1<?xml version="1.0" encoding="iso-8859-1"?> 2<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> 3<chapter id="DNSDHCP"> 4<chapterinfo> 5 &author.jht; 6</chapterinfo> 7 8<title>DNS and DHCP Configuration Guide</title> 9 10<sect1> 11<title>Features and Benefits</title> 12 13<para> 14<indexterm><primary>Dynamic Host Configuration Protocol</primary><see>DHCP</see></indexterm> 15<indexterm><primary>Domain Name System</primary><see>DNS</see></indexterm> 16There are few subjects in the UNIX world that might raise as much contention as 17Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP). 18Not all opinions held for or against particular implementations of DNS and DHCP 19are valid. 20</para> 21 22<para> 23We live in a modern age where many information technology users demand mobility 24and freedom. Microsoft Windows users in particular expect to be able to plug their 25notebook computer into a network port and have things <quote>just work.</quote> 26</para> 27 28<para> 29<indexterm><primary>ADS</primary></indexterm> 30UNIX administrators have a point. Many of the normative practices in the Microsoft 31Windows world at best border on bad practice from a security perspective. 32Microsoft Windows networking protocols allow workstations to arbitrarily register 33themselves on a network. Windows 2000 Active Directory registers entries in the DNS namespace 34that are equally perplexing to UNIX administrators. Welcome to the new world! 35</para> 36 37 38<para> 39<indexterm><primary>ISC</primary><secondary>DNS</secondary></indexterm> 40<indexterm><primary>ISC</primary><secondary>DHCP</secondary></indexterm> 41<indexterm><primary>Dynamic DNS</primary><see>DDNS</see></indexterm> 42The purpose of this chapter is to demonstrate the configuration of the Internet 43Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are 44compatible with their equivalents in the Microsoft Windows 2000 Server products. 45</para> 46 47<para> 48This chapter provides no more than a working example of configuration files for both DNS and DHCP servers. The 49examples used match configuration examples used elsewhere in this document. 50</para> 51 52<para> 53<indexterm><primary>DNS</primary></indexterm> 54<indexterm><primary>DHCP</primary></indexterm> 55<indexterm><primary>BIND9.NET</primary></indexterm> 56This chapter explicitly does not provide a tutorial, nor does it pretend to be a reference guide on DNS and 57DHCP, as this is well beyond the scope and intent of this document as a whole. Anyone who wants more detailed 58reference materials on DNS or DHCP should visit the ISC Web site at <ulink noescape="1" 59url="http://www.isc.org"> http://www.isc.org</ulink>. Those wanting a written text might also be interested 60in the O'Reilly publications on DNS, see the <ulink 61url="http://www.oreilly.com/catalog/dns/index.htm">O'Reilly</ulink> web site, and the <ulink 62url="http://www.bind9.net/books-dhcp">BIND9.NET</ulink> web site for details. 63The books are: 64</para> 65 66<orderedlist> 67 <listitem><para>DNS and BIND, By Cricket Liu, Paul Albitz, ISBN: 1-56592-010-4</para></listitem> 68 <listitem><para>DNS & Bind Cookbook, By Cricket Liu, ISBN: 0-596-00410-9</para></listitem> 69 <listitem><para>The DHCP Handbook (2nd Edition), By: Ralph Droms, Ted Lemon, ISBN 0-672-32327-3</para></listitem> 70</orderedlist> 71 72</sect1> 73 74<sect1> 75<title>Example Configuration</title> 76 77<para> 78<indexterm><primary>WINS</primary></indexterm> 79<indexterm><primary>DNS</primary></indexterm> 80The DNS is to the Internet what water is to life. Nearly all information resources (host names) are resolved 81to their Internet protocol (IP) addresses through DNS. Windows networking tried hard to avoid the 82complexities of DNS, but alas, DNS won. <indexterm><primary>WINS</primary></indexterm> The alternative to 83DNS, the Windows Internet Name Service (WINS) &smbmdash; an artifact of NetBIOS networking over the TCP/IP 84protocols &smbmdash; has demonstrated scalability problems as well as a flat, nonhierarchical namespace that 85became unmanageable as the size and complexity of information technology networks grew. 86</para> 87 88<para> 89<indexterm><primary>RFC 1001</primary></indexterm> 90<indexterm><primary>RFC 1002</primary></indexterm> 91WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS). 92It allows NetBIOS clients (like Microsoft Windows machines) to register an arbitrary 93machine name that the administrator or user has chosen together with the IP 94address that the machine has been given. Through the use of WINS, network client machines 95could resolve machine names to their IP address. 96</para> 97 98<para> 99The demand for an alternative to the limitations of NetBIOS networking finally drove 100Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts 101to use DNS in a manner similar to the way that WINS is used for NetBIOS networking. 102Both WINS and Microsoft DNS rely on dynamic name registration. 103</para> 104 105<para> 106Microsoft Windows clients can perform dynamic name registration to the DNS server 107on startup. Alternatively, where DHCP is used to assign workstation IP addresses, 108it is possible to register hostnames and their IP address by the DHCP server as 109soon as a client acknowledges an IP address lease. Finally, Microsoft DNS can resolve 110hostnames via Microsoft WINS. 111</para> 112 113<para> 114The following configurations demonstrate a simple, insecure dynamic DNS server and 115a simple DHCP server that matches the DNS configuration. 116</para> 117 118 <sect2> 119 <title>Dynamic DNS</title> 120 121 <para> 122 <indexterm><primary>DNS</primary><secondary>Dynamic</secondary></indexterm> 123 The example DNS configuration is for a private network in the IP address 124 space for network 192.168.1.0/24. The private class network address space 125 is set forth in RFC1918. 126 </para> 127 128 129 <para> 130 <indexterm><primary>BIND</primary></indexterm> 131 It is assumed that this network will be situated behind a secure firewall. 132 The files that follow work with ISC BIND version 9. BIND is the Berkeley 133 Internet Name Daemon. 134 </para> 135 136 <para> 137 The master configuration file <filename>/etc/named.conf</filename> 138 determines the location of all further configuration files used. 139 The location and name of this file is specified in the startup script 140 that is part of the operating system. 141<programlisting> 142# Quenya.Org configuration file 143 144acl mynet { 145 192.168.1.0/24; 146 127.0.0.1; 147}; 148 149options { 150 151 directory "/var/named"; 152 listen-on-v6 { any; }; 153 notify no; 154 forward first; 155 forwarders { 156 192.168.1.1; 157 }; 158 auth-nxdomain yes; 159 multiple-cnames yes; 160 listen-on { 161 mynet; 162 }; 163}; 164 165# The following three zone definitions do not need any modification. 166# The first one defines localhost while the second defines the 167# reverse lookup for localhost. The last zone "." is the 168# definition of the root name servers. 169 170zone "localhost" in { 171 type master; 172 file "localhost.zone"; 173}; 174 175zone "0.0.127.in-addr.arpa" in { 176 type master; 177 file "127.0.0.zone"; 178}; 179 180zone "." in { 181 type hint; 182 file "root.hint"; 183}; 184 185# You can insert further zone records for your own domains below. 186 187zone "quenya.org" { 188 type master; 189 file "/var/named/quenya.org.hosts"; 190 allow-query { 191 mynet; 192 }; 193 allow-transfer { 194 mynet; 195 }; 196 allow-update { 197 mynet; 198 }; 199 }; 200 201zone "1.168.192.in-addr.arpa" { 202 type master; 203 file "/var/named/192.168.1.0.rev"; 204 allow-query { 205 mynet; 206 }; 207 allow-transfer { 208 mynet; 209 }; 210 allow-update { 211 mynet; 212 }; 213}; 214</programlisting> 215 </para> 216 217 <para> 218 The following files are all located in the directory <filename>/var/named</filename>. 219 This is the <filename>/var/named/localhost.zone</filename> file: 220<programlisting> 221$TTL 1W 222@ IN SOA @ root ( 223 42 ; serial (d. adams) 224 2D ; refresh 225 4H ; retry 226 6W ; expiry 227 1W ) ; minimum 228 229 IN NS @ 230 IN A 127.0.0.1 231 </programlisting> 232 </para> 233 234 <para> 235 The <filename>/var/named/127.0.0.zone</filename> file: 236<programlisting> 237$TTL 1W 238@ IN SOA localhost. root.localhost. ( 239 42 ; serial (d. adams) 240 2D ; refresh 241 4H ; retry 242 6W ; expiry 243 1W ) ; minimum 244 245 IN NS localhost. 2461 IN PTR localhost. 247</programlisting> 248 </para> 249 250 <para> 251 The <filename>/var/named/quenya.org.host</filename> file: 252<programlisting> 253$ORIGIN . 254$TTL 38400 ; 10 hours 40 minutes 255quenya.org IN SOA marvel.quenya.org. root.quenya.org. ( 256 2003021832 ; serial 257 10800 ; refresh (3 hours) 258 3600 ; retry (1 hour) 259 604800 ; expire (1 week) 260 38400 ; minimum (10 hours 40 minutes) 261 ) 262 NS marvel.quenya.org. 263 MX 10 mail.quenya.org. 264$ORIGIN quenya.org. 265frodo A 192.168.1.1 266marvel A 192.168.1.2 267; 268mail CNAME marvel 269www CNAME marvel 270</programlisting> 271</para> 272 273<para> 274 The <filename>/var/named/192.168.1.0.rev</filename> file: 275<programlisting> 276$ORIGIN . 277$TTL 38400 ; 10 hours 40 minutes 2781.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. ( 279 2003021824 ; serial 280 10800 ; refresh (3 hours) 281 3600 ; retry (1 hour) 282 604800 ; expire (1 week) 283 38400 ; minimum (10 hours 40 minutes) 284 ) 285 NS marvel.quenya.org. 286$ORIGIN 1.168.192.in-addr.arpa. 2871 PTR frodo.quenya.org. 2882 PTR marvel.quenya.org. 289</programlisting> 290 </para> 291 292 <para> 293<indexterm><primary>BIND</primary></indexterm> 294<indexterm><primary>dynamic registration files</primary></indexterm> 295 The configuration files shown here were copied from a fully working system. All dynamically registered 296 entries have been removed. In addition to these files, BIND version 9 will 297 create for each of the dynamic registration files a file that has a 298 <filename>.jnl</filename> extension. Do not edit or tamper with the configuration 299 files or with the <filename>.jnl</filename> files that are created. 300 </para> 301 302 </sect2> 303 304 <sect2 id="DHCP"> 305 <title>DHCP Server</title> 306 307 <para> 308 The following file is used with the ISC DHCP Server version 3. 309 The file is located in <filename>/etc/dhcpd.conf</filename>: 310 </para> 311 312 <para> 313 <programlisting> 314ddns-updates on; 315ddns-domainname "quenya.org"; 316option ntp-servers 192.168.1.2; 317ddns-update-style ad-hoc; 318allow unknown-clients; 319default-lease-time 86400; 320max-lease-time 172800; 321 322option domain-name "quenya.org"; 323option domain-name-servers 192.168.1.2; 324option netbios-name-servers 192.168.1.2; 325option netbios-dd-server 192.168.1.2; 326option netbios-node-type 8; 327 328subnet 192.168.1.0 netmask 255.255.255.0 { 329 range dynamic-bootp 192.168.1.60 192.168.1.254; 330 option subnet-mask 255.255.255.0; 331 option routers 192.168.1.2; 332 allow unknown-clients; 333} 334</programlisting> 335 </para> 336 337 <para> 338 In this example, IP addresses between 192.168.1.1 and 192.168.1.59 are 339 reserved for fixed-address (commonly called <constant>hard-wired</constant>) IP addresses. The 340 addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use. 341 </para> 342 343 </sect2> 344 345</sect1> 346</chapter> 347