flags="-q" dhcpd_ifaces="xl0"
xl0 is the network interface on which I want to have DHCP, and -q means a quiet output. The configuration is done in /usr/local/etc/dhcpd.conf. In the same directory is a well documented sample file, so I will only quote mine here. I needed to set the ddns-update-style to interim to work in this configuration. I started my IP range at 10.1.1.10 so I have some static IPs left for non-DHCP servers.
option domain-name "ourhome"; default-lease-time 600; max-lease-time 7200; authoritative; ddns-update-style interim; log-facility local7; subnet 10.1.1.0 netmask 255.255.255.0 { range 10.1.1.10 10.1.1.254; option routers 10.1.1.1; option domain-name-servers 10.1.1.1; }
So, that is all. You can start the service with:
# /usr/local/etc/rc.d/isc-dhcpd start
or just reboot.
Client configuration
You just need to set the interface for your clients in rc.conf to DHCP:
ifconfig_ed0="DHCP"
Sometimes I got in trouble with the dynamic DNS update. The problem seems to be that my FreeBSD client is not sending its hostname, so I created a configuration file (/etc/dhclient.conf) on my client to set the hostname for DHCP explicitly:
interface "ed0" { send host-name "twoflower"; request subnet-mask, broadcast-address, routers, domain-name, domain-name-servers, host-name; require subnet-mask, domain-name-servers; }
Conclusion
DHCP with DDNS is easy to setup and makes my life with mobile computers very comfortable. However, you would have to think of security in a company setting, or in publicly accessible places.
Links
- Home of BIND and ISC-DHCP - http://www.isc.org
- Latest version of this article - http://www.shellbang.org
Copyright
(C) 2004
Jan Stocker
Redistribution of this text is permitted as long as the copyright is
retained and all text altering is marked by author and date.
Version 1.0 - 2004-07-11