Deploying DNS / DDNS and DHCP servers on ROSA Enterpise Linux Server in a few minutes
Introduction.
This article will describe the deployment of a standard DNS server and a DHCP server on your company's LAN, as well as a server supporting dynamic DNS technology. Both of these topics will be consistently discussed in the described material on the example of the ROSA Enterprise Linux Server (hereinafter referred to as RELS) and tools with it. This is the first article in a series describing the use of RELS in real enterprise environments.
Why is it necessary?
')
For the public permanently living here it will not be a secret that, sooner or later, system administrators with the growth of infrastructure have to deal with the fact that the existing farm must somehow be managed. The most logical solution is the implementation of DNS and DHCP servers within the intranet. But then another question arises, how can this be maintained quickly and easily, without a long and painful reading of the BIND, dhcpd server documentation and spending time writing scripts that will somehow synchronize the work of these two demons? Ideally, we need to set everything up once and not to touch it. That is, everything should be as automated as possible.
In RELS for solving this problem there is a convenient and very simple tool for configuring DHCP servers and DNS servers, which we will use.
As a bonus, I will tell and show you how very conveniently you can organize the management of a local network using DHCP and DynamicDNS.
We scatter!
To deploy our own name server (named server) in the local network of the enterprise, we will need the already mentioned RELS, as well as the installed and configured ROSA Directory Server. It makes no sense here to describe the installation of the entire system from scratch, so we will immediately proceed to the packet selection phase, omitting the previous routing procedure and selecting some common OS settings.
The only remark that I would like to make is that when deploying a server from the very beginning, at the stage of selecting packages for the installed system, you need to select two items: “Server Platform” and “ROSA Directory Server”, as in the illustration below.
Next, skipping the description of the many familiar process of installing the system and creating users, we will proceed directly to setting up the DNS server.
After installing the OS and the first login from a regular user, our eyes will open the desktop with the ROSA Server Setup icon.
Now we will make a small digression and specify the settings:
Before configuring the DNS server, you must verify the output of the hostname -f command. If the output will produce any error like “hostname: failed to find the host name” or something else that does not match the specified server name, then you need to open the / etc / hosts file with your favorite text editor and add:
This is due to the fact that during installation ROSA Directory Server requires checking for the presence of an FQDN for the host where the DNS server will be located.
And now - we take off! Set up a DNS server.
So, we proceed directly to the procedure of deployment and configuration.
We click on the ROSA Server Setup icon on the desktop, after which Firefox will be launched with a warning about the wrong certificate. We add our server to the exceptions, and then we get to the login page of the web interface, which is responsible for the installation and initial deployment of the necessary components required for the task.
After adding the certificate to the exceptions, we get to the login page in the component deployment console, where after entering the username and password of the root user, we will see two blocks: “ROSA Directory Server” and “Server services and tools”.
For the installation and initial configuration of the DNS server, we need to select the “ROSA Directory Server” block, which is located on the left. In the list of server components that appears, you need to select the “DNS server with RDS backend” component in the “Network Modules” section, then click “Install components”. A setup wizard will start in which the procedure for checking the availability of necessary packages will be carried out first and, if they are not available, they will be automatically downloaded from the Internet.
To complete the procedure, you must click on the continue button, after which we will get to the next stage of the setup wizard. Here we will be asked to set the FQDN-domain name of ROSA Directory Server and specify the network which will be allowed to serve recursive queries.
Be sure to enter the password in the RDS Password field. In the future, we will need it in order for us to log into the ROSA Management Console administration console, where a number of final settings will be made. Upon completion of entering the necessary data, click the “Continue” button, after which you will be taken to the login page of the server component management console.
If for some reason you need to do it later, then you can continue to configure the DNS from the main menu, section "Administration". There is an icon ROSA Management Console. An example of filling out the form in the screenshot below.
If you did not have time to forget, at the beginning of the article I wrote that before setting up the server, you need to make a small correction in the / etc / hosts file. If you got the error shown below in the process, then you either forgot to do it, or did it wrong. So I recommend in this case to check the contents of / etc / hosts again.
But back to further customization. After the installation is completed, you will be transferred to the main login page of the ROSA Magement Console automatically.
The settings for the zones and the name server will be set according to the parameters specified at the very beginning of the article. Keep in mind that your network settings may vary. To configure, go to the section "Network"> "Add DNS zone". To do this, look at the top of the screen. Or if you look a little lower, then the desired item will be immediately before your eyes.
The following parameters are set:
The last point is also very necessary if we are going to create a DNS server in the future in conjunction with a DHCP server.
After specifying the parameters we need, click "Create". In case of successful and correct configuration, a corresponding message will be displayed, as in the illustration below.
To check DNS operation, it is now sufficient to open your favorite terminal emulator or cmd.exe if you are using Windows. Then specify your newly configured DNS server in the client system settings and ping the server name.
In rare cases, a problem may arise when the DNS service does not apply the settings, for this it is enough to go to the “Manage network services” section and restart the DNS server. At this problem will be exhausted.
A little kung fu. Configure Dynamic DNS.
But besides creating a regular DNS server, ROSA Server allows you to deploy a server with Dynamic DNS support. For those who are a little unaware, a short excerpt from Wikipedia:
The setup procedure is slightly different from what we described above. The first difference will be on the component selection screen. To deploy a server with DDNS support, you must select the DDNS support for BIND with LDAP backend option in the Network Modules section.
Like last time, after selecting the necessary, click "Install components", where we observe the procedure of downloading packages that is already familiar to us. After the procedure is completed, the same as last time, the procedure of pre-setting the components will be launched. Please pay attention to the warning that appears at the very end, after installing the components related to the DHCP server.
The setup wizard tells us that additional configuration will be required. To do this, go to the administrative console ROSA Management Console and open the DNS zone settings panel, as before. Here we are waiting for another difference:
At the very bottom, if you notice, there is another item “Create a connected DHCP subnet”, which, in fact, creates a subnet that will be controlled by DHCP.
After clicking the "Create" button, you will need to make small changes in the settings. To do this, go to the tab "DHCP subnet" and open the editing of existing settings.
At the very bottom of the form that opens, look for the inscription “Dynamic pools for unregistered DHCP clients” and click the checkbox in front of the label. Enter the values ​​we need. I usually reserve several addresses from the upper range for business needs (additional servers, routers, and the like).
After that, click even lower click on the button "Confirm".
If this is not done, no client will be able to get an IP address, and in / var / log / messages you will see messages of this kind:
Other settings related to setting the lease term, TFTP and other things can be customized at your discretion. To check the correct performance, it is enough that already exists.
At the time of this writing, there was a small bug in the Management Console interface. In the case of adding an empty address pool, it still saved the settings, but after that the DHCP server was not restarted. Therefore it is necessary to be attentive. Later it is planned to add a check of the entered values ​​in the form.
Now, after the settings, go to the section "Management of network services" and restarts the DHCP and DNS server.
As usual, we check the DNS operation with the ping command. To make sure that DDNS works as it should, I put a Windows machine named termit into the network. Since DHCP is configured correctly, the system immediately received the necessary settings. And now we check the work of DDNS:
As we can see, the A-record of the Windows machine appeared in the DNS. In the case of changing the address, for example, in the case of the expiration of the lease IP-address after a long period of absence in the network, all the details change automatically. In this case, the administrator will not need any intervention. Absolutely the same will happen when adding a computer with Linux on board to the network. It will only be necessary to specify the computer name (hostname) other than localhost. ROSA Server will do the rest for you.
Now, if necessary, you can deploy any service on such a host and contact it using the FQDN name, without thinking that it may suddenly become unavailable due to a change in addressing or to which address to be assigned to the machine from the service running there.
Conclusion
I hope this tutorial will make life easier for someone and save a lot of time. Another bonus is the most inquisitive. If it is interesting for someone to read in detail about how the DDNS and DHCP bundle in ROSA Server is arranged, you can read the article in the wiki of the company developing this solution.
Reasonable criticism, comments and questions are certainly welcome. If you liked the material, I will willingly continue the series of articles.
This article will describe the deployment of a standard DNS server and a DHCP server on your company's LAN, as well as a server supporting dynamic DNS technology. Both of these topics will be consistently discussed in the described material on the example of the ROSA Enterprise Linux Server (hereinafter referred to as RELS) and tools with it. This is the first article in a series describing the use of RELS in real enterprise environments.
Why is it necessary?
')
For the public permanently living here it will not be a secret that, sooner or later, system administrators with the growth of infrastructure have to deal with the fact that the existing farm must somehow be managed. The most logical solution is the implementation of DNS and DHCP servers within the intranet. But then another question arises, how can this be maintained quickly and easily, without a long and painful reading of the BIND, dhcpd server documentation and spending time writing scripts that will somehow synchronize the work of these two demons? Ideally, we need to set everything up once and not to touch it. That is, everything should be as automated as possible.
In RELS for solving this problem there is a convenient and very simple tool for configuring DHCP servers and DNS servers, which we will use.
As a bonus, I will tell and show you how very conveniently you can organize the management of a local network using DHCP and DynamicDNS.
We scatter!
To deploy our own name server (named server) in the local network of the enterprise, we will need the already mentioned RELS, as well as the installed and configured ROSA Directory Server. It makes no sense here to describe the installation of the entire system from scratch, so we will immediately proceed to the packet selection phase, omitting the previous routing procedure and selecting some common OS settings.
The only remark that I would like to make is that when deploying a server from the very beginning, at the stage of selecting packages for the installed system, you need to select two items: “Server Platform” and “ROSA Directory Server”, as in the illustration below.
Next, skipping the description of the many familiar process of installing the system and creating users, we will proceed directly to setting up the DNS server.
After installing the OS and the first login from a regular user, our eyes will open the desktop with the ROSA Server Setup icon.
Now we will make a small digression and specify the settings:
- The server and computers serviced by the DNS server are located on the 192.168.100.0/24 subnet, the server itself is configured to have the address 192.168.100.1;
- Rosa.int will be selected as the domain name;
- FQDN server name will be exactly the same as the domain name;
- The name of the main name server will be ns.rosa.int;
Before configuring the DNS server, you must verify the output of the hostname -f command. If the output will produce any error like “hostname: failed to find the host name” or something else that does not match the specified server name, then you need to open the / etc / hosts file with your favorite text editor and add:
192.168.100.1 rosa rosa.intThis is due to the fact that during installation ROSA Directory Server requires checking for the presence of an FQDN for the host where the DNS server will be located.
And now - we take off! Set up a DNS server.
So, we proceed directly to the procedure of deployment and configuration.
We click on the ROSA Server Setup icon on the desktop, after which Firefox will be launched with a warning about the wrong certificate. We add our server to the exceptions, and then we get to the login page of the web interface, which is responsible for the installation and initial deployment of the necessary components required for the task.
After adding the certificate to the exceptions, we get to the login page in the component deployment console, where after entering the username and password of the root user, we will see two blocks: “ROSA Directory Server” and “Server services and tools”.
For the installation and initial configuration of the DNS server, we need to select the “ROSA Directory Server” block, which is located on the left. In the list of server components that appears, you need to select the “DNS server with RDS backend” component in the “Network Modules” section, then click “Install components”. A setup wizard will start in which the procedure for checking the availability of necessary packages will be carried out first and, if they are not available, they will be automatically downloaded from the Internet.
To complete the procedure, you must click on the continue button, after which we will get to the next stage of the setup wizard. Here we will be asked to set the FQDN-domain name of ROSA Directory Server and specify the network which will be allowed to serve recursive queries.
Be sure to enter the password in the RDS Password field. In the future, we will need it in order for us to log into the ROSA Management Console administration console, where a number of final settings will be made. Upon completion of entering the necessary data, click the “Continue” button, after which you will be taken to the login page of the server component management console.
If for some reason you need to do it later, then you can continue to configure the DNS from the main menu, section "Administration". There is an icon ROSA Management Console. An example of filling out the form in the screenshot below.
If you did not have time to forget, at the beginning of the article I wrote that before setting up the server, you need to make a small correction in the / etc / hosts file. If you got the error shown below in the process, then you either forgot to do it, or did it wrong. So I recommend in this case to check the contents of / etc / hosts again.
But back to further customization. After the installation is completed, you will be transferred to the main login page of the ROSA Magement Console automatically.
The settings for the zones and the name server will be set according to the parameters specified at the very beginning of the article. Keep in mind that your network settings may vary. To configure, go to the section "Network"> "Add DNS zone". To do this, look at the top of the screen. Or if you look a little lower, then the desired item will be immediately before your eyes.
The following parameters are set:
- FQDN DNS zone name
- Description
- Name for the primary DNS server (in this case, the current host)
- IP address of the NS server
- Network address and subnet mask for the reverse zone.
The last point is also very necessary if we are going to create a DNS server in the future in conjunction with a DHCP server.
After specifying the parameters we need, click "Create". In case of successful and correct configuration, a corresponding message will be displayed, as in the illustration below.
To check DNS operation, it is now sufficient to open your favorite terminal emulator or cmd.exe if you are using Windows. Then specify your newly configured DNS server in the client system settings and ping the server name.
In rare cases, a problem may arise when the DNS service does not apply the settings, for this it is enough to go to the “Manage network services” section and restart the DNS server. At this problem will be exhausted.
A little kung fu. Configure Dynamic DNS.
But besides creating a regular DNS server, ROSA Server allows you to deploy a server with Dynamic DNS support. For those who are a little unaware, a short excerpt from Wikipedia:
Dynamic DNS is a technology that allows information on a DNS server to be updated in real time and (optionally) automatically. It is used to assign a permanent domain name to a device (computer, network drive) with a dynamic IP address. This can be an IP address obtained via DHCP or IPCP on PPP connections (for example, when remotely accessed via a modem). Other machines on the Internet may establish a domain name connection with this machine and not even know that the IP address has changed.
The setup procedure is slightly different from what we described above. The first difference will be on the component selection screen. To deploy a server with DDNS support, you must select the DDNS support for BIND with LDAP backend option in the Network Modules section.
Like last time, after selecting the necessary, click "Install components", where we observe the procedure of downloading packages that is already familiar to us. After the procedure is completed, the same as last time, the procedure of pre-setting the components will be launched. Please pay attention to the warning that appears at the very end, after installing the components related to the DHCP server.
The setup wizard tells us that additional configuration will be required. To do this, go to the administrative console ROSA Management Console and open the DNS zone settings panel, as before. Here we are waiting for another difference:
At the very bottom, if you notice, there is another item “Create a connected DHCP subnet”, which, in fact, creates a subnet that will be controlled by DHCP.
After clicking the "Create" button, you will need to make small changes in the settings. To do this, go to the tab "DHCP subnet" and open the editing of existing settings.
At the very bottom of the form that opens, look for the inscription “Dynamic pools for unregistered DHCP clients” and click the checkbox in front of the label. Enter the values ​​we need. I usually reserve several addresses from the upper range for business needs (additional servers, routers, and the like).
After that, click even lower click on the button "Confirm".
If this is not done, no client will be able to get an IP address, and in / var / log / messages you will see messages of this kind:
Nov 20 17:19:25 rosa dhcpd: DHCPDISCOVER from 08: 00: 27: 98: b0: cf via eth0: network 192.168.100.0/24: no free leases
Nov 20 17:19:34 rosa dhcpd: DHCPDISCOVER from 08: 00: 27: 98: b0: cf via eth0: network 192.168.100.0/24: no free leases
Nov 20 17:19:50 rosa dhcpd: DHCPDISCOVER from 08: 00: 27: 98: b0: cf via eth0: network 192.168.100.0/24: no free leases
Other settings related to setting the lease term, TFTP and other things can be customized at your discretion. To check the correct performance, it is enough that already exists.
At the time of this writing, there was a small bug in the Management Console interface. In the case of adding an empty address pool, it still saved the settings, but after that the DHCP server was not restarted. Therefore it is necessary to be attentive. Later it is planned to add a check of the entered values ​​in the form.
Now, after the settings, go to the section "Management of network services" and restarts the DHCP and DNS server.
As usual, we check the DNS operation with the ping command. To make sure that DDNS works as it should, I put a Windows machine named termit into the network. Since DHCP is configured correctly, the system immediately received the necessary settings. And now we check the work of DDNS:
[test @ localhost ~] $ dig termit.rosa.int
; << >> DiG 9.9.1-P2 << >> termit.rosa.int
;; global options: + cmd
;; Got answer:
;; - >> HEADER << - opcode: QUERY, status: NXDOMAIN, id: 41416
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags :; udp: 4096
;; QUESTION SECTION:
; termit.rosa.int. IN A
;; AUTHORITY SECTION:
rosa.int. 3600 IN SOA ns.rosa.int. admin.rosa.int. 2012112003 172800 900 1209600 3600
;; Query time: 2 msec
;; SERVER: 192.168.100.1 # 53 (192.168.100.1)
;; WHEN: Tue Nov 20 18:04:27 2012
;; MSG SIZE rcvd: 89
As we can see, the A-record of the Windows machine appeared in the DNS. In the case of changing the address, for example, in the case of the expiration of the lease IP-address after a long period of absence in the network, all the details change automatically. In this case, the administrator will not need any intervention. Absolutely the same will happen when adding a computer with Linux on board to the network. It will only be necessary to specify the computer name (hostname) other than localhost. ROSA Server will do the rest for you.
Now, if necessary, you can deploy any service on such a host and contact it using the FQDN name, without thinking that it may suddenly become unavailable due to a change in addressing or to which address to be assigned to the machine from the service running there.
Conclusion
I hope this tutorial will make life easier for someone and save a lot of time. Another bonus is the most inquisitive. If it is interesting for someone to read in detail about how the DDNS and DHCP bundle in ROSA Server is arranged, you can read the article in the wiki of the company developing this solution.
Reasonable criticism, comments and questions are certainly welcome. If you liked the material, I will willingly continue the series of articles.
Source: https://habr.com/ru/post/167367/
All Articles