Linux

Setting up a dynamic DNS service part 1: named

Vincent Danen shows you how to configure the BIND side of a dynamic DNS service. When combined with DHCPd, you can create a system where a client obtains an IP via DHCP and will automatically have a DNS name assigned to it.

Running a home DNS server is not without its benefits. The same holds true for running a home DHCP server. The two together provide an easy way to reference individual systems using DNS names for the local network, and the ability to dynamically allocate local IP addresses as systems come and go. On Linux, there are a number of DNS and DHCP servers, but two that work hand-in-hand are ISC's BIND and DHCPd. Together, you can create a system where a client system obtains an IP via DHCP and will automatically have a DNS name assigned to it.

In other words, if you connect a laptop to the local network, you need do nothing more than configure it to use DHCP; once it has connected, any other computer in the network will be able to ping or connect to it by merely using its hostname. This is commonly known as dynamic DNS. In this tip I'll look at configuring the BIND side of a dynamic DNS service, and in a following tip I'll configure the DHCP side and put it all together. The configuration here is used on a CentOS 5.3 system, but with some potential path changes, it should work on any Linux distribution.

Configuring BIND for dynamic DNS service

To begin with, you must configure BIND by editing /etc/named/named.conf on most Linux distributions. Configuring BIND entirely is beyond the scope of this tip, so we'll concentrate on the bits required to make dynamic DNS work. This will assume you already have a local network set up; in this example the local domain name is "home.lan" and the network address space is the local 192.168.10.0 network.

By default, most distributions create /etc/rndc.key as part of the installation, so ensure the following is in /etc/named/named.conf:

include "/etc/rndc.key";
controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { rndckey; };
};

The /etc/rndc.key conf contains a single stanza suitable for both named and dhcpd that defines the key rndckey (double-check /etc/rndc.key to be sure; if the name there is different, use that instead of rndckey or rename it). If this file does not exist, it can be created by editing /etc/rndc.key and placing in the following contents:

key "rndckey" {
        algorithm       hmac-md5;
        secret          "[dns-keygen output]";
};

where the secret is created by the /usr/sbin/dns-keygen tool.

Returning to /etc/named/named.conf, your zone statements should look similar to this:

zone "home.lan" {
        type master;
        file "master/home.lan";
        allow-update { key "rndckey"; };
        notify yes;
};
zone "168.192.in-addr.arpa" {
        type master;
        file "reverse/168.192";
        allow-update { key "rndckey"; };
        notify yes;
};

This defines two zones: the home.lan zone and the reverse lookup zone for the 192.168.0.0 network. The important bits to note here are that they are both of the type "master" and that the allow-update keyword contains the RNDC key to use (rndckey as previously defined). These tell named to allow updates if the appropriate key is provided. The zone files included are standard BIND zone files.

In the next tip, we will look at configuring the DHCP side of our project.

Get the PDF version of this tip here.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

5 comments
pointzerotwo
pointzerotwo

I hate to bring up the subject on a Linux-centered article, but does this dynamic DNS server work well with Windows and Active Directory? For example, a network that has historically been Windows-only (desktops/notebooks, file/print servers, Active Directory, Exchange), but now also has a few Macs, a Linux server, and various brands printers and other network devices. A few years ago I moved our DNS/DHCP services from Windows 2000 to 2003, and at the time I seriously considered moving it to Linux. I ended up sticking with Windows because it supported dynamic DNS with the Windows clients, and there were some odd entries in there for AD that I didn't fully understand. But whenever issues arise I start wondering how easy it would be to move it to Linux . There must be MANY users out there who would love to switch at least a few basic services over to Linux, but are concerned about Windows compatibility. We don't want to go all-Windows, and can't go all-Linux, so we look for ways they can work together.

vdanen
vdanen

Actually, one of the main reasons for me digging into this and doing it was precisely for that reason. A client merged with another company (who was all-Windows, using AD), and his server was Linux and used to serve DNS and DHCP amongst other things. So we kept their exchange server and AD running, disabled DNS and DHCP on the Win2k3 box, and used a box running CentOS 5, and this setup, and it works great. You have to dumb it down a bit, unfortunately, as the Windows clients want to talk to the DNS server directly to provide their IP address info and whatnot, so you have to reduce the ACLs to allow updates from the local network (instead of just using the key), but if you don't mind doing that, it works really quite well. (It will work without it, but you'll get a lot of errors in your bind logs about clients wanting to update info and bind denying them, and there were enough systems (and all wired, no wireless), that we decided to loosen the restrictions a bit to accommodate those idiot Windows XP/Vista computers).

pointzerotwo
pointzerotwo

Thanks for the info on Windows clients. Sounds like it wouldn't be too much of a problem for us. Do you have any suggestions on making it work with AD? On my Windows DNS server there are four sub-folders under the Forward Lookup Zone, with names like _msdcs and _domains. Each of those has a number of sub-folders, and some of the names are GUIDs. Can those entries just be copied over to Linux as-is? In what situations do they need to be updated (or does the AD server add/update those entries automatically)? Thanks for any info.

vdanen
vdanen

Sorry, I don't know. All I pretty much did in that situation was turn off DHCP and DNS on the AD box and didn't touch anything else. It was all dynamic DNS so I really didn't think I needed to look anywhere further for that. I don't think you should have to pay any attention to it though, but that's just a guess.

The 'G-Man.'
The 'G-Man.'

they are just DNS zones, like any other!