/Guides/OpenBSD/Networking/

General Information

This is a guide on how to setup OpenBSD with Dynamic DNS and DHCP using BIND 9 and ISC DHCP 3.01 for basic DNS use.  This is not a definitive guide but a simple how to, considering this, the methods use here may not be the best ones or the most correct. If you have any updates and such, please e-mail them to me.

Requirements

1. OpenBSD 3.6
   
2. isc-dhcp-3.0.1.tgz (from OpenBSD 3.6 Packages)

Installation

Install OpenBSD on a PC with at least 1 network interface card to which you assign a static ip address to be used as the dhcp server's ip address.  (http://www.openbsd.org/faq/faq4.html)

Login to the console and make a /pkgs directory to store packages in then change to that directory.

# #	mkdir /pkgs cd /pkgs

Copy the isc-dhcp-3.0.1rc11.tgz to the /pkgs directory after you have mounted the media it's contained on.

#	cp /directory-the-package-file-is-located-in/isc-dhcp-3.0.1.tgz isc-dhcp-3.0.1.tgz

Install the ISC package.

# # # # # # # # # # # # # # # # # # # # #

pkg_add isc-dhcp-3.0.1.tgz cd /sbin mkdir isc-dhcp-2.0 mv dhclient isc-dhcp-2.0/ mv dhclient-script isc-dhcp-2.0/ mv /usr/local/sbin/dhclient-script dhclient-script mv /usr/local/sbin/dhclient dhclient cd /usr/sbin mkdir isc-dhcp-2.0 mv dhcpd isc-dhcp-2.0/ mv /usr/local/sbin/dhcpd dhcpd mv dhcrelay isc-dhcp-2.0/ mv /usr/local/sbin/dhcrelay dhcrelay cd /usr/bin mv /usr/local/bin/omshell omshell cd /etc mkdir isc-dhcp-2.0 mv dhclient.conf isc-dhcp-2.0/ mv dhcpd.conf isc-dhcp-2.0/ cp /usr/local/share/examples/isc-dhcp/dhclient.conf dhclient.conf cp /usr/local/share/examples/isc-dhcp/dhcpd.conf dhcpd.conf

Configruation

Generate DHCP_UPDATER key for updates and communication between BIND and DHCPD.

#	rndc-confgen -b 512 > /etc/dhcp_updater.key

Get the secret key that you generated.

# cat /etc/dhcp_updater.key | grep "secret"         secret \"RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==\"; #       secret "RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==";

Edit the dhcpd.interfaces file so it contains the interface name to which you are using for the dhcp server.

/etc/dhcpd.interfaces:

#       $OpenBSD: dhcpd.interfaces,v 1.1 1998/08/19 04:25:45 form Exp $ # # List of network interfaces served by dhcpd(8). # # ep0 # ed0 le0 # de1 fxp1

Edit the ISC-DHCP-3.0 Configuration file (dhcpd.conf) to enable it to give out the propper settings to clients.

Note:  This document assumes you use 10.0.0.254 as the IP for the DHCP Server Interface.

/etc/dhcpd.conf:

authoritative; ddns-update-style interim; shared-network dhcp-lan # dhcp-lan can be any name you want to give your lan. { option domain-name \"domain.tld\"; #replace the domain.tld with your domain name, or leave it as is. #This value is the domain for the clients and is not required option domain-name-servers 10.0.0.254; #dns servers for the clients, not required option broadcast-address 10.0.0.255; #broadcast address for the clients, not required option ntp-servers 10.0.0.254; #network time servers, gives clients a server to synchronize their time with, not required. #only add if you are running a time server, or if you know the ip of a public timeserver that you use default-lease-time 86400; #default lease time in seconds. max-lease-time 172800; #maximum time before a client must renew the lease in seconds. option routers 10.0.0.254; #gateway ip, not required subnet 10.0.0.0 netmask 255.255.255.0 { #subnet and netmask of network clients are assigned range 10.0.0.1 10.0.0.250; #ip range from which to give out leases from         } } key DHCP_UPDATER { algorithm HMAC-MD5; # This specify's the Algorithym used to generate the key. secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==; # This is where the secret key you generated goes. } zone domain.tld. #DNS Zone { primary 10.0.0.254; #primary DNS server for the zone key DHCP_UPDATER; # enables dynamic updates using the key specified above. } zone 0.0.10.in-addr.arpa. #reverse DNS zone { primary 10.0.0.254; #primary DNS server for the zone key DHCP_UPDATER; # enables dynamic updates using the key specified above. }

Now edit the BIND 9 configuration file (named.conf). Be sure to use the key above in the corresponding section below

/var/named/etc/named.conf:

acl clients {         10.0.0.0/24;         //Ip range for the dhcp clients         // ::1; }; options {         version "";     // remove this to allow version queries         listen-on    { 10.0.0.254; 127.0.0.1; };         // listen-on-v6 { any; };         allow-recursion { clients; };         allow-query { clients; };         forwarders { 205.152.0.20; 205.152.0.5; };         // your isp's dns servers. }; logging {         category lame-servers { null; }; }; zone "." {         type hint;         file "standard/root.hint"; }; zone "localhost" {         type master;         file "standard/localhost";         allow-transfer { localhost; }; }; zone "127.in-addr.arpa" {         type master;         file "standard/loopback";         allow-transfer { localhost; }; }; key DHCP_UPDATER {         algorithm HMAC-MD5; // This specify's the Algorithym used to generate the key.         secret RErVdnvMV+awmWnK3dtbamtGRtb3NTZ5nkcV7x1+pLVw5G6/IiM3YxaQeI1mXhEl7dFmA0LucVyLkL5iY3LM4w==; };      // dhcp-lan zone \"domain.tld\" in {     type master;     file "master/domain.tld";     allow-update { key DHCP_UPDATER; };     // enables dynamic updates using the key specified above. }; zone \"0.0.10.in-addr.arpa\" in {     type master;     file "master/10.0.0";     allow-update { key DHCP_UPDATER; };     // enables dynamic updates using the key specified above. };

Create the zone files.

# #	touch /var/named/master/domain.tld touch /var/named/master/10.0.0

Now edit the zone files to look something like this.

/var/named/master/domain.tld:

$ORIGIN . $TTL 86400      ; 24 hours domain.tld IN SOA  dhcp.domain.tld. admin.domain.tld. (                                 0       ; serial                                 86400      ; refresh (24 hours)                                 3600       ; retry (1 hour)                                 172800      ; expire (2 days)                                 3600       ; minimum (1 hour)                                 )                         NS      dhcp.domain.tld. $ORIGIN domain.tld. dhcp A       10.0.0.254 ;hostname of the dhcp server

/var/named/master/10.0.0:

$ORIGIN . $TTL 86400      ; 24 hours 0.0.10.in-addr.arpa     IN SOA  dhcp.domain.tld. admin.domain.tld. (                                 0       ; serial                                 86400      ; refresh (24 hours)                                 3600       ; retry (1 hour)                                 172800      ; expire (2 days)                                 3600       ; minimum (1 hour)                                 )                         NS      dhcp.domain.tld. $ORIGIN 0.0.10.in-addr.arpa. 254 PTR     dhcp.domain.tld.

Change the owner so BIND 9 can write to the zone files and create it's journal files

#	chown -R named:named /var/named/master/

Edit rc.conf to enable the DHCP and DNS Servers Change this line:

named_flags=NO          # for normal use: "" named_flags=""          # for normal use: "" dhcpd_flags=NO          # for normal use: "-q" dhcpd_flags="-q"          # for normal use: "-q"

Reboot the system.

This guide is © 2005 - 2008 Amir Mesry.

Author: Amir Mesry
starkiller at web-illusions dot net