Differences between current version and predecessor to the previous major change of DHCPNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 16 | Last edited on Wednesday, March 8, 2006 9:44:55 pm | by JohnMcPherson | |
| Older page: | version 13 | Last edited on Monday, March 7, 2005 11:17:38 am | by MichaelBarnwell | Revert |
@@ -1,9 +1,18 @@
+!! dhcp (client) keeps overwriting my resolv.conf!
+
+You can change this behaviour by editing /etc/dhclient.conf (or /etc/dhcp3/dhclient.conf) and add appropriate 'supersede' lines:
+<verbatim>
+supersede domain-name "domain.com";
+supersede domain-name-servers 192.168.1.1;
+</verbatim>
+
+!! Notes for Woody
Under [Debian] [Woody], you install "dhcp-client" for clients, and "dhcp" for the server. If you have interfaces other than eth0 and lo0 (such as wan0 for MetaNet), then by default dhcp will refuse to start. You need to edit /etc/default/dhcp and put __INTERFACES="eth0"__. Unfortunately this isn't documented anywhere sensible like the dhcpd man page or the README.Debian file.
In /etc/dhcpd.conf, the options that take time values are in seconds, although the example file doesn't mention this. It's in the man page though, dhcpd.conf(5).
-If you are running a dhcpd server on Debian Woody, and you're running [LinuxKernel2.6], then you will need to edit /usr/sbin/dhcpd and add a "6" where it says [
[12345]. If you are using a dhcp client, you will need to do this to the /sbin/dhclient script as well / instead. When the script was written, it was unsure whether or not the 2.6 kernel would have compatible structures for the binary in the dhcp package, but it works fine in 2.2 - 2.6 kernels.
+If you are running a dhcpd server on Debian Woody, and you're running [LinuxKernel2.6], then you will need to edit /usr/sbin/dhcpd and add a "6" where it says ~
[12345]. If you are using a dhcp client, you will need to do this to the /sbin/dhclient script as well / instead. When the script was written, it was unsure whether or not the 2.6 kernel would have compatible structures for the binary in the dhcp package, but it works fine in 2.2 - 2.6 kernels.
!! Dynamic DNS
ISC [DHCP] version 3 and later support dynamic dns updates for DHCP leases.
@@ -12,8 +21,9 @@
First of all, you *need* dhcp 3 and above. This is the default dhcp package in recent RedHat, in Debian Woody you want the dhcp3-server package.
! Create a key to use for the updates:
+<verbatim>
$rndc-confgen -r /dev/urandom
# Start of rndc.conf
@@ -21,36 +31,42 @@
algorithm hmac-md5;
secret "bC9Up7x9abx5mnOKujzgEg==";
};
...
+</verbatim>
__Note:__ ''rndc'' might be called ''dnskeygen''. [RTFM] for more. 128 bit HMAC-md5 keys work best.
! Edit named.conf
Take the contents of the above snippet, and add an entry into your named.conf for it.
-
+<verbatim>
key "DHCP-UPDATER" {
algorithm hmac-md5;
secret "bC9Up7x9abx5mnOKujzgEg==";
};
+</verbatim>
Note: it is very important that you copy the key verbatim!
For the zones you wish to enable DDNS updates on, add the following to the zone definition in named.conf
+<verbatim>
allow-update { key DHCP-UPDATER; };
-
+</verbatim>
e.g., I have:
-
+<verbatim>
zone "dyn.mydomain.something." {
type master;
file "/etc/bind/zone/db.dyn.mydomain.something";
allow-update { key DHCP-UPDATER; };
};
+</verbatim>
Remember to add it to the reverse zone as well:
+<verbatim>
zone "z.y.x.in-addr.arpa."
+</verbatim>
Note that if you use a new zone (ie, not your normal zone) you'll need to create the basic zone file for it, ie SOA entry and so on. Thats another topic tho.
!Edit dhcpd.conf
@@ -59,9 +75,9 @@
Add the following entries to your dhcp.conf:
In the main configuration:
-
+<verbatim>
ddns-domainname "dyn.mydomain.something";
ddns-updates off;
ddns-update-style interim;
@@ -78,25 +94,27 @@
zone 0.0.10.in-addr.arpa. {
primary 127.0.0.1;
key DHCP-UPDATER;
}
-
+</verbatim>
This sets up the ddns keys, and which zones to use them for. ddns-domainname sets the forward domain name that ddns will update. You can leave this out,
but it will then use the value in 'domain-name'. As I wanted to use a seperate forward domain for dynamic names, I set the dynamic zone here. Note that i set dynamic updates off by default - I dont want dynamic updates to run over my static leases. (there is i think a better way of doing this)
There is a better way: If you have static entries in your dhcpd.conf they won't populate the dhcpd.leases file whenever you request a lease. The DNS entries will be updated with the entries from the dhcpd.leases file. So entries in your dhcpd.conf file like this:
+<verbatim>
host coffee {
hardware ethernet 00:0a:27:c0:ff:ee;
fixed-address 192.168.1.20;
}
+</verbatim>
will not show up in the dhcpd.leases file.
Thus you can leave the default alone (which means 'dynamic updates on' in the global section). Tested with Debian Woody dhcp3-server 3.0+3.0.1rc9-2 and bind8 1:8.3.3-0.woody.1.
Now to set up the dynamic options for a given subnet:
-
+<verbatim>
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option domain-name "mydomain.something";
@@ -110,9 +128,9 @@
authoritative;
ddns-updates on;
}
-
+</verbatim>
This zone is for the 10.0.0.0/24 network. It specificies dynamic entries between 10.0.0.150 and 10.0.0.250 inclusive, states that it is authoritative for
this subnet, and sets ddns-updates on.
Restart both dhcpd3-server and named.
@@ -122,29 +140,35 @@
{Not really PerryLorier}
Note that after you've set up DDNS, you mustn't edit the dynamically updated zones manually. Instead, use the 'nsupdate' command to add and delete records. The man page for 'nsupdate' says this:
-
+<verbatim>
Zones that are under dynamic control via nsupdate or a DHCP server
should not be edited by hand. Manual edits could conflict with dynamic
updates and cause data to be lost.
-
+</verbatim>
Unfortunately, 'nsupdate' is about as much fun to use as 'nslookup'. More on 'nsupdate' once I've figured out how to use it, and what to do with those pesky .jnl (journal) files getting out of synch with the zone.
You can actually edit the zones, but 'named' must first sync the .jnl journal files with the database, and stop any further changes from taking place during the edit - this is only possible after a full, graceful shutdown of the 'named' daemon. This can be forced by using
+<verbatim>
# rndc stop
+</verbatim>
After editing your zones, restart 'named' as usual. Often, this is done by:
+<verbatim>
# named -u (user named runs as)
+</verbatim>
IF your version of named is new enough you can also do:
+<verbatim>
# rndc freeze ''zone''
''edit the zone file''
# rndc unfreeze ''zone''
+</verbatim>
Note that while a zone is frozen, you dynamic updates for that zone will be refused.
----
I found these notes useful, but what I really needed was a complete [example|DavidsDDNSExample].
