General Information
This is a guide on how to setup OpenBSD with Dynamic DNS and DHCP using BIND 9 and ISC DHCP 3.0X for lan clients as well as Microsoft Active Directory.
This is not a definitive guide but a simple how to, considering this, the methods use here may not be the best ones or the most correct. If you have any updates and such, please e-mail them to me
Requirements
- OpenBSD 3.6
- isc-dhcp-3.0.1.tgz (from OpenBSD 3.6 Packages)
Installation
Install OpenBSD on a PC with at least 1 network interface card to which you assign a static ip address to be used as the dhcp server’s ip address. (http://www.openbsd.org/faq/faq4.html)
Login to the console and make a /pkgs directory to store packages in then change to that directory.
mkdir /pkgs cd /pkgs
Copy the isc-dhcp-3.0.1rc11.tgz to the /pkgs directory after you have mounted the media it’s contained on.
cp /directory-the-package-file-is-located-in/isc-dhcp-3.0.1.tgz isc-dhcp-3.0.1.tgz
Install the ISC package.
pkg_add isc-dhcp-3.0.1.tgz cd /sbin mkdir isc-dhcp-2.0 mv dhclient isc-dhcp-2.0/ mv dhclient-script isc-dhcp-2.0/ mv /usr/local/sbin/dhclient-script dhclient-script mv /usr/local/sbin/dhclient dhclient cd /usr/sbin mkdir isc-dhcp-2.0 mv dhcpd isc-dhcp-2.0/ mv /usr/local/sbin/dhcpd dhcpd mv dhcrelay isc-dhcp-2.0/ mv /usr/local/sbin/dhcrelay dhcrelay cd /usr/bin mv /usr/local/bin/omshell omshell cd /etc mkdir isc-dhcp-2.0 mv dhclient.conf isc-dhcp-2.0/ mv dhcpd.conf isc-dhcp-2.0/ cp /usr/local/share/examples/isc-dhcp/dhclient.conf dhclient.conf cp /usr/local/share/examples/isc-dhcp/dhcpd.conf dhcpd.conf
Configruation
Generate DHCP_UPDATER key for updates and communication between BIND and DHCPD.
rndc-confgen -b 512 > /etc/dhcp_updater.key
Get the secret key that you generated.
# cat /etc/dhcp_updater.key | grep "secret" secret \"RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==\"; # secret "RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==";
Edit the dhcpd.interfaces file so it contains the interface name to which you are using for the dhcp server.
/etc/dhcpd.interfaces:
# $OpenBSD: dhcpd.interfaces,v 1.1 1998/08/19 04:25:45 form Exp $ # # List of network interfaces served by dhcpd(8). # # ep0 # ed0 le0 # de1 fxp1
Edit the ISC-DHCP-3.0 Configuration file(dhcpd.conf) to enable it to give out the propper settings to clients.
Note: This document assumes you use 10.0.0.254 as the IP for the DHCP Server Interface.
/etc/dhcpd.conf:
authoritative;
ddns-update-style interim;
shared-network dhcp-lan
# dhcp-lan can be any name you want to give your lan.
{
option domain-name \"domain.tld\";
#replace the domain.tld with your domain name, or leave it as is.
#This value is the domain for the clients and is not required
option domain-name-servers 10.0.0.254;
#dns servers for the clients, not required
option broadcast-address 10.0.0.255;
#broadcast address for the clients, not required
option ntp-servers 10.0.0.253 10.0.0.252;
#network time servers, gives clients a server to synchronize their time with, required for active directory
#should be set to domain controller's IP Addresses
default-lease-time 86400;
#default lease time in seconds.
max-lease-time 172800;
#maximum time before a client must renew the lease in seconds.
option routers 10.0.0.254;
#gateway ip, not required
subnet 10.0.0.0 netmask 255.255.255.0 {
#subnet and netmask of network clients are assigned
range 10.0.0.1 10.0.0.250;
#ip range from which to give out leases from
}
}
key DHCP_UPDATER
{
algorithm HMAC-MD5;
# This specify's the Algorithym used to generate the key.
secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==;
# This is where the secret key you generated goes.
}
zone domain.tld.
#DNS Zone
{
primary 10.0.0.254;
#primary DNS server for the zone
key DHCP_UPDATER;
# enables dynamic updates using the key specified above.
}
zone 0.0.10.in-addr.arpa.
#reverse DNS zone
{
primary 10.0.0.254;
#primary DNS server for the zone
key DHCP_UPDATER;
# enables dynamic updates using the key specified above.
}
Now edit the BIND 9 configuration file (named.conf). Be sure to use the key above in the corresponding section below
/var/named/etc/named.conf:
acl clients {
10.0.0.0/24;
//Ip range for the dhcp clients
// ::1;
};
acl ADDC {
10.0.0.253;
10.0.0.252;
//active directory domain controllers
};
options {
version ""; // remove this to allow version queries
listen-on { 10.0.0.254; 127.0.0.1; };
// listen-on-v6 { any; };
allow-recursion { clients; };
allow-query { clients; };
forwarders { 205.152.0.20; 205.152.0.5; };
// your isp's dns servers.
};
logging {
category lame-servers { null; };
};
zone "." {
type hint;
file "standard/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
allow-transfer { localhost; };
};
key DHCP_UPDATER {
algorithm HMAC-MD5; // This specify's the Algorithym used to generate the key.
secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==;
};
//Active Directory dns zones
zone \"_msdcs.domain.tld\" {
type master;
file "master/_msdcs.domain.tld";
allow-update { 127.0.0.0/8; ADDC; };
};
zone \"_sites.domain.tld\" {
type master;
file "master/_sites.domain.tld";
allow-update { 127.0.0.0/8; ADDC; };
};
zone \"_tcp.domain.tld\" {
type master;
file "master/_tcp.domain.tld";
allow-update { 127.0.0.0/8; ADDC; };
};
zone \"_udp.domain.tld\" {
type master;
file "master/_udp.domain.tld";
allow-update { 127.0.0.0/8; ADDC; };
};
//dhcp-lan
zone \"domain.tld\" in {
type master;
file "master/domain.tld";
allow-update { key DHCP_UPDATER; clients; };
// enables dynamic updates using the key specified above.
};
zone \"0.0.10.in-addr.arpa\" in {
type master;
file "master/10.0.0";
allow-update { key DHCP_UPDATER; clients; };
// enables dynamic updates using the key specified above.
};
Create the zone files.
touch /var/named/master/_msdcs.domain.tld touch /var/named/master/_sites.domain.tld touch /var/named/master/_tcp.domain.tld touch /var/named/master/_udp.domain.tld touch /var/named/master/domain.tld touch /var/named/master/10.0.0
Now edit the zone files to look something like this.
/var/named/master/_msdcs.domain.tld:
$ORIGIN .
$TTL 86400 ; 24 hours
_msdcs.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. (
0 ; serial
86400 ; refresh (24 hours)
3600 ; retry (1 hour)
172800 ; expire (2 days)
3600 ; minimum (1 hour)
)
NS dhcp.domain.tld.
$ORIGIN _msdcs.domain.tld.
/var/named/master/_sites.domain.tld:
$ORIGIN .
$TTL 86400 ; 24 hours
_sites.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. (
0 ; serial
86400 ; refresh (24 hours)
3600 ; retry (1 hour)
172800 ; expire (2 days)
3600 ; minimum (1 hour)
)
NS dhcp.domain.tld.
$ORIGIN _sites.domain.tld.
/var/named/master/_tcp.domain.tld:
$ORIGIN .
$TTL 86400 ; 24 hours
_tcp.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. (
0 ; serial
86400 ; refresh (24 hours)
3600 ; retry (1 hour)
172800 ; expire (2 days)
3600 ; minimum (1 hour)
)
NS dhcp.domain.tld.
$ORIGIN _tcp.domain.tld.
/var/named/master/_udp.domain.tld:
$ORIGIN .
$TTL 86400 ; 24 hours
_udp.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. (
0 ; serial
86400 ; refresh (24 hours)
3600 ; retry (1 hour)
172800 ; expire (2 days)
3600 ; minimum (1 hour)
)
NS dhcp.domain.tld.
$ORIGIN _udp.domain.tld.
/var/named/master/domain.tld:
$ORIGIN .
$TTL 86400 ; 24 hours
domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. (
0 ; serial
86400 ; refresh (24 hours)
3600 ; retry (1 hour)
172800 ; expire (2 days)
3600 ; minimum (1 hour)
)
NS dhcp.domain.tld.
$ORIGIN domain.tld.
dhcp A 10.0.0.254 ;hostname of the dhcp server
/var/named/master/10.0.0:
$ORIGIN .
$TTL 86400 ; 24 hours
0.0.10.in-addr.arpa IN SOA dhcp.domain.tld. admin.domain.tld. (
0 ; serial
86400 ; refresh (24 hours)
3600 ; retry (1 hour)
172800 ; expire (2 days)
3600 ; minimum (1 hour)
)
NS dhcp.domain.tld.
$ORIGIN 0.0.10.in-addr.arpa.
254 PTR dhcp.domain.tld.
Change the owner so BIND 9 can write to the zone files and create it’s journal files
chown -R named:named /var/named/master/
Edit rc.conf to enable the DHCP and DNS Servers Change this line:
named_flags=NO # for normal use: "" named_flags="" # for normal use: "" dhcpd_flags=NO # for normal use: "-q" dhcpd_flags="-q" # for normal use: "-q"
Reboot the system