-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 06 December 2003 09:39 am, Adolfo Bello wrote:
> I noticed that you are using dynamic updates between your dhcp and dns
> server.
>
> Is that working if any client join the network? If so, could you please
> post or send me off list your dhcpd.conf and named.conf? I am really
> having a hard time getting ddns working.
>
> Thanks in advance,
Sure. Below is my dhcpd.conf and named.conf. The main trick here is to create
a secret key to be used by both dhcpd and named. We can generate this key by
using dnssec-keygen. I don't remember the exact syntax, but you can see it in
the man page of named or dhcpd. Or for sake of easiness, you can just copy
paste the portion of my dhcpd.conf and named.conf which consist the key
(lines with DHCP_UPDATER).
Everytimes there is a new client attached to the network, dhcpd will receive
the dhcprequest signal from it, and then offer a free ip lease, if it
concurs, then the client will adopt the ip and all the settings, and dhcpd
will send a dhcpack and register the record in dns.
Previously, I thought that Linux can't offer this dynamic dns update, and only
w2k server is able to do it. But, know, I'm convinced and love Linux more
than ever.
Here is my confs:
- -----------
named.conf
- -----------
[EMAIL PROTECTED] conf-school]# cat named.conf
// generated by named-bootconf.pl
// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret BjFnHGfSoUs1RUVnhaqJPg==;
};
options {
pid-file "/var/run/named/named.pid";
directory "/var/named";
forward only;
forwarders {
202.147.252.2;
202.147.252.3;
#202.158.3.7;
#202.158.3.6;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
};
//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "sistek.kom" {
type master;
file "sistek.kom";
allow-update { key DHCP_UPDATER; };
};
zone "10.10.192.in-addr.arpa" {
type master;
file "192.10.10.1";
allow-update { key DHCP_UPDATER; };
};
- -------------
dhcpd.conf
- -------------
[EMAIL PROTECTED] conf-school]# cat dhcpd.conf
authoritative;
ddns-update-style interim;
#option root-path "192.168.0.233:/opt/ltsp/i386";
#option option-128 code 128 = string;
#option option-129 code 129 = text;
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret BjFnHGfSoUs1RUVnhaqJPg==;
};
zone sistek.kom. {
primary 192.10.10.1;
key DHCP_UPDATER;
}
zone 0.10.192.in-addr.arpa. {
primary 192.10.10.1;
key DHCP_UPDATER;
}
subnet 192.10.10.0 netmask 255.255.255.0 {
ddns-updates on;
option routers 192.10.10.1;
option subnet-mask 255.255.255.0;
option domain-name "sistek.kom";
option domain-name-servers 192.10.10.1;
range 192.10.10.2 192.10.10.200;
}
#shared-network ltsp_ws {
# ddns-updates off;
# next-server 192.168.0.233;
# filename "/lts/vmlinuz-2.4.21-ltsp-1";
# subnet 192.168.0.0 netmask 255.255.255.0 {
# ddns-updates on;
# option routers 192.168.0.250;
# option subnet-mask 255.255.255.0;
# option domain-name "sistek.kom";
# option domain-name-servers 192.168.0.250;
# range dynamic-bootp 192.168.0.1 192.168.0.150;
# default-lease-time 21600;
# max-lease-time 43200;
# host dhcp {
# hardware ethernet 00:d0:b7:a8:6f:0e;
# fixed-address 192.168.0.250;
# }
# }
# group {
# use-host-decl-names on;
# option log-servers 192.168.0.233;
# option root-path "192.168.0.233:/opt/ltsp/i386";
#
# host ws001 {
# hardware ethernet 00:40:05:3f:c8:b0;
# fixed-address 192.168.0.101;
# option option-128 e4:45:74:68:00:00;
# option option-129 "NIC=ne IO=0x300 IRQ=3";
# #filename "/lts/vmlinuz-2.4.21-i386-ltsp";
# }
# host ws002 {
# hardware ethernet 00:40:05:4D:52:03;
# fixed-address 192.168.0.102;
# option option-128 e4:45:74:68:00:00;
# option option-129 "NIC=ne IO=0x300 IRQ=12";
# }
# host ws003 {
# hardware ethernet 00:01:02:CD:81:A1;
# fixed-address 192.168.0.103;
# }
# host ws004 {
# hardware ethernet 00:00:F4:C1:3D:0E;
# fixed-address 192.168.0.104;
# #option option-128 e4:45:74:68:00:00;
# #option option-129 "NIC=ne IO=0x240 IRQ=9";
# }
#
#
# }
# }
- --
Fajar http://linux.arinet.org
Linux mdk91.sistek.kom 2.4.21-0.13mdk GNU/Linux
11:59:19 up 4:37, 10 users, load average: 0.76, 0.60, 0.41
Quote of the day:
Win98 error 009: Erroneous error: Nothing is wrong.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/0WTMMai9kCFqACoRAiFEAJ0fcJ8FhO2rzTwNAoFn7xc+x9lxQgCglbdE
CG6qYwmcii4EYs2Sim0+1OM=
=iaNB
-----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
