Unifix knowledge database - The original one

Dashboard - News - Search - List - About - Admin


DHCP -> A,PTR -> DNS (ics)

Author:mike - Tue Sep 14 20:41:38 2004

This is an example for a private /24 network prefixed width 10.10.10. With a dhcp area from 1-50 and server ip 254 and admin pc 100.

First dhcpd.conf:
option domain-name "lan.company.dk";
option domain-name-servers 10.10.10.254;
default-lease-time 600;
max-lease-time 7200;
authoritative;
ddns-update-style interim;
ddns-ttl 7200;

subnet 10.10.10.0 netmask 255.255.255.0 {
        range 10.10.10.1 10.10.10.50;
        option routers 10.10.10.254;
        option broadcast-address 10.10.10.255;
        ignore client-updates;
        ddns-updates on;
        ddns-domainname "lan.";
        ddns-rev-domainname "in-addr.arpa.";
        default-lease-time 600;
        max-lease-time 7200;

        key "dhcpkey" {
                algorithm hmac-md5;
                secret
                "secretmd5hashwhoknowsfor";
        };

        zone cafe. {
                primary 127.0.0.1;
                key "dhcpkey";
        }

        zone 10.10.10.in-addr.arpa {
                primary 127.0.0.1;
                key "dhcpkey";
        }

}

host admin {
        hardware ethernet 00:0b:6a:46:31:77;
        fixed-address 10.10.10.100;
}

- dhcpd.conf end



Next we need some dns. We need bind 9, the named.conf should look something like this:

include "/usr/local/etc/rndc.key";

options {
        directory "/usr/local/etc";
        pid-file "/var/run/named/pid";
};

zone "cafe." IN {
        type master;
        file "lan.zone";
        update-policy { grant dhcpkey subdomain lan. A TXT; };
        notify yes;
};

zone "10.10.10.in-addr.arpa." {
        type master;
        file "lan.rev";
        update-policy { grant dhcpkey subdomain 10.10.10.in-addr.arpa. PTR TXT; };
        notify yes;
};

zone "." {
        type hint;
        file "named.root";
};

 - named.conf end

Ofcourse path's may change, this was done on freebsd, this one requires 2 zonefiles and a rndc.key:

key "dhcpkey" {
        algorithm hmac-md5;
        secret "secretmd5hashwhoknowsfor";
};

 - rndc.key end

Key's are genereated and then cut'n'pasted:
localhost# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST dhcpkey
Kdhcpkey.+157+00190
localhost# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST dhcpkey
Kdhcpkey.+157+43984

lan.zone:
$TTL 10800      ; 3 hours
cafe                    IN SOA  server.lan. ekim.at.unifix.org. (
                                115        ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
                        NS      server.lan.
                        A       10.0.0.1
admin                   A       10.10.10.100
main                    A       10.10.10.254
server                  A       10.10.10.254
lan.zone - end

and lan.rev:
$TTL 180        ; 3 minutes
10.10.10.in-addr.arpa   IN SOA  main.lan. mike.at.unifix.org. (
                                16         ; serial
                                180        ; refresh (3 minutes)
                                60         ; retry (1 minute)
                                60         ; expire (1 minute)
                                60         ; minimum (1 minute)
                                )
                        NS      main.lan.
100                     PTR     admin.lan.
254                     PTR     server.lan.
lan.rev - end

Notice evntualle that .254 has both main and server as A record but can only have one PTR record thus server.lan.


Happy hacking, now your network should be namyfied :)
Copyright(c) Unifix.org 2002-2011


Dashboard - News - Search - List - About - Admin
 
Powered by Mikjaer Consulting Solutions - Hosted by Specialhosting.dk