Penguin

dhcp (client) keeps overwriting my resolv.conf!

You can change this behaviour by editing /etc/dhclient.conf (or /etc/dhcp3/dhclient.conf) and add appropriate 'supersede' lines:

supersede domain-name "domain.com";
supersede domain-name-servers 192.168.1.1;

Notes for Woody

Under Debian Woody, you install "dhcp-client" for clients, and "dhcp" for the server. If you have interfaces other than eth0 and lo0 (such as wan0 for MetaNet), then by default dhcp will refuse to start. You need to edit /etc/default/dhcp and put INTERFACES="eth0". Unfortunately this isn't documented anywhere sensible like the dhcpd man page or the README.Debian file.

In /etc/dhcpd.conf, the options that take time values are in seconds, although the example file doesn't mention this. It's in the man page though, dhcpd.conf(5).

If you are running a dhcpd server on Debian Woody, and you're running LinuxKernel2.6, then you will need to edit /usr/sbin/dhcpd and add a "6" where it says [12345]. If you are using a dhcp client, you will need to do this to the /sbin/dhclient script as well / instead. When the script was written, it was unsure whether or not the 2.6 kernel would have compatible structures for the binary in the dhcp package, but it works fine in 2.2 - 2.6 kernels.

Dynamic DNS

ISC DHCP version 3 and later support dynamic dns updates for DHCP leases.

I set this up with a seperate forward zone for the dynamic entries. This was mainly to prevent serial and zone file pollution, but also because the dynamic updates create journal files which make editing the static entries hard.

First of all, you need dhcp 3 and above. This is the default dhcp package in recent RedHat, in Debian Woody you want the dhcp3-server package.

Create a key to use for the updates:


 $rndc-confgen -r /dev/urandom

 # Start of rndc.conf
 key "rndc-key" {
        algorithm hmac-md5;
        secret "bC9Up7x9abx5mnOKujzgEg==";
 };
 ...

Note: rndc might be called dnskeygen. RTFM for more. 128 bit HMAC-md5 keys work best.

Edit named.conf

Take the contents of the above snippet, and add an entry into your named.conf for it.

 key "DHCP-UPDATER" {
        algorithm hmac-md5;
        secret "bC9Up7x9abx5mnOKujzgEg==";
 };

Note: it is very important that you copy the key verbatim! For the zones you wish to enable DDNS updates on, add the following to the zone definition in named.conf

 allow-update { key DHCP-UPDATER; };

e.g., I have:

 zone "dyn.mydomain.something." {
   type master;
   file "/etc/bind/zone/db.dyn.mydomain.something";
   allow-update { key DHCP-UPDATER; };
 };

Remember to add it to the reverse zone as well:

 zone "z.y.x.in-addr.arpa."

Note that if you use a new zone (ie, not your normal zone) you'll need to create the basic zone file for it, ie SOA entry and so on. Thats another topic tho.

Edit dhcpd.conf

This assumes you have a working DHCP3 config file.

Add the following entries to your dhcp.conf:

In the main configuration:

 ddns-domainname "dyn.mydomain.something";
 ddns-updates off;
 ddns-update-style interim;

 key DHCP-UPDATER {
   algorithm hmac-md5;
   secret "bC9Up7x9abx5mnOKujzgEg==";
 }

 zone dyn.mydomain.something. {
   primary 127.0.0.1;
   key DHCP-UPDATER;
 }

 zone 0.0.10.in-addr.arpa. {
   primary 127.0.0.1;
   key DHCP-UPDATER;
 }

This sets up the ddns keys, and which zones to use them for. ddns-domainname sets the forward domain name that ddns will update. You can leave this out, but it will then use the value in 'domain-name'. As I wanted to use a seperate forward domain for dynamic names, I set the dynamic zone here. Note that i set dynamic updates off by default - I dont want dynamic updates to run over my static leases. (there is i think a better way of doing this)

There is a better way: If you have static entries in your dhcpd.conf they won't populate the dhcpd.leases file whenever you request a lease. The DNS entries will be updated with the entries from the dhcpd.leases file. So entries in your dhcpd.conf file like this:

 host coffee {
  hardware ethernet 00:0a:27:c0:ff:ee;
  fixed-address 192.168.1.20;
 }

will not show up in the dhcpd.leases file. Thus you can leave the default alone (which means 'dynamic updates on' in the global section). Tested with Debian Woody dhcp3-server 3.0+3.0.1rc9-2 and bind8 1:8.3.3-0.woody.1.

Now to set up the dynamic options for a given subnet:

 subnet 10.0.0.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;

        option domain-name "mydomain.something";
        option routers 10.0.0.254;
        option domain-name-servers 10.0.0.1;
        option netbios-name-servers 10.0.0.1;

        range dynamic-bootp 10.0.0.150 10.0.0.250;
        default-lease-time 600;
        max-lease-time 86400;

        authoritative;
        ddns-updates on;
 }

This zone is for the 10.0.0.0/24 network. It specificies dynamic entries between 10.0.0.150 and 10.0.0.250 inclusive, states that it is authoritative for this subnet, and sets ddns-updates on.

Restart both dhcpd3-server and named. You should see log entries in syslog talking about 'if rrset for ... does not exist then create ...'

And doing nslookups on $MACHINENAME.yourdomain should now work. Note that this machinename is the Netbios name in case of windows machines. The reverse zone should also be updated, so that 'nslookup 10.0.0.151' for example, will return '$MACHINENAME.mydomain.something' correctly, instead of '10.0.0.151.dhcp.mydomain.something' which is what it was set to previously :)

{Not really PerryLorier} Note that after you've set up DDNS, you mustn't edit the dynamically updated zones manually. Instead, use the 'nsupdate' command to add and delete records. The man page for 'nsupdate' says this:

       Zones that are under dynamic control via  nsupdate  or  a  DHCP  server
       should not be edited by hand.  Manual edits could conflict with dynamic
       updates and cause data to be lost.

Unfortunately, 'nsupdate' is about as much fun to use as 'nslookup'. More on 'nsupdate' once I've figured out how to use it, and what to do with those pesky .jnl (journal) files getting out of synch with the zone.

You can actually edit the zones, but 'named' must first sync the .jnl journal files with the database, and stop any further changes from taking place during the edit - this is only possible after a full, graceful shutdown of the 'named' daemon. This can be forced by using

# rndc stop

After editing your zones, restart 'named' as usual. Often, this is done by:

# named -u (user named runs as)

IF your version of named is new enough you can also do:

 # rndc freeze ''zone''
''edit the zone file''
 # rndc unfreeze ''zone''

Note that while a zone is frozen, you dynamic updates for that zone will be refused.


I found these notes useful, but what I really needed was a complete example.

The following authors of this page have not agreed to the WlugWikiLicense. As such copyright to all content on this page is retained by the original authors. The following authors of this page have agreed to the WlugWikiLicense.

lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 2 times)

lib/plugin/WlugLicense.php:99: Warning: Invalid argument supplied for foreach()

lib/plugin/WlugLicense.php:111: Notice: Undefined variable: ignore_authors

lib/plugin/WlugLicense.php:111: Warning: in_array() [<a href='function.in-array'>function.in-array</a>]: Wrong datatype for second argument

lib/plugin/WlugLicense.php:111: Warning: in_array() [<a href='function.in-array'>function.in-array</a>]: Wrong datatype for second argument

lib/plugin/WlugLicense.php:111: Notice: Undefined variable: ignore_authors