Wednesday, July 28, 2010

How To Configure Dynamic DNS (Fedora Core 4 Setup)

In this howto we will learn how to build a Dynamic DNS Server. Normally when we configure DNS, we use static entries to resolve any FQDN. If we are using DHCP in our network which gives dynamic IPs to every computer that turns on or requests one, then it is not possible to configure DNS statically. For that we should configure our DNS with DHCP in a manner that whenever a computer gets a new IP, its FQDN will be automatically updated with the new IP in DNS.

1 Installation of Packages

Fedora Core 4 contains a DNS (Bind) and DHCP (dhcp) packages in its CDs. You can install it from the Fedora Core 4 CDs or download it from the internet using following command.
yum –y install bind bind-chroot bind-utils bind-libs caching-nameserver dhcp
where
bind ----- DNS Server Package
bind-chroot ----- DNS runs in chroot (jail) environment.
bind-libs ----- Libraries needed in using bind, bind-utils
bind-utils ----- Contains utilities like nslookup, host, dig etc.
caching-nameserver ----- give caching capabilities to store records in cache.
dhcp ----- Dynamic Host Configuration Protocol Package.

2 Configuring BIND (DNS)

You need to tell BIND that it is okay to allow other applications to update it. I added the following to my BIND configuration, everything else was left as stock Fedora Core 4. Here is my local zone details, suitably modified. Here I let BIND know which domains it can update; in my case I only have one domain to deal with. I am also loading the shared secret key at this stage. My DHCP server and DNS server are on the same box, so here I am only allowing localhost to perform the update. The file rndckey is a file containing a shared secret, so that BIND knows that it is an approved application sending instructions.
vi /etc/named.conf
controls {
        inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};
// Add local zone definitions here.
zone "example.com" {
        type master;
        file "example.com.zone";
        allow-update { key "rndckey"; };
        notify yes;
};
zone "0.168.192.in-addr.arpa" {
        type master;
        file "0.168.192.in-addr.arpa.zone";
        allow-update { key "rndckey"; };
        notify yes;
};
include "/etc/bind/rndc.key"; 
The secret key is created at the installation time. No need to do anything here but….
Note: If your DHCP and DNS servers are on separate machines you need to copy the file between them. Both machines should use the same file i.e./etc/rndc.key.

2.1  Zone Files

Set up your zone databases as normal. You do not need to do anything fancy. Because our DHCP server will update zone files as the new IP allocated to our workstation.
vi /var/named/chroot/var/named/example.com.zone
$TTL 86400
@       IN      SOA     @ root (
                        50 ; serial
                        28800 ; refresh (8 hours)
                        7200 ; retry (2 hours)
                        604800 ; retire (1 week)
                        86400 ; ttl (1 day)
                        )
            IN      NS      server
server     IN      A       192.168.0.1 
vi /var/named/chroot/var/named/0.168.192.in-addr.arpa.zone
$TTL 86400
@       IN      SOA     @ root (
                        50 ; serial
                        28800 ; refresh (8 hours)
                        7200 ; retry (2 hours)
                        604800 ; retire (1 week)
                        86400 ; ttl (1 day)
                        )
            IN      NS      server
1      IN   PTR    server.example.com. 
Now make shortcuts of these files in the /var/named directory with the same name.
cd /var/named
ln –s /var/named/chroot/var/named/example.com.zone example.com.zone
ln –s /var/named/chroot/var/named/0.168.192.in-addr.arpa.zone 0.168.192.in-addr.arpa.zone

3 Configuring DHCP Server

By default the DHCP server shipped in Fedora Core 4 does not do dynamic DNS update. You simply need to enable it. Below are the options I selected for my system. My dhcp configuration is as follows:
vi /etc/dhcpd.conf
authoritative;
include "/etc/rndc.key";
# Server configuration:
server-identifier    server;
ddns-domainname         "example.com.";
ddns-rev-domainname     "in-addr.arpa.";
ddns-update-style       interim;
ddns-updates            on;
ignore                  client-updates;
# This is the communication zone
zone example.com. {
    primary 127.0.0.1;
    key rndckey;
}
default-lease-time      21600;  # 6 hours
max-lease-time          43200;  # 12 hours
# Client configuration:
option domain-name      "example.com.";
option ip-forwarding    off;     
subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.100 192.168.0.200;
        option routers                  192.168.0.1;  # default gateway
        option subnet-mask              255.255.255.0;
        option broadcast-address        192.168.0.255;
        option domain-name-servers      192.168.0.1;
        zone  0.168.192.in-addr.arpa. {
                primary 192.168.0.2;
                key rndckey;
        }
        zone localdomain. {
                primary 192.168.0.2;
                key rndckey;
        } 
}
Now execute the following change permission commands to enable named user to write the zone files whenever an name with IP updating is required.
chmod 770 /var/named/chroot/var/named
chmod 770 /var/named
Now start the services of dns and dhcp with the following command:
service named start
service dhcp start
Go to your client computers and enable them to take an IP from a DHCPserver. With the following command check if your client computer name is updated in DNS. It will resolve your name with the newly allocated IP.
nslookup yourcomputername.example.com
Good Luck with your newly created Dynamic DNS Server.