Dynamic DNS & DHCP

General Information

This is a guide on how to setup OpenBSD with Dynamic DNS and DHCP using BIND 9 and ISC DHCP 3.01 for basic DNS use. This is not a definitive guide but a simple how to, considering this, the methods use here may not be the best ones or the most correct. If you have any updates and such, please e-mail them to me.

Requirements

  • OpenBSD 3.6
  • isc-dhcp-3.0.1.tgz (from OpenBSD 3.6 Packages)

Installation

Install OpenBSD on a PC with at least 1 network interface card to which you assign a static ip address to be used as the dhcp server’s ip address. (http://www.openbsd.org/faq/faq4.html)

Login to the console and make a /pkgs directory to store packages in then change to that directory.

mkdir /pkgs
cd /pkgs

Copy the isc-dhcp-3.0.1rc11.tgz to the /pkgs directory after you have mounted the media it’s contained on.

cp /directory-the-package-file-is-located-in/isc-dhcp-3.0.1.tgz isc-dhcp-3.0.1.tgz

Install the ISC package.

pkg_add isc-dhcp-3.0.1.tgz
cd /sbin
mkdir isc-dhcp-2.0
mv dhclient isc-dhcp-2.0/
mv dhclient-script isc-dhcp-2.0/
mv /usr/local/sbin/dhclient-script dhclient-script
mv /usr/local/sbin/dhclient dhclient
cd /usr/sbin
mkdir isc-dhcp-2.0
mv dhcpd isc-dhcp-2.0/
mv /usr/local/sbin/dhcpd dhcpd
mv dhcrelay isc-dhcp-2.0/
mv /usr/local/sbin/dhcrelay dhcrelay
cd /usr/bin
mv /usr/local/bin/omshell omshell
cd /etc
mkdir isc-dhcp-2.0
mv dhclient.conf isc-dhcp-2.0/
mv dhcpd.conf isc-dhcp-2.0/
cp /usr/local/share/examples/isc-dhcp/dhclient.conf dhclient.conf
cp /usr/local/share/examples/isc-dhcp/dhcpd.conf dhcpd.conf

Configruation

Generate DHCP_UPDATER key for updates and communication between BIND and DHCPD.

rndc-confgen -b 512 > /etc/dhcp_updater.key

Get the secret key that you generated.

# cat /etc/dhcp_updater.key | grep "secret"
        secret \"RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==\";
#       secret "RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==";

Edit the dhcpd.interfaces file so it contains the interface name to which you are using for the dhcp server.

/etc/dhcpd.interfaces:

#       $OpenBSD: dhcpd.interfaces,v 1.1 1998/08/19 04:25:45 form Exp $
#
# List of network interfaces served by dhcpd(8).
#
# ep0
# ed0 le0
# de1
fxp1

Edit the ISC-DHCP-3.0 Configuration file (dhcpd.conf) to enable it to give out the propper settings to clients.

Note: This document assumes you use 10.0.0.254 as the IP for the DHCP Server Interface.

/etc/dhcpd.conf:

authoritative;

ddns-update-style interim;

shared-network dhcp-lan
# dhcp-lan can be any name you want to give your lan.
{
option domain-name \"domain.tld\";
#replace the domain.tld with your domain name, or leave it as is.
#This value is the domain for the clients and is not required
option domain-name-servers 10.0.0.254;
#dns servers for the clients, not required
option broadcast-address 10.0.0.255;
#broadcast address for the clients, not required
option ntp-servers 10.0.0.254;
#network time servers, gives clients a server to synchronize their time with, not required.
#only add if you are running a time server, or if you know the ip of a public timeserver that you use
default-lease-time 86400;
#default lease time in seconds.
max-lease-time 172800;
#maximum time before a client must renew the lease in seconds.
option routers 10.0.0.254;
#gateway ip, not required
subnet 10.0.0.0 netmask 255.255.255.0 {
#subnet and netmask of network clients are assigned
range 10.0.0.1 10.0.0.250;
#ip range from which to give out leases from
        }
}

key DHCP_UPDATER
{
algorithm HMAC-MD5;
# This specify's the Algorithym used to generate the key.
secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==;
# This is where the secret key you generated goes.
}
zone domain.tld.
#DNS Zone
{
primary 10.0.0.254;
#primary DNS server for the zone
key DHCP_UPDATER;
# enables dynamic updates using the key specified above.
}
zone 0.0.10.in-addr.arpa.
#reverse DNS zone
{
primary 10.0.0.254;
#primary DNS server for the zone
key DHCP_UPDATER;
# enables dynamic updates using the key specified above.
}

Now edit the BIND 9 configuration file (named.conf). Be sure to use the key above in the corresponding section below

/var/named/etc/named.conf:

acl clients {
        10.0.0.0/24;
        //Ip range for the dhcp clients
        // ::1;
};

options {
        version "";     // remove this to allow version queries

        listen-on    { 10.0.0.254; 127.0.0.1; };
        // listen-on-v6 { any; };
        allow-recursion { clients; };
        allow-query { clients; };
        forwarders { 205.152.0.20; 205.152.0.5; };
        // your isp's dns servers.
};

logging {
        category lame-servers { null; };
};

zone "." {
        type hint;
        file "standard/root.hint";
};

zone "localhost" {
        type master;
        file "standard/localhost";
        allow-transfer { localhost; };
};

zone "127.in-addr.arpa" {
        type master;
        file "standard/loopback";
        allow-transfer { localhost; };
};

key DHCP_UPDATER {
        algorithm HMAC-MD5; // This specify's the Algorithym used to generate the key.
        secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==;
};
    
// dhcp-lan

zone \"domain.tld\" in {
    type master;
    file "master/domain.tld";
    allow-update { key DHCP_UPDATER; };
    // enables dynamic updates using the key specified above.
};

zone \"0.0.10.in-addr.arpa\" in {
    type master;
    file "master/10.0.0";
    allow-update { key DHCP_UPDATER; };
    // enables dynamic updates using the key specified above.
};

Create the zone files.

touch /var/named/master/domain.tld
touch /var/named/master/10.0.0

Now edit the zone files to look something like this.

/var/named/master/domain.tld:

$ORIGIN .
$TTL 86400      ; 24 hours
domain.tld IN SOA  dhcp.domain.tld. admin.domain.tld. (
                                0       ; serial
                                86400      ; refresh (24 hours)
                                3600       ; retry (1 hour)
                                172800      ; expire (2 days)
                                3600       ; minimum (1 hour)
                                )
                        NS      dhcp.domain.tld.
$ORIGIN domain.tld.
dhcp A       10.0.0.254 ;hostname of the dhcp server

/var/named/master/10.0.0:

$ORIGIN .
$TTL 86400      ; 24 hours
0.0.10.in-addr.arpa     IN SOA  dhcp.domain.tld. admin.domain.tld. (
                                0       ; serial
                                86400      ; refresh (24 hours)
                                3600       ; retry (1 hour)
                                172800      ; expire (2 days)
                                3600       ; minimum (1 hour)
                                )
                        NS      dhcp.domain.tld.
$ORIGIN 0.0.10.in-addr.arpa.
254 PTR     dhcp.domain.tld.

Change the owner so BIND 9 can write to the zone files and create it’s journal files

chown -R named:named /var/named/master/

Edit rc.conf to enable the DHCP and DNS Servers Change this line:

named_flags=NO          # for normal use: ""
named_flags=""          # for normal use: ""
dhcpd_flags=NO          # for normal use: "-q"
dhcpd_flags="-q"          # for normal use: "-q"

Reboot the system.

Speak Your Mind

*