| View previous topic :: View next topic |
| Author |
Message |
-leliel-
Apprentice
Joined: 03 May 2003
Posts: 294
Location: Germany
|
 Posted: Mon Jun 02, 2003 7:49 pm Post subject: secure dynamic dns and dhcp :: problem |
 |
|
Hi,
I try to set up a dns & dhcp server with secure updates.
but ddns and dns doesn't work at all. 
On localhost, all works fine: ping gateway, dig l-c-f.lan and so on, but on my client machine no names are resolved. the nameserver is set by dhcp and the ip in resolv.conf is correct, too.
couldn't figure out the problem, maybe somebody could help me out ... 
there's more information about metalog and config files below:
sources: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
http://www.ibiblio.org/pub/Linux/docs/HOWTO/DNS-HOWTO
http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/DHCP
kernellog
| Code: | Jun 1 22:05:02 [named] starting BIND 9.2.2 -u named -n 1
Jun 1 22:05:02 [named] using 1 CPU
Jun 1 22:05:02 [named] loading configuration from '/etc/bind/named.conf'
Jun 1 22:05:02 [named] listening on IPv4 interface lo, 127.0.0.1#53
Jun 1 22:05:02 [named] command channel listening on 127.0.0.1#953
Jun 1 22:05:02 [named] zone 127.in-addr.arpa/IN: loaded serial 2002081601
Jun 1 22:05:02 [named] zone 30.172.in-addr.arpa/IN: loaded serial 2003060101
Jun 1 22:05:02 [named] zone l-c-f.lan/IN: loaded serial 2003060101
Jun 1 22:05:02 [named] zone localhost/IN: loaded serial 2002081601
Jun 1 22:05:02 [named] running
Jun 1 22:05:04 [dhcpd] Internet Software Consortium DHCP Server V3.0pl2
Jun 1 22:05:04 [dhcpd] Copyright 1995-2003 Internet Software Consortium.
Jun 1 22:05:04 [dhcpd] All rights reserved.
Jun 1 22:05:04 [dhcpd] For info, please visit [url]http://www.isc.org/products/DHCP[/url]
Jun 1 22:05:04 [dhcpd] Internet Software Consortium DHCP Server V3.0pl2
Jun 1 22:05:04 [dhcpd] Copyright 1995-2003 Internet Software Consortium.
Jun 1 22:05:04 [dhcpd] All rights reserved.
Jun 1 22:05:04 [dhcpd] For info, please visit [url]http://www.isc.org/products/DHCP[/url]
Jun 1 22:05:04 [dhcpd] Wrote 1 leases to leases file.
Jun 1 22:05:04 [dhcpd] Listening on LPF/eth0/00:0a:e6:45:8d:f8/172.30
Jun 1 22:05:04 [dhcpd] Sending on LPF/eth0/00:0a:e6:45:8d:f8/172.30
Jun 1 22:05:04 [dhcpd] Sending on Socket/fallback/fallback-net
|
named.conf
| Code: | options {
directory "/etc/bind/";
listen-on-v6 { none; };
listen-on { any; };
# auth-nxdomain no;
forwarders {
172.30.0.1;
194.25.2.129;
};
pid-file "/var/run/named/named.pid";
};
key l-c-f.lan {
algorithm HMAC-MD5;
secret "xxx";
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/zones/root.hints";
};
zone "localhost" IN {
type master;
file "pri/localhost";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127";
allow-update { none; };
notify no;
};
zone "l-c-f.lan" IN {
type master;
file "/etc/bind/zones/l-c-f.lan";
allow-update {
key l-c-f.lan;
};
notify no;
};
zone "30.172.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/172.30";
allow-update {
key l-c-f.lan;
};
notify no;
};
logging {
category dnssec { security_log; };
category update { security_log; };
category security { security_log; };
channel security_log {
file "dns-security.log" versions 5 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
}; |
zones/l-c-f.lan
| Code: | $TTL 1W
@ IN SOA ns.localhost. root.localhost. (
2003060101 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns1.l-c-f.lan.
IN NS ns2.l-c-f.lan.
; Servers
localhost IN A 127.0.0.1
www IN A 172.30.0.1
gateway IN A 172.30.0.1
TXT "highway to hell"
ns1 IN A 172.30.0.1
ns2 IN A 172.30.1.2
smtp IN A 172.30.1.2
imap IN A 172.30.1.2
ftp IN A 172.30.1.3
teamspeak IN A 172.30.1.3
; Workstations
|
zones/172.30
| Code: | $ORIGIN 30.172.in-addr.arpa.
$TTL 1W
@ 1D IN SOA l-c-f.lan. root.l-c-f.lan. (
2003060101 ; serial
3H ; refresh
15M ; retry
2W ; expiry
1D ) ; minimum
IN NS ns1.l-c-f.lan.
IN NS ns2.l-c-f.lan.
; Servers
1.0 PTR gateway.l-c-f.lan.
1.0 PTR ns1.l-c-f.lan.
2.1 PTR ns2.l-c-f.lan.
2.1 PTR ldap.l-c-f.lan.
2.1 PTR imap.l-c-f.lan.
2.1 PTR smtp.l-c-f.lan.
3.1 PTR [url]www.l-c-f.lan.[/url]
3.1 PTR ftp.l-c-f.lan.
3.1 PTR teamspeak.l-c-f.lan.
; Workstations
|
dhcpd.conf
| Code: | #
# Sample configuration file for ISC dhcpd for Debian
#
# $Id: dhcpd.conf,v 1.4 2002/05/05 21:28:06 peloy Exp $
#
key l-c-f.lan {
algorithm HMAC-MD5;
secret "xxx";
}
zone 30.172.in-addr.arpa {
key l-c-f.lan;
}
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style interim;
allow-client-updates;
ddns-domainname "l-c-f.lan";
ddns-rev-domainname "l-c-f.lan";
# option definitions common to all supported networks...
option domain-name "l-c-f.lan";
option domain-name-servers ns1.l-c-f.lan, ns2.l-c-f.lan;
option subnet-mask 255.255.0.0;
option routers gateway.l-c-f.lan;
option netbios-name-servers ns2.l-c-f.lan;
default-lease-time 3600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
shared-network 172.30 {
option broadcast-address 172.30.255.255;
option subnet-mask 255.255.0.0;
subnet 172.30.0.0 netmask 255.255.0.0 {
range dynamic-bootp 172.30.5.1 172.30.5.220;
default-lease-time 3600;
max-lease-time 7200
}
} |
versionen:
bind-9.2.2
dhcp-3.0_p2
bind-tools-9.2.2;
thanks. 
_________________
- carpe noctem -
dunkelelf@jabber.org |
|
| Back to top |
|
 |
-leliel-
Apprentice
Joined: 03 May 2003
Posts: 294
Location: Germany
|
| Posted: Tue Jun 03, 2003 1:40 pm Post subject: |
|
|
any suggestions? it's urgent ...  
_________________
- carpe noctem -
dunkelelf@jabber.org |
|
| Back to top |
|
|
Bitspyer
Apprentice
Joined: 17 Dec 2002
Posts: 211
Location: Mainz, Germany
|
| Posted: Thu Jul 17, 2003 9:23 am Post subject: |
|
|
What OS is your PC running, which you want to register in your DNS per DHCP?
With Linux you have to tell the dhcp-client to transmit the hostname from /etc/HOSTNAME with the "-h" Option, because dhcpcd doesn't transmit the hostname per default.
Windows does it.
If you use Windows, check if your Hostname is a valid DNS - Name.
Example: Darth_Vader DartVader
The 1st is a valid Netbios Name, but not a valid DNS Name. You will see this PC in your Windows-Network, but you cant register it in your DNS.
The 2nd is a valid name and will be registered in the DNS.
You can see all Messages from the DNS in /var/log/messages/current.
Just open a shell an watch the output with tail -f /var/log/messages/current
Then you can see, if the update will work or not.
Greetz,
Lars
_________________
Der Weg zur Dunklen Seite... Schneller er ist, verführerischer, leichter. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
