Outline
DHCP
Dynamic Host Configuration Protocol Allows hosts to request (via broadcast) host information Server will respond with network configuration information Primarily for IP address/gateway/subnet mask AND DNS server information Also can provide other information eg. Time Server Proxy
DNS
Domain Name System Allows forward (name to IP address) and reverse (IP address to name) resolution Standard Hierarchical system which distributes ownership and responsibility of network domains
DHCP
Protocol is Standard what about implementation
ISC (Internet Software Consortium) DHCP Server version 3 http://www.isc.org/products/DHCP
FreeBSD Install
cd /usr/ports/net/isc-dhcp3-server make && make install
DHCP Configuration
Configuration File
/usr/local/etc/dhcpd.conf
Lease/Group Options
Ranges of IP Addresses to assign Specific options override globals for this group of leases
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au
DHCP Configuration
Common Global Options
option domain-name company.com; option domain-name-servers list of dns servers; option routers default gateway; default-lease-time seconds; max-lease-time seconds; authoritative;
Assigns a free IP address in the specified range to a querying host Assigns the specified subnet mask
DHCP Configuration
Assigning Static IP Addresses
host host_name { hardware ethernet 00:01:02:03:04:05; fixed-address a.b.c.d; option host-name advertised name; };
host_name for labelling purposes A host with the specified MAC address is always assigned fixed-address IP address A host requesting a lease and advertising itself as advertised name is always assigned fixed-address IP address Advertised names must be configured in the OS of the requesting workstation
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au
Running DHCP
TO autostart at we edit /etc/rc.conf
dhcpd_enable=YES dhcpd_ifaces=if0 if1
Lease Database
Assigned leases are stored in a simple text file /var/db/dhcpd.leases This allows dhcpd to remember what leases have been assigned after a restart Database stores when leases expire Periodically file will be re-created to remove expired leases and ensure it doesnt get too big
DNS
Many products available You already know about BIND Berkeley Internet Name Daemon
http://www.isc.org/products/BIND/bind9.html April 2005 figures 72.5% of all DNS servers run BIND*
* http://mydns.bboy.net/survey/
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au
DNS Configuration
Configuration File
/etc/named/named.conf
Zone Options
Definition of domain names AND files storing the database Database files storing resolution information
DNS Configuration
Common Global Options
options { version information; directory listen-on forward forwarders allow-query pid-file }; Response string for Version /location/of/database/files; { a.b.c.d; 127.0.0.1; }; only; { a.b.c.d; e.f.g.h; }; { a.b.c.d/24; localhost; }; /var/run/named/named.pid;
Specifies which database file contains either the forward or reverse resolution information for the specified zone Reverse zone names always 0.168.192.in-addr.arpa (means 192.168.0.*)
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au
Specifies forward (name -> IP Address) resolutions for a domain Trailing periods important Fields
Domain Name example.org. Email of administrator (replace @ with .) admin.example.org. Name Server for Domain ns1.example.org Serial Number Used for versioning Timeouts specified in seconds NS Name Server A Standard IPv4 Address for name CNAME This name resolves to the same address as the provided other name MX This host is responsible for handling mail for this domain. Priority number specifies order to use multiple mail servers
example.org. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 86400 ; Minimum TTL )
IN NS ns1.example.org. A A A CNAME MX 10 192.168.0.1 192.168.0.2 192.168.0.3 host1 host2
Record Types
Record Types
PTR This address resolves to the following name
Running DNS
TO autostart at we edit /etc/rc.conf
named_enable=YES
So how do we do it??
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au
Encryption
Primarily for authentication of who can update database Not so much to protect database anyone can query the DNS server after an update
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au
dhcpd.conf Settings
Have to specify the key in the configuration file
key "KEY-NAME" { algorithm HMAC-MD5; secret AbCdEfGhIj*WhAtEvEr=="; };
Update Behaviour
DHCP Server
zone_name must match corresponding authoritative zones in DNS server When an address is assigned to one of the matching zones, dhcpd will contact DNS server with information about the hostname of the machine assigned the lease and its corresponding IP Address
DNS Server
bind must be listening for update connections on dns_ip_address bind must be configured with a matching key Via secure update, DNS server will add an entry to resolve the specified IP Address and Name
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au
named.conf Settings
Have to specify the key in the configuration file same format as dhcpd.conf
key "KEY-NAME" { algorithm HMAC-MD5; secret AbCdEfGhIj*WhAtEvEr=="; };
Configure which interfaces and which key must be used to connect to the DNS Server control channel allows updates
controls { inet 127.0.0.1 allow { localhost; } keys { KEY-NAME; }; } This allows connections on localhost and only from localhost assumes DHCP and DNS server running on same machine
Any requests to the DNS server for that particular hostname will result in the correct IP address being resolved Any reverse resolution requests for the IP address will resolve to the machine that currently holds that lease
HET306 Slide Set 11 Configuring DHCP and DNS Services jbut@swin.edu.au