KEMBAR78
Dynamic DNS Updates in Debian: Peter Dey, 26 Jan 2004 | PDF | Domain Name System | Computer Networking
Scribd
Upload
675 views4 pages

Dynamic DNS Updates in Debian: Peter Dey, 26 Jan 2004

The document provides configuration files and instructions for setting up Dynamic DNS Updates in Debian by upgrading to DHCP 3, configuring DHCPd and Bind9 to communicate using matching keys, and enabling Bind9 to allow DHCPd to perform updates via the configured key. Dynamic DNS updates will not work with the default DHCP server, and upgrading to DHCP 3, configuring matching keys in DHCPd and Bind9, and enabling updates in Bind9's configuration is necessary.

Uploaded by

mson77
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
675 views4 pages

Dynamic DNS Updates in Debian: Peter Dey, 26 Jan 2004

The document provides configuration files and instructions for setting up Dynamic DNS Updates in Debian by upgrading to DHCP 3, configuring DHCPd and Bind9 to communicate using matching keys, and enabling Bind9 to allow DHCPd to perform updates via the configured key. Dynamic DNS updates will not work with the default DHCP server, and upgrading to DHCP 3, configuring matching keys in DHCPd and Bind9, and enabling updates in Bind9's configuration is necessary.

Uploaded by

mson77
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Dynamic DNS Updates in Debian

Peter Dey, 26 Jan 2004


Latest version always available at http://www.realmtech.net

Introduction
There’s not a lot of information on the web on how to get DHCP to
automatically update your DNS server.

Most of this information relates to “Dynamic DNS” services, such as Monolith


etc, or people asking questions on mailing lists.

First of all, I know no-one reads introductions, so I’ll put this in bold.

Dynamic DNS updates will NOT work with the default dhcp server!

If you did ‘apt-get install dhcp’, you have DHCP 2. From experience, and
some of my readings, you need DHCP 3 and BIND 9.

Upgrading is fairly simple:


# apt-get remove dhcp
# apt-get install dhcp3-server

Note that your DHCP 2 conf file was in /etc/dhcpd.conf. DHCP 3 keeps it’s
at /etc/dhcpd/dhcpd.conf. (i.e., you’ll either need to copy your old one there,
or start from scratch).

The Conf Files – Cutting to the chase


I know many of you are only reading this document to look at my Conf files, so
here they are.

I’ve decided to use the domain ‘foobar’ instead of the typical ‘example.com’.
/etc/dhcp3/dhcpd.conf
server-identifier saturn;
authoritative;

# How to connect to the DNS server and update it.


ddns-update-style interim;

key FOO {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret blah;
};

# Use what key in what zone


zone foobar. {
primary 127.0.0.1;
key FOO;
}

# Subnet definition w/ accompanying options


subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.32 10.1.1.128;
option subnet-mask 255.255.255.0;
option broadcast-address 10.1.1.255;
option domain-name "foobar";
one-lease-per-client on;
default-lease-time 604800;
max-lease-time 604800;

# Gateways and DNS servers


option routers 10.1.1.3;
option domain-name-servers 10.1.1.3;
}

## Static Host Mappings ##


host static1 {
hardware ethernet 00:00:00:00:00:00;
fixed-address 10.1.1.7;
}
/etc/bind/named.conf
// Much of the content in here has been snipped
// because it's irrelevant

key FOO {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret blah;
};

options {
directory "/var/cache/bind";

## Put in your (internet) nameservers here


forwarders {
203.1.1.1;
203.1.1.2;
};

auth-nxdomain no;
};

// Tells the nameserver who to allow updates from, with what keys
controls {
inet 127.0.0.1 allow { localhost; } keys { FOO; };
};

// I've snipped all the useless crap you already have in your
named.conf
// Such as the "." zone, and the "localhost" zone.

zone "foobar" {
type master;
file "/etc/bind/db.foobar";
allow-update { key FOO; };
};

zone "10.in-addr.arpa" {
type master;
file "/etc/bind/db.10";
allow-update { key FOO; };
};

/etc/bind/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret blah;
};

Notes
You’ll notice I’ve put a couple of things in bold in the conf files above.

1. algorithm HMAC-MD5.SIG-ALG.REG.INT
In almost all of the examples you see online, you’ll notice they use the
‘hmac-md5’ algorithm in their conf files. For some reason, my dhcp server
was refusing to start up, spitting out some ‘Base64’ error to the syslog. This
seemed to fix it. For all intents and purposes, ‘HMAC-MD5.SIG-ALG.REG.INT’ is
the same as ‘hmac-md5’.
2. allow-update { key FOO; };
Basically, make sure this line is in the correct zone in your named.conf.
Didn’t have any problems with it, just thought I’d emphasize it.

3. /etc/bind/rndc.key
Okay, apart from the hmac-md5 problem, this one probably caused the
most problems. None of the HOWTO’s or Tutorials I came across on the net
mentioned this file. As far as I can tell, it’s the key the rndc service uses when
it actually performs the update to BIND. Notice the ‘algorithm hmac-md5’ line
is not ‘HMAC-MD5.SIG-ALG.REG.INT’. The latter refused to work for some
reason.

Bibliography
Almost all of the information contained within this document has been
compiled from resources on the web and IRC.

“Dynamic DNS with DHCP and BIND9”


http://www.mattfoster.clara.co.uk/ddns.htm

– This is what got me started, although, as highlighted above, some of the


lines in his conf files need altering.

“DHCP Server Mailing List Archive”


http://www.isc.org/ml-archives/dhcp-server/2000/04/msg00193.html

– Here’s where I got the ‘HMAC-MD5.SIG-ALG.REG.INT’ algorithm line from.

“Using rndc to Administer BIND”


http://www.netadmintools.com/part25.html
– And where I got all the rndc info from.

You might also like