| View previous topic :: View next topic |
| Author |
Message |
jlancaster
n00b
Joined: 16 Mar 2004
Posts: 16
Location: Dallas, TX
|
 Posted: Thu Mar 18, 2004 4:09 am Post subject: Configuring DHCP/BIND for dynamic DNS howto |
 |
|
Now that I've got both BIND and DHCP running I would like to integrate the two with dynamic DNS. I think DHCP is configured properly based on another thread. Are there any configuration changes I need to make to BIND? There is a discussion of *secure* DDNS at this link: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
But this is my home network. Is *secure* DDNS necessary?
Thanks,
Jim
dhcpd.conf:
------------------------------
ddns-update-style interim;
ignore client-updates;
default-lease-time 600;
max-lease-time 7200;
# Network services
group {
ddns-updates off;
# Gentoo Linux server
host servername.domainname.local {
fixed-address 192.168.1.2;
}
}
# Home network
subnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.1.2, 151.164.1.8;
option domain-name "domainname.local";
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
ddns-updates on;
range 192.168.1.17 192.168.1.21;
}
authoritative;
domain.local.hosts:
-----------------------
$ttl 38400
domainname.local. IN SOA fenix.domainname.local. root.domainname.local. (
1079362232
10800
3600
604800
38400 )
domainname.local. IN NS fenix.domainname.local.
fenix.domainname.local. IN A 192.168.1.2
linksys.domainname.local. IN A 192.168.1.1
tivo.domainname.local. IN A 192.168.1.3
ns1.domainname.local. IN CNAME fenix.domainname.local.
mail.domainname.local. IN CNAME fenix.domainname.local.
192.168.1.rev:
-----------------
$ttl 38400
1.168.192.in-addr.arpa. IN SOA fenix.domainname.local. root.domainname.local. (
1079362296
10800
3600
604800
38400 )
1.168.192.in-addr.arpa. IN NS fenix.domainname.local.
2.1.168.192.in-addr.arpa. IN PTR fenix.domainname.local.
1.1.168.192.in-addr.arpa. IN PTR linksys.domainname.local.
3.1.168.192.in-addr.arpa. IN PTR tivo.domainname.local. |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Thu Mar 18, 2004 10:14 am Post subject: |
|
|
| Quote: | | But this is my home network. Is *secure* DDNS necessary? |
If you don't have port 53 open to the outside world, obviously not.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
jlancaster
n00b
Joined: 16 Mar 2004
Posts: 16
Location: Dallas, TX
|
| Posted: Thu Mar 18, 2004 8:01 pm Post subject: |
|
|
No, I have no intention of providing public DNS or DHCP services. I would just like to use DDNS on my internal network.
Is there s readme/howto/post that can help me getting it running?
Jim |
|
| Back to top |
|
|
moby
n00b
Joined: 17 Dec 2002
Posts: 29
|
| Posted: Tue Mar 23, 2004 5:02 am Post subject: |
|
|
You need to make sure your DNS server config, /etc/named.conf, is setup to allow updates. Something like this: Below 10.1.1.240 is the IP Address of my DNS and DHCP server. I also allow updates from localhost it's the same box. If you had multiple DHCP servers that are setup to run failover, you would then put both servers IP address on the allow-update line.
zone "foo.com" {
type master;
file "foo.com.zone";
allow-update { 10.1.1.240; 127.0.0.1; };
};
zone "10.in-addr.arpa" {
type master;
file "10.in-addr.arpa.zone";
allow-update {10.1.1.240; 127.0.0.1; };
};
Another way to do this, one I don't recommend is to allow all/any hosts to update DNS. Windows clients have an option that can be set to update DNS once they get an IP address. So instead of DHCP updating DNS you can have each workstation do it. Problem is, they can also delete records you don't want them to.
This is why one usually runs with security key's configured, and only allow updates from specified addresses. |
|
| Back to top |
|
|
jlancaster
n00b
Joined: 16 Mar 2004
Posts: 16
Location: Dallas, TX
|
|
| Back to top |
|
|
|
Networking & Security
