Linux: Debian stable (currently version 7)
Packages:
|
|
apt-get install install bind9 isc-dhcp-server |
Create a key required for DHCP server to update the DNS zones:
|
|
/usr/sbin/rndc-confgen -a |
This will create /etc/bind/rndc.key, whose contents will look something like this:
|
|
key "rndc-key" { algorithm hmac-md5; secret "+zZSeeetHWFdNwECit1Ktw=="; }; |
BIND configuration
Configuration files:
/etc/hosts
|
|
127.0.0.1 localhost 10.0.60.60 dns.lab.loc dns # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters |
/etc/bind/named.conf.local
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
// Do any local configuration here // Consider adding the 1918 zones here, if they are not used in your organization include "/etc/bind/zones.rfc1918"; include "/etc/bind/rndc.key"; zone "lab.loc" { type master; file "/etc/bind/db.lab.loc"; allow-update { key rndc-key; }; }; zone "60.0.10.in-addr.arpa" { type master; file "/etc/bind/db.10.0.60"; allow-update { key rndc-key; }; }; |
/etc/bind/named.conf.options
(just to setup the external forwarders)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { <strong>208.67.222.222;208.67.220.220;8.8.8.8;8.8.4.4;</strong> }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 allow-query { 10.0.60/24; 127.0.0.1; }; allow-transfer { 10.0.60/24; 127.0.0.1; }; listen-on-v6 { any; }; }; |
/etc/bind/db.lab.loc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
$ORIGIN lab.loc. $TTL 24h ;$TTL (DNS time-to-live setting) used for all RRs without explicit TTL value ;SOA - Start of Authority. This is the record that states that this server is authoritative for the specified domain ;The SOA record lists the name server for the domain, and next the e-mail address of the administer of the domain ;(note that the @ has been replaced by a period). @ IN SOA dns.lab.loc. root.lab.loc. ( 2014032109 ; serial YYYYMMDDNN 10800 ; refresh (3 hours) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 38400 ; minimum (10 hrs 40 min) ) IN NS dns.lab.loc. ;Specifies the name server to use to look up a domain ; IN NS dns2.lab.loc. ;Specifies the name server to use to look up a domain IN A 10.0.60.60 ; IP Address(es) of the DNS server(s) ; IN A 10.0.60.61 ; IP Address(es) of the DNS server(s) IN MX 10 dns.lab.loc. ;Specifies mail server(s) for the domain ; HOSTS dns IN A 10.0.60.60 ;dns2 A 10.0.60.61 esxi01 IN A 10.0.60.71 esxi02 IN A 10.0.60.72 esxi03 IN A 10.0.60.73 freenas IN A 10.0.60.80 mail IN CNAME dns dnsmaster IN CNAME dns storage IN CNAME freenas |
/etc/bind/db.10.0.60
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
; BIND reverse file for lab.loc $ORIGIN 60.0.10.in-addr.arpa. $TTL 24h @ IN SOA dsn.lab.loc. root.lab.loc. ( 2014032104 ; serial number YYMMDDNN 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 604800 ; Expire (1 week) 38400 ; Min TTL (10 hours 40 minutes) ) IN NS dns.lab.loc. ; IN NS dns2.lab.loc. ;LIST OF HOSTS (reverse) 60 IN PTR dns.lab.loc. 71 IN PTR esxi01.lab.loc. 72 IN PTR esxi02.lab.loc. 73 IN PTR esxi03.lab.loc. 80 IN PTR freenas.lab.loc. |
DHCP configuration
Here there is just one file that has to be modified: dhcpd.conf
/etc/dhcp/dhcpd.conf
Here we need to enter the key in plain text.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# DHCPD ddns-updates on; ddns-update-style interim; update-static-leases on; authoritative; key rndc-key { algorithm hmac-md5; secret +zZSeeetHWFdNwECit1Ktw==;} allow unknown-clients; use-host-decl-names on; default-lease-time 1814400; #21 days max-lease-time 1814400; #21 days log-facility local7; # lab.loc DNS zones zone lab.loc. { primary localhost; # This server is the primary DNS server for the zone key rndc-key; # Use the key we defined earlier for dynamic updates } zone 60.0.10.in-addr.arpa. { primary localhost; # This server is the primary DNS server for the zone key rndc-key; # Use the key we defined earlier for dynamic updates } # lab.loc LAN scope subnet 10.0.60.0 netmask 255.255.255.0 { range 10.0.60.100 10.0.60.200; option subnet-mask 255.255.255.0; option routers 10.0.60.2; option domain-name-servers 10.0.60.60; option domain-name "lab.loc"; ddns-domainname "lab.loc."; ddns-rev-domainname "in-addr.arpa."; } # lab.loc STATIC assigned group group { host freenas.lab.loc { hardware ethernet 00:0c:29:18:af:b4; fixed-address 10.0.60.80; ddns-hostname "freenas"; } host esxi01.lab.loc { hardware ethernet 00:0c:29:d4:14:ce; fixed-address 10.0.60.71; ddns-hostname "esxi01"; } host esxi02.lab.loc { hardware ethernet 00:0c:29:2c:30:fd; fixed-address 10.0.60.72; ddns-hostname "esxi02"; } host esxi03.lab.loc { hardware ethernet 00:0c:29:46:90:fd; fixed-address 10.0.60.73; ddns-hostname "esxi03"; } } |
Once everything is configured, just restart bind and dhcp:
|
|
/etc/init.d/bind9 restart && /etc/init.d/isc-dhcp-server restart |
Sources:
https://www.centos.org/docs/4/html/rhel-rg-en-4/s1-bind-zone.html