Active Directory Dynamic DNS & DHCP
Updated: 07/15/2005
General Information
This is a guide on how to setup OpenBSD with Dynamic DNS and DHCP using BIND 9 and ISC DHCP 3.0X for lan clients as well as Microsoft Active Directory.Requirements
Installation
Install OpenBSD on a PC with at least 1 network interface card to which you assign a static ip address to be used as the dhcp server's ip address. (http://www.openbsd.org/faq/faq4.html)|
# # |
mkdir /pkgs cd /pkgs |
| # | cp /directory-the-package-file-is-located-in/isc-dhcp-3.0.1.tgz isc-dhcp-3.0.1.tgz |
|
# # # # # # # # # # # # # # # # # # # # # |
pkg_add isc-dhcp-3.0.1.tgz cd /sbin mkdir isc-dhcp-2.0 mv dhclient isc-dhcp-2.0/ mv dhclient-script isc-dhcp-2.0/ mv /usr/local/sbin/dhclient-script dhclient-script mv /usr/local/sbin/dhclient dhclient cd /usr/sbin mkdir isc-dhcp-2.0 mv dhcpd isc-dhcp-2.0/ mv /usr/local/sbin/dhcpd dhcpd mv dhcrelay isc-dhcp-2.0/ mv /usr/local/sbin/dhcrelay dhcrelay cd /usr/bin mv /usr/local/bin/omshell omshell cd /etc mkdir isc-dhcp-2.0 mv dhclient.conf isc-dhcp-2.0/ mv dhcpd.conf isc-dhcp-2.0/ cp /usr/local/share/examples/isc-dhcp/dhclient.conf dhclient.conf cp /usr/local/share/examples/isc-dhcp/dhcpd.conf dhcpd.conf |
Configruation
Generate DHCP_UPDATER key for updates and communication between BIND and DHCPD.| # | rndc-confgen -b 512 > /etc/dhcp_updater.key |
|
# cat /etc/dhcp_updater.key | grep "secret" secret \"RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==\"; # secret "RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w=="; |
/etc/dhcpd.interfaces:
|
# $OpenBSD: dhcpd.interfaces,v 1.1 1998/08/19 04:25:45 form Exp $ # # List of network interfaces served by dhcpd(8). # # ep0 # ed0 le0 # de1 fxp1 |
Note: This document assumes you use 10.0.0.254 as the IP for the DHCP Server Interface.
/etc/dhcpd.conf:
|
authoritative; ddns-update-style interim; shared-network dhcp-lan # dhcp-lan can be any name you want to give your lan. { option domain-name \"domain.tld\"; #replace the domain.tld with your domain name, or leave it as is. #This value is the domain for the clients and is not required option domain-name-servers 10.0.0.254; #dns servers for the clients, not required option broadcast-address 10.0.0.255; #broadcast address for the clients, not required option ntp-servers 10.0.0.253 10.0.0.252; #network time servers, gives clients a server to synchronize their time with, required for active directory #should be set to domain controller's IP Addresses default-lease-time 86400; #default lease time in seconds. max-lease-time 172800; #maximum time before a client must renew the lease in seconds. option routers 10.0.0.254; #gateway ip, not required subnet 10.0.0.0 netmask 255.255.255.0 { #subnet and netmask of network clients are assigned range 10.0.0.1 10.0.0.250; #ip range from which to give out leases from } } key DHCP_UPDATER { algorithm HMAC-MD5; # This specify's the Algorithym used to generate the key. secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==; # This is where the secret key you generated goes. } zone domain.tld. #DNS Zone { primary 10.0.0.254; #primary DNS server for the zone key DHCP_UPDATER; # enables dynamic updates using the key specified above. } zone 0.0.10.in-addr.arpa. #reverse DNS zone { primary 10.0.0.254; #primary DNS server for the zone key DHCP_UPDATER; # enables dynamic updates using the key specified above. } |
/var/named/etc/named.conf:
|
acl clients { 10.0.0.0/24; //Ip range for the dhcp clients // ::1; }; acl ADDC { 10.0.0.253; 10.0.0.252; //active directory domain controllers }; options { version ""; // remove this to allow version queries listen-on { 10.0.0.254; 127.0.0.1; }; // listen-on-v6 { any; }; allow-recursion { clients; }; allow-query { clients; }; forwarders { 205.152.0.20; 205.152.0.5; }; // your isp's dns servers. }; logging { category lame-servers { null; }; }; zone "." { type hint; file "standard/root.hint"; }; zone "localhost" { type master; file "standard/localhost"; allow-transfer { localhost; }; }; zone "127.in-addr.arpa" { type master; file "standard/loopback"; allow-transfer { localhost; }; }; key DHCP_UPDATER { algorithm HMAC-MD5; // This specify's the Algorithym used to generate the key. secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==; }; //Active Directory dns zones zone \"_msdcs.domain.tld\" { type master; file "master/_msdcs.domain.tld"; allow-update { 127.0.0.0/8; ADDC; }; }; zone \"_sites.domain.tld\" { type master; file "master/_sites.domain.tld"; allow-update { 127.0.0.0/8; ADDC; }; }; zone \"_tcp.domain.tld\" { type master; file "master/_tcp.domain.tld"; allow-update { 127.0.0.0/8; ADDC; }; }; zone \"_udp.domain.tld\" { type master; file "master/_udp.domain.tld"; allow-update { 127.0.0.0/8; ADDC; }; }; //dhcp-lan zone \"domain.tld\" in { type master; file "master/domain.tld"; allow-update { key DHCP_UPDATER; clients; }; // enables dynamic updates using the key specified above. }; zone \"0.0.10.in-addr.arpa\" in { type master; file "master/10.0.0"; allow-update { key DHCP_UPDATER; clients; }; // enables dynamic updates using the key specified above. }; |
|
# # # # # # |
touch /var/named/master/_msdcs.domain.tld touch /var/named/master/_sites.domain.tld touch /var/named/master/_tcp.domain.tld touch /var/named/master/_udp.domain.tld touch /var/named/master/domain.tld touch /var/named/master/10.0.0 |
/var/named/master/_msdcs.domain.tld:
|
$ORIGIN . $TTL 86400 ; 24 hours _msdcs.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS dhcp.domain.tld. $ORIGIN _msdcs.domain.tld. |
/var/named/master/_sites.domain.tld:
|
$ORIGIN . $TTL 86400 ; 24 hours _sites.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS dhcp.domain.tld. $ORIGIN _sites.domain.tld. |
/var/named/master/_tcp.domain.tld:
|
$ORIGIN . $TTL 86400 ; 24 hours _tcp.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS dhcp.domain.tld. $ORIGIN _tcp.domain.tld. |
/var/named/master/_udp.domain.tld:
|
$ORIGIN . $TTL 86400 ; 24 hours _udp.domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS dhcp.domain.tld. $ORIGIN _udp.domain.tld. |
/var/named/master/domain.tld:
|
$ORIGIN . $TTL 86400 ; 24 hours domain.tld IN SOA dhcp.domain.tld. admin.domain.tld. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS dhcp.domain.tld. $ORIGIN domain.tld. dhcp A 10.0.0.254 ;hostname of the dhcp server |
/var/named/master/10.0.0:
|
$ORIGIN . $TTL 86400 ; 24 hours 0.0.10.in-addr.arpa IN SOA dhcp.domain.tld. admin.domain.tld. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS dhcp.domain.tld. $ORIGIN 0.0.10.in-addr.arpa. 254 PTR dhcp.domain.tld. |
| # | chown -R named:named /var/named/master/ |
|
named_flags=NO # for normal use: "" named_flags="" # for normal use: "" dhcpd_flags=NO # for normal use: "-q" dhcpd_flags="-q" # for normal use: "-q" |
This guide is © 2005 - 2010 Amir Mesry.
Author: Amir Mesry
starkiller at web-illusions dot net