A bunch of DHCP and DNS
After reading recent topics about DynDNS I decided to write a brief instruction on a bunch of DHCP with DNS.
In any LAN, sooner or later there is a need to prescribe a forward and reverse zone. You can of course specify in the reverse zone a record like:
But this is not an option, a record like% username% .isp.net will look more beautiful.
In principle, from any billing you can generate configs for dhcp, we’ll skip this step, let's get to the point.
The first thing we need is to generate a key to update.
Let's see what he nageneril:
Further we give dhcpd.conf to a similar look:
')
Moving on to editing the DNS server.
Edit bind, add to config:
ps because I have two views installed on the internal grid and on the external one, you will need to tweak the config for yourself.
Let's try dynamic update via nsupdate
The .jnl files should appear.
Pitfalls you may encounter:
- Pay attention to the points in the zone description
- When chroot to pay attention to the presence of the necessary files in the chroot-ed structure
- Pay attention to the owner of the zone files
- use named-checkzone
In any LAN, sooner or later there is a need to prescribe a forward and reverse zone. You can of course specify in the reverse zone a record like:
$GENERATE 0-255 $ PTR pptp-$.isp.net.But this is not an option, a record like% username% .isp.net will look more beautiful.
In principle, from any billing you can generate configs for dhcp, we’ll skip this step, let's get to the point.
The first thing we need is to generate a key to update.
vpn:/opt/nodeny# dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
Kdhcp_updater.+157+05518
vpn:/opt/nodeny#Let's see what he nageneril:
vpn:/opt/nodeny# cat Kdhcp_updater.+157+05518.key
DHCP_UPDATER. IN KEY 0 3 157 X/Vl6yCJ9xz3UE+FDV7gNQ==Further we give dhcpd.conf to a similar look:
')
ddns-updates on;
update-static-leases on;
ddns-domainname "status.ks.ua";
ddns-update-style interim;
ignore client-updates;
update-static-leases true;
default-lease-time 3600;
max-lease-time 3600;
key DHCP_UPDATER {
algorithm HMAC-MD5;
secret X/Vl6yCJ9xz3UE+FDV7gNQ==;
}
local-address 10.1.1.1;
zone internal.status.ks.ua. { primary 10.1.1.1; key DHCP_UPDATER; }
zone 1.1.10.in-addr.arpa. { primary 10.1.1.1; key DHCP_UPDATER; }
zone 2.1.10.in-addr.arpa. { primary 10.1.1.1; key DHCP_UPDATER; }
Moving on to editing the DNS server.
Edit bind, add to config:
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "X/Vl6yCJ9xz3UE+FDV7gNQ==";
};
zone "internal.status.ks.ua" {
type master;
file "int/internal.status.ks.ua" ;
allow-update { key DHCP_UPDATER; };
};
zone "1.1.10.in-addr.arpa" {
type master;
file "int/10.1.1.rev" ;
allow-update { key DHCP_UPDATER; };
};
zone "2.1.10.in-addr.arpa" {
type master;
file "int/10.1.2.rev" ;
allow-update { key DHCP_UPDATER; };
};
ps because I have two views installed on the internal grid and on the external one, you will need to tweak the config for yourself.
Let's try dynamic update via nsupdate
; nsupdate -d [this file]
key DHCP_UPDATER X/Vl6yCJ9xz3UE+FDV7gNQ==
zone internal.status.ks.ua
update add virtual 86400 A 10.1.2.105
send
zone 2.1.10.in-addr.arpa
update add 105 86400 PTR zigmund.internal.status.ks.ua.
send
The .jnl files should appear.
Pitfalls you may encounter:
- Pay attention to the points in the zone description
- When chroot to pay attention to the presence of the necessary files in the chroot-ed structure
- Pay attention to the owner of the zone files
- use named-checkzone
Source: https://habr.com/ru/post/101476/
All Articles