DHCP -> A,PTR -> DNS (ics)

This is an example for a private /24 network prefixed width 10.10.10. With a dhcp area from 1-50 and server ip 254 and admin pc 100.

First dhcpd.conf:
option domain-name “lan.company.dk”;
option domain-name-servers 10.10.10.254;
default-lease-time 600;
max-lease-time 7200;
authoritative;
ddns-update-style interim;
ddns-ttl 7200;

subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.1 10.10.10.50;
option routers 10.10.10.254;
option broadcast-address 10.10.10.255;
ignore client-updates;
ddns-updates on;
ddns-domainname “lan.”;
ddns-rev-domainname “in-addr.arpa.”;
default-lease-time 600;
max-lease-time 7200;

key “dhcpkey” {
algorithm hmac-md5;
secret
“secretmd5hashwhoknowsfor”;
};

zone cafe. {
primary 127.0.0.1;
key “dhcpkey”;
}

zone 10.10.10.in-addr.arpa {
primary 127.0.0.1;
key “dhcpkey”;
}

}

host admin {
hardware ethernet 00:0b:6a:46:31:77;
fixed-address 10.10.10.100;
}

– dhcpd.conf end

Next we need some dns. We need bind 9, the named.conf should look something like this:

include “/usr/local/etc/rndc.key”;

options {
directory “/usr/local/etc”;
pid-file “/var/run/named/pid”;
};

zone “cafe.” IN {
type master;
file “lan.zone”;
update-policy { grant dhcpkey subdomain lan. A TXT; };
notify yes;
};

zone “10.10.10.in-addr.arpa.” {
type master;
file “lan.rev”;
update-policy { grant dhcpkey subdomain 10.10.10.in-addr.arpa. PTR TXT; };
notify yes;
};

zone “.” {
type hint;
file “named.root”;
};

– named.conf end

Ofcourse path’s may change, this was done on freebsd, this one requires 2 zonefiles and a rndc.key:

key “dhcpkey” {
algorithm hmac-md5;
secret “secretmd5hashwhoknowsfor”;
};

– rndc.key end

Key’s are genereated and then cut’n’pasted:
localhost# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST dhcpkey
Kdhcpkey.+157+00190
localhost# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST dhcpkey
Kdhcpkey.+157+43984

lan.zone:
$TTL 10800 ; 3 hours
cafe IN SOA server.lan. ekim.at.unifix.org. (
115 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS server.lan.
A 10.0.0.1
admin A 10.10.10.100
main A 10.10.10.254
server A 10.10.10.254
lan.zone – end

and lan.rev:
$TTL 180 ; 3 minutes
10.10.10.in-addr.arpa IN SOA main.lan. mike.at.unifix.org. (
16 ; serial
180 ; refresh (3 minutes)
60 ; retry (1 minute)
60 ; expire (1 minute)
60 ; minimum (1 minute)
)
NS main.lan.
100 PTR admin.lan.
254 PTR server.lan.
lan.rev – end

Notice evntualle that .254 has both main and server as A record but can only have one PTR record thus server.lan.

Happy hacking, now your network should be namyfied 🙂

Dette indlæg blev udgivet i Knowledge Base, Linux, Networking, Old Base. Bogmærk permalinket.

Skriv et svar